T-Marc 300 Series (T-Marc 340 and T-Marc 380) Demarcation Device User Guide
Release 10.1.Rx May 2010 MN100168 Rev R
The information in this document is subject to change without notice and describes only the product defined in the introduction of this document. This document is intended for the use of customers of Telco Systems only for the purposes of the agreement under which the document is submitted, and no part of it may be reproduced or transmitted in any form or means without the prior written permission of Telco Systems. The document is intended for use by professional and properly trained personnel, and the customer assumes full responsibility when using it. Telco Systems welcomes customer comments as part of the process of continuous development and improvement of the documentation. If the Release Notes that are shipped with the device contain information that conflicts with the information in the user guide or supplements it, the customer should follow the Release Notes. The information or statements given in this document concerning the suitability, capacity, or performance of the relevant hardware or software products are for general informational purposes only and are not considered binding. Only those statements and/or representations defined in the agreement executed between Telco Systems and the customer shall bind and obligate Telco Systems. Telco Systems however has made all reasonable efforts to ensure that the instructions contained in this document are adequate and free of material errors and omissions. Telco Systems will, if necessary, explain issues which may not be covered by the document. Telco Systems’ sole and exclusive liability for any errors in the document is limited to the documentary correction of errors. TELCO SYSTEMS IS NOT AND SHALL NOT BE RESPONSIBLE IN ANY EVENT FOR ERRORS IN THIS DOCUMENT OR FOR ANY DAMAGES OR LOSS OF WHATSOEVER KIND, WHETHER DIRECT, INCIDENTAL, OR CONSEQUENTIAL (INCLUDING MONETARY LOSSES), that might arise from the use of this document or the information in it. This document and the product it describes are the property of Telco Systems, which is the owner of all intellectual property rights therein, and are protected by copyright according to the applicable laws. Telco Systems logo is a registered trademark of Telco Systems, a BATM Company. BiNOS®, BiNOSCenter®, T-Marc®, T5 Compact™, T5C-XG™, T-Metro®, EdgeLink®, EdgeGate®, Access60®, AccessIP™, AccessMPLS®, AccessTDM™, AccessEthernet®, NetBeacon®, Metrobility®, and OutBurst® are trademarks of Telco Systems. Other product and company names mentioned in this document reserve their copyrights, trademarks, and registrations; they are mentioned for identification purposes only.
Copyright © Telco Systems 2010. All rights reserved.
Introduction Telco Systems’ T-Marc 300 Series Ethernet Service-Demarcation and Extension product line provides intelligent and remotely managed, multiport customer-located equipment (CLE) to deliver managed converged services (voice, video, and data) over virtual Ethernet, MPLS/VPLS, and IP networks. This family of products allows service providers to deliver multiple services on separate customer interfaces, including multiple services over a single customer interface. Since each service is isolated, providers can troubleshoot each individual service without impacting others. Using Operations, Administration, and Maintenance (OAM) tools, service providers can measure and ensure provisioned Service Level Agreements (SLA). The device’s embedded security controls ensure protection against denial-of service attacks. Advanced Layer 2 Networking, using Telco Systems’ AccessEthernet, allows total flexibility in deployment and delivery of Ethernet services. Physical and virtual networking capabilities provide automated address-management and discovery, bandwidth profiles, advanced traffic classes, and complete control over how subscriber traffic is transported across a service provider’s network. The T-Marc 300 Series product line includes two models: •
T-Marc 340 offers two dual uplink ports (10/100/1000Base-T or 100Base-Fx/1000Base-X) and four dual access ports (10/100/1000Base-T or 100Base-Fx/1000Base-X).
•
T-Marc 380 offers the same as T-Marc 340 in addition to four dual access ports (10/100/1000Base-T or 100Base-Fx/1000Base-X).
The devices operate using an internal AC or DC power supply. They can be rack/wall mounted or placed on a table-top.
Page 1 Introduction (Rev. 12)
T-Marc 300 Series User Guide
Using This Document Documentation Purpose This user guide includes the relevant information for configuring the T-Marc 300 Series functionalities. It provides the complete syntax for the commands available in the currently-supported software version and describes the features supplied with the device. This guide does not include instructions on how to install the device. For more information regarding the device installation, refer to the T-Marc 300 Series Installation Guide. For the latest software updates, see the Release Notes for the relevant release. If the release notes contain information that conflicts with the information in the user guide or supplements it, follow the release notes' instructions.
Intended Audience This user guide is intended for network administrators responsible for installing and configuring network equipment. You have to be familiar with the concepts and terminology of Ethernet and local area networking (LAN) to use this guide.
Documentation Suite This document is just one part of the full documentation suite provided with this product. You are:
Document Function
Function
Installation Guide
Contains information about installing the hardware and software; including site preparation, testing, and safety information.
User Guide
Contains information on configuring and using the system.
Release Notes
Contains information about the current release, including new features, resolved issues (bug fixes), known issues, and late-breaking information that supersedes information in other documentation.
Page 2 Introduction (Rev. 12)
T-Marc 300 Series User Guide
Conventions Used The conventions below are used to inform important information: NOTE Indicating special information to which the user needs to pay special attention. CAUTION Indicating special instructions to avoid possible damage to the product. DANGER Indicating special instructions to avoid possible injury or death.
The table below explains the conventions used within the document text: Conventions
Description
commands
CLI and SNMP commands
command example
CLI and SNMP examples
user-defined variables
[Optional Command Parameters]
CLI syntax and coded examples
Page 3 Introduction (Rev. 12)
T-Marc 300 Series User Guide
Organization The T-Marc 300 Series User Guide comprises the below list of chapters, each focusing on a different feature or set of features. Each chapter begins with a brief overview of the feature/s, followed by the configuration flow and corresponding commands' configuration section. Chapter Name
Description
Using the Command Line Interface (CLI)
Basic information about the T-Marc 300 Series CLI, its modes, and general usage details.
Device Setup and Maintenance
Accessing T-Marc 300 Series devices, login information, and the devices' reloading options.
Device Administration
Administering T-Marc 300 Series devices and performing initial device configuration (such as the device’s time and date, software upgrade, and protecting the device from outside attacks).
Configuring Interfaces
The device interface types and their configuration. The chapter also offers information on static Link Aggregation Groups (LAGs), establishing resilience across the network segments, and Alarm Propagation.
Configuring VLANs and Super VLANs
An overall understanding of VLANs and their configuration.
Configuring Transparent LAN Services (TLS)
The deployment of Transparent LAN Services.
Configuring Spanning Tree Protocol (STP)
The IEEE 802.1D STP standard and its configuration
Configuring Rapid Spanning Tree Protocol (RSTP)
The IEEE 802.1W Rapid STP standard and its configuration.
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s)
The IEEE 802.1S Multiple STP standard and its configuration.
Configuring Access Control List (ACL)
Creating ACLs, traffic rate-limit, and applying QoS using ACLs.
DHCP Snooping
DHCP Snooping security feature used to reinforce the client network and create an environment resilient to outside attacks.
Configuring Quality of Service (QoS)
Configuring different service levels for traffic traversing the device, providing preferential treatment to specific traffic.
Operation Administration and Maintenance (OAM)
The different tools for monitoring and troubleshooting the network:
• • • • •
IEEE 802.3ah Ethernet in the First Mile (EFM)
•
Ethernet Local Management Interface (E-LMI), an OAM protocol enabling the auto configuration of Metro Ethernet services’ support
IEEE 802.1ag Connectivity Fault Management (CFM) SAA Test-Head and SAA Throughput Test ITU-T G.8031 Ethernet Protection Switching (EPS) Event Propagation (configuring automatic actions executed upon the occurrence of specific events)
Page 4 Introduction (Rev. 12)
T-Marc 300 Series User Guide
Chapter Name
Description
Configuring Link Layer Discovery Protocol (LLDP)
Configuring the IEEE 802.1AB standard.
Configuring Device Authentication Features
The privileged access levels to commands used for protecting the device from unauthorized access. The chapter describes RADIUS, TACACS+, and SSH.
Internet Group Multicast Protocol (IGMP) Snooping
Configuring the session-layer IGMP Protocol.
Configuring Simple Network Management Protocol (SNMP)
Configuring SNMP, community strings, and enabling trap managers and traps.
SNMP Reference Guide
The detailed list of MIBs and objects for controlling, monitoring, and managing the device and its features from a remote location.
Configuring Remote Monitoring (RMON)
Configuring the RMON feature used with the SNMP agent.
Configuring System Message Logging
Configure system message logging, message format, and message types displayed.
Troubleshooting and Monitoring
Troubleshooting and monitoring tools used to detect and solve BiNOS related problems. Provides a set of built-in tests that examine hardware and its configuration validity. This chapter also contains other information such as traffic monitoring, monitoring the device's periodic operation, alert behavior, and laser monitoring.
Appendix A: Default Configuration
The device’s default configuration.
Appendix B: Product Capabilities
The device’s supported features.
Appendix C: Acronyms Glossary
The list of acronyms used in this user guide and their meaning.
Page 5 Introduction (Rev. 12)
T-Marc 300 Series User Guide
Getting Documentation Updates You can access the most current Telco Systems documentation on the following site: http://support.batm.com/. Access to most of the Telco Systems documentation is password protected. To obtain a password, contact the BATM support center.
Technical Support Telco Systems provides technical assistance for customers and partners. Users can obtain technical assistance by any of the following phone, fax, and e-mail options: Web Access: http://www.telco.com/ BATM Advanced Communications—Main Support Center in Israel Tel: +972-4-993-5630 Fax: +972-4-993-7926 Email: mailto:
[email protected] BATM/Telco Systems a BATM Company—for Americas Tel: 1-800-227-0937 (U.S.), 1-781-255-2120 (Outside U.S.) Fax: 1-781-255-2122 Email:
[email protected] BATM Germany—for Northern Europe Tel: +49-241-463-5490 Fax: +49-241-463-5491 Email:
[email protected] BATM France—for Southern Europe Tel: +33-15-671-2773 Fax: +33-14-377-1780 Email:
[email protected] Telco Systems, a BATM Company Asia Pacific in Singapore Tel: +65-6-725-9901 Fax: +65-6-725-9889 Email:
[email protected] Telco Systems Asia Pacific—Japan Tel: +81-3-5215-5709 Fax: +81-3-5215-5704 Email:
[email protected]
Page 6 Introduction (Rev. 12)
Using the Command Line Interface (CLI) Table of Contents Overview ······························································································· 2 Accessing the CLI ··················································································· 2 The CLI Modes······················································································· 3 View Mode ························································································ 3 Privileged (Enable) Mode ········································································ 3 Configuration Modes············································································· 3 Using the CLI························································································· 5 Command Keywords and Arguments ·························································· 5 Minimum Abbreviation ·········································································· 6 Dynamic Completion of Commands ··························································· 7 Regular Expressions ·············································································· 7 Getting Help ······················································································ 8 CLI Keyboard Sequences ·······································································12 Using the Command History ···································································12 General Commands ·············································································13 CLI Messages ····················································································14
Page 1 Using the Command Line Interface (CLI) (Rev. 07)
T-Marc 300 Series User Guide
Overview CLI is a network management application operating through an ASCII terminal. Using the CLI commands, users can configure the device parameters and maintain them, receiving text output on the terminal monitor. These system parameters are stored in a non-volatile memory and users have to set them up only once. The device CLI is password protected.
Accessing the CLI You can access the CLI: •
directly, by connecting a PC to the device’s console port
•
over an IP network, using Telnet or SSH
Once the console port is displayed, users have to type the deivce password to execute CLI commands. Example: User Access Verification Password:batm T-Marc_3X0>
For more information, refer to the Methods of Managing a Device section of the Device Setup and Maintenance chapter. Throughout this guide, we refer to the T-Marc 300 Series device prompt as device-name.
Page 2 Using the Command Line Interface (CLI) (Rev. 07)
T-Marc 300 Series User Guide
The CLI Modes The CLI is built in heirarchial modes, each mode grouping relevant CLI commands. Below is the list of the device’s main CLI modes.
View Mode This is the initial, user-level mode the CLI enters after successfully login on to the CLI. This mode’s prompt is >: device-name>
The View mode is password protected (the default password is batm)
Privileged (Enable) Mode The Privileged (Enable) mode is primarily used for viewing the system status, controlling the CLI environment, monitoring network connectivity, troubleshooting, and initiating the different Configuration modes. This mode’s prompt is #. To access this mode from View mode use the enable command: device-name>enable device-name#
The Privileged (Enable) mode is not password protected by default. However you can configure password protection by using the enable password command (for more information, refer to the Device Setup and Maintenance chapter of the user guide).
Configuration Modes To change the device configuarion, users need to access the Configuration mode. This mode’s prompt is (config)#. To access this mode from the Privileged (Enable) mode, use the configure
terminal
command.
device-name#configure terminal device-name(config)#
The Configuration mode has various sub-modes for configuring the different device features, as shown in the below table. Example
To access the Protocol Configuration mode, use the protocol command in Global Configuration mode: device-name(config)#protocol device-name(cfg protocol)#
Page 3 Using the Command Line Interface (CLI) (Rev. 07)
T-Marc 300 Series User Guide
Table 1: Configuration Sub-Modes Summary Configuration Mode
Role
Prompt
VTY
Controlling the Virtual Telnet Type (VTY) connection to the device
device-name(config-VTY)#
Interface
The device physical-interfaces configuration
device-name(config-config-if UU/SS/PP)#
Interface range configuration
device-name(config-if-group)#
Link Aggregation Groups (LAG) interface configuration
device-name(config-if AG0N)#
LAG interface range configuration
device-name(config-ag-group)#
Interface Access Control Groups (ACG) configuration
device-name(config-if UU/SS/PP acg ACL-NUMBER)#
Virtual LAN (VLAN) ACG configuration
device-name(config-vlan VLANNAME acg ACL-NUMBER)#
LAG interface ACG configuration
device-name(config-if AG0N acg ACL-NUMBER)#
VLANs configuration
device-name(config vlan)#
Specific VLAN configuration
device-name(config vlan VLANNAME)#
Protocol
Protocols settings such as STP, RSTP, MSTP, EFM-OAM and, LAG
device-name(cfg protocol)#
Resilient Link
Resilient links configuration
device-name(config-resil-link N)#
Script-file System
Script-file system management
device-name(config-config script-file-system)#
Monitor
Monitoring parameters settings
device-name(config monitor N)#
MSTP
MSTP configuration
device-name(cfg protocol mstp)
CFM
CFM-OAM protocol configuration
device-name(config-cfm)
SAA Throughput Test
SAA throughput test configuration
device-name(config-saathroughput)
SAA TestHead
SAA profile configuration
device-name(config-saa-profileProfile_ID)
SAA test configuration
device-name(config-saa-TESTNAME)
TLS
TLS service configuration
device-name(config-tls SERVICENAME)#
EPS
EPS configuration
device-name(config-eps-SERVICENAME)#
Event Propagation
Event Propagation profile configuration
device-name(config-ep-profile ID)#
ACG
VLAN
Page 4 Using the Command Line Interface (CLI) (Rev. 07)
T-Marc 300 Series User Guide
Using the CLI Command Keywords and Arguments Each CLI command is build up of a series of keywords and arguments: •
Keywords identify the command’s action
•
Arguments specify the command’s configuration parameters
The CLI commands are not case sensitive. The general CLI syntax is represented by the following format: device-name[(config ...)]#keyword(s) [argument(s)] ... [keyword(s)] [argument(s)]
In this format: •
device-name[(config ...)]# represents the prompt displayed by the device. This prompt
includes: the user-defined device-name the current CLI mode •
the command keywords and arguments typed by the user
Example:
In the command below: device-name(config vlan)#create NAME
•
the CLI mode is Config VLAN
•
create is the command keyword
•
NAME are command arguments
Page 5 Using the Command Line Interface (CLI) (Rev. 07)
T-Marc 300 Series User Guide
Table 2: CLI Syntax Conventions in the User Guide Symbol/Format
Description
A numerical argument:
Italic, capital letters
A string argument: NAME
bold letters
A command keyword: copy
A.B.C.D
An IP address: 10.4.0.4
UU/SS/PP
A physical port number in a unit/slot/port format: 1/2/6
HH:HH:HH:HH:HH:HH
A MAC address in a hexadecimal format: 00:a0:12:07:0f:78
[]
An optional argument or keyword: [FILENAME]
{}
A mandatory argument or keyword: {enable | disable}
|
An or between two arguments or keywords, the user should select from: {true | false}
Minimum Abbreviation The CLI accepts a minimum number of characters that uniquely identify a command. Therefore you can abbreviate commands and parameters as long as they contain enough letters to differentiate them from any other available commands or parameters on the specific CLI mode. Example
You can type the config
terminal command as config t.
device-name#config t device-name(config)#
In case of an ambiguous entry (when the CLI mode includes more than once command matching the characters typed), the system prompts for further input. Example device-name#con [%Error] Command incomplete
Page 6 Using the Command Line Interface (CLI) (Rev. 07)
T-Marc 300 Series User Guide
Dynamic Completion of Commands In addition to the Minimum Abbreviation functionality, the CLI can display the commands’ possible completions. To display possible command completions, type the partial command followed immediately by or . •
In case the partial command uniquely identifies a command, the CLI displays the full command.
•
Otherwise the CLI displays a list of possible completions. device-name(config)#in Possible completions: interface --insert Insert a parameter
Regular Expressions Regular expressions are a subset of EGREP and AWK programming-language regular expressions. Table 3: Common Regular Expressions Key
Function
.
Matches any character
^
Matches the beginning of a string
$
Matches the end of a string
[abc...]
Character class that matches any of the characters: abc… To specify a character range, type a pair of characters separated by a -.
[^abc...]
Negated character class that matches any character except abc....
r1 | r2
Matches either r1 or r2
r1r2
Matches r1 and then r2
r+
Matches one or more r
r*
Matches zero or more r
r?
Matches zero or one r
(r)
Matches a pattern group
Page 7 Using the Command Line Interface (CLI) (Rev. 07)
T-Marc 300 Series User Guide
Getting Help To get specific help on a command mode, keyword, or argument, use one of the following commands or characters: Table 4: CLI Help Options Command
Purpose
help
Provides a brief description of the help system in any command mode: device-name(config)#help BiNOS CLID VTY provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1. Full help is available when you are ready to enter a command argument (e.g. 'show ?') and describes each possible argument. 2. Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input (e.g. 'show me?'.)
abbreviatedcommand
or abbreviatedcommand
To display a command’s possible completions, type the partial command followed immediately by or . If the partially typed command uniquely identifies a command, the full command name is displayed. Otherwise, the CLI displays a list of possible completions: device-name(config)#int UU/SS/PP ag01 ag02 ag05 ag06 ag07
command?
or
ag03 range
ag04 sw0
(Leave no space between the command and ?) Provides a list of commands that begin with a particular string and their description:
abbreviated-command? device-name#con? configure
Configuration from vty interface
Page 8 Using the Command Line Interface (CLI) (Rev. 07)
T-Marc 300 Series User Guide
Command
Purpose
?
Lists all commands available in the particular command mode: device-name(config)#? aaa
Authentication and accounting method access-list Set access list definition alias Enable creating an alias of a command. An alias is a short form of a command banner Set the banner string caps-lock Warn if passwords contains only CAPITAL letters cfm Connectivity Fault Management cpu CPU utilization monitoring --More—
command ?
or
(Leave a space between command and ?) Lists the keywords or arguments that the user can type next on the command line:
abbreviated-command ? device-name#show ? access-class access-lists lists alarm-inherit port cfm Management clock time configuration-history history cpu --More—
Access-class vty status Display the named access Show Alarm Propagation on Connectivity Fault Show current system date and Display stored configuration Display CPU monitoring
Page 9 Using the Command Line Interface (CLI) (Rev. 07)
T-Marc 300 Series User Guide
Command
Purpose
!
The CLI ignores all the characters following ! and up to the next new line. Use this option when pasting a file that includes comments into the CLI: device-name#show running-config Building the configuration ... ! T-Marc 300 Version 9.4 ! password: 3090372e3f8bc00eeacc46219f7557485983251a994551f918e 04712f86c5818 ip address 10.4.4.210 255.255.0.0 interface sw0 ! ! Source Ip Configuration: ! ! Log Configuration: --More--
NOTE To use ! as an argument, prefix it with \ or inside double quotes (“).
Page 10 Using the Command Line Interface (CLI) (Rev. 07)
T-Marc 300 Series User Guide
Command
Purpose
command | {include | exclude} regularexpression
Searches and filters the command output. Use this functionality to sort through a large output or to exclude irrelevant output.
•
include: displays output lines that contain the regular
expression
•
exclude: displays output lines that do not contain the
regular expression
•
any regular-expression (text string) found in the show command output
Example 1
The example below displays only interface output lines: device-name#show running-config | include interface Building the configuration ... interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface interface
sw0 1/1/1 1/1/2 1/2/1 1/2/2 1/2/3 1/2/4 1/2/5 1/2/6 1/2/7 1/2/8 ag01 ag02 ag03 ag04 ag05 ag06 ag07
Example 2
The example below displays only lines that contain 2: device-name#show running-config | include 2 password 3090372e3f8bc00eeacc46219f7557485983251a994551f918e 04712f86c5818 ip address 10.4.4.210 255.255.0.0 interface 1/2/2 interface 1/2/3 interface 1/2/4 interface 1/2/5 interface 1/2/6 interface 1/2/7 interface 1/2/8 interface ag02
Page 11 Using the Command Line Interface (CLI) (Rev. 07)
T-Marc 300 Series User Guide
CLI Keyboard Sequences Users can use keyboard sequences to move around the command line and edit it. They can also use keyboard sequences to scroll through a list of recently executed commands. Table 5: CLI Keyboard Sequences Key
Function
Backspace
Deletes the character preceding the cursor
Ctrl-A
Moves to the beginning of the line
Ctrl-B
Moves one character back
Ctrl-C
Interrupts the current input and moves to the next line
Ctrl-D
Moves one node back
Ctrl-E
Moves to the end of the line
Ctrl-F
Moves one character forward
Ctrl-H
Deletes the character preceding the cursor
Ctrl-K
Deletes all characters to the end of the line
Ctrl-N
Moves down to the next line in the history buffer
Ctrl-P
Moves up to the previous line in the history buffer
Ctrl-U
Deletes the line
Ctrl-W
Erases the last word
Ctrl-Z
Returns to Enable mode
Esc+B
Moves one word back
Esc+D
Deletes the characters after the cursor
Esc+F
Moves one word forward
Esc
Stops ping from the device (for more information regarding the ping command, refer to the Device Administration chapter).
Tab
Fills in the rest of the command line
Using the Command History The CLI maintains a history of commands (used in any CLI mode) that users can modify and execute. To scroll back through the commands history, press the arrow-up key. For more information, refer to the Configuring System Message Logging chapter.
Page 12 Using the Command Line Interface (CLI) (Rev. 07)
T-Marc 300 Series User Guide
General Commands You can use the following commands in all CLI modes: Table 6: General Commands Command
Description
no
Negates the command or resets the command to its default value. To disable privilege-limited logging, type: device-name#no log group users-limit
alias
Associates a contiguous character string as an alias to a command that optionally includes specific arguments. The defined alias is fully equivalent to the command it is associated to, in the CLI mode the alias was defined. To assign an alias to the command show interface 1/1/1 statistics, type: device-name#alias sint1 show interface 1/1/1 statistics
Once the alias is assigned, you can execute the command by typing the alias (sint1) in the relevant mode (Privileged (Enable) mode): device-name#sint1 Octets Collisions Broadcast Multicast CRCAlignErrors Undersize MaxFrameSize Oversize Fragments Jabbers DropEvents Last5secInPkts Last1minInPkts Last5minInPkts Last5secOutPkts Last1minOutPkts Last5minOutPkts
exit
212 0 0 0 0 0 0 0 0 0 0 50 353 353 0 0 0
In/OutPkts In/OutPkts In/OutPkts In/OutPkts In/OutPkts In/OutPkts
64 65-127 128-255 256-511 512-1023 1024-
383 0 0 0 0
TotalInPkts TotalIn/OutPkts DropCount
383 383 0
Last5secInBps Last1minInBps Last5minInBps Last5secOutBps Last1minOutBps Last5minOutBps
409 408 81 0 0 0
Escapes the current mode and enters the previous mode: device-name(config-if 1/1/1)#exit device-name(config)#protocol device-name(cfg protocol)#exit device-name(config)#
Page 13 Using the Command Line Interface (CLI) (Rev. 07)
T-Marc 300 Series User Guide
Command
Description
quit
Logs out and disconnects from the device: device-name(config-if 1/1/1)#quit Connection to host lost
end
Escapes the current mode and enters the Privileged (Enable) mode: device-name(cfg protocol)#end device-name#
CLI Messages The CLI displays relevant messages in response to executed commands: Table 7: CLI Messages CLI Message
Description
% is not recognized
Displayed when the entry is not a command.
% command incomplete
Displayed when the user types a valid command but fails to type the command’s required arguments. In this case, press to display the command’s possible completions.
% Ambiguous token
Displayed when the user types too few characters. In these cases, the CLI detects an ambiguity and displays the possible matches: device-name(config)#w % Ambiguous token : w % It matches the following tokens : who write
Page 14 Using the Command Line Interface (CLI) (Rev. 07)
Device Setup and Maintenance Table of Contents Table of Figures ······················································································ 3 Overview ······························································································· 4 Methods of Managing a Device ··································································· 5 Connecting to the Console Port ··························································· 5 The Terminal Screen Display······························································· 6 Connecting the Device via Telnet ························································· 7 Managing the Device via SNMP ································································ 7 Login and Password ················································································· 8 Password Recovery ··············································································· 8 Default Passwords Recovery ······························································· 8 Backdoor Password Recovery······························································ 8 Device Passwords Configuration Commands ················································· 9 Configuring the View Mode Password ···················································· 9 Configuring the Privileged (Enabled) Mode Password ·································10 Configuring the Loader Mode Password·················································10 Enabling/Disabling Caps Lock Notification ············································11 The Device IP Commands ········································································12 Configuring the Device’s Primary IP Address ···········································12 Configuring the Device’s Secondary IP Address ········································13 Configuring a Default Gateway ···························································14 Displaying the Device IP Address ························································14 Displaying Routes ··········································································15 Telnet Commands ··················································································16 Telnet Session Configuration Commands·····················································16 Connecting a Remote Host via a Telnet Client ··········································17 Page 1 Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Enabling/Disabling the Device’s Telnet Server ·········································17 Displaying Current Telnet Connections··················································18 Displaying the Current Telnet-Session Index············································18 Terminating a Telnet Connection·························································19 Virtual Terminal (VTY) ············································································20 Switching Between VTY Sessions······························································20 The VTY Step by Step Configuration ·························································21 VTY Configuration Commands································································22 Accessing the VTY Configuration Mode ················································22 Configuring the Device Name ····························································23 Defining the VTY Connection Timeout ·················································23 Creating ACLs for Restricting Telnet and SSH Access to the Device·················24 Applying ACLs for Filtering Telnet/SSH Connections ································25 Defining the Terminal Length ····························································25 Enabling the Advanced VTY Mode ······················································26 Displaying Applied ACLs··································································26 Configuration Example ·········································································27 Creating a Login Banner/Message-of-the-Day (MOTD) ···································28 MOTD Configuration Commands·····························································28 Enabling/Disabling the Default-MOTD Display ·······································28 Configuring a Single-line MOTD ·························································29 Configuring a Multi-line MOTD··························································30 Saving and Displaying the Device Configuration·············································31 Saving, Erasing, and Displaying Configuration Commands ·································31 Saving the Device’s Running Configuration ·············································31 Restoring Factory Defaults’ Configuration ··············································32 Displaying the Device’s Running Configuration ········································32 Displaying the Device’s Start-up Configuration ·········································33 Reloading the Device···············································································34 Supported Platforms ················································································35 Supported Standards, MIBs and RFCs ·························································35
Page 2 Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Table of Figures Figure 1: Initial Device Configuration ·························································· 4 Figure 2: Management Methods································································· 5 Figure 3: A Telnet Server Example ····························································27
Page 3 Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Overview This chapter provides the initial necessary information for accessing a T-Marc 300 Series device, password configuration, saving new configuation parameters, and reload options. To start a T-Marc 300 Series device, follow the installation guide instructions about installing, and powering on the device. Below are the first steps for initializing and configuring the T-Marc 300 Series device.
Start
Connect to the device console port
Log on to the device as a default user
Configure the device IP address
Manage the device via CLI or/and SNMP
End
Figure 1: Initial Device Configuration
Page 4 Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Methods of Managing a Device You can manage a device using one (or both) of the following methods: •
Command line interface (CLI)—either directly, connecting the device console port to a PC or over the network using Telnet and/or SSH
•
Simple Network Management Protocol (SNMP)
Figure 2: Management Methods
Connecting to the Console Port The T-Marc 300 Series’ console port is a EIA232 VT-100 compatible, (optionaly) passwordprotected port, through which you can define the device's basic operational parameters. To connect your PC to the device’s console port follow the steps below: 1.
Use the console cable shipped with the device and connect the cable’s RJ-45 connector to the device's console port (CON). The cable has the following pinout: Device Side
PC Side
RJ-45 Pin #
DB-9 Female
3
2
2
3
5
5
2.
Connect the other side of the cable to your PC’s serial port.
3.
Set the PC port to 9600-N-8-1 or: 9600 bps no parity 8 data bits 1 stop bit no flow control
Page 5 Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
The Terminal Screen Display Once connected to the console port, turn on the device. A screen similar to the below example is displayed after a few seconds: BATM Telco Boot Loader Device model : T-Marc 340 Loader version : 6.6 TMC 07 created Jan 15 2006 - 10:44:48 MAC Address : 00:A0:12:27:14:20
Press any key to stop auto-boot... 0 auto-booting... Uncompressing 2131761 bytes... Loading image... 8234000
Starting device application, please wait... BUILT-IN SELF TEST -----------------CPU Core Test : Passed CPU Interface Test : Passed Testing Device Core : Passed Data Buffer Test : Passed
/////////////////////////////////////////////////////////////////////////// // // // // // B A T M A d v a n c e d C o m m u n i c a t i o n s // // // // T e l c o S y s t e m s // // // // Device model : T-Marc 380 // // Product Category : AccessEthernet(TM) // // SW version : 10.1 created Mar 17 2010 - 20:19:58 // // // // // ///////////////////////////////////////////////////////////////////////////
User Access Verification Password:
Page 6 Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Connecting the Device via Telnet You can connect the device CLI using Telnet once the device has a configured IP address. To connect the device using Telnet, follow the below steps: 1.
Connect to the device console port (see above).
2.
Power on the device. The device starts up, displaying the device terminal.
3.
Type the device password at the prompt (the default password is batm). Password: batm
4.
Enter the Privileged (Enable) mode: device-name>enable device-name#
5.
Enter the Configure mode: device-name#configure terminal
6.
Configure the device IP address and subnet mask (the default IP address is 20.20.5.254/16): device-name(config)#ip address
7.
A.B.C.D
The device IP address
/M
The subnet mask, in the range of
Define the default gateway IP address (if the host is on a different subnet): device-name(config)#ip route 0.0.0.0/0
8.
Return to the Privileged (Enable) mode: device-name(config)#end
9.
Save these parameters (from the running configuration to NVRAM): device-name#write
10. Connect your PC to a device port that is in VLAN 1 (by default all the device ports are members of this VLAN. For more information on VLANs, refer to the Configuring VLANs and Super VLANs chapter of this User Guide). 11. Open a Telnet session and type the device IP address to connect to the device.
Managing the Device via SNMP You can manage a T-Marc 300 Series device via SNMP using an SNMP based managementapplication. For more information, refer to the Configuring SNMP and SNMP Reference Guide chapters of this User Guide. To manage a device via SNMP, connect you’re management PC to a device port that is in VLAN 1 (by default all the device ports are members of this VLAN. For more information on VLANs, refer to the Configuring VLANs and Super VLANs chapter of this User Guide).
Page 7 Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Login and Password The CLI is passowrd protected, enabling access only to authorised users. To control the level of access to the device, the device has three privilege levels, each one with its own configurable password: •
View mode
•
Privileged (Enable) mode
•
Loader mode
All device passwords are encrypted. For information about adding new usernames and defining user privileges, refer to the Device Authentication chapter of this User Guide. Caution To protect your device from unauthorized access, change all default passwords as soon as possible.
Password Recovery Password recovery techniques enable users to recover lost and forgotten passwords. There are two available password-recovery methods:
Default Passwords Recovery You can reset the device to factory defaults, including the default passwords, by using the clean command (for more information, refer to the Device Administration chapter of this User Guide).
startup-config
Backdoor Password Recovery You can access the device using the Backdoor password. BATM Technical Support can provide you the device’s Backdoor password, based on the device’s MAC address. You can find the device MAC address on the label found on the device rear panel or at the bottom of the device. You can also obtain the device’s MAC address from the device’s boot loader, during the device start up. Once you regain access to the device, you can change the device passwords.
Page 8 Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Device Passwords Configuration Commands Table 1: Password Commands Command
Description
password
Configures the View mode password (see Configuring the View Mode Password)
enable password
Configures the Privileged (Enabled) mode password (see Configuring the Privileged (Enabled) Mode Password)
password loader
Configures the boot loader password (see Configuring the Loader Mode Password)
caps-lock passwords warning
Notifies the user when is activated, while changing or typing a password (see Enabling/Disabling Caps Lock Notification)
Configuring the View Mode Password The password command configures the View mode password. CLI Mode:
Global Configuration
Command Syntax device-name(config)#password PASSWORD CONFIRM-PASSWORD
Argument Description PASSWORD
An alphanumeric, case sensitive field of up to 64 characters (blank spaces are not allowed)
CONFIRM-PASSWORD
Retype the password for confirmation
batm
Example
The following example sets the View mode password to device12: device-name(config)#password device12 device12
After setting the new password, use this password upon entering the device console: Password:device12
device-name>
Page 9 Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Configuring the Privileged (Enabled) Mode Password The enable
password command configures the Privileged (Enabled) mode password.
CLI Mode:
Global Configuration
Command Syntax device-name(config)#enable password PASSWORD CONFIRM-PASSWORD device-name(config)#no enable password
Argument Description An alphanumeric, case sensitive field of up to 64 characters (blank spaces are not allowed)
PASSWORD
The Privileged (Enabled) mode does not require a password. However, once you define this password, users are required to type the password to enter this mode.
CONFIRM-PASSWORD
Retype the password for confirmation
no
Removes the mode’s password
Example
The following example sets the Privileged (Enabled) password to device12: device-name(config)#enable password device12 device12
After setting the new password, use this password upon entering the Privileged (Enable) mode: device-name>enable Password:device12 device-name#
Configuring the Loader Mode Password The password CLI Mode:
loader
command configures the (boot) Loader mode password.
Global Configuration
Command Syntax device-name(config)#password loader PASSWORD CONFIRM-PASSWORD
Argument Description PASSWORD
An alphanumeric, case sensitive field of up to 20 characters (blank spaces are not allowed) batm
CONFIRM-PASSWORD
Retype the password for confirmation
Page 10 Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Example
The following command sets the Loader mode password to loaderp: device-name(config)#password loader loaderp loaderp
After setting the new password, use this password upon entering the Loader mode: User Access Verification Password: loaderp Loader>
Enabling/Disabling Caps Lock Notification The caps-lock passwords warning command generates a notification in case the is activated, while changing or typing a password. CLI Mode:
Global Configuration
Command Syntax device-name(config)#caps-lock passwords warning {on | off}
Argument Description on
Enables caps lock notification
off
Disables caps lock notification
Caps lock notification is enabled
Example device-name(config)#caps-lock passwords warning on device-name(config)#password batm batm device-name(config)#password BATM BATM % Warning! The password typed is all in uppercase characters. Please check if your CapsLock key is not pressed by mistake.
Page 11 Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
The Device IP Commands Table 2: Device IP Commands Commands
Description
ip address
Configures the device’s primary IP address (see Configuring the Device’s Primary IP Address)
ip address secondary
Configures the device’s secondary IP address (see Configuring the Device’s Secondary IP Address)
ip route
Configures the device’s default-gateway IP address (see Configuring a Default Gateway)
show ip
Displays the device IP address (see Displaying the Device IP Address)
show ip route
Displays the static and directly connected (via configured IP interfaces) routes (see Displaying Routes)
Configuring the Device’s Primary IP Address The ip address command configures the device’s primary (inband, sw0 interface) IP address. You must configure the device’s primary IP address to be able to connect the device via the inband (using Telnet, SSH, NTP, or SNMP). CLI Mode:
Global Configuration
Command Syntax device-name(config)#ip address A.B.C.D [/M | A2.B2.C2.D2]
Argument Description A.B.C.D
The device’s primary IP address
/M
(Optional) the IP address subnet-mask, in the range of
A2.B2.C2.D2
(Optional) the IP address subnet-mask, in an IP format
20.20.5.254/16
Example device-name(config)#ip address 100.1.2.3/16
Page 12 Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Configuring the Device’s Secondary IP Address The ip
address secondary command configures sw0 interface’s secondary IP address.
CLI Mode:
IP Interface Configuration
NOTE You have to configure the device’s primary IP address prior to configuring the secondary one, otherwise the following prompt is displayed on the terminal: % There is no primary address.
Command Syntax device-name(config-if sw0)#ip address A.B.C.D [/M | A2.B2.C2.D2] secondary device-name(config-if sw0)#no ip address A.B.C.D [/M | A2.B2.C2.D2] secondary
Argument Description A.B.C.D
The device’s secondary IP address
/M
(Optional) the IP address subnet-mask, in the range of
A2.B2.C2.D2
(Optional) the IP address subnet-mask, in an IP format
secondary
Specifies that this is a secondary IP address
no
Removes the secondary address (you cannot remove the primary IP address)
Example device-name(config)#interface sw0 device-name(config-if sw0)#ip address 100.1.2.3/16 secondary
Page 13 Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Configuring a Default Gateway The ip
route command configures the device’s default-gateway IP address.
CLI Mode:
Global Configuration
Command Syntax device-name(config)#[no] ip route A.B.C.D {/0 | 0.0.0.0} A2.B2.C2.D2
Argument Description A.B.C.D
The destination network IP-address
/0
The destination network subnet-mask (the only permitted destination subnet-mask is 0)
0.0.0.0
The destination network mask, in an IP format
A2.B2.C2.D2
The gateway IP address
no
Removes the specified destination network
Displaying the Device IP Address The show
ip command displays the device IP address.
CLI Mode:
Privileged (Enable)
Command Syntax device-name#show ip
Example device-name#show ip IP-ADDR : 100.1.2.3 NET-MASK : 255.255.0.0
Page 14 Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Displaying Routes The show ip route command displays the static and directly connected (via configured IP interfaces) routes. CLI Mode:
Privileged (Enable)
Command Syntax device-name#show ip route
Example device-name#show ip route Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, > - selected route, * - FIB route S>* K>* K>* C>* C>* C>* C>*
0.0.0.0/0 [1/0] via 10.4.10.1, outBand0 10.4.0.0/16 is directly connected, outBand0 10.4.4.225/32 is directly connected, outBand0 10.5.0.0/16 is directly connected, sw0 10.5.4.225/32 is directly connected, sw0 127.0.0.0/8 is directly connected, lo0 127.0.0.1/32 is directly connected, lo0
Page 15 Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Telnet Commands T-Marc 300 Series devices have an internal Telnet server and client: •
You can connec to the device with a Telnet client (up to five concurrent sessions)
•
You can connect to a remote host using the device’s internal Telnet client
Telnet Session Configuration Commands Table 3: Telnet Configuration Commands Command
Description
telnet
(In Privileged mode) initiates a Telnet connection to a remote host (see Connecting a Remote Host via a Telnet Client)
telnet
(In Global Configuration mode) enables/disables the local device’s Telnet server (see Enabling/Disabling the Device’s Telnet Server)
who
Displays information about currently logged on users. (see Displaying Current Telnet Connections)
session
Displays your current Telnet session-index to the device (see Displaying the Current Telnet-Session Index)
session kill
Terminates a specified Telnet/SSH session to the device (see Terminating a Telnet Connection)
Page 16 Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Connecting a Remote Host via a Telnet Client The telnet command initiates a Telnet connection to a specified remote host. For more information about the Telnet log output, refer to the Configuring System Logging chapter of this User Guide. CLI Mode:
Privileged (Enable)
Command Syntax device-name#telnet A.B.C.D []
Argument Description A.B.C.D
The remote host’s IP address
port-num
(Optional) specifies a port number for the service, in the range of port 23
Enabling/Disabling the Device’s Telnet Server The telnet command enables or disables the device’s internal Telnet server, allowing/disallowing remote PCs to access the device. CLI Mode:
Global Configuration
Command Syntax device-name(config)#telnet {start | stop}
Argument Description start
Enables the Telnet server, allowing remote hosts to connect the device via Telnet Telnet server is enabled
stop
Disables the Telnet server. Executing this command terminates any open Telnet connections immediately.
Page 17 Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Displaying Current Telnet Connections The who command displays information about Telnet clients that are currently logged on to the device. CLI Modes:
View and Privileged (Enable)
Command Syntax device-name>who device-name#who
Example device-name#who Codes: > - current session, * - configuring vty on console connected on console. >vty on telnet [1] connected from 10.2.71.137.
Displaying the Current Telnet-Session Index The session command displays your current Telnet session-index to the device. CLI Mode:
Privileged (Enable)
Command Syntax device-name#session
Example device-name#session your current session is: 2
Page 18 Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Terminating a Telnet Connection The session kill command terminates a specified Telent/SSH session to the device. Before executing the command, BiNOS checks if the session number is not the master session’s number (the VTY from which other sessions originate). If the result is negative, the command closes the specified session to the remote host. The CLI displays a notification in case the session terminates. CLI Mode:
Privileged (Enable)
Command Syntax device-name#session kill
Argument Description session-number
The Telnet session number, in the range of
Page 19 Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Virtual Terminal (VTY) VTY is a logical conneciton used for controlling inbound Telnet/SSH/console connections. BiNOS supports up to five concurrent VTY sessions (numbered VTY 1–5).
Switching Between VTY Sessions To switch between sessions initiated from the same VTY terminal type:
or
Example device-name#telnet 192.0.103.13 connecting to 192.0.103.13... current session is 4. ... device-name(config)# choose session to device to: the current session is 4 your sessions are 0 4 > 0 current session is 0.
Page 20 Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
The VTY Step by Step Configuration To configure VTY, follow the below steps: 12. Enter the VTY Configuration mode (see Accessing the VTY Configuration Mode). 13. Optional configurations: Configure the device name (see Configuring the Device Name) Configure the VTY connection timeout (see Defining the VTY Connection Timeout) Create access control lists (ACL) to restrict/filter Telnet and SSH connections to the device and apply them to VTY (see Creating ACLs for Restricting Telnet and SSH Access to the Device and Applying ACLs for Filtering Telnet/SSH Connections) Define the number of command lines displayed on the terminal screen (see Defining the Terminal Length) Enable advanced mode VTY (see Enabling the Advanced VTY Mode)
Page 21 Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
VTY Configuration Commands Table 4: VTY Configuration Commands Command
Description
line vty
Enters the VTY Configuration mode (see Accessing the VTY Configuration Mode)
hostname
Configures the device’s hostname (see Configuring the Device Name)
exec-timeout
Defines the VTY connection timeout (see Defining the VTY Connection Timeout)
access-list
Creates ACLs to restrict device management for specific IP addresses (see Creating ACLs for Restricting Telnet and SSH Access to the Device)
access-class
Filters Telnet and SSH connections to the device (see Applying ACLs for Filtering Telnet/SSH Connections)
terminal length
Defines the number of commands lines displayed on the terminal screen (see Defining the Terminal Length)
service terminal-length service advanced-vty
Enables the advanced VTY mode (see Enabling the Advanced VTY Mode)
show access-lists
Displays the applied VTY ACLs (see Displaying Applied ACLs)
Accessing the VTY Configuration Mode The line
vty command enters the VTY Configuration mode.
CLI Mode:
Global Configuration
Command Syntax device-name(config)#line vty device-name(config-vty)#
Page 22 Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Configuring the Device Name The hostname command specifies the name of the device (the name displayed at the prompt line). CLI Mode:
Global Configuration
Command Syntax device-name(config)#hostname HOSTNAME device-name(config)#no hostname
Argument Description An alphanumeric, case sensitive string of up to 30 characters (the string must follow ARPANET rules for host names)
HOSTNAME
T-Marc
no
Restores the default device name
Example device-name(config)#hostname Demarc1 Demarc1(config)#
Defining the VTY Connection Timeout The exec-timeout command defines the VTY connection timeout value. The VTY connection to the device is terminated, if the session is not active for this period of time. Executing this command without any arguments, displays the defined VTY connection-timeout. CLI Mode:
VTY Configuration
Command Syntax device-name(config-vty)#exec-timeout [ [] | unlimited] device-name(config-vty)#no exec-timeout
Argument Description minutes
(Optional) the timeout, in the range of minutes (setting a zero timeout means no timeout)
seconds
(Optional) the timeout value in the range of seconds
unlimited
(Optional) unlimited timeout value
no
Sets an unlimited timeout value
10 minutes
Page 23 Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Example device-name(config-vty)#exec-timeout 3 device-name(config-vty)#exec-timeout exec-timeout 3 min 0 sec
Creating ACLs for Restricting Telnet and SSH Access to the Device The access-list command creates ACLs to restrict the device management to specific IP addresses. For more information about ACLs, refer to the Configuring Access Control List (ACL) chapter of this User Guide. CLI Mode:
Global Configuration
Command Syntax device-name(config)#access-list {deny | permit} {any | SOURCE-MASK [exact-match]} device-name(config)#no access-list [deny | permit] [any | SOURCEMASK [exact-match]]
Argument Description ACL-NAME
The ACL name
deny
Denies access if conditions are matched
permit
Permits access if conditions are matched
any
The ACL is relevant to any source address
SOURCE-MASK
The management source mask-bits. You can specify the source mask in one of the below options:
•
An IP address format, place ones (1) in the bit positions that should be ignored
•
/M (the IP mask in the range of )
exact-match
(Optional) prefixes exact matching
no
Clears the specified ACL
Example device-name(config)#access-list batm1 deny 192.98.0.0/16 device-name(config)#access-list batm2 permit 192.0.0.0/8
Page 24 Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Applying ACLs for Filtering Telnet/SSH Connections The access-class command applies the defined ACLs (see above) to filter Telnet and SSH connections to the device. CLI Mode:
VTY Configuration
Command Syntax device-name(config-vty)#access-class ACL-NAME device-name(config-vty)#no access-class [ACL-NAME]
Argument Description ACL-NAME
Restricts the Telnet connections to the addresses specified in the ACL
no
Removes access restrictions. If you do not specify an ACL-NAME, this command removes all access classes
Defining the Terminal Length The terminal length command defines the number of command lines displayed on the terminal screen (applied to all VTY interfaces). CLI Mode:
View and Privileged (Enable)
You can also use the service terminal-length command to define the number of command lines. CLI Mode:
Global Configuration
Command Syntax device-name>terminal length device-name>no terminal length device-name#terminal length device-name#no terminal length device-name(config)#service terminal-length device-name(config)#no service terminal-length
Argument Description number-of-lines
The number of lines displayed, in the range of A value of zero removes the limit. 25 lines
no
Restores to default
Page 25 Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Enabling the Advanced VTY Mode The advanced VTY mode skips the CLI View mode when connecting to the device and moves directly to the Privileged mode The service
advanced-vty command enables advanced VTY mode.
To access the device View mode, type the disable command in Privileged mode. CLI Mode:
Global Configuration
Command Syntax device-name(config)#service advanced-vty device-name(config)#no service advanced-vty
Argument Description no
Disables the advanced VTY mode VTY mode is disabled
Example device-name(config)#service advanced-vty ... User Access Verification Password: device-name#
Displaying Applied ACLs The show
access-lists command displays the applied filtering ACLs.
CLI Mode:
Privileged (Enable)
Command Syntax device-name#show access-lists
Example device-name(config)#access-list batm1 deny 192.98.0.0/16 device-name(config)#access-list batm2 permit 192.0.0.0/8 device-name(config)#end device-name#show ip access-lists access-list batm1 deny 192.98.0.0/16 access-list batm2 permit 192.0.0.0/8
Page 26 Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Configuration Example The following example shows how to restrict Telnet connections to one IP address:
Figure 3: A Telnet Server Example
1.
Create an access list named Management to allow a Telnet connection only to management station 212.192.50.2: device-name(config)#access-list Management permit 212.192.50.2/32
2.
Enter the VTY Configuration mode: device-name(config)#line vty
3.
Apply access list Management to the VTY: device-name(config-vty)#access-class Management
4.
Set the VTY timeout to one hour: device-name(config-vty)#exec-timeout 60 device-name(config-vty)#end
5.
Display the current open sessions to the device: device-name#who Codes: > - current session, * - configuring vty on console connected on console. >vty on telnet [1] connected from 212.192.50.2.
Page 27 Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Creating a Login Banner/Message-of-the-Day (MOTD) The MOTD (or login banner) is the text appearing on the terminal when initiating a Telnet session or console connection to the device. The MOTD is displayed before the User Access Verification and is useful for displaying messages that affect all network users (such as impending a system shutdown).
MOTD Configuration Commands NOTE These commands take effect only after reloading the device.
Table 5: MOTD Commands Command
Description
banner motd default
Enables the default MOTD string display (see Enabling/Disabling the Default-MOTD)
banner set
Enters a specified string to a single-line MOTD (see Configuring a Single-line MOTD)
banner set multiline
Enters a specified string to multi-line MOTD (see Configuring a Multi-line MOTD)
Enabling/Disabling the Default-MOTD Display The banner
motd default command enables the default MOTD “Hello, this is OS CLI”..
CLI Mode:
Global Configuration
Command Syntax device-name(config)#banner motd default device-name(config)#no banner
Argument Description no
Disables the default banner MOTD is disabled
Page 28 Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Example device-name(config)#banner motd default device-name(config)#end device-name#write Building the configuration … Configuration is successfully written to NVRAM device-name#reload no-save ... Hello, this is OS CLI User Access Verification Password:
Configuring a Single-line MOTD The banner
set command configures a user-defined single-line MOTD.
CLI Mode:
Global Configuration
Command Syntax device-name(config)#banner set MOTD-STRING device-name(config)#no banner
Argument Description MOTD-STRING
An alphanumeric string of up to 1024 characters, including blank spaces and other characters except for a question mark (?)
no
Removes the configured MOTD
Example device-name(config)#banner set DO NOT CHANGE CONFIGURATION WITHOUT NOTICING THE SYSADMIN! device-name(config)#end device-name#write Building the configuration ... Configuration is successfully written to NVRAM device-name#reload no-save ... DO NOT CHANGE CONFIGURATION WITHOUT NOTICING THE SYSADMIN! User Access Verification Password:
Page 29 Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Configuring a Multi-line MOTD The banner set multiline command configures a user-defined multi-line MOTD. End the multi-line MOTD with the caret (^) character. CLI Mode:
Global Configuration
Command Syntax device-name(config)#banner set multiline > MOTD-STRING device-name(config)#no banner
Argument Description > MOTD-STRING
An alphanumeric string of up to 1024 characters, including blank spaces and other characters except for a question mark (?). Type the caret (^) character on the last line to end the multi-line MOTD.
no
Removes the banner
Example device-name(config)#banner set multiline % Enter a multiline text. Finish with '^' string at the beginning of a row >this is >multi-line >text ^ device-name(config)#end device-name#write Building the configuration ... Configuration is successfully written to NVRAM device-name#reload no-save ... this is multi-line text
Page 30 Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Saving and Displaying the Device Configuration The device configuration is stored in the start-up configuration in NVRAM. Any configuration changes are stored first on the running configuraiton, in RAM. These changes are erased when the device shuts down. To save these configuration changes, you have to save these changes in the startup configuration.
Saving, Erasing, and Displaying Configuration Commands Table 6: Saving, Erasing, and Displaying the Device Configuration Commands Command
Description
write memory
Saves the running configuration to the NVRAM (see Saving the Device’s Running Configuration)
write erase
Restoring the device configuration to factory defaults, erasing the configuration stored on the NVRAM (see Restoring Factory Defaults’ Configuration)
write terminal
Displays the current running configuration information (see Displaying the Device’s Running Configuration)
show runningconfig show startupconfig
Displays the startup configuration (see Displaying the Device’s Start-up Configuration)
Saving the Device’s Running Configuration The write and write memory commands save the running configuration to the startup configuration (NVRAM). These commands are equivalent to the copy running-config the Device Administration chapter of this User Guide). CLI Mode:
startup-config command (see
Privileged (Enable)
Command Syntax device-name#write [memory]
Page 31 Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Restoring Factory Defaults’ Configuration The write erase command erases the device startup configuration and restores the device to factory defaults. This command is like the reload-to-default command (see Reloading the Device), however it does not reset the device. CLI Mode:
Privileged (Enable)
Command Syntax device-name#write erase
Displaying the Device’s Running Configuration The write terminal and the show running-config commands display the delta between the deivce’s running configuration and factory default-values. Use the relevant command argument to view the Running Configuration for a specific feature. CLI Mode:
Privileged (Enable)
Command Syntax device-name#write terminal device-name#show running-config [acl | cfm | dns | fpga | igmp | lag | log | monitor-session | oam | port | protocol | ptp | qos | rmon | rtr | saa | snmp | super-vlan | sw-watchdog | switch-monitoring | time-server | vlan]
Example 1 device-name#write terminal Building the configuration ... ! Current Configuration: ! ! T-Marc 380 ! password 3090372e3f8bc00eeacc46219f7557485983251a994551f918e04712f86c5818 ip address 3.0.0.1 255.0.0.0 .
Example 3 device-name#show running-config port Building the configuration ... ! Port Configuration: ! interface 1/1/1 ! interface 1/1/2 ! interface 1/2/1
Page 32 Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
! interface ! interface ! interface ! interface ! interface ! interface ! interface
1/2/2 1/2/3 1/2/4 1/2/5 1/2/6 1/2/7 1/2/8
...
Displaying the Device’s Start-up Configuration The show
startup-config command displays the device’s startup configuration.
CLI Mode:
Privileged (Enable)
Command Syntax device-name#show startup-config
Page 33 Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Reloading the Device When reloading (restarting/rebooting) the device, you can select one of the below options: •
Reload the device, with or without saving the running configuration
•
Reload the device with factory-default configuration
The reload command ceases the device’s operation and reloads it. NOTE The device’s running configuration stored on the device RAM is erased upon the device reload, unless you save it to the device’s startup configuration. To save the running configuration, refer to Saving the Device’s Running Configuration. CLI Mode:
Privileged (Enable)
Command Syntax device-name#reload [save | no-save | to-defaults]
Argument Description save
(Optional) saves the running configuration to NVRAM and reloads the device save
no-save
(Optional) does not save the running configuration to NVRAM and reloads the device
to-defaults
(Optional) reloads the device and resets the device configuration to its factory defaults
Example 1
Saving the running configuration and reloading the device (the save keyword is optional): device-name#reload save save current configuration and reboot the switch ? [y/n]: y Rebooting ...
Example 2
Reloading the device without saving the running configuration: device-name#reload no-save Proceed with reload ? [y/n] : y Rebooting ...
Page 34 Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Supported Platforms Features
T-Marc 340
T-Marc 380
Accessing the Device using Telnet
+
+
VTY (Virtual Telnet Type) Commands
+
+
Configuring ACLs
+
+
Creating a Banner
+
+
Saving and Displaying the Device Configuration
+
+
How to Reload the Device
+
+
Supported Standards, MIBs and RFCs Features
Standards
MIBs
RFCs
Accessing the Device using Telnet
No standards are supported by this feature.
No MIBs are supported by this feature.
RFC 854, Telnet Protocol Specification
VTY (Virtual Telnet Type) Commands
No standards are supported by this feature.
No MIBs are supported by this feature.
RFC 791, Internet Protocol DARPA Internet Program Protocol Specifications
Configuring ACLs
No standards are supported by this feature.
Private MIB, prvt_switch_access_li st.mib
No RFCs are supported by this feature.
Creating a Banner
No standards are supported by this feature.
No MIBs are supported by this feature.
RFC 791, Internet Protocol DARPA Internet Program Protocol Specifications
Saving and Displaying the Device Configuration
No standards are supported by this feature.
No MIBs are supported by this feature.
RFC 1350, The TFTP Protocol (Revision 2)
How to Reload the Device
No standards are supported by this feature.
No MIBs are supported by this feature.
RFC 1350, The TFTP Protocol (Revision 2)
Page 35 Device Setup and Maintenance (Rev. 09)
Device Administration Table of Figures ······················································································ 3 Features Included in this Chapter ································································ 4 MAC Address Table (FDB) ········································································ 5 Overview ·························································································· 5 The MAC Address Table Default Configuration ·············································· 7 The MAC Address Table Step by Step Configuration ········································ 7 The MAC Address Table Configuration Commands ········································· 8 ARP Table ····························································································21 Overview ·························································································21 Configuring the ARP Table·····································································21 Script Files System ··················································································23 Overview ·························································································23 The Script Files System Default Configuration ···············································23 The Script Files System Configuration Commands ··········································24 File System ···························································································33 Overview ·························································································33 The File System Default Folders ·······························································33 The File System Commands ····································································34 Modifying the Default Configuration ···························································41 Default Configuration Commands·····························································41 Zero-Touch Configuration ········································································44 Overview ·························································································44 Zero-touch Configuration Default Configuration ············································44 Zero-touch Configuration Commands ························································45 Software Upgrade and Boot Options ····························································50 Preparing to Download a BiNOS Software Image Using TFTP/FTP Connection·······50 Downloading the BiNOS Software Image ····················································51 Commands for Upgrading Software Images ··················································52
Page 1 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Downloading and Uploading Configuration Files ············································60 Boot Loader ··························································································66 Overview ·························································································66 The Device Loader's Default Configuration ··················································67 The Loader Commands ·········································································67 Configuration Example ·········································································81 System Time and Date ·············································································82 Daytime Protocol ················································································82 Time Protocol····················································································82 Summer Time (Daylight saving time) ··························································82 Network Time Protocol·········································································83 1588v2 Precision Time Protocol (PTP) ·······················································83 System Time and Date Default Configuration················································83 1588v2 PTP Default Configuration····························································83 System Time and Date Configuration Flow···················································85 System Time and Date Configuration Commands ···········································86 Configuration Example ·········································································95 1588v2 PTP Configuration Flow·······························································96 1588v2 PTP Configuration Commands ·······················································97 Configuration Example ······································································· 104 DHCP Client······················································································· 105 Overview ······················································································· 105 When Should Clients Use DHCP ···························································· 106 The DHCP Client Default Configuration ··················································· 107 The DHCP Client Configuration Flow ······················································ 107 DHCP Client Configuration Commands···················································· 108 Controlling the Packet Rate······································································112 Overview ······················································································· 112 Packet-Rate Thresholds' Default Configuration ············································ 113 The Packet-Rate Thresholds' Commands ··················································· 113 Control Plane Priority per Protocol ·····························································116 Supported Platforms ···············································································117 Supported Standards, MIBs and RFCs ························································117
Page 2 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Table of Figures Figure 1: Obtaining an IP Address from a DHCP Server ································· 106 Figure 2: Rate Limit Mechanism ····························································· 112
Page 3 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Features Included in this Chapter This chapter describes how to perform operations to administer your T-Marc 300 Series devices. This chapter consists of these sections: •
MAC Address Table (FDB) The MAC address table contains address information that the device uses to forward traffic between ports. The T-Marc 300 Series devices maintain a database of MAC addresses; both manually configured (static) and dynamically learned entries. During troubleshooting, it may be helpful to investigate the entries in the MAC address table.
•
ARP Table ARP table is another table that is supported on your device. It provides IP communication within a Layer 2 broadcast domain by mapping an IP address to a MAC address.
•
Zero-Touch Configuration Zero configuration networking allows inexpert users to connect network devices and expect a functioning network to be established automatically.
•
Script Files System, File System, Software Upgrade and Boot Options, Boot Loader, and Modifying the Default Configuration These sections describe some fundamental tasks you perform to maintain the configuration files and system images used by your T-Marc 300 Series devices.
•
System Time and Date You can manage the system time and date on your device using automatic configuration, such as the Network Time Protocol (NTP), or manual configuration methods. NTP allows the synchronization of device clocks over TCP/IP networks. Having a common view of time on the network makes many things easier, from correlating log files from different devices to keeping file timestamps consistent.
•
DHCP Client The main advantage of dynamically assigning IP addresses using Dynamic Host Configuration Protocol (DHCP) is that it allows such addresses to be reused, thereby greatly increasing the total number of devices that can use the Internet.
•
Controlling the Packet Rate The ability to control the CPU resource allows you to protect the device from denial-ofservice attacks and to prevent excessive traffic to the CPU.
Page 4 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
MAC Address Table (FDB) Overview The MAC (Media Access Control) address is the unique hardware number that identifies the computer on a local area network (LAN) or other network. MAC addresses are 12-digit hexadecimal numbers (48 bits in length) in the following format: MM:MM:MM:SS:SS:SS
Whereas MAC addressing works at the data link layer (layer 2), IP addressing functions at the network layer (layer 3). MAC addresses are also known as hardware or physical addresses. The MAC Address table holds the source MAC address, VLAN ID, MAC address priority and port number.
MAC Address Table Entry Types The following entry types can exist in the MAC address table: •
Dynamic entries—to learn a dynamic entry, the device examines packets to determine the source MAC address, VLAN, and port information. Initially, all entries in the database are dynamic, except for certain entries created by the device.
•
Dynamic entries are flushed and updated when any of the following occurs: A VLAN is removed A VLAN ID is changed A port mode is changed (tagged/untagged) A port is removed from a VLAN A port is disabled A port QoS setting is changed A port goes down
A new dynamic entry is created when the device identifies a source MAC address that does not yet have an entry in the MAC address table. Dynamic entries are deleted from the database if the device is reset or a power off/on occurs.
•
Static entries—permanent entries are retained in the database if the device is reset or a power off/on cycle occurs. A permanent entry can either be a unicast or multicast MAC address. These entries are created through the CLI.
•
Secure entries—a secure entry is configured to a secured port to allow only secured MAC address to be learned by this port.
•
Self entries—a self entry is automatically created by the device software for various reasons.
•
Filtered entries—a filtered entry can be created in two ways. One way is to configure filter entry statically for blocking the traffic from and to specific MAC address on the device. The second way is to use the Port/VLAN Security or the Port Limit feature. The MAC addresses in the filtered entries are the MAC addresses that caused security violation.
Page 5 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
•
Multicast entries—Multicast entries are multicast MAC addresses that were created dynamically by multicast protocol. The multicast entry is removed via the mac-address-table command, multicast entries are added via the ip igmp snooping dynamic/static command. For more information refer to the Configuring Multicast Layer 2 chapter of this User Guide. NOTE Only the dynamic MAC addresses age out. You can remove MAC addresses (except Self) from the MAC Address table by using one of the clear mac-address-table commands.
Adding Entries to a MAC Address Table Entries can be added to the MAC address table in the following two ways: •
The device can learn entries by examining packets it receives. The system updates its MAC Address table with the source MAC address from a packet, the VLAN, and the port identifier on which the source packet is received. You can also limit the number of addresses that can be learned on a port, or you can shut down the current port and prevent additional MAC address learning.
•
You can enter and update entries using the command-line interface (CLI).
Page 6 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
The MAC Address Table Default Configuration Table 1: MAC Address Table Default Configuration Feature
Default Value
MAC address aging time
300 seconds
New MAC address learning
Enabled
Displaying the learned MAC addresses
Enabled
The MAC Address Table Step by Step Configuration 1.
Add a static, dynamic or secure entry to the MAC address table (see Adding a New Entry) or
2.
Add a filtered entry to the MAC address table (see Adding a Filtered Entry)
3.
Optional configurations: Configure the MAC address table aging time (see Configuring the MAC Address Table Aging Time) Configure learning of new MAC addresses globally (see Configuring MAC Addresses Learning Globally) Configure learning of new MAC addresses on a port (see Configuring MAC Addresses Learning per Port)
4.
Delete a specific entry from the MAC address table (see Clearing a MAC Address Table)
5.
Display entries from the MAC address table (see Displaying MAC Address Table Entries)
Page 7 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
The MAC Address Table Configuration Commands Table 2: MAC Address Table Commands Command
Description
mac-address-table
Adds a static, dynamic or secure entry to the MAC address table (see Adding a New Entry)
mac-address-table filtered
Adds a filtered entry to the MAC address table (see Adding a Filtered Entry)
Table 3: MAC Address Table Optional Commands Command
Description
mac-address-table agingtime
Configures the MAC address table aging time (see Configuring the MAC Address Table Aging Time)
learning new-address
Configures learning of new MAC addresses globally (see Configuring MAC Addresses Learning Globally)
port learning new-address
Enables/disables learning of new MAC addresses on a port (see Configuring MAC Addresses Learning per Port)
Table 4: Clear MAC Address Table Commands Command
Description
clear mac-address-table
Clears a specific entry from the MAC address table (see Clearing a MAC Address Table)
no mac-address-table
Table 5: MAC Address Table Display Commands Command
Description
show mac-address-table
Displays the MAC address table contents (see Displaying MAC Address Table Entries)
mac-address-table learningdisplay
Enables/disables displaying the MAC addresses, learned on a specific list of interfaces or on a list of VLANs (see Displaying/Hiding MAC Addresses)
show mac-address-table aging-time
Displays the MAC address table aging time (see Displaying the MAC Address Table Aging Time)
show mac-address-table hash-depth
Displays the length of the MAC address table hash chain (see Displaying the Length of the MAC Address Hash Chain)
Page 8 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Adding a New Entry The mac-address-table command adds a static, dynamic or secure entry to the MAC address table. CLI Mode:
Global Configuration
Command Syntax device-name(config)#mac-address-table {static | dynamic | secure} HH:HH:HH:HH:HH:HH interface {UU/SS/PP | ag0N} vlan device-name(config)#no mac-address-table {static | dynamic | secure} HH:HH:HH:HH:HH:HH [interface {UU/SS/PP | ag0N} | vlan ] device-name(config)#mac-address-table {static | dynamic | secure} HH:HH:HH:HH:HH:HH {service [sap SAPSTRING | sdp SDPSTRING] [interface UU/SS/PP vlan [priority ]} device-name(config)#no mac-address-table {static | dynamic | secure} HH:HH:HH:HH:HH:HH [service [sap SAPSTRING | sdp SDPSTRING]] [vlan ] [interface UU/SS/PP]
Argument Description static
Adds a static entry.
dynamic
Adds a dynamic entry.
secure
Adds a secure entry for the secured port feature.
HH:HH:HH:HH:HH:HH
Destination MAC address to be added to the MAC Address table. Packets with this destination address received on a specific VLAN are forwarded to the specified interface.
UU/SS/PP
Port to which the received packets are forwarded.
ag0N
The link aggregation ID (ag01, ag04–ag07). The allowed ID is in the range of .
vlan
Specifies a VLAN for which the packet with the desired MAC address is received. The VLAN ID is in the range .
service
The service unique service identifier, in the range .
sap SAPSTRING
The SAPSTRING has the forms:
•
UU/SS/PP:CVLANID:—use it if you configure the SAP on a port
•
AG0N:CVLANID:—use it if you configure the SAP on a link aggregation The C-VLAN ID is in the range of
Page 9 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
sdp SDPSTRING
The SDPSTRING has the forms:
•
UU/SS/PP:SVLANID:—use it if you configure the SDP on a port
•
AG0N:SVLANID:—use it if you configure the SDP on a link aggregation The S-VLAN ID is in the range of priority
(Optional) specifies the priority range
no
Removes entries from the MAC address table.
Adding a Filtered Entry The mac-address-table CLI Mode:
filtered command adds a filtered entry to the MAC address table.
Global Configuration
The filtered entry in the MAC address table is known as dangerous. This entry is denied as source and as destination for each incoming and outgoing packet on the specified VLAN. Command Syntax device-name(config)#mac-address-table filtered HH:HH:HH:HH:HH:HH vlan device-name(config)#no mac-address-table filtered HH:HH:HH:HH:HH:HH [interface UU/SS/PP | vlan ]
Argument Description HH:HH:HH:HH:HH:HH
Destination MAC address to be filtered. Packets with this destination address received on the specified VLAN are filtered.
vlan
Specifies the VLAN for which the packet with the specified MAC address is filtered. The valid range is .
UU/SS/PP
The interface's unit/slot/port.
no
Removes entries from the MAC address table.
Example device-name(config)#mac-address-table filtered 00:A0:12:02:03:04 vlan 2496
Page 10 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Configuring the MAC Address Table Aging Time The mac-address-table aging-time command configures the length of time that a dynamic entry can remain in the MAC address table from the time the entry was used or last updated. CLI Mode:
Global Configuration
NOTE The actual aging time period of the MAC address table may be any time period between the specified value and twice the specified value.
By default, the aging-time value is 300 seconds. Command Syntax device-name(config)#mac-address-table aging-time device-name(config)#no mac-address-table aging-time
Argument Description time
Specifies how many seconds the address of a learned device remains on the list of stations connected to your device. The address is removed from the list of stations if no frame is received from that device during the aging time interval. If the value assigned to the aging time is too short, this may increase the amount of packets received by the device with unknown destinations and cause the device to flood such packets to all ports in the VLAN. If the value assigned to the aging time is too long, the MAC Address table may be loaded with addresses that are no longer in use. MAC address table aging time is in the range seconds.
no
Restores to default
Example
The following example sets the MAC Address aging time to 1500 seconds (25 minutes): device-name(config)#mac-address-table aging-time 1500
Page 11 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Configuring MAC Addresses Learning Globally The learning CLI Mode:
new-address command configures learning of new MAC addresses globally.
Global Configuration
By default, the learning is enabled. NOTE When learning new-address is disabled per port or globally, the following features will not work correctly: • •
Port limit Port security
Command Syntax device-name(config)#learning new-address {enable | disable}
Argument Description enable
Enables new MAC address learning.
disable
Disables new MAC address learning. When learning is disabled, no new MAC addresses will be learned in the MAC address table and the unicast traffic will be flooded to all the relevant ports (depending on the VLAN configuration).
Configuring MAC Addresses Learning per Port The port port.
learning new-address command enables/disables learning new MAC addresses on a
CLI Mode:
Interface Configuration, Range Interface Configuration, LAG Range Interface Configuration, and LAG Interface Configuration
When MAC address learning is disabled, no new MAC addresses are learned in the MAC address table on the selected port. The unicast traffic that is destined to devices connected to this port is flooded to the relevant ports. By default, the learning is enabled. NOTE For the port limit feature to function correctly, enable first learning new-address per port or globally.
Page 12 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax device-name(config-if UU/SS/PP)#port learning new-address {enable | disable} device-name(config-if-group)#port learning new-address {enable | disable} device-name(config-ag-group)#port learning new-address {enable | disable} device-name(config-if AG0N)#port learning new-address {enable | disable}
Argument Description enable
Enables the MAC address learning.
disable
Disables the MAC address learning.
Example 1 device-name(config)#interface range 1/1/1 device-name(config-if-group)#port learning new-address enable
Example 2 device-name(config)#interface range ag01 device-name(config-ag-group)#port learning new-address disable
Clearing a MAC Address Table Entry Clear a specific MAC address entry on a particular port, or on a particular VLAN from the MAC address table with: •
clear mac-address-table command
CLI Mode:
•
Privileged (Enable)
no mac-address-table command
CLI Mode:
Global Configuration
Command Syntax device-name#clear mac-address-table [dynamic | filtered | secure | static] service [sap SAPSTRING | sdp SDPSTRING] device-name#clear mac-address-table [[dynamic | filtered | secure | static] [address HH:HH:HH:HH:HH:HH] [vlan ] [interface UU/SS/PP]] device-name#clear mac-address-table multicast [address HH:HH:HH:HH:HH:HH] [vlan ] device-name(config)#no mac-address-table {dynamic | filtered | secure | static | multicast} address HH:HH:HH:HH:HH:HH [service [sap SAPSTRING | sdp SDPSTRING]] [vlan ][interface UU/SS/PP]
Page 13 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Argument Description dynamic
(Optional). Only dynamic MAC address(es) are cleared.
filtered
(Optional). Only filtered MAC address(es) are cleared.
secure
(Optional). Only secure MAC address(es) are cleared.
static
(Optional). Only static MAC address(es) are cleared.
multicast
Only multicast MAC address(es) are cleared.
address HH:HH:HH:HH:HH:HH
(Optional in the clear mac-address-table command). MAC address to be cleared, if it complies with all other specified arguments.
interface UU/SS/PP
(Optional). Removes the MAC address(es) on the specified interface.
vlan
(Optional). Removes the MAC address(es) on the specified VLAN. The VLAN ID is in the range .
service
The service unique service identifier, in the range .
sap SAPSTRING
The SAPSTRING has the forms:
•
UU/SS/PP:CVLANID: —use it if you configured the SAP on a port
•
ag0N:CVLANID:—use it if you configured the SAP on a link aggregation The C-VLAN ID is in the range of . sdp SDPSTRING
The SDPSTRING has the forms:
•
UU/SS/PP:SVLANID:—use it if you configured the SDP on a port
•
ag0N:SVLANID:—use it if you configured the SDP on a link aggregation The S-VLAN ID is in the range of .
NOTE If you do not specify an argument, all MAC addresses are removed (except for the self entries).
Page 14 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Displaying MAC Address Table Entries The show
mac-address-table command displays the MAC address table contents.
CLI Mode:
Privileged (Enable)
Command Syntax device-name#show mac-address-table [dynamic | filtered | multicast | secure | static | self] [address HH:HH:HH:HH:HH:HH] [vlan ] [interface UU/SS/PP] device-name#show mac-address-table service [sap SAPSTRING | sdp SDPSTRING] device-name#show mac-address-table count [vlan interface UU/SS/PP | interface UU/SS/PP] device-name#show mac-address-table count [address HH:HH:HH:HH:HH:HH] [service [sap SAPSTRING | sdp SDPSTRING]] [interface UU/SS/PP] [vlan ]
Argument Description dynamic
(Optional) information is displayed only about the dynamic MAC address(es).
filtered
(Optional) information is displayed only about the filtered MAC address(es).
multicast
(Optional) information is displayed only about the multicast MAC address(es).
secure
(Optional) information is displayed only about the secure MAC address(es).
static
(Optional) information is displayed only about the static MAC address(es).
self
(Optional) information is displayed only about the device MAC address.
count
Displays the number of MAC addresses in the MAC address table.
service
The service unique service identifier, in the range .
sap SAPSTRING
The SAPSTRING has the forms:
•
UU/SS/PP:CVLANID: —use it if you configured the SAP on a port
•
ag0N:CVLANID:—use it if you configured the SAP on a link aggregation The C-VLAN ID is in the range of .
Page 15 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
sdp SDPSTRING
The SDPSTRING has the forms:
•
UU/SS/PP:SVLANID:—use it if you configured the SDP on a port
•
ag0N:SVLANID:—use it if you configured the SDP on a link aggregation The S-VLAN ID is in the range of . address HH:HH:HH:HH:HH:HH
(Optional in the show mac-address-table command) information is displayed about the specified MAC address, if it complies with all other specified arguments.
vlan
(Optional) displays the MAC address(es) on the specified VLAN. The VLAN ID is in the range . You can create a maximum of 255 VLANs in this range.
interface UU/SS/PP
(Optional) displays the MAC address(es) on the specified interface.
NOTE If you do not specify any argument, the show mac-address-table command displays the entire MAC address table. Example
Display the entire MAC address table: device-name#show mac-address-table ===+=======+===================+========+================+==========| # | VID | Mac | PORT | STATUS | PRIORITY | ---+-------+-------------------+--------+----------------+----------+ 1 | 0001 | 00:00:00:00:11:22 | 1/1/1 | static | 0 | 2 | 0001 | 00:40:95:30:0e:8f | 1/1/2 | dynamic | 0 | 3 | 0001 | 00:A0:12:05:36:80 | | self | 0 | 4 | 0001 | 01:00:5e:11:22:33 | | multicast | 0 | 5 | 0001 | 01:00:5e:11:22:44 | | multicast | 0 | 6 | 0001 | 01:00:5e:11:22:55 | | multicast | 0 |
Displaying/Hiding MAC Addresses The mac-address-table learning-display command enables/disables displaying the MAC addresses, learned on a specific list of interfaces or on a list of VLANs. CLI Mode:
Global Configuration
By default, displaying the learned MAC addresses is enabled. Command Syntax device-name(config)#mac-address-table learning-display interfaces PORT LIST device-name(config)#no mac-address-table learning-display interfaces PORT LIST device-name(config)#mac-address-table learning-display vlan VLAN LIST device-name(config)#no mac-address-table learning-display vlan VLAN LIST device-name(config)#mac-address-table learning-display interface UU/SS/PP vlan
Page 16 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
device-name(config)#no mac-address-table learning-display interface UU/SS/PP vlan
Argument Description vlan VLAN LIST
List of source VLAN IDs. Use commas as separators and hyphens to indicate sub-ranges (e.g. 2–4,8). The VLAN IDs are in the range .
interface PORT LIST
Port list, in the form u[[/s[/p]]][-u[[/s[/p]]][,u[[/s[/p]]]]], etc. Use commas as separators and hyphens to indicate sub-ranges (for example, 1/1/1,1/2/1–1/2/3). Blank spaces are not allowed.
vlan
Specifies the VLAN for which enables or disables displaying the learned MAC addresses. The VLAN ID is in the range .
interface UU/SS/PP
Specifies the interface for which enables or disables displaying the learned MAC addresses.
no
Hides the MAC addresses that are learned on the selected interfaces or VLAN.
Example 1
The following example shows the command that hides the MAC addresses that are learned on interface 1/1/1: device-name#show mac-address-table ===+========+====================+==========+===========+========== # | VID | Mac | PORT | STATUS | PRIORITY| ---+--------+--------------------+----------+-----------+---------+ 1 | 0001 | 00:80:00:00:03:01 | 1/1/1 | dynamic | 0 | 2 | 0001 | 00:80:1e:15:60:76 | 1/1/1 | dynamic | 0 | 3 | 0001 | 00:A0:12:00:00:02 | | self | 0 | 4 | 0010 | 00:A0:12:00:00:02 | | self | 0 |
device-name(config)#no mac-address-table learning-display interface 1/1/1 device-name(config)#exit device-name#show mac-address-table ===+========+======================+========+=========+=========== # | VID | Mac | PORT | STATUS | PRIORITY | ---+--------+----------------------+--------+---------+----------+ 1 | 0001 | 00:A0:12:00:00:02 | | self | 0 | 2 | 0010 | 00:A0:12:00:00:02 | | self | 0 |
Page 17 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Example 2
The following example shows the command that hides the MAC addresses that are learned on VLANs 1 to 9: device-name#show mac-address-table ===+========+======================+========+===========+=========== # | VID | Mac | PORT | STATUS | PRIORITY | ---+--------+----------------------+--------+-----------+----------+ 1 | 0001 | 00:80:00:00:03:01 | 1/1/1 | dynamic | 0 | 2 | 0001 | 00:80:1e:15:60:76 | 1/1/1 | dynamic | 0 | 3 | 0001 | 00:A0:12:00:00:02 | | self | 0 | 4 | 0010 | 00:A0:12:00:00:02 | | self | 0 |
device-name(config)#no mac-address-table learning-display vlan 1-9 device-name(config)#exit device-name#show mac-address-table ===+========+=====================+=========+===========+=========== # | VID | Mac | PORT | STATUS | PRIORITY | ---+--------+---------------------+---------+-----------+----------+ 1 | 0001 | 00:A0:12:00:00:02 | | self | 0 | 2 | 0010 | 00:A0:12:00:00:02 | | self | 0 |
Example 3
The following example enables displaying the MAC addresses that are learned on VLANs 1 to 9: device-name(config)#mac-address-table learning-display vlan 1-9 device-name(config)#exit device-name#show mac-address-table ===+========+======================+=========+==========+=========== # | VID | Mac | PORT | STATUS | PRIORITY | ---+--------+----------------------+---------+----------+----------+ 1 | 0001 | 00:80:00:00:03:01 | 1/1/1 | dynamic | 0 | 2 | 0001 | 00:80:1e:15:60:76 | 1/1/1 | dynamic | 0 | 3 | 0001 | 00:A0:12:00:00:02 | | self | 0 | 4 | 0010 | 00:A0:12:00:00:02 | | self | 0 |
Page 18 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Displaying the Length of the MAC Address Hash Chain The show mac-address-table table hash chain.
hash-depth command displays the length of the MAC address
The length of the MAC address table hash database should be set according to the MAC addresses available in the network. If the MAC address numbers are randomly distributed, it is recommended to use the default value. CLI Mode:
Privileged (Enable) and Global Configuration
Command Syntax device-name#show mac-address-table hash-depth device-name(config)#mac-address-table hash-depth device-name(config)#no mac-address-table hash-depth
Argument Description value
The maximum lookup hash chain length in the range . Only even values are allowed.
no
Sets default value of the MAC address table hash chain.
Example device-name#show mac-address-table hash-depth Max hash chain length is 14
Displaying the MAC Address Table Aging Time The show time.
mac-address-table aging-time command displays the MAC address table aging
CLI Mode:
Privileged (Enable)
Command Syntax device-name#show mac-address-table aging-time
Example 1
The following example shows how to display the currently configured aging time: device-name#show mac-address-table aging-time aging time is 1500 seconds
Example 2
The following example shows how to display the currently configured no aging time: device-name#show mac-address-table aging-time
Page 19 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
aging is off
Page 20 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
ARP Table Overview ARP table provides mapping between the IP address and the MAC address of the device. It is built dynamically. ===+==================+=================+========+========+=========+ # | IP Address | MAC |Age(min)| if | Type | ---+------------------+-----------------+--------+--------+---------+ 0 | 10.0.0.10 |00:00:00:00:00:10| 1 | sw0 | Static |
When you want to send a packet to a local host, the software looks the IP in the ARP cache. After finding the IP address, the software gets the MAC address, constructs an Ethernet header with the correct source/destination MAC addresses, and sends it. If the MAC address is not found for a specific IP, the device broadcasts an ARP request to every host on Ethernet in order to learn it.
Configuring the ARP Table Table 6: ARP Table Commands Command
Description
clear ip arp
Clears dynamic and static entries learned in the ARP table (see Clearing the ARP Table)
show ip arp
Displays IP addresses learned by ARP packets (see Displaying the ARP Table)
Clearing the ARP Table The clear
ip arp command clears entries from the ARP cache.
CLI Mode:
Privileged (Enable)
Command Syntax device-name#clear ip arp [dynamic | static]
Argument Description dynamic
(Optional) clears only dynamic learned entries in the ARP table.
static
(Optional) clears only the static learned entries in the ARP table.
Page 21 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Displaying the ARP Table The show
ip arp command displays the ARP cache.
CLI Mode:
Privileged (Enable)
NOTE You can store static MAC entries if implementing a static CPU cache when using the ip arp command. BiNOS first looks up in this static CPU cache before looking up in the cache containing dynamic MAC entries. Command Syntax device-name#show ip arp
Example device-name#show ip arp ===+==================+=================+========+========+=========+ # | IP Address | MAC |Age(min)| if | Type | ---+------------------+-----------------+--------+--------+---------+ 0 | 10.0.0.10 |00:00:00:00:00:10| 2 | sw0 | Dynamic|
Page 22 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Script Files System Overview A script file is a text file that includes a sequence of configuration CLI commands. The script files can be downloaded from the TFTP server, uploaded to the TFTP server, deleted, renamed or executed. The contents of the script file can also be viewed. There also is the capability to store running and startup configurations of the device into the file system. When you run a script file, the current running configuration of the device is merged with the new settings that are configured by the script file. Every file in the script-file system has a unique name of maximum 32 characters without blank spaces. You can perform the following actions with script files: •
Download script files from the TFTP server
•
Upload script files to the TFTP server
•
Remove script files from the file system
•
Rename script files
•
Run script files
•
View the contents of script files
The Script Files System Default Configuration Table 7: Script File System Default Configuration Feature
Default Value
Startup configuration name
startup_config
Running configuration name
running_config
Page 23 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
The Script Files System Configuration Commands Table 8: Script File System Commands Command
Description
script-file-system
Accesses the Script-file-system Configuration mode (see Script-file-system Configuration Mode)
copy running-config
Copies the running configuration into the script-file system (see Copying the Running Configuration)
copy startup-config
Copies the startup configuration into the script-file system (see Copying the Startup Configuration)
copy
Copies a file (see Copying a File)
run
Executes CLI commands contained in the specified script file (as a batch file) (see Executing a Script File)
attrib
Specifies file attributes (see Configuring File Attributes)
rename
Renames a specific script file (see Renaming a Script File)
move
Removes a file from its current location and places it at a new location (see Moving a File)
Table 9: Commands for Removing Script-File System Files Command
Description
del
Removes a specific file from the file system (see Deleting a Specific File from the Script-file System)
Table 10: Script File System Display Commands Command
Description
display
Displays the textual contents of the specified script file (see Displaying Script File Textual Contents)
dir
Displays the names and lengths of all script files stored in the file system (see Displaying the Script-file Name and Length)
show script-filesystem
Displays the names and lengths of all script files stored in the file system (see Displaying the Script-file Name and Length)
ls
lists the files in Flash memory file system (see Listing Files)
help
Provides description of the interactive help system (see Describing the Interactive Help System)
Page 24 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Script-file-system Configuration Mode The script-file-system command accesses Script-file-system Configuration mode. CLI Mode:
Global Configuration
Command Syntax device-name(config)#script-file-system device-name(config script-file-system)#
Copying the Running Configuration The copy system.
running-config command saves a copy of the running configuration into the script-file
CLI Mode:
Script-file-system Configuration
Command Syntax device-name(config script-file-system)#copy running-config [FILE-NAME]
Argument Description FILE-NAME
(Optional) the name of the destination file, in the script-file system. If no file name is specified, a default name (running_config.cfg.) is assigned.
Example device-name(config script-file-system)#copy running-config building the configuration ... Saving script file "flash:/Usr/running_config.cfg" to file system... Done
Copying the Startup Configuration The copy system.
startup-config command saves a copy of the start-up configuration into the script-file
CLI Mode:
Script-file-system Configuration
NOTE To execute this command, the startup configuration should be stored on the device. Command Syntax device-name(config script-file-system)#copy startup-config [FILE-NAME]
Page 25 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Argument Description FILE-NAME
(Optional). The name of the destination file, in the script-file system. If no file name is specified, a default name (startup_config.cfg.) is assigned.
Example device-name(config script-file-system)#copy startup-config Saving script file "flash:/Usr/startup_config.cfg" to file system... Done
Copying a File The copy command saves a copy of a file into the script file system. CLI Mode:
Script-file-system Configuration
This command is equivalent to the cp command in all modes. Command Syntax (for Local Flash system) device-name(config script-file-system)#copy [[device/]path/]file-name [[device1/]path1/]file-name1
Command Syntax (for TFTP/FTP Server) device-name(config script-file-system)#copy protocol://[user[:pass]@]host[:port]/file-name protocol1://[user1[:pass1]@]host1[:port1]/file-name1
Command Syntax (for SFTP server) device-name(config script-file-system)#copy device/user:pass@host/[path/]file-name device1/user1:pass1@host1/[path1/]file-name1
Argument Description device/
(Optional) the device from which the file is copied. It can be a TFTP server (in format tftp://A.B.C.D ), the local Flash system (in format flash:/), or a SFTP/FTP server (in format sftp://user:
[email protected])
path
(Optional) the path to the location where the file is copied.
protocol, protocol1
Specifies the protocol type.
user, user1
Optional) specifies the name of the user performing the operation.
pass, pass1
(Optional) specifies the password that authenticates the specified username. Symbol (@) following the password is required.
• • host
For the TFTP server, not need to specify the user, password and port For the FTP server, no need to specify the port number
Specifies the server IP address in A.B.C.D format.
Page 26 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
port, port1
(Optional) specifies the port number.
file-name
The source file name.
device1/
(Optional) the device to which the file is copied. It can be a TFTP server (in format tftp://A.B.C.D ), the local Flash system (in format flash:/), or a SFTP/FTP server (in format sftp://user:
[email protected])
path1
(Optional) the path to the location where the file is copied.
file-name1
The destination file name.
Example
The following command copies a file from a TFTP server to the local /Usr directory: device-name(config script-file-system)#copy tftp://10.0.0.60/test usr/test1
The following command copies a file from the local Flash root directory to a remote TFTP server: device-name(config script-file-system)#copy flash:/profile.cfg
tftp://10.0.0.60/profile.cfg
Executing a Script File The run command executes CLI commands contained in the specified script file. CLI Mode:
Script-file-system Configuration
Command Syntax device-name(config script-file-system)#run FILE-NAME
Argument Description The name of the script file, in the script-file system.
FILE-NAME
Example device-name(config script-file-system)#run test1 Executing configuration script … Configuration from file complete
Configuring File Attributes The attrib command configures file attributes (read-only, archive, system and hidden). CLI Mode:
Script-file-system Configuration
Command Syntax device-name(config script-file-system)#attrib FILE-NAME
Page 27 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Argument Description FILE-NAME
The name of the file, which attributes must be configured, in the script-file system.
Example device-name(config script-file-system)#attrib run1 Read-only : Hydden : System : Archive : -
Renaming a Script File The rename command renames the specified script file. CLI Mode:
Script-file-system Configuration
This command is equivalent to the rm command in all modes. Command Syntax device-name(config script-file-system)#rename [[device/]path/]file-name new-
file-name
Argument Description device/
(Optional) The device on which the file to be renamed is stored. Can only be flash:/ (the local Flash system).
path
(Optional) The device and the path to the file to be renamed. The path should end with the name of the file.
file-name
The original name of the file to be renamed.
new-file-name
The new name assigned to the file.
Moving a File The move command removes a file from its current location and places it at a new location. The name of the file can be optionally changed. CLI Mode:
Script-file-system Configuration
This command is equivalent to the mv command in all modes. Command Syntax (for local Flash system) device-name(config script-file-system)#move [[device/]path/]file-name [[device1/]path1/]file-name1
Page 28 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax (for TFTP/FTP Server) device-name(config script-file-system)#move protocol://[user[:pass]@]host[:port]/file-name protocol1://[user1[:pass1]@]host1[:port1]/file-name1
Argument Description device/
(Optional) the device from which the file is moved. It can be a TFTP/FTP server (in format tftp://A.B.C.D, or ftp://user:
[email protected]),, or the local Flash system (in format flash:/)
path
(Optional) the path to the location where the file is moved.
protocol, protocol1
Specifies the protocol type.
user, user1
Optional) specifies the name of the user performing the operation.
pass, pass1
(Optional) specifies the password that authenticates the specified username. Symbol (@) following the password is required.
• •
For the TFTP server, not need to specify the user, password and port For the FTP server, no need to specify the port number
host
Specifies the server IP address in A.B.C.D format.
port, port1
(Optional) specifies the port number.
file-name
The source file name.
device1/
(Optional) the device to which the file is moved. It can be a TFTP/FTP server (in format tftp://A.B.C.D, or ftp://user:
[email protected]),, or the local Flash system (in format flash:/)
path1
(Optional) the path to the location where the file is moved.
file-name1
The destination file name.
Deleting a Specific File from the Script-file System The del command removes a specific file from the script-file system. CLI Mode:
Script-file-system Configuration
NOTE The specified file is removed without requesting your confirmation. Command Syntax for Local Flash System) device-name(config script-file-system)#del [[device/]path/]file-name
Command Syntax (for SFTP Server) device-name(config script-file-system)#del device/user:pass@host/[path/]file-
name
Page 29 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Argument Description device/
(Optional) the device from which the file is removed. It can be a SFTP server (in format sftp://user:
[email protected]), or the local Flash system (in format flash:/)
path
(Optional) the path to the location where the file is removed.
user
Optional) specifies the name of the user performing the operation.
pass
(Optional) specifies the password that authenticates the specified username. Symbol (@) following the password is required.
host
Specifies the server IP address in A.B.C.D format.
file-name
The name of the file to be removed.
Displaying Script File Textual Contents The display command displays textual contents of a specified script file. CLI Mode:
Script-file-system Configuration
This command is equivalent to the pwd command. Command Syntax for Local Flash System) device-name(config script-file-system)#display [[device/]path/]file-name [dump] [START]
Argument Description device/
(Optional) the device from which the file content is displayed. It can be the Flash local system (in format flash:/)
path
(Optional) the path to the location where the file content is displayed.
file-name
The name of the file which content is displayed.
dump
(Optional) hex format.
START
(Optional) start offset.
Example device-name(config script-file-system)#display test1 *********** FILE START ********* ! T-Marc-380 Version 10.1.TMC3 ! password 3090372e3f8bc00eeacc46219f7557485983251a994551f918e04712f86c5818 ip address 1.0.0.1 255.0.0.0 interface sw0 ! … ! ! Technical Support Information Configuration: !
Page 30 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
************ FILE END **********
Displaying the Script-file Name and Length Display the names and lengths of all script files stored in the script-file system with: •
dir and show script-file-system commands
CLI Mode:
•
Script-file-system Configuration
show script-file-system command
CLI Mode:
View and Privileged (Enable)
Command Syntax device-name(config script-file-system)#dir device-name(config script-file-system)#show script-file-system device-name>show script-file-system device-name#show script-file-system
Example 1 device-name(config script-file-system)#dir Listing Directory flash:/Usr/: d S 2048 Jan 1 1993 01:04 d 2048 Jan 1 1993 00:00 9017 Jan 1 1993 00:21 4220 Jan 1 1993 01:04
./ ../ test1.cfg running_config.cfg
Free disk space 1929216
Example 2 device-name(config script-file-system)#show script-file-system flash:/Usr/. flash:/Usr/.. flash:/Usr/test1.cfg flash:/Usr/running_config.cfg
Listing Files The ls command lists files in Flash memory file system. CLI Mode:
Script-file-system Configuration
Command Syntax device-name(config script-file-system)#ls
Page 31 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Example device-name(config script-file-system)#ls Listing Directory flash:/Usr: d S 2048 Jan 1 1993 00:59 ./ d 2048 Jan 1 1993 00:00 ../ 176 Jan 1 1993 03:18 profile.cfg 5804 Jan 1 1993 00:12 acl.cfg 7069 Jan 1 1993 00:29 snmp.cfg
Free disk space 18192384
Describing the Interactive Help System The help command provides description of the interactive help system. CLI Mode:
Script-file-system Configuration
Command Syntax device-name(config script-file-system)#help
Page 32 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
File System Overview The Flash file system (also called Flash:) provides commands for defining, downloading, and deleting software images and configuration files stored in a Flash memory. In addition, users can define the different Loader parameters using the Flash file system.
The File System Default Folders Table 11: System Directories Default Configuration Directory
Description
\Boot\
Contains all executable applications and firmware images
\Log\
Stores all logs of the system operation
\Usr\
Contains all configuration scripts of the system
\Etc\
Contains default startup configuration
\Hidden\
Internal settings storage
\Java\
Not supported
NOTE The system directories are locked for editing.
Table 12: Default System File Names and Settings Parameter
Default Value
Startup configuration name
dflt_startup.cfg
Image name
Image.Z
Auto-boot timeout
5 seconds
BiNOS System Loader password
batm
Page 33 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
The File System Commands Table 13: File System Directories Commands Command
Description
format
Formats the file system and removes its contents (see Formatting the File System)
mkdir
Creates a new directory (see Creating a New Directory)
rmdir
Deletes a directory (see Deleting a Directory)
dir
Displays the contents of the current directory (see Displaying the File System Contents)
pwd
Displays the working directory (see Displaying the Working Directory)
Table 14: File Content Management Commands Command
Description
copy
Copies a file from a TFTP server or from the local Flash system to the specified path (see Copying a File)
rename
Renames a file (see Renaming a File)
move
Removes a file from its current location and places it at a new location (see Moving a File)
del
Deletes a specified file (see Deleting a File)
display
Displays the contents of a text file (see Displaying the File Contents)
Page 34 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Formatting the File System The format command formats the file system and removes its contents. CLI Mode:
Loader and Privileged (Enable)
After the next start of the loader (or start-up of downloaded application), the default set of system directories will be restored automatically. The command deletes all saved configuration files (starting configuration). Command Syntax Loader>format [DEVICE-NAME] device-name#format [DEVICE-NAME]
Argument Description The device name, valid device can be flash:/
DEVICE-NAME
Creating a New Directory The mkdir command creates a new directory. CLI Mode:
Loader and Privileged (Enable)
Command Syntax Loader>mkdir PATH device-name#mkdir PATH
Argument Description PATH
The destination path (directory) ends with the new directory that is created. The directory name is a case insensitive string.
Deleting a Directory The rmdir command deletes a directory. CLI Mode:
Loader and Privileged (Enable)
Command Syntax Loader>rmdir [PATH] device-name#rmdir [PATH]
Argument Description PATH
The path ends with the directory to be deleted. The directory name is a case insensitive string.
Page 35 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
NOTE Non-empty and system directories cannot be removed.
Displaying the File System Contents The dir command displays a list of files in the file system. CLI Mode:
Loader, View and Privileged (Enable)
This command is equivalent to the ls command in all modes. Command Syntax Loader>dir [PATH] device-name>dir [PATH] device-name#dir [PATH]
Argument Description PATH
(Optional) the name of a selected directory, which contents is displayed. The directory name is a case insensitive string.
Displaying the Working Directory The pwd command displays the working directory. CLI Mode:
Loader and Privileged (Enable)
Command Syntax Loader>pwd device-name#pwd
Copying a File The copy command copies a file from a TFTP/FTP/SFTP server or from the local Flash system to another location. The name of the file can be optionally changed. CLI Mode:
Loader and Privileged (Enable)
This command is equivalent to the cp command in all modes. Command Syntax (for Local Flash System) Loader>copy [[device://]path/]file-name [[device1://]path1/]file-name1 device-name#copy [[device://]path/]file-name [[device1://]path1/]file-name1
Command Syntax (for TFTP/FTP Server) Loader>copy protocol://[user[:pass]@]host[:port]/file-name protocol1://[user1[:pass1]@]host1[:port1]/file-name1
Page 36 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
device-name#copy protocol://[user[:pass]@]host[:port]/file-name protocol1://[user1[:pass1]@]host1[:port1]/file-name1
Command Syntax (for SFTP Server) Loader>copy device://user:pass@host/[path/]file-name device1/user1:pass1@host1/[path1/]file-name1 device-name#copy device://user:pass@host/[path/]file-name device1/user1:pass1@host1/[path1/]file-name1
Argument Description device
(Optional) the device from which the file is copied. It can be a TFTP server (in format tftp://A.B.C.D ), the local Flash system (in format flash:/), or a SFTP/FTP server (in format sftp://user:
[email protected])
dath
(Optional) the path to the location where the file is copied.
protocol, protocol1
Specifies the protocol type.
user, user1
Optional) specifies the name of the user performing the operation.
pass, pass1
(Optional) specifies the password that authenticates the specified username. Symbol (@) following the password is required.
• •
For the TFTP server, not need to specify the user, password and port For the FTP server, no need to specify the port number
host
Specifies the server IP address in A.B.C.D format.
port, port1
(Optional) specifies the port number.
file-name
The source file name.
device1/
(Optional) the device to which the file is copied. It can be a TFTP server (in format tftp://A.B.C.D ), the local Flash system (in format flash:/), or a SFTP/FTP server (in format sftp://user:
[email protected])
path1
(Optional) the path to the location where the file is copied.
file-name1
The destination file name.
Examples
•
The following command copies a file from a TFTP server to the local /Usr directory: device-name#copy tftp://10.0.0.60/test usr/test1
•
The following command copies a file from the local Flash root directory to a remote TFTP server: device-name#copy flash://profile.cfg tftp://10.0.0.60/profile.cfg
Page 37 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Renaming a File The rename command renames a file. CLI Mode:
Loader and Privileged (Enable)
Command Syntax (for Local Flash System) Loader>rename [path/]file-name NEW-FILE-NAME device-name#rename [path/]file-name NEW-FILE-NAME
Command Syntax (for SFTP Server) Loader>rename device://user:pass@host/[path/]file-name NEW-FILE-NAME device-name#rename device://user:pass@host/[path/]file-name NEW-FILE-NAME
Argument Description device
(Optional) the device on which the file to be renamed is stored. It can be a SFTP server (in format sftp://user:
[email protected]), or the local Flash system (in format flash:/)
path
(Optional) the path to the file to be renamed.
user
Optional) specifies the name of the user performing the operation.
pass
(Optional) specifies the password that authenticates the specified username. Symbol (@) following the password is required.
host
Specifies the server IP address in A.B.C.D format.
file-name
The original name of the file to be renamed.
NEW-FILE-NAME
The new name assigned to the file.
Moving a File The move command removes a file from its current location and places it at a new location. The name of the file can be optionally changed. CLI Mode:
Loader and Privileged (Enable)
This command is equivalent to the mv command in all modes. Command Syntax (for Local Flash System) Loader>move [[device://]path/]file-name [[device1://]path1/]file-name1 device-name#move [[device://]path/]file-name [[device1://]path1/]file-name1
Command Syntax (for TFTP/FTP Server) Loader>move protocol://[user[:pass]@]host[:port]/file-name protocol1://[user1[:pass1]@]host1[:port1]/file-name1 device-name#move protocol://[user[:pass]@]host[:port]/file-name protocol1://[user1[:pass1]@]host1[:port1]/file-name1
Page 38 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Argument Description device/
(Optional) the device from which the file is moved. It can be a TFTP/FTP server (in format tftp://A.B.C.D, or ftp://user:
[email protected]), or the local Flash system (in format flash:/)
path
(Optional) the path to the location where the file is moved.
protocol, protocol1
Specifies the protocol type.
user, user1
Optional) specifies the name of the user performing the operation.
pass, pass1
(Optional) specifies the password that authenticates the specified username. Symbol (@) following the password is required.
• •
For the TFTP server, not need to specify the user, password and port For the FTP server, no need to specify the port number
host
Specifies the server IP address in A.B.C.D format.
port, port1
(Optional) specifies the port number.
file-name
The source file name.
device1/
(Optional) the device to which the file is moved. It can be a TFTP server (in format tftp://A.B.C.D, or ftp://user:
[email protected]), or the local Flash system (in format flash:/)
path1
(Optional) the path to the location where the file is moved.
file-name1
The destination file name.
Deleting a File The del command deletes the specified file. CLI Mode:
Loader and Privileged (Enable)
This command is equivalent to the rm command. Command Syntax (for Local Flash System) Loader>del [path/]file-name device-name#del [path/]file-name
Command Syntax (for SFTP Server) Loader>del device://user:pass@host/[path/]file-name device-name#del device://user:pass@host/[path/]file-name
Argument Description device/
(Optional) the device from which the file is removed. It can be a SFTP server (in format sftp://user:
[email protected]), or the local Flash system (in format flash:/)
path
(Optional) the path to the location where the file is removed.
user
Optional) specifies the name of the user performing the operation.
pass
(Optional) specifies the password that authenticates the specified username. Symbol (@) following the password is required.
Page 39 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
host
Specifies the server IP address in A.B.C.D format.
file-name
The name of the file to be removed.
Displaying the File Contents The display command displays the contents of a text file. CLI Mode:
Loader, View and Privileged (Enable)
The command must not be applied to binary files. Command Syntax Loader>display {[path/] | [device://[path/]]}file-name [dump][START] device-name>display {[path/] | [device://[path/]]}file-name [dump] device-name#display {[path/] | [device://[path/]]}file-name [dump]
Argument Description path
(Optional). The path to the file to be displayed. The path should end with the name of the file.
device:
(Optional). The device on which the file to be displayed is stored. Can only be flash:/ meaning the local Flash system.
device:path
(Optional). The device and the path to the file to be displayed. The path should end with the name of the file.
file-name
The name of the file.
dump
(Optional). HEX format.
START
(Optional). Start offset.
NOTE The dump option is mandatory to display binary files.
Page 40 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Modifying the Default Configuration The default settings feature allows you to modify the running configuration according your preferences and saves it as a default configuration.
Default Configuration Commands Table 15: Default Configuration Commands Command
Description
copy running-config default-config
Saves the running configuration as a default configuration (see Modifying the Default Configuration)
copy default-config
Copies the default configuration to a TFTP/FTP server or to the local Flash system (see Copying the Default Configuration to a Specific Location)
copy
Copies the default configuration from a TFTP/FTP server or from the local Flash system (see Copying the Default Configuration from a Specific Location)
write erase default
Clears the default configuration (see Clearing the Default Configuration)
show default-config
Displays the default configuration ( see Displaying the Default Configuration)
Page 41 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Modifying the Default Configuration The copy running-config default configuration. CLI Mode:
default-config
command saves the running configuration as a
Privileged (Enable)
Command Syntax device-name#copy running-config default-config
Copying the Default Configuration to a Specific Location The copy default-config command copies the default configuration to a TFTP/FTP server or to the local Flash system. CLI Mode:
Privileged (Enable)
Command Syntax device-name#copy default-config [:[/]][]
Argument Description device/
(Optional) the device to which the file is copied. It can be a TFTP server (in format tftp://A.B.C.D), a FTP server (in format ftp://user:
[email protected]), or the local Flash system (in format flash:/):
• •
user—specifies the name of the user performing the operation
• •
For the TFTP server, no need to specify the user, password and port
pass—specifies the password that authenticates the specified username. Symbol (@) following the password is required. For the FTP server, no need to specify the port number
path
(Optional) the exact location path to which the file is copied. The path should end with the name of the file.
server IP
Specifies the TFTP/FTP server IP Address, in A.B.C.D format.
file-name
The original file name.
Copying the Default Configuration from a Specific Location The copy command copies the default configuration from a TFTP/FTP server or from the local Flash system. CLI Mode:
Privileged (Enable)
Command Syntax device-name#copy [[:[/]][] default-config
Page 42 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Argument Description (Optional) the device from which the file is copied. It can be a TFTP server (in format tftp://A.B.C.D), a FTP server (in format ftp://user:
[email protected]), or the local Flash system (in format flash:/):
device/
• •
user—specifies the name of the user performing the operation
• •
For the TFTP server, no need to specify the user, password and port
pass—specifies the password that authenticates the specified username. Symbol (@) following the password is required For the FTP server, no need to specify the port number
path
(Optional) the exact location path from which the file is copied. The path should end with the name of the file.
server IP
Specifies the TFTP/FTP server IP Address, in A.B.C.D format.
file-name
The original file name.
Clearing the Default Configuration The write
erase default command clears the default configuration.
CLI Mode:
Privileged (Enable)
Command Syntax device-name#write erase default
Displaying the Default Configuration The show
default-config command displays the default configuration.
CLI Mode:
Privileged (Enable)
Command Syntax device-name#show default-config
Example device-name#show default-config ! Default Configuration: ! . . . ! Ethernet in the First Mile OAM ! ! efm-oam disable ! . . .
Page 43 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Zero-Touch Configuration Overview Zero-touch configuration is a set of operations that provides two options for automatically configuring the device: •
Via IP address that is assigned manually (static IP address).
•
Via IP address that is obtained from a DHCP server (dynamic IP address).
The BiNOS configuration file is downloaded from a TFTP server after the device reloads to defaults. The configuration details are stored in NVRAM. In case of a zero-touch configuration failure, the factory default configuration is executed. NOTE When using a DHCP client, the system administrator has to configure a TFTP server IP address (the siaddr field as specified in RFC 2131) and a Boot filename (the filename field as specified in RFC 2131) on the DHCP server. The example displays part of the DHCP server configuration file: next-server X.X.X.X; filename “configfile.cfg”
Zero-touch Configuration Default Configuration Table 16: Zero-touch Configuration Default Configuration Feature
Default Value
Zero Touch Configuration
Disabled
TFTP IP address
0.0.0.0
Configuration file
Not saved to NVRAM
Number of retries
3 times
The time interval between each retry
64 seconds
Page 44 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Zero-touch Configuration Commands Table 17: Zero-touch Configuration Commands Command
Description
configure zero-touch
Enters the Zero-touch Configuration mode (see Accessing the Zero-touch Configuration Mode)
zero-touch
Enables/disables the zero-touch configuration feature (see Enabling/disabling the Zero-touch Configuration)
ip-address
Specifies the device IP address (see Specifying the Device IP Address)
tftp-server
Specifies the TFTP IP address (see Specifying the TFTP IP Address)
config-file
Specifies the path to the configuration file (see Specifying the Location of the Configuration File)
save-configuration
Saves the downloaded configuration file to NVRAM (see Saving the Configuration File to NVRAM)
retry-max
Specifies the maximum number of retries for downloading the configuration file (see Specifying the Number of Retries for Downloading the Configuration File)
execute
Forces the device to reach the TFTP server and to obtain the required configuration file (see Forcing the Device to Reach the TFTP Server)
show zero-touch
Display the zero-touch configuration details (see Displaying the Zero-touch Configuration)
show
Page 45 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Accessing the Zero-touch Configuration Mode The configure CLI Mode:
zero-touch command enters the Zero-touch Configuration mode.
Global Configuration
Command Syntax device-name#configure zero-touch device-name(zero-touch)#
Enabling/disabling the Zero-touch Configuration The zero-touch command enables/disables the zero-touch configuration feature. CLI Mode:
Zero-touch Configuration
By default, zero-touch configuration feature is disabled. Command Syntax device-name(zero-touch)#zero-touch device-name(zero-touch)#no zero-touch
Argument Description no
Restores to default
Specifying the Device IP Address The ip-address command specifies the device IP address. CLI Mode:
Zero-touch Configuration
Command Syntax device-name(zero-touch)#ip-address A.B.C.D/M device-name(zero-touch)#no ip-address
Argument Description A.B.C.D/M
Specifies the device IP address and mask manually
no
Obtains the device IP address via DHCP
Page 46 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Specifying the TFTP IP Address The tftp-address command specifies the TFTP IP address. CLI Mode:
Zero-touch Configuration
By default, the TFTP IP address is 0.0.0.0. Command Syntax device-name(zero-touch)#tftp-server A.B.C.D device-name(zero-touch)#no tftp-server
Argument Description A.B.C.D
Specifies the TFTP IP address
no
Restores to default
Specifying the Location of the Configuration File The config-file command specifies the path to the configuration file. CLI Mode:
Zero-touch Configuration
Command Syntax device-name(zero-touch)#config-file [] device-name(zero-touch)#no config-file
Argument Description []
Specifies the original path to the configuration file. The path should end with the name of the file. The maximum length of the path is 20 symbols.
no
Removes the necessity of obtaining the configuration file from the TFTP server
Saving the Configuration File to NVRAM The save-configuration command saves the downloaded configuration file to NVRAM. CLI Mode:
Zero-touch Configuration
By default, the configuration file is not saved to NVRAM. Command Syntax device-name(zero-touch)#save-configuration device-name(zero-touch)#no save-configuration
Page 47 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Argument Description no
Restores to default
Specifying the Number of Retries for Downloading the Configuration File The retry-max command specifies the maximum number of retries for downloading the configuration file. CLI Mode:
Zero-touch Configuration
By default: •
the number of retries is 3 times
•
the time interval between each retry is 64 seconds
Command Syntax device-name(zero-touch)#retry-max
Argument Description 1-10
Specifies the number of retries.
Forcing the Device to Reach the TFTP Server The execute command forces the device to reach the TFTP server and to obtain the required configuration file. If the downloading is completed successfully, the configuration file is saved as a start-up configuration, and it is not executed. CLI Mode:
Zero-touch Configuration
Command Syntax device-name(zero-touch)#execute
Displaying the Zero-touch Configuration The show command and the show details. CLI Mode:
zero-touch command display the zero-touch configuration
Privileged (Enable) and Zero-touch Configuration
Command Syntax device-name#show zero-touch device-name(zero-touch)#show
Page 48 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Example 1 device-name(zero-touch)#show State IP address TFTP server Configuration file Save file to NVRAM Number of retries Status
= = = = = = =
disabled 9.0.0.1/8 9.0.0.34 dirname/device.cfg Disabled 3
Example 2 device-name#show zero-touch State Ip address TFTP server Configuration file Save file to NVRAM Number of retries Status
= = = = = = =
disabled 0.0.0.0/0 0.0.0.0 Disabled 3
Page 49 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Software Upgrade and Boot Options Preparing to Download a BiNOS Software Image Using TFTP/FTP Connection Before you begin to download a file from a TFTP/FTP server, take the following precautions: 1.
Make sure that the device has a route to the TFTP/FTP server. The device and the TFTP/FTP server must be in the same subnet, if you do not have a router to route traffic between subnets. Check the connection to the TFTP/FTP server using the ping command (refer to the Troubleshooting and Monitoring chapter of this User Guide).
2.
Make sure that the software image file is in the download directory on the TFTP/FTP server.
3.
Make sure that you have at least Read permissions for the software image for your username.
4.
A power outage (or other problem) during the download procedure can corrupt the Flash code. If the Flash code is corrupted, connect to the device through the console port, format the Flash memory and download the application (see the Boot Loader section of the current chapter). Make sure that there is enough free space in the bootflash (at least 9.5 MB). To verify this, use the dir command, as illustrated in the example below: device-name#dir Listing Directory flash:/: d S 2048 Jan 1 1993 d S 2048 Jan 1 1980 d S 2048 Jan 1 1980 d S 2048 Jan 1 1980 d S 2048 Jan 1 1993 d SH 2048 Jan 1 1993 43796 Jan 1 1993 217 Jan 1 1993 2483 Jan 1 1993 Free disk space 4511744
01:37 00:00 00:00 00:00 00:59 00:00 00:00 03:12 03:37
Boot/ Etc/ Java/ Log/ Usr/ Hidden/ dflt_startup_bin.cfg profile.cfg start.cfg-
If necessary, delete unnecessary files to free some space: device-name#del /
Example: device-name#del boot/T-Marc 380_bm_fisw_7_1_TMC3.Z
Page 50 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Downloading the BiNOS Software Image To download a BiNOS software image from the TFTP/FTP server, proceed as follows: 1.
Log on to the device through the console port or through a Telnet session and type your password.
2.
Enter the Privileged (Enable) mode.
3.
Use the
upgrade boot-profile
command to upgrade the software image:
device-name#upgrade boot-profile tftp:///
Example 1: device-name#upgrade boot-profile tftp://9.0.0.7/BiNOS-v9.4.Z BiNOS-
v9.4.Z TFTP receiving application................................................. Application upgrade completed
An alternative method to upgrade the software image in two steps is by using the copy application command and then the application command: device-name#copy application tftp:///
device-name#configure boot-param device-name(boot param)#application
Example 2: device-name#copy application tftp://9.0.0.7/BiNOS-v9.4.Z TFTP receiving file ... 5300324 Image Size = 0x50E036
CRC Value = 0xD66707AE
device-name#configure boot-param device-name(boot param)#application BiNOS-v9.4.Z
4.
If the upgrade fails, verify that precautions above are taken.
5.
To run the new software image, reload the device using the reload
6.
After the device reloads, type the show version command to verify the current device version and the show running-config command to check the configuration of the device (refer to the Device Setup and Maintenance chapter of this User Guide) .
save command.
Page 51 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Commands for Upgrading Software Images Table 18: Commands for Upgrading Software Images Command
Description
upgrade boot-profile
Downloads a new software image and sets boot statements to load the new image on startup. (see Upgrading the BiNOS Software Image)
copy application
Downloads a new software image to the device (see Downloading a New BiNOS Software Image)
application
Boots the device with the new image (see Applying the New Boot Statement)
Table 19: Boot Commands for Upgrading Software Images Command
Description
device
Displays the current software image location (see Displaying and Specifying the Software Image Location)
ftp-password
Displays the FTP connection password (see Displaying and Specifying the FTP Password)
ftp-server
Displays the FTP server IP-address (see Displaying and Specifying the FTP Server IP-Address)
ftp-user
Displays the FTP username (see Displaying and Specifying the FTP Username)
startup-config
Specifies which startup configuration file is loaded on startup (see Specifying the Startup Configuration File)
show
Displays the current boot statement (see Displaying Boot Statements)
Table 20: Display Commands Command
Description
show version
Displays the inventory information regarding the software versions of the device (see Displaying the Information Regarding the Software Versions)
show manufacturingdetails
Displays detailed hardware information (see Displaying Hardware Information)
show uptime
Displays how long the selected device has been operational (see Displaying the Device Uptime)
Page 52 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Upgrading the BiNOS Software Image The upgrade boot-profile command downloads a new software image and sets boot statements to load the new image on startup. CLI Mode:
Privileged (Enable)
Command Syntax (for Local Flash System) device-name#upgrade boot-profile {[[device://]path/]file-name DESTINATION FILE-NAME | apply [device/]path/]file-name}
Command Syntax (for TFTP/FTP Server) device-name#upgrade boot-profile {protocol://[user[:pass]@]host[:port]/filename DESTINATION FILE-NAME | apply protocol://[user[:pass]@]host[:port]/file-name}
Argument Description device
(Optional) the device from which the file is copied. It can be a TFTP/FTP server (in format tftp://A.B.C.D, ftp://user:
[email protected]) or as the local Flash system (in format flash:/).
path
(Optional) the path where the file is located
protocol
Specifies the protocol type.
user
Optional) specifies the name of the user performing the operation.
pass
(Optional) specifies the password that authenticates the specified username. Symbol (@) following the password is required.
• •
For the TFTP server, not need to specify the user, password and port For the FTP server, no need to specify the port number
host
Specifies the server IP address in A.B.C.D format.
port
(Optional) specifies the port number.
file-name
The original name of the file.
DESTINATIONFILE-NAME
The destination file name as it appears on the local Flash system.
apply
Applies directly the new boot statement.
PARAMS
Specifies the parameters to be applied in the following format:
• •
[[device/]path/]file-name, when flash:/ system is used. protocol//[user[:pass]@]host[:port]/file-name, when TFTP or FTP server is used.
Page 53 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Example
The example specifies that the new application image is downloaded via TFTP from server with IP 10.3.71.101. It is searched in a directory called /MyApps/ under the TFTP server root directory. The application filename on the TFTP server is Imagev1.5.Z; it is stored under the /Boot directory on the local file system as BootAppv1.5.Z after it is validated; the boot parameters device and Application are set to local and BootAppv1.5.Z. device-name#upgrade boot-profile tftp://10.3.71.101/MyApps/Imagev1.5.Z
flash://Boot/BootAppv1.5.Z
Downloading a New BiNOS Software Image The copy
application command downloads a new software image to the device.
CLI Mode:
Privileged (Enable)
Command Syntax (for local Flash System) device-name#copy application [[device://]path]file-name [DESTINATION-FILE-
NAME] [no-validation]
Command Syntax (for TFTP/FTP Server) device-name#copy application protocol://[user[:pass]@]host[:port]/file-name
[DESTINATION-FILE-NAME] [no-validation]
Argument Description device
(Optional) the device from which the file is copied. It can be a TFTP/FTP server (in format tftp://A.B.C.D, ftp://user:
[email protected]) or as the local Flash system (in format flash:/).
path
(Optional) the path where the file is located
protocol
Specifies the protocol type.
user
Optional) specifies the name of the user performing the operation.
pass
(Optional) specifies the password that authenticates the specified username. Symbol (@) following the password is required.
•
For the TFTP server, not need to specify the user, password and port
•
For the FTP server, no need to specify the port number
host
Specifies the server IP address in A.B.C.D format.
file-name
The original name of the file.
DESTINATION-FILENAME
The destination file name as it will appear on the local Flash system.
no-validation
(Optional) skips the image validation check.
Example device-name#copy application tftp://192.168.0.2/image.Z
Page 54 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Applying the New Boot Statement The application FILE CLI Mode:
NAME command boots the device with the new image.
Boot Param Configuration
Command Syntax device-name(boot param)#application FILE-NAME
Argument Description FILE-NAME
The name of the image file, a case-sensitive string.
Displaying and Specifying the Software Image Location The device command displays the current software image location. Use one of the below command arguments to specify the software image location. CLI Mode:
Boot Param Configuration
Command Syntax device-name(boot param)#device [local | network]
Argument Description local
(Optional). The device boots from the local software image
network
(Optional). The device boots from a remote software image, using an FTP server. Currently this option is not supported because an OutBound interface is not available.
Local Flash file system
Displaying and Specifying the FTP Password The ftp-password command displays the FTP connection password. Use the command argument to specify the FTP password. CLI Mode:
Boot Param Configuration
Command Syntax device-name(boot param)#ftp-password [PASSWORD]
Argument Description PASSWORD
(Optional) specifies the password used for the FTP connection
Page 55 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Displaying and Specifying the FTP Server IP-Address The ftp-server command displays the FTP server IP-address. Use the command argument to specify the FTP server IP-address. CLI Mode:
Boot Param Configuration
Command Syntax device-name(boot param)#ftp-server [A.B.C.D]
Argument Description A.B.C.D
(Optional) specifies the FTP server IP-address
Displaying and Specifying the FTP Username The ftp-user command displays the FTP username. Use the command argument to specify the FTP username. CLI Mode:
Boot Param Configuration
Command Syntax device-name(boot param)#ftp-user [NAME]
Argument Description NAME
(Optional) specifies the FTP username
Specifying the Startup Configuration File The startup-config command specifies which startup configuration file is loaded on startup. CLI Mode:
Boot Param Configuration
Command Syntax device-name(boot param)#startup-config {FILE | binary {FILE | default} | default}
Argument Description FILE
The startup configuration filename
binary
Loads the startup configuration file in a binary format
default
Loads the default startup configuration file
Page 56 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Displaying Boot Statements The show command displays the current boot statement. CLI Mode:
Boot Param Configuration
Command Syntax device-name(boot param)#show device-name(boot param)#application
Example 1 device-name(boot param)#show IP address = 2.2.2.2:ffffff00 Device = local Application = BiNOS-TMarc_3X0-9.4.3.TMC3-pre3.Z Startup configuration = Statup binary config = FTP server = 2.2.2.1 FTP user = mark3 FTP password = mark3 Boot flags =
Example 2 device-name(boot param)#application BiNOS-TMarc_3X0-9.4.3.TMC3-pre3.Z
Displaying the Information Regarding the Software Versions The show version command displays the inventory information regarding the software versions of the device. CLI Mode:
View and Privileged (Enable)
The command displays the following information: •
Device model—the platform name
•
SW version—displays the installed application image
•
Java version—not loaded
•
Loader version—displays the installed Loader image
•
Up time—displays the time elapsed since the device is turned on
Command Syntax device-name>show version device-name#show version
Page 57 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Example device-name#show version BATM Advanced Communications Device model : T-Marc 380 Product Category : AccessEthernet(TM) Device running SW version : 10.1-pre8 created Mar 17 2010 - 20:19:58 Device Default SW file : BiNOS-TMarc_3X0-10.1.BETA-dev26.Z Device Default SW version : 10.1-pre8 BiNOSView file BiNOSView version FPGA version
: java.img - NOT FOUND : : 1.2 (maint/build 9/1)
Loader version
: 8.2.0 created Jan 31 2008 - 16:29:48
Up time
: 0 days, 0 hours, 45 min, 16 sec.
Displaying Hardware Information The show
manufacturing-details command displays detailed hardware information.
CLI Mode:
Privileged (Enable)
Command Syntax device-name#show manufacturing-details
Example device-name#show manufacturing-details Serial number : 8807340077 Assembly No : AL001350 HW revision : 05 HW subrevision : 02
Displaying the Device Uptime The show
uptime command displays how long the selected device has been operational.
CLI Mode:
Privileged (Enable)
Command Syntax device-name#show uptime
Example:
Page 58 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
device-name#show uptime Up time : 0 days, 4 hours, 1 min, 52 sec.
Page 59 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Downloading and Uploading Configuration Files You can perform the following operations: •
Download new embedded software versions to the Flash memory component of the device
•
Save the startup configuration on a remote server
•
Load a startup configuration from a remote server
•
Save the startup configuration as the running configuration
Table 21: Commands for Downloading and Uploading Configuration Files Command
Description
copy FILE-NAME startup-config
Loads a start-up configuration with a specified file name from a remote server (see Downloading the Startup Configuration)
copy FILE-NAME running-config
Loads a running-configuration with a specified file name, from a remote server (see Downloading the Running Configuration)
copy startup-config
Saves a copy of the start-up configuration on a remote server (see Copying the Start-up Configuration)
copy running-config
Saves a copy of the running configuration on a remote server (see Copying the Running Configuration)
copy running-config startup-config
Saves the current running-configuration to the start-up configuration file in NVRAM (see Saving the Device Configuration)
reload
Reloads the device (see Reloading the Operating System)
Downloading the Startup Configuration The copy FILE-NAME startup-config command loads a start-up configuration with a specified file name from a remote server. CLI Mode:
Privileged (Enable)
After the configuration is downloaded, you need to reload the device. When the device completes booting, it treats the downloaded configuration file as a script of CLI commands, and automatically executes them. If your CLI connection is through Telnet, the connection is terminated when the device reloads, but the commands execute normally. NOTE After using this command, use the reload no-save command. Otherwise, the downloaded configuration is removed.
Page 60 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax (for Local Flash System) device-name#copy [[device/]path]file-name startup-config
Command Syntax (for TFTP/FTP Server) device-name#copy protocol://[user[:pass]@]host[:port]/file-name startupconfig
Command Syntax (for SFTP Server) device-name#copy device/user:pass@host/[path/]file-name startup-config
Argument Description device
(Optional) the device from which the file is copied. It can be a TFTP server (in format tftp://A.B.C.D ), the local Flash system (in format flash:/), or a SFTP/FTP server (in format sftp://user:
[email protected])
user
(Optional) specifies the name of the user performing the operation.
pass
(Optional) specifies the password that authenticates the specified username. Symbol (@) following the password is required.
• •
For the TFTP server, not need to specify the user, password and port For the FTP server, no need to specify the port number
path
(Optional) the exact location path from which the file is copied. The path ends with the name of the file.
file-name
The original file name.
Example
The following command downloads the start-up configuration file named START001 located on the TFTP server at IP address 192.192.54.1: device-name#copy tftp://192.192.54.1/START001 startup-config
Downloading the Running Configuration The copy FILE-NAME running-config command loads the running-configuration with the specified file name from a remote server. CLI Mode:
Privileged (Enable)
Command Syntax (for Local Flash System) device-name#copy [[device/]path]file-name running-config
Command Syntax (for TFTP/FTP Server) device-name#copy protocol://[user[:pass]@]host[:port]/file-name running-
config
Page 61 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax (for SFTP Server) device-name#copy device/user:pass@host/[path/]file-name running-config
Argument Description device/
(Optional) the device from which the file is copied. It can be a TFTP server (in format tftp://A.B.C.D),as the local Flash system (in format flash:/), or a SFTP/FTP server (in format sftp://user:
[email protected]).
protocol
Specifies the protocol type.
user
Optional) specifies the name of the user performing the operation.
pass
(Optional) specifies the password that authenticates the specified username. Symbol (@) following the password is required.
• •
For the TFTP server, not need to specify the user, password and port For the FTP server, no need to specify the port number
host
Specifies the server IP address in A.B.C.D format.
path
(Optional) the exact location path from which the file is copied. The path should end with the name of the file.
file-name
The original file name.
Example
The following command downloads the running-configuration file named RUN001 located on the TFTP server at IP address 192.192.54.1: device-name#copy tftp://192.192.54.1/RUN001 running-config
Copying the Start-up Configuration The copy startup-config command saves a copy of the start-up configuration on a remote server to a specific folder under a specified file name. CLI Mode:
Privileged (Enable)
When you upload the current configuration, you can modify the configuration using a text editor. Command Syntax (for Local Flash System and TFTP/FTP Server) device-name#copy startup-config [:[/]][]
Command Syntax (for SFTP Server) device-name#copy startup-config device/user:pass@host/[path/]file-name
Argument Description device/
(Optional) the device to which the file is copied. It can be a TFTP server (in format tftp://:A.B.C.D), the local Flash system (in format flash:/), or a SFTP/FTP server (in format sftp://user:
[email protected]).
server IP
Server IP address.
Page 62 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
user
Optional) specifies the name of the user performing the operation.
pass
(Optional) specifies the password that authenticates the specified username. Symbol (@) following the password is required.
• •
For the TFTP server, not need to specify the user, password and port For the FTP server, no need to specify the port number
path
(Optional) the exact location path where the file is copied.
file-name
The original file name.
Example
The following command uploads the start-up configuration under a file named START002 located on the TFTP server at IP address 192.192.54.1: device-name#copy startup-config tftp://192.192.54.1/START002
Copying the Running Configuration The copy running-config command saves a copy of the running configuration on a remote server to a specific folder under a specified file name. CLI Mode:
Privileged (Enable)
When you upload the current configuration, you can modify the configuration using a text editor. Command Syntax (for Local Flash System and TFTP/FTP Server) device-name#copy running-config [:[/]][]
Command Syntax (for SFTP Server) device-name#copy running-config device/user:pass@host/[path/]file-name
Argument Description device/
(Optional). The device to which the file is to be copied. It can be a TFTP server (in format tftp://:A.B.C.D), the local flash system (in format flash:/), or a SFTP server (in format sftp://A.B.C.D).
server IP
(Optional). Server IP address.
path
(Optional). The exact location path where the file is to be copied.
file-name
The original file name.
Example
The following command uploads the running-configuration under a new file named RUN002 on the TFTP server at IP address 192.192.54.1: device-name#copy running-config tftp://192.192.54.1/RUN002
Page 63 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Saving the Device Configuration The copy running-config startup-config command saves the current running configuration to the start-up configuration file in NVRAM. CLI Mode:
Privileged (Enable)
This command is equivalent to the write memory command in Privileged (Enable) mode (refer to the Device Setup and Maintenance chapter of the BiNOS User Guide). Command Syntax device-name#copy running-config startup-config
Reloading the Operating System The reload command reloads the device. CLI Mode:
Privileged (Enable)
NOTE Use the reload command after configuration information is entered into a file and saved to the startup configuration. The reload command requires confirmation before reloading! NOTE The reload to-defaults command does not affect the contents of the file system. Command Syntax device-name#reload [save | no-save | to-defaults]
Argument Description save
(Optional). Saves the running configuration to NVRAM and restart the device. This is the default status.
no-save
(Optional). Does not save the current running configuration and restart the device.
to-defaults
(Optional). Sets the device configuration to its factory defaults and restart.
Example 1
Saving the current configuration and reloading the device: device-name#reload save Save current configuration and reboot the device ? [y/n]: y Rebooting ...
Page 64 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Example 2
Reloading the device without saving the current configuration: device-name#reload no-save Proceed with reload ? [y/n] : y Rebooting ...
Page 65 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Boot Loader Overview The boot process performs low-level CPU initialization, and loads a default operating system software image into memory and boots the device. When starting, the loader counts down a few seconds, allowing you an entry point into the loader’ CLI. The loader then passes to interactive mode, requests a login password, and starts a CLI session. If no key is pressed, the device initiates the auto-startup application is started. Initially the device expects the default password batm. This password may be changed by using the password loader command (refer to the Device Setup and Maintenance chapter of the BiNOS User Guide). While the device reboots, numbers appear on the console terminal following the line Press any key to stop auto-boot.... To enter the Loader mode, press while the numbers are running. device-name#reload no-save Proceed with reload ? [y/n] : y Rebooting ...
BATM Telco Boot Loader Device model : T-Marc 380 Loader version : 8.0.0 created Oct 29 2007 - 21:59:11 MAC Address : 00:A0:12:27:0E:E0
usrBootLineInit finish OK
Attaching network interface lo0... done. Press any key to stop auto-boot... 2 start CLI User Access Verification Password: batm Loader>
Page 66 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
The Device Loader's Default Configuration Table 22: Default Loader Configuration Feature
Default Value
Password
batm
Block start address
0
Block length
256
Simulation of CPM redundancy
Disabled
The Loader Commands Table 23: Loader Application Commands Command
Description
start application
Exits the loader and starts using the BiNOS software image (see Starting the BiNOS Software Image)
copy application
Downloads the software image to the device by using TFTP server (see Downloading the Application Software by using TFTP)
download application
Downloads the BiNOS application using X-modem (see Downloading the BiNOS Application by Using X-modem)
ip-address
Displays the OutBand port IP address (see Displaying the Device IP Address and Mask)
version
Displays the device model type and the loader version (see Displaying the Loader Version)
manufacturing-details
Displays detailed hardware information of the board (see Displaying Hardware Details)
Table 24: Loader Configuration Commands Command
Description
config
Enters the loader configuration mode (see Loader Configuration Mode)
ip-address
Displays the OutBand port IP address and subnet mask (see Displaying and Specifying the OutBand Port IP Address)
mac-address
Displays the device MAC address (see Displaying and Specifying the MAC Address)
clean startup-config
Sets the startup configuration file to the factory default values (see Resetting the Startup Configuration File)
clean boot-config
Clears the Loader EEPROM (see Deleting the Boot Configuration)
clean log-history
Cleans all history records (see Erasing Log History Records)
clean flash all
Cleans the Flash memory (see Cleaning the Flash Memory)
backup
Makes a backup copy of the Flash or EEPROM memory
Page 67 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Command
Description contents (see Making a Backup Copy)
refresh flash
Rewrites the Flash memory (see Rewriting the Flash Memory)
restore flash
Restores the Flash memory (see Restoring the Flash Memory)
Table 25: The Boot Parameters Commands NOTE Currently these commands are not supported because the OutBound interface is not available. Command
Description
boot-param device
Displays the current software image location (see Displaying and Specifying the Software Image Location)
boot-param application
Displays the current boot statement (see Displaying and Applying the Boot Statement)
boot-param ftp-server
Displays the FTP server IP-address (see Displaying and Specifying the FTP Server IP-Address)
boot-param ftp-user
Displays the FTP username (see Displaying and Specifying the FTP Username)
boot-param ftp-password
Displays the FTP connection password (see Specifying the FTP Access Password)
boot-param startup-config
Specifies which startup configuration file is loaded on startup (see Specifying the Startup Configuration Name)
boot-param
Displays the current boot statement (see Displaying Boot Statements)
Table 26: Memory Debug Commands CAUTION The commands in the following table can be used only by Telco Systems Technical Support. Command
Description
memory
Accesses the Loader memory mode (see Loader Memory Mode)
copy
Copies a block of memory (see Copying a Block of Memory)
check-device
Checks the integrity of the file system and repairs lost clusters and file structure (see Checking and Repairing File-system Integrity)
display
Displays a block of memory (see Displaying a Block of Memory)
fill
Fills a block of memory (see Filling a Block of Memory)
Page 68 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Command
Description
list
Prints a command list (see Printing a Command List)
Page 69 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Starting the BiNOS Software Image The start
application command exits the loader and starts using the BiNOS software image.
CLI Mode:
Loader
Command Syntax Loader>start application
Example Loader>start application auto-booting... Uncompressing 3994461 bytes... Loading image... 14284304
BUILT-IN SELF TEST -----------------CPU Core Test Power Supply Test Fan Test
: Passed : Passed : Passed
/////////////////////////////////////////////////////////////////////////// // // // // // B A T M A d v a n c e d C o m m u n i c a t i o n s // // // // T e l c o S y s t e m s // // // // Device model : T-Marc 380 // // Product Category : AccessEthernet(TM) // // SW version : 10.1 created Mar 17 2010 - 20:19:58 // // // // // ///////////////////////////////////////////////////////////////////////////
User Access Verification Password:
Page 70 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Downloading the Application Software by using TFTP The copy server.
application command downloads the software image to the device by using TFTP
CLI Mode:
Loader and Privileged (Enable)
Command Syntax Loader>copy application [[[device/]path]file-name [DESTINATION FILE-NAME]
[no-validation]
Argument Description device/
(Optional) the device to which the file is copied (in format tftp://A.B.C.D)
path
(Optional) the path to the location where the file is copied
file-name
The original name of the file
DESTINATION-FILENAME
The destination file name as it will appear on the local flash system
no-validation
(Optional) skips the image validation check
Example
The following command downloads the new software-version file named VERxxx that is located in the Root directory on the TFTP server at IP address 192.192.54.1: Loader>copy application tftp://192.192.54.1/VERxxx.Z
Downloading the BiNOS Application by Using X-modem The download application command copies the BiNOS application from a source computer to the device permanent storage memory, through a console connection by X-modem transfer. CLI Mode:
Loader
The role of this command is to provide a rescue solution when the device becomes inoperable and a new application image cannot be received by the TFTP transfer! Command Syntax Loader>download application
Example Loader>download application XMODEM application download to flash 0 XMODEM Receive: Waiting for Sender Image Size = 0xBD552 CRC Value = 0x691181F3 Saving application code to FLASH bank 0....Success. Loader>
Page 71 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Displaying the Device IP Address and Mask The ip-address command displays the OutBand port IP interface address and subnet mask. CLI Mode:
Loader
Command Syntax Loader>ip-address
Example Loader>ip-address Loader IP address = 10.2.111.111, subnet mask = ffff0000
Displaying the Loader Version The version command displays the device model type and the loader version. CLI Mode:
Loader
Command Syntax Loader>version
Example Loader>version BATM Telco Boot Loader Device model : T-Marc 380 Loader version : 8.0.0 created Oct 29 2007 - 21:59:11
Displaying Hardware Details The manufacturing-details command displays detailed hardware information. CLI Mode:
Loader
Command Syntax Loader>manufacturing-details
Example Loader>manufacturing-details Device model : T-Marc 380 Serial number : 8807340077 Assembly No : AL001350 Part number : Not Available CLEI : Not Available HW revision : 05 HW subrevision : 02
Page 72 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Manufacturing Date : Not Available
Loader Configuration Mode The config command enters the Loader Configuration mode. CLI Mode:
Loader
Command Syntax Loader>config Loader(config)#
Displaying and Specifying the OutBand Port IP Address The ip-address command displays the OutBand port IP address and subnet mask. Use one of the command arguments below to specify a new IP address and subnet mask. CLI Mode:
Loader Configuration
Command Syntax Loader(config)#ip-address [A.B.C.D/M | A1.B1.C1.D1 M1.M2.M3.M4]
Argument Description A.B.C.D/M
(Optional). Specifies the new IP address with mask by number of bits.
A1.B1.C1.D1 M1.M2.M3.M4
(Optional). Specifies the new IP address with mask in dotted decimal notation.
Example
The following example displays the Loader current IP address: Loader(config)#ip-address Loader IP address = 10.2.111.111, subnet mask = ffff0000
Displaying and Specifying the MAC Address The mac-address command displays the device MAC address. Use the command argument to specify a new device MAC address. All LAN devices must have different MAC addresses. CLI Mode:
Loader Configuration
Command Syntax Loader(config)#mac-address [HH:HH:HH:HH:HH:HH]
Argument Description
Page 73 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
HH:HH:HH:HH:HH:HH
(Optional). Specifies the new MAC address
Example 1
The following example displays the device current MAC address: Loader(config)#mac-address Current base MAC Address of device = 00:A0:12:CE:10:61 OutBand MAC Address (base + 1) = 00:A0:12:CE:10:62
Example 2
The following example assigns a new MAC address to the device. The response indicates that the new MAC address is accepted and stored in the device memory. Loader(config)#mac-address 00:A0:12:07:0f:78 New MAC Address of device = 00:A0:12:07:0F:78
Resetting the Startup Configuration File The clean startup-config command cleans the startup configuration database in the permanent storage memory of the device, and sets it to its default values. CLI Mode:
Loader Configuration
Command Syntax Loader(config)#clean startup-config [all]
Argument Description all
(Optional). Cleans the startup configuration and all system settings like authentication data and configuration profiles.
Example Loader(config)#clean startup-configuration all Warning: IP address will be lost.
Deleting the Boot Configuration The clean
boot-config command clears the Loader EPROM.
CLI Mode:
Loader Configuration
CAUTION This command should be used only by Telco Systems Technical Support. Command Syntax Loader(config)#clean boot-config {remove-board-data | remove-all}
Page 74 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Argument Description remove-boarddata
Clears the NVRAM board configuration, keeping the management IP address, boot profile and manufacturing details.
remove-all
Clears all settings in non-volatile memory, including all above.
Erasing Log History Records The clean
log-history command erases all log history records.
CLI Mode:
Loader Configuration
Command Syntax Loader(config)#clean log-history
Cleaning the Flash Memory The clean
flash all command erases all Flash memory records.
CLI Mode:
Loader Configuration
Command Syntax Loader(config)#clean flash all
Making a Backup Copy The backup command makes a backup copy of the Flash or EEPROM memory contents. CLI Mode:
Loader Configuration
Command Syntax Loader(config)#backup eeprom A.B.C.D FILE-NAME Loader(config)#backup flash {1 | 2 | boot} A.B.C.D FILE-NAME
Argument Description eeprom
Specifies that a backup copy of the EEPROM memory contents is made.
flash
Specifies that a backup copy of the Flash memory contents is made.
A.B.C.D
Specifies the IP address of the TFTP server where the backup copy is written.
FILE-NAME
Specifies the name of the backup file to be copied.
1
Makes a backup of the primary Flash.
2
Makes a backup of the secondary Flash.
boot
Makes a backup of the boot Flash.
Page 75 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Rewriting the Flash Memory The refresh
flash command rewrites the Flash memory.
CLI Mode:
Loader Configuration
Command Syntax Loader(config)#refresh flash {1 | 2 | all}
Argument Description 1
Rewrites the primary Flash memory.
2
Rewrites the secondary Flash memory.
all
Rewrites all Flash memory.
Restoring the Flash Memory The restore
flash command restores the Flash memory.
CLI Mode:
Loader Configuration
Command Syntax Loader(config)#restore flash {1 | 2} A.B.C.D FILE-NAME
Argument Description 1
Restores the primary Flash.
2
Restores the secondary Flash.
A.B.C.D
Specifies the IP address of the TFTP server where the Flash memory will be restored.
FILE-NAME
The name of the backup file.
Displaying and Specifying the Software Image Location The boot-param device command displays the current software image location. Use one of the below command arguments to specify the software image location. CLI Mode:
Loader and Loader Configuration
Command Syntax Loader(config)#boot-param device Loader(config)#boot-param device [local | network]
Page 76 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Argument Description local
(Optional). The device boots from the local software image
network
(Optional). The device boots from a remote software image, using an FTP server
Displaying and Applying the Boot Statement The boot-param CLI Mode:
application command displays the current boot statement.
Loader and Loader Configuration
Command Syntax Loader#boot-param application Loader(config)#boot-param application [FILE-NAME]
Argument Description FILE-NAME
The name of the image file, a case-sensitive string.
Displaying and Specifying the FTP Server IP-Address The boot-param ftp-server command displays the FTP server IP-address. Use the command argument to specify the FTP server IP-address. CLI Mode:
Loader and Loader Configuration
Command Syntax Loader#boot-param ftp-server Loader(config)#boot-param ftp-server [A.B.C.D]
Argument Description A.B.C.D
(Optional) specifies the FTP server IP-address
Displaying and Specifying the FTP Username The boot-param ftp-user command displays the FTP username. Use the command argument to specify the FTP username. CLI Mode:
Loader and Loader Configuration
Command Syntax Loader#boot-param ftp-user Loader(config)#boot-param ftp-user [NAME]
Page 77 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Argument Description NAME
(Optional). The FTP access user name.
Specifying the FTP Access Password The boot-param CLI Mode:
ftp-password command specifies the password for FTP server access.
Loader and Loader Configuration
Command Syntax Loader#boot-param ftp-password Loader(config)#boot-param ftp-password [PASSWORD]
Argument Description PASSWORD
(Optional). The FTP authentication password for the configured FTP user name.
Specifying the Startup Configuration Name The boot-param CLI Mode:
startup-config command specifies the name of the startup configuration.
Loader and Loader Configuration
Command Syntax Loader#boot-param startup-config [binary] Loader(config)#boot-param startup-config [FILE-NAME | binary [FILE-NAME | default] | default]
Argument Description FILE-NAME
(Optional). The name of the startup-configuration
default
(Optional). Sets the default name of the startup configuration
binary
(Optional). Sets the binary startup configuration.
Displaying Boot Statements The boot-param command displays the current boot statement. CLI Mode:
Loader and Loader Configuration
Command Syntax Loader>boot-param Loader(config)#boot-param
Page 78 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Example Loader>boot-param IP address Device Application Startup configuration Statup binary config FTP server FTP user FTP password Boot flags
= 10.0.0.1:ffffff00 = local = BiNOS-TMarc_3X0-9.4.3.TMC3-pre3.Z = = = = = =
Loader Memory Mode The memory command enters the Loader memory mode. CLI Mode:
Loader
Command Syntax Loader>memory Loader(memory)#
Copying a Block of Memory The copy command copies a block of memory that is specified by block-length from the specified source address to the specified destination address. CLI Mode:
Loader Memory
Command Syntax Loader(memory)#copy
Argument Description src-addr
Hexadecimal source address (optionally prefixed with 0x).
dst-addr
Hexadecimal destination address (optionally prefixed with 0x).
blk-len
Hexadecimal or decimal block length (use 0x prefix for hexadecimal number).
Page 79 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Checking and Repairing File-system Integrity The check-device command checks the integrity of the file system and repairs lost clusters and file structure. CLI Mode:
Loader Configuration
Command Syntax Loader(config)#check-device flash:
Example Loader(config)#check-device flash: flash:/ - disk check in progress ... dosChkLib : CLOCK_REALTIME is being reset to THU DEC 27 00:00:00 1990 Value obtained from file system volume descriptor pointer: 0xfffdd38 The old setting was THU JAN 01 00:16:22 1970 Accepted system dates are greater than THU DEC 27 00:00:00 1990 flash:/ - Volume is OK Change volume Id from 0x0 to 0xe696 total # of clusters: 15,237 # of free clusters: 12,042 # of bad clusters: 0 total free space: 24,084 Kb max contiguous free space: 24,659,968 bytes # of files: 8 # of folders: 9 total bytes in files: 6,360 Kb # of lost chains: 0 total bytes in lost chains: 0
Displaying a Block of Memory The display command displays a block of memory. CLI Mode:
Loader Memory
Command Syntax Loader(memory)#display [ []]
Argument Description st-addr
(Optional). Hexadecimal start address (optionally prefixed with 0x). If only the start address is specified, the previous or default block length is repeated.
blk-len
(Optional). Hexadecimal or decimal block length (use 0x prefix for hexadecimal number).
Page 80 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Filling a Block of Memory The fill command fills a block of memory. CLI Mode:
Loader Memory
Command Syntax Loader(memory)#fill
Argument Description st-addr
Hexadecimal start address (optionally prefixed with 0x).
blk-len
Hexadecimal or decimal block length (use 0x prefix for hexadecimal number).
value
Hexadecimal byte value to fill (optionally prefixed with 0x).
Printing a Command List The list command prints the executed commands in a list format. CLI Mode:
Loader
Command Syntax Loader(memory)#list
Configuration Example Updating the Application Software from Loader:
1.
Configure boot parameters in profile (to configure any application file as a default one, the file must be downloaded first): Loader>config Loader(config)#boot-param device local
2.
Download the application by TFTP (it is stored with the source name. To change the target name, specify the name as an additional command argument). If an application file with the specified target name exists, it is overwritten. Loader(config)#exit Loader>copy application tftp:10.4.0.4/BiNOS-sfm880.Z TFTP receiving file ... 3385202
3.
Set the default application (when the file is already stored in FS): Loader>config Loader(config)#boot-param application BiNOS-sfm880.Z
Page 81 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
System Time and Date The device internal clock runs from the moment the system starts up and keeps track of the date and time. It is set from the following sources: •
Manual configuration
•
Daytime Protocol
•
Time Protocol
•
Summer Time (Daylight Saving Time)
•
Network Time Protocol
•
1588v2 Precision Time Protocol
Daytime Protocol The Daytime protocol is defined in RFC 867. A host connects to a server that supports the Daytime protocol, on either TCP or UDP port 13. The server then returns the current date and time as an ASCII string with an unspecified format.
Time Protocol The Time protocol is defined in RFC 868. This protocol provides a site-independent, machine readable date and time. The Time protocol operates over either TCP or UDP. A host connects to a server that supports the Time protocol, on port 37. The server then sends the time as a 32-bit unsigned binary number in network byte order representing a number of seconds since 00:00 (midnight) 1 January, 1900 GMT and closes the connection. The host receives the time and closes the connection. NOTE In BiNOS, the Daytime protocol and the Time protocol use TCP.
Summer Time (Daylight saving time) Daylight saving time (DST) is the practice of temporarily advancing clocks. Computer-based systems adjust automatically when DST starts and finishes, based on their time zone settings You can have the device advance the clock one hour at 2:00 a.m. on the first Sunday in April and move back the clock one hour at 2:00 a.m. on the last Sunday in October. You can explicitly specify the start and end dates and times and whether or not the time adjustment recurs every year.
Page 82 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Network Time Protocol Network Time Protocol (NTP) provides a reliable way of transmitting and receiving the time over IP networks. NTP is organized as a client-server model. An NTP network usually gets its time from an authoritative time source, such as a radio clock or an atomic clock connected to a Time server. NTP then distributes this time across the network.
1588v2 Precision Time Protocol (PTP) IEEE-1588v2, also known as PTP, provides an Ethernet-based, scalable clock-synchronization mechanism with various master-clock and quality options. Precise time synchronization is essential for monitoring performance measurements in order to ensure a high quality of service. Enable this protocol for synchronizing the T-Marc 300 Series devices, in order to measure extremely accurate Service Assurance Application (SAA) one-way delay (for more information, refer to the Service Assurance Application section of the Operation, Administration, and Maintenance chapter of this user guide). The PTP mechanism functions as follows: •
One clock in a defined domain within the network serves as the master clock (either a grandmaster clock or one T-Marc 300 Series device configured as a master clock)
•
The master clock periodically announces itself as the master clock to the slave clocks within the defined domain
•
The master clock sends periodical synchronization messages to the slave clocks within the domain
•
In case more than one master announces itself within the domain, the master clock with the highest defined 1588v2 priority and quality remains the master clock while the other master clock/s' mode is automatically switched to slave
To configure the PTP feature, refer to 1588v2 PTP Configuration Flow.
System Time and Date Default Configuration Table 27: System Time and Date Default Configuration Feature
Default Value
NTP authentication
Disabled
Summer time (Daylight Saving Time)
Disabled
1588v2 PTP Default Configuration Table 28: 1588v2 PTP Default Configuration Feature
Default Value
PTP
Disabled
Page 83 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Feature
Default Value
PTP mode
Slave
PTP primary priority (priority1)
255
PTP secondary priority (priority2)
255
Domain number
0
Announce interval
16 seconds
Synchronization interval
4 seconds
Static master address
(none)
PTP per interface
Disabled
Announce-receipt timeout intervals
3
Synchronization-receipt timeout intervals
3
Page 84 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
System Time and Date Configuration Flow 1.
Manually configure the system time and date (see Configuring System Time and Date) or
2.
Configure the device to synchronize the system time with a specific remote daytime or time server (see Configuring a Daytime or Time Server) or
3.
Configure an NTP server (see Configuring an NTP Server)
4.
Start the NTP server polling (see Configuring the NTP Server Polling)
5.
Optional configurations: Define an MD5 authentication key (see Configuring the MD5 Authentication Key) Adjust the system time to DST and then back to standard time on pre-set dates (see Specifying a One-time Summer Time (DST) Period) Adjust the system time and date to an annually-recurring summer time (DST) period (see Specifying a Recurrent Summer Time (DST) Period)
6.
Remove the NTP server (see Removing an NTP Server)
7.
Display the NTP server configuration (see Removing an NTP Server)
8.
Display the current time server configuration (see Displaying the Time Server Configuration)
9.
Display the current time and date (see Displaying the Current System Time)
Page 85 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
System Time and Date Configuration Commands Table 29: Time and Date Configuration Commands Command
Description
date
Manually configures the system time and date (see Configuring System Time and Date)
time-server
Configures the device to synchronize the system time with a specific remote daytime or time server (see Configuring a Daytime or Time Server)
time-server ntp add
Configures an NTP server (see Configuring an NTP Server)
time-server ntp start
Configures the NTP server polling (see Configuring the NTP Server Polling)
Table 30: Time Server Optional Commands Command
Description
time-server ntp key
Configures the MD5 authentication key (see Configuring the MD5 Authentication Key)
time-server summer-time date
Adjusts the system time to DST and then back to standard time on pre-set dates (see Specifying a One-time Summer Time (DST) Period)
time-server summer-time recurring
Adjusts the system time and date to an annually-recurring summer time (DST) period (see Specifying a Recurrent Summer Time (DST) Period)
Table 31: Commands for Removing the NTP Server Command
Description
time-server ntp delete
Deletes the existing NTP server (see Removing an NTP Server)
Table 32: Time Servers Display Commands Command
Description
time-server ntp show
Displays defined NTP servers (see Displaying NTP Servers)
time-server ntp key show
Displays existing NTP keys (see Displaying the MD5 Authentication Key)
show time-server
Displays the current Time server configuration (see Displaying the Time Server Configuration)
show date
Display the current time and date (see Displaying the Current System Time)
show clock
Page 86 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Configuring System Time and Date The date command manually configures the system time and date. CLI Mode:
Global Configuration
Command Syntax device-name(config)#date hh:mm:ss MONTH
Argument Description hh:mm:ss
Specifies the time (24-hour format) in hours and minutes.
day
Day in month, in the range .
MONTH
Specifies the month: January, February, March, April, May, June, July, August, September, October, November, and December.
year
Year in four digits, in the range .
Example
The following example sets system time to 12:30:00 and date 1 April 2008: device-name(config)#date 12:30:00 1 april 2008
Configuring a Daytime or Time Server The time-server command configures the device to synchronize the system time with a specific remote server. CLI Mode:
Global Configuration
To use this feature, select the remote time synchronization protocol: •
The Daytime Protocol (RFC 867) specifies the date and time as a character string
•
The Time Protocol (RFC 868) specifies the time in seconds since midnight, January 01, 1900
The server for remote synchronization can be any PC running Windows NT/2000 or the UNIX operating system. Command Syntax device-name(config)#time-server daytime swap device-name(config)#time-server {daytime | time} A.B.C.D [ [timeout ]] [timeout ] device-name(config)#time-server {daytime | time} A.B.C.D timezone { timeout | timeout } device-name(config)#no time-server [daytime swap]
Page 87 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
NOTE The old style of this command, wherein the IP address argument precedes the daytime protocol, is supported for backward compatibility. However, Telco Systems strongly recommends using only the new style of the command for setting up time synchronization clients. Argument Description time
Specifies Time Protocol (RFC868).
daytime
Specifies Daytime Protocol (RFC867).
swap
Swaps day and month (for daytime format). This would be required if the positions of day and month are interchanged in the daytime server’s format, to prevent the device from interpreting the day value as the month and the month value as the day.
A.B.C.D
IP address of the time-server.
refresh-time
Synchronization polling interval, in the range of minutes.
timezone
Specifies the time zone.
zone
Shifts of local hour relative to the server (positive East, negative West of server’s time zone). The range is .
timeout
Specifies the Time server session timeout in seconds. The range is seconds.
1-59
Specifies a number of minutes to synchronize accurately the system time to the time server.
no
Removes the Time server definitions.
Example 1
The following command synchronizes the system time with host 192.168.0.1, using the Time Protocol. Synchronization is performed every 10 minutes. Local time is two hours behind the GMT . device-name(config)#time-server time 192.168.0.1 10 -2
Example 2
The following command synchronizes the system time with host 192.168.0.1, using the Daytime Protocol. Synchronization is performed every 10 minutes. Local time is two hours ahead of the GMT. device-name(config)#time-server daytime 192.168.0.1 10 2
Page 88 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Configuring an NTP Server The time-server CLI Mode:
ntp add command configures an NTP server.
Global Configuration
You can define up to five NTP servers. Command Syntax device-name(config)#time-server ntp add A.B.C.D
Argument Description A.B.C.D
Specifies the IP address of the Time server to be added.
Example
The following example adds the NTP server with IP address 186.102.20.11: device-name(config)#time-server ntp add 186.102.20.11
Configuring the NTP Server Polling The time-server ntp start command configures the NTP server polling interval. The polling interval is the period of time between polling cycles. CLI Mode:
Global Configuration
NOTE To end the NTP server polling use the no time-server command. Command Syntax device-name(config)#time-server ntp start { | timezone }
Argument Description polling-interval
The synchronization refresh period in minutes, in the range (the upper limit is equivalent to 31 days).
zone
Shift of local hour relative to GMT (positive East, negative West of Greenwich). The range is .
timezone
Specifies the time zone.
1-59
Specifies a number of minutes to synchronize accurately the system time to the time server.
Page 89 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Configuring the MD5 Authentication Key The time-server CLI Mode:
ntp key
command configures the MD5 authentication key.
Global Configuration
Time synchronization can be authenticated to make sure that the local device obtains its time services only from known sources. By default, network time synchronization is unauthenticated. Command Syntax device-name(config)#time-server ntp key {add | delete} KEY [A.B.C.D]
Argument Description add
Defines the MD5 authentication key.
delete
Removes the existing MD5 authentication key.
key-id
The key number in the range .
KEY
String up to 20 non-blank characters. The string is case-sensitive. Some special characters, such as question marks, are not allowed.
A.B.C.D
(Optional). NTP server address.
Example
The following example adds an MD5 authentication key with key ID of 27 and plain-text key qwerty: device-name(config)#time-server ntp key add 27 qwerty Configuration changes will take effect after ntp client is restarted
Specifying a One-time Summer Time (DST) Period The time-server summer-time standard time on pre-set dates.
date command adjusts the system time to DST and then back to
Adjusts the system time to DST and then back to standard time on pre-set dates CLI Mode:
Global Configuration
By default, the summer time definition is disabled. Command Syntax device-name(config)#time-server summer-time date MONTH HH:MM:SS
MONTH HH:MM:SS device-name(config)#no time-server summer-time
Page 90 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Argument Description day
The start day of the month, in range .
MONTH
The start summer-time month: January, February, March, April, May, June, July, August, September, October, November and December.
year
The start summer-time year, in range .
HH:MM:SS
Specify the start summer-time time.
day
The end day of the month, in range .
MONTH
The end summer-time month: January, February, March, April, May, June, July, August, September, October, November and December.
year
The end summer-time year, in range .
HH:MM:SS
Specify the end summer-time time.
shift
The number of minutes to add during summer time, in range .
no
Remove the summer time settings.
Example
The following example demonstrates advancing the system time 1 hour on May 1st, 2004, at 02:00:00 and shifting it back on December 3rd, 2004, at 02:00:00: device-name(config)#time-server summer-time date 1 May 2004 02:00:00 3 Dec
2004 02:00:00 60
Specifying a Recurrent Summer Time (DST) Period The time-server summer-time recurring command adjusts the system time and date to an annually-recurring summer time (DST) period. CLI Mode:
Global Configuration
By default, the summer time definition is disabled. Command Syntax device-name(config)#time-server summer-time recurring {first | | last} MONTH HH:MM:SS {first | | last) MONTH HH:MM:SS device-name(config)#no time-server summer-time
Argument Description first
The first week of the month to start.
week
Specify the week of the month to start in, the range .
last
The last week of the month to start.
day
The start summer-time day in the week: Sunday, Monday, Tuesday, Wednesday, Thursday, Friday and Saturday.
MONTH
The start summer-time month: January, February, March, April, May, June, July, August, September, October, November, and December.
Page 91 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
HH:MM:SS
Specify the start summer-time time.
first
The first week of the month to end.
week
Specify the week of the month to end, in the range .
last
The last week of the month to end.
day
The end summer-time day in the week: Sunday, Monday, Tuesday, Wednesday, Thursday, Friday and Saturday.
MONTH
The end summer-time month: January, February, March, April, May, June, July, August, September, October, November, and December.
HH:MM:SS
Specify the end summer-time time.
shift
The number of minutes to add during summer time, in the range .
no
Remove the summer-time settings.
Example
The following example shows how to advance the system time automatically by one hour every year, starting on the second Monday of April at 01:00:00 this year and move the system time back on the second Tuesday of October at 01:00:00: device-name(config)#time-server summer-time recurring 2 mon apr 01:00:00 2
tue oct 01:00:00 60
Removing an NTP Server The time-server CLI Mode:
ntp delete command deletes the existing NTP server.
Global Configuration
Command Syntax device-name(config)#time-server ntp delete A.B.C.D
Argument Description A.B.C.D
Specify the IP address of the Time server to be deleted.
Example
The following example removes the NTP server with IP address 186.102.20.11: device-name(config)#time-server ntp delete 186.102.20.11
Page 92 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Displaying NTP Servers The time-server CLI Mode:
ntp show command displays defined NTP servers.
Global Configuration
Command Syntax device-name(config)#time-server ntp show
Example
The following example displays the three existing NTP servers: device-name(config)#time-server ntp show 186.102.20.11 182.21.2.31 128.11.24.6
Displaying the MD5 Authentication Key The time-server string. CLI Mode:
ntp key show command displays the existing MD5 authentication key ID and
Global Configuration
Command Syntax device-name(config)#time-server ntp key show
Example device-name(config)#time-server ntp key show 192.168.0.40: 1 key1 2 key2 192.168.0.32: 1 key1
Displaying the Time Server Configuration The show
time-server command displays the current Time server configuration.
CLI Mode:
Privileged (Enable)
Command Syntax device-name#show time-server
Page 93 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Example device-name#show time-server Current system time MON OCT 13 19:00:25 2003 Time server protocol : NTP Refresh : 23 min Time zone : 2h:10m
Displaying the Current System Time The show
date and show clock commands display the current system time and date.
CLI Mode:
Privileged (Enable)
Command Syntax device-name#show date device-name#show clock [detail]
Argument Description detail
(Optional). The command also displays the type of the currently used synchronization client and the time zone indication. If detail is not specified, the command displays the current system time.
Example 1 device-name#show date Current system time TUE APR 10 13:45:04 2001
Example 2
The following example displays the date and time: device-name#show clock Current system time TUE APR 10 13:45:04 2008
Example 3
The following example displays the date and time, and the currently used synchronization client (if available): device-name#show clock detail Current system time THU JAN 01 00:01:02 1998 Time client is running with following peers: Time server: 192.168.0.4 Refresh time: 10 minutes Time zone shift: 2 hour(s)
Page 94 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Configuration Example The following example demonstrates how the device uses an NTP server. 1.
Add the NTP server located in IP address 212.90.11.2: device-name(config)#time-server ntp add 212.90.11.2
2.
Add an MD5 authentication key with key ID of 27 and plain-text key qwerty: device-name(config)#time-server ntp key add 27 qwerty
3.
Start the NTP server polling with refresh period of 10 minutes and time zone 2: device-name(config)#time-server ntp start 10 2
Page 95 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
1588v2 PTP Configuration Flow To configure the 1588v2 PTP, proceed as follows: 1.
Enable 1588v2 PTP on the device (see Configuring PTP).
2.
Define the device's PTP mode (master or slave, see Defining the Device's PTP Mode).
3.
(For master devices only) define the clock's primary 1588v2 priority (see Defining a Master Clock's 1588v2 Primary Priority).
4.
(For master devices only) define the clock's secondary 1588v2 priority (see Defining a Master Clock's 1588v2 Secondary Priority).
5.
Specify the PTP domain (logical grouping) the device belongs to (see Assigning the Device to a PTP Domain).
6.
(For master devices only) define the interval for sending announce messages (see Defining the Interval for Sending Announce Messages).
7.
(For master devices only) define the interval for sending synchronization messages (see Defining the Interval for Sending Synchronization Messages).
8.
(Optional, for slaves only) define a static master for the device (see Selecting a Static Master Clock).
9.
Enable PTP on the interface/s (see Enabling PTP on a Port).
10. (For slave devices only) define the announce-receipt timeout from a master clock (see Defining the Announce-Receipt Timeout). 11. (For slave devices only) define the synchronization-receipt timeout from a master clock (see Defining the Synchronization-Receipt Timeout). 12. Display the PTP status (see Displaying the PTP Status).
Page 96 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
1588v2 PTP Configuration Commands Table 33: 1588v2 PTP Configuration Commands Command
Description
ptp
Configures PTP on the local device and enters the PTP Configuration mode (see Configuring PTP)
encapsulation all-ports
Defines the network technology used to transport PTP messages (see Defining the Packet Encapsulation Type)
priority1
Defines the 1588v2 primary priority of the master clock (see Defining a Master Clock's 1588v2 Primary Priority)
priority2
Defines the 1588v2 secondary priority of the master clock (see Defining a Master Clock's 1588v2 Secondary Priority)
domain-number
Defines the PTP domain the device belongs to (see Assigning the Device to a PTP Domain)
ptp-mode
Defines whether the device is a slave or a master (see Defining the PTP Mode)
master-address
Defines a static master's MAC address for a slave device (see Selecting a Static Master Clock)
announce-interval
Defines the interval the master sends announce messages (see Defining the Interval for Sending Announce Messages)
sync-interval
Defines the interval the master sends announce messages (see Defining the Interval for Sending Synchronization Messages)
master-vlan
Defines a VLAN used for sending master clock messages or sync messages (Defining the Master VLAN)
ptp enable
Enables PTP on port/s (see Enabling PTP on a Port)
ptp-announce-receipt-timeout
Defines the number of announce intervals to pass without receiving an announce message before dropping the current master and selecting a different one (see Defining the Announce-Receipt Timeout)
ptp-sync-receipt-timeout
Defines the number of synchronization intervals to pass without receiving a synchronization message before the slave becomes unsynchronized with the master (see Defining the Synchronization-Receipt Timeout)
show ptp
Displays the PTP state (see Displaying the PTP Status)
Page 97 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Configuring PTP The ptp command configures PTP on the local device and enters the PTP Configuration mode. Enable this protocol for accurate SAA one-way delay measurement (refer to the Service Assurance Application section of the Operation, Administration, and Maintenance chapter of BiNOS User Guide). CLI Mode:
Global Configuration
PTP is disabled by default. Command Syntax device-name(config)#ptp [enable] device-name(config-ptp)# device-name(config)#no ptp
Argument Description enable
Enters the PTP Configuration mode
no
Disables PTP
Defining the Packet Encapsulation Type The encapsulation messages. CLI Mode:
all-ports command defines the network technology used to transport PTP
PTP Configuration
By default, the encapsulation type is ieee8023. Command Syntax device-name(config-ptp)#encapsulation all-ports {ipv4 | ieee8023} device-name(config-ptp)#no encapsulation all-ports
Argument Description ipv4
PTP over UDP/IPv4. When carried over UDP, the first byte of the PTP message immediately follows the final byte of the UDP header.
ieee8023
PTP over IEEE 802.3/ Ethernet. When carried over Ethernet, the first byte of the PTP message occupies the first byte of the data field of the Ethernet frame.
Defining the 1588v2 Primary Priority of the Master Clock The priority1 command defines the 1588v2 primary priority of the master clock. If there is more than one master device in a PTP domain, the device with the highest priority (lowest number) remains the master while the other device/s switch to slave. Page 98 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
CLI Mode:
PTP Configuration
The default priority1 is 255. Command Syntax device-name(config-ptp)#priority1 device-name(config-ptp)#no priority1
Argument Description priority1
The priority1 value, in the range of
no
Restores to default
Defining the 1588v2 Secondary Priority of the Master Clock The priority2 command defines a finer grained ordering among otherwise equivalent master clocks (see above). CLI Mode:
PTP Configuration
The default priority2 is 255. Command Syntax device-name(config-ptp)#priority2 device-name(config-ptp)#no priority2
Argument Description priority2
The priority2 value, in the range of
no
Restores to default
Assigning the Device to a PTP Domain The domain-number command specifies the PTP domain the device belongs to. The PTP domain is the logical grouping of PTP clocks that synchronize to each other. CLI Mode:
PTP Configuration
The default domain number is 0. Command Syntax device-name(config-ptp)#domain-number device-name(config-ptp)#no domain-number
Argument Description domain-number
The PTP domain number, in the range of
Page 99 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
no
Restores to default
Defining the PTP Mode The ptp-mode command switches between slave and master modes. NOTE If the master device receives announce messages from a different PTP master device with a higher 1588v2 priority and quality, it automatically switches to a slave mode without any warnings. CLI Mode:
PTP Configuration
The default mode is slave. Command Syntax device-name(config-ptp)#ptp-mode {master | slave}
Argument Description master
Defines the device as a master clock
slave
Defines the device as a slave clock
Selecting a Static Master Clock The master-address command allows you to select a static master manually. In this case the slave device skips the master election algorithm and ignores announce messages from other maters. CLI Mode:
PTP Configuration
By default, the device has no static master. Command Syntax device-name(config-ptp)#master-address device-name(config-ptp)#no master-address
Argument Description XX:XX:XX:XX:XX:XX
The static master's MAC address
no
Restores to default
Defining the Interval for Sending Announce Messages The announce-interval command defines the interval for a master device to announce itself as master clock, in seconds. CLI Mode:
PTP Configuration
The default interval is 16 seconds.
Page 100 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax device-name(config-ptp)#announce-interval device-name(config-ptp)#no announce-interval
Argument Description announce interval
The interval between two consecutive announce messages, in the range of {1 | 2 | 4 | 8 | 16 | 32 | 64 | 128} seconds.
no
Restores to default
Defining the Interval for Sending Synchronization Messages The sync-interval command defines the interval for a master device to send synchronization messages, in seconds. CLI Mode:
PTP Configuration
The default interval is 4 seconds. Command Syntax device-name(config-ptp)#sync-interval device-name(config-ptp)#no sync-interval
Argument Description synch interval
Specifies the interval between two consecutive synchronization messages, in the range of {1 | 2 | 4 | 8 | 16 | 32 | 64 | 128} seconds.
no
Restores to default
Defining the Master VLAN The master-vlan command defines a VLAN used for sending master clock messages or sync messages. Command Syntax device-name(config-ptp)#master-vlan device-name(config-ptp)#no master-vlan
Argument Description master-vlan-id
The master VLAN ID, in the range of .The VLAN must be already configured (see the Configuring VLANs and Super VLANs chapter of the current User Guide).
no
Removes the VLAN from being a master VLAN.
Page 101 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Enabling PTP on a Port The ptp enable command enables PTP for on a specific port. When you enable PTP on a port, this port is able to receive and send PTP packets. CLI Mode:
Interface Configuration
By default, PTP is disabled on ports. Command Syntax device-name(config-if UU/SS/PP)#ptp {enable | disable}
Argument Description enable
Enables PTP
disable
Disables PTP
Defining the Announce-Receipt Timeout The ptp-announce-receipt-timeout command defines the announce-receipt timeout. This value defines the number of announce-receipt intervals that pass before the slave interface drops the selected master and initiates an ANNOUNCE_RECEIPT_TIMEOUT_EXPIRES event. CLI Mode:
Interface Configuration
Command Syntax device-name(config-if UU/SS/PP)#ptp-announce-receipt-timeout device-name(config-if UU/SS/PP)#no ptp-announce-receipt-timeout
The default number of announce-receipt intervals is 3. Argument Description announce_receipt _timeout
The number of announce-receipt intervals, in the range of
no
Restores to default
Defining the Synchronization-Receipt Timeout The ptp-sync-receipt-timeout command defines the synchronization-receipt timeout. This value defines the number of synchronization-receipt intervals that pass before the slave is no longer synchronized with the master. CLI Mode:
Interface Configuration
The default number of the synchronization-receipt intervals is 3.
Page 102 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax device-name(config-if UU/SS/PP)#ptp-sync-receipt-timeout device-name(config-if UU/SS/PP)#no ptp-sync-receipt-timeout
Argument Description synch_receipt _timeout
The number of the synchronization-receipt intervals, in the range of
no
Restores to default
Displaying the PTP Status The show
ptp
command displays the PTP configuration details as specified below.
•
If you do not use the interface argument, the command displays the common device's PTP settings without interfaces information.
•
If you use the interface argument without specifying an interface number, the command displays the enabled PTP interfaces on the device.
•
If you use the interface argument and specify an interface number, the command displays the specified interface's PTP state.
Refer to Table 34 for the parameters displayed by this command. CLI Mode:
Privileged (Enable)
Command Syntax device-name#show ptp [interface [UU/SS/PP | AG0N]
Argument Description UU/SS/PP
The interface displayed
AG0N
The aggregated interface displayed
Example 1 device-name#show ptp PTP Configuration (slave): Number of PTP enabled ports: 1 Domain Number: 0 Master Address: 00:A0:12:27:0E:40 Mean path delay : 5 usec Offset from master: 1 usec
Example 2 device-name#show ptp interface 1/1/1 This port is PTP Enabled Port State: Master
Page 103 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Announce receipt timeout: 16 Sync receipt timeout: 4
Table 34: Parameters displayed by the show
ptp
command
Parameters
Description
Mean Path Delay
The average between the delay from the master to slave and the delay from the slave to master
Offset from Master
The offset between the slave and the master calculated by the slave
Configuration Example Below is an example of configuring a master device. 1.
Enable PTP on the device: device-name(config)#ptp enable
2.
Define a device to PTP master mode: device-name(config-ptp)#ptp-mode master device-name(config-ptp)#exit
3.
Enter the configuration mode for interface 1/1/1: device-name(config)#interface 1/1/1
4.
Enable PTP on interface 1/1/1: device-name(config-if 1/1/1)#ptp enable device-name(config-if 1/1/1)#end
5.
Display the PTP configuration: device-name#show ptp PTP Configuration (master): Number of PTP enabled ports: 1 Domain Number: 0 Priority 1: 255 Priority 2: 255 Announce Interval: 16 Sync Interval: 4
Page 104 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
DHCP Client Overview DHCP (Dynamic Host Configuration Protocol) is a TCP/IP protocol for dynamically assigning IP addresses to devices on a network. DHCP is built on a client-server model, in which designated DHCP servers allocate network addresses and deliver configuration parameters to dynamically configured devices (DHCP clients). The DHCP client use DHCP to reacquire or verify its IP address and network parameters whenever the local network parameters may have changed (e.g. at the device boot time or after a disconnection from the local network), as the local network configuration may change without the client’s or user’s knowledge. If a DHCP client has knowledge of a previous network address and is unable to contact a local DHCP server, the DHCP client may continue to use the previous network address until the lease for that address expires. If the lease expires before the client can contact a DHCP server, the DHCP client must immediately discontinue use of the previous network address and may inform local users of the problem. DHCP consists of two components: •
mechanism for delivering configuration parameters from a DHCP server to a device
•
mechanism for allocating network addresses to devices
DHCP supports three mechanisms for IP address allocation: •
Automatic allocation—DHCP assigns a permanent IP address to the user
•
Dynamic allocation—DHCP assigns an IP address to the user for a limited period of time. Dynamic allocation allows automatic reuse of an address that is no longer needed by the user to which it is assigned. Thus, dynamic allocation is particularly useful for assigning an address to the user that connected to the network only temporarily or for sharing a limited pool of IP addresses among a group of users that do not need permanent IP addresses.
•
Manual allocation—the system administrator assigns to the user an IP address, and DHCP is used simply to convey the assigned address. A particular network uses one or more of these mechanisms, depending on the policies of the network administrator. Manual allocation allows DHCP to be used to eliminate the error-prone process of manually configuring hosts with IP addresses in environments where it is desirable to manage IP address assignment outside of the DHCP mechanisms.
Page 105 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
The DHCP Negotiation Process As shown in below figure, the parameter negotiation starts with a DHCPDISCOVER broadcast message from the client seeking a DHCP server. The DHCP Server responds with a DHCPOFFER unicast message offering configuration parameters (such as an IP address, a MAC address, a domain name, and a lease for the IP address) to the client. The client returns a DHCPREQUEST broadcast message requesting the offered IP address from the DHCP Server. The DHCP Server responds with a DHCPACK unicast message confirming that the IP address has been allocated to the client.
Figure 1: Obtaining an IP Address from a DHCP Server
The client may suggest values for the IP address and lease time in the DHCPDISCOVER message. The client may include the requested IP address option to suggest that a particular IP address can be assigned, and may include the IP address lease time option to suggest the lease time it would like to have it. The requested IP address option is filled in a DHCPREQUEST message only when the client is verifying network parameters obtained previously. If a server receives a DHCPREQUEST message with an invalid requested IP address, the server should respond to the client with a DHCPNAK message and may choose to report the problem to the system administrator. The server may include an error message in the message option.
When Should Clients Use DHCP A client should use DHCP to reacquire or verify its IP address and network parameters whenever the local network parameters may have changed (e.g. at the switch boot time or after a disconnection from the local network), as the local network configuration may change without the client or user knowledge. If a client has knowledge of a previous network address and is unable to contact a local DHCP Server, the client may continue to use the previous network address until the lease for that address expires. If the lease expires before the client can contact a DHCP Server, the client must immediately discontinue use of the previous network address and may inform local users of the problem.
Page 106 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
The DHCP Client Default Configuration Table 35: DHCP Client Default Configuration Feature
Default Value
DHCP Client
Disabled
The DHCPDISCOVER message retransmission timeout
8 minutes
The DHCP Client Configuration Flow 1.
Optional configuration: Enable the DHCP client security feature (see Enabling the DHCP Client Security (Authentication Option 90)) Permit the DHCP client to receive unauthenticated packets (see Controlling the Unauthenticated Packets Flow) Specify DHCP server discover attempts (see Specifying DHCP Server Discover Attempts) Configure the maximum time that the DHCP Client is allowed to be active (see Changing the DHCPDISCOVER Messages Retransmission Timeout)
2.
Provide the device its IP configuration information dynamically and configures the DHCP lease period (see Configuring the DHCP Client)
3.
Display the DHCP Client status and the DISCOVER message timeout (see Displaying the DHCP Client Configuration)
Page 107 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
DHCP Client Configuration Commands NOTE The commands in the following table are applied on demarcation devices in a topology with proxy management feature started.
Table 36: DHCP Client Security Commands Command
Description
dhcp-client security enable
Enables the DHCP client security feature (see Enabling the DHCP Client Security (Authentication Option 90))
dhcp-client security accept
Permits the DHCP client to receive unauthenticated packets (see Controlling the Unauthenticated Packets Flow)
dhcp-client security attempts
Specifying DHCP server discover attempts (see Specifying DHCP Server Discover Attempts)
Table 37: DHCP Client Commands Command
Description
dhcp-client discover-rto
Configures the maximum time that the DHCP Client is allowed to be active (see Changing the DHCPDISCOVER Messages Retransmission Timeout)
ip address dhcp
Provides the device its IP configuration information dynamically and configures the DHCP lease period (see Configuring the DHCP Client)
Table 38: DHCP Client Display Command Command
Description
show dhcp-client
Displays the DHCP Client status and the DISCOVER message timeout (see Displaying the DHCP Client Configuration)
Page 108 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Enabling the DHCP Client Security (Authentication Option 90) The dhcp-client CLI Mode:
security enable command enables the DHCP client security feature.
Global Configuration
By default, the DHCP client security is disabled. Command Syntax device-name(config)#dhcp-client security enable device-name(config)#no dhcp-client security
Argument Description no
Disables the DHCP client security feature.
Controlling the Unauthenticated Packets Flow The dhcp-client security unauthenticated packets. CLI Mode:
accept command permits the DHCP client to receive
Global Configuration
By default, the all unauthenticated packets are received. Command Syntax device-name(config)#dhcp-client security accept {all | authenticated-only}
Argument Description all
Permits all unauthenticated packets.
authenticated-only
Permits only authenticated packets.
Specifying DHCP Server Discover Attempts The dhcp-client security attempts command specifies the number of attempts, which the DHCP client makes to locate a DHCP server and obtain a configuration from it. CLI Mode:
Global Configuration
By default, the number of attempts is infinitely. Command Syntax device-name(config)#dhcp-client security attempts ( | infinitely)
Page 109 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Argument Description 1-512
Specifies the number of attempts.
infinitely
Sets the number of attempts to infinitely.
Changing the DHCPDISCOVER Messages Retransmission Timeout The dhcp-client discover-rto command configures the maximum time that the DHCP Client is allowed to be active and to send DHCPDISCOVER frames. CLI Mode:
Global Configuration
The client resends a DHCPDISCOVER frame after 4, 8, 16, 32 and 64 seconds. By default, the DHCPDISCOVER timeout is 8 minutes. Command Syntax device-name(config)#dhcp-client discover-rto device-name(config)#no dhcp-client discover-rto
Argument Description time
The DHCPDISCOVER message retransmission timeout, in the range minutes.
no
Disables the retransmission timeout, i.e. the DHCP client keeps sending requests until it negotiates an IP address.
Configuring the DHCP Client The ip address dhcp command provides the device its IP configuration information dynamically and configures the requested lease period. CLI Mode:
Global Configuration
By default, the dynamic address allocation is disabled. Command Syntax device-name(config)#ip address dhcp [A.B.C.D | renew] device-name(config)#ip address dhcp lease { | infinite} [A.B.C.D | renew] device-name(config)#no ip address dhcp
Argument Description 1-10080
Specifies a value for the lease period, in minutes.
infinite
Sets the lease period to be an infinite period. This is the default value.
Page 110 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
A.B.C.D
(Optional). The requested IP address. The DHCP Client is initiated with DHCP negotiation. If the IP address is specified, the DHCP Client sends a request for this address, and if the requested IP address is not available the server returns another IP address. To see the IP address provided by the DHCP server, use the show ip command in Privileged (Enable) mode (refer to the Device Setup and Maintenance chapter of the BiNOS User Guide).
renew
(Optional). Restarts the DHCP client, freeing the IP address previously allocated.
no
Stops the DHCP Client and restores the IP address, subnet mask and IP gateway to their default values.
Displaying the DHCP Client Configuration The show timeout.
dhcp-client command displays the DHCP client status and the DISCOVER message
CLI Mode:
Privileged (Enable)
Command Syntax device-name#show dhcp-client
Example device-name(config)#ip address dhcp lease infinite device-name(config)#exit device-name#show dhcp-client DHCP client is active IP address is acquired by DHCP DISCOVER messages retransmission timeout - 8 minute(s) Lease time left: 86394
Page 111 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Controlling the Packet Rate Overview To break the correlation between the management device (the CPU), the remaining switching and routing devices, the device implements four queues for outgoing packets to the CPU, and a standalone New Address message queue destined to the CPU. Each queue has a fixed depth. Packet dropping is enabled when the queues reach their limit. Two mechanisms are set: •
Protecting Against New Address Attacks— The rate limit mechanism for learning new addresses is hardware based. It is designed to prevent overloading the CPU when new MAC address requests arrive at a high pace.
•
Protecting Against CPU Attacks— The rate limiting hardware mechanism is designed to reduce CPU usage. You can define a rate limit for traffic to the CPU to prevent overloading the CPU when the pace at which packets are forwarded to it is too high.
•
Figure 2 shows the packet flow through the device when the rate limit mechanism is enabled.
Figure 2: Rate Limit Mechanism
Page 112 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Packet-Rate Thresholds' Default Configuration Table 39: Packet-Rate Threshold Default Configuration Parameter
Default Value
Rate limit for learning new addresses for the entire device
1500 packets per second
Rate limit to the CPU for the entire device
1500 packets per second
Low packet-rate threshold
200 packets per second
High packet-rate threshold
5000 packets per second
The Packet-Rate Thresholds' Commands Table 40: Packet-Rate Threshold Commands Command
Description
set packets_threshold
Configures packet-rate threshold levels (see Configuring Packet-Rate Thresholds)
reset packets_threshold statistics
Clears the CPU packet-rate statistics (see Clearing the CPU Packet Threshold)
show packets_threshold
Displays the current packet-rate threshold levels (see Displaying Packet-Rate Thresholds)
Configuring Packet-Rate Thresholds The set CPU.
packets_threshold command configures rate threshold levels for packets that load the
CLI Mode:
Global Configuration mode
Default packet-rate threshold levels are described in Table 39. Command Syntax device-name(config)#set packets_threshold
Argument Description low
Low packet rate threshold in packets per second. The range is .
high
High packet rate threshold in packets per second. The range is .
Page 113 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Example
The following example sets the threshold levels to: •
Accept all packets if the rate is less or equal to 300 packets per second
•
Accept only high-priority packets if the rate is higher than 300 packets per second, but not more than 4000 packets per second
•
Reject all packets if the rate exceeds 4000 packets per second device-name(config)#set packets_threshold 300 4000
Clearing the CPU Packet Threshold The reset
packets_threshold statistics command clears the CPU packet-rate statistics.
CLI Mode:
Privileged (Enable)
Command Syntax device-name#reset packets_threshold statistics
Displaying Packet-Rate Thresholds The show
packets_threshold command displays the current packet-rate threshold levels.
CLI Mode:
Privileged (Enable)
Table 41 describes the parameters displayed by the show
packets_threshold command.
Command Syntax device-name#show packets_threshold
Example device-name#show packets_threshold Low packet rate threshold is 200 pps High packet rate threshold is 5000 pps Packets rate per sec: 6 In packets: 1425 Drop packets: 0
Table 41: Parameters Displayed by the show
packets_threshold
Command
Parameter
Description
Low packet rate threshold
Low packet rate threshold in packets per second.
High packet rate threshold
High packet rate threshold in packets per second.
In packets
The number of packets accepted (within the threshold limits) in the current session.
Drop packets
The number of packets rejected (beyond the threshold limits) in the current session.
Page 114 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Parameter
Description
Packets rate per sec
The current rate of information flows to the CPU, in terms of packets-per-second.
Page 115 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Control Plane Priority per Protocol Table 42: Control Plane Priority per Protocol Protocol
Control Packets
Priority
LACP
LACPDU
7
MEF8
Ethernet
0–7
CFM
BPDU
6
EFM OAM
BPDU
6
DHCP
IP
6
ICMP
IP
6
ARP
Ethernet
6
SNMP
UDP
6
Telnet
TCP
6
SSH
TCP
6
TFTP
UDP
6
DHCP Client
UDP
6
RADIUS
UDP
6
TACAS +
TCP
6
SYSLOG messages
UDP
6
Page 116 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Supported Platforms Features
T-Marc 340
T-Marc 380
Managing the MAC Address Table
+
+
Managing the ARP Table
+
+
Script Files System
+
+
Configuring Default Settings
+
+
Zero Configuration Networking
+
+
Software Upgrade and Boot Options
+
+
Boot Loader
+
+
Managing the System Time and Date
+
+
DHCP Client
+
+
CPU Resource Control
+
+
Supported Standards, MIBs and RFCs Features
Standards
MIBs
RFCs
Managing the MAC Address Table
No Standards are supported by this feature.
Standard MIB, 8021Q_d6.mib
No RFCs are supported by this feature.
Managing the ARP Table
No standards are supported by this feature.
Private MIB, prvt_switch_ipvaln.mib
RFC 791, Internet Protocol DARPA Internet Program Protocol Specifications RFC 919, Broadcasting Internet Datagrams RFC 922, Broadcasting Internet Datagrams in the Presence of Subnets RFC 1042, A Standard for the Transmission of IP Datagrams over IEEE 802 Networks RFC 1122, Requirements for Internet Hosts -Communication Layers RFC 1812, Requirements for IP Version 4 Routers
Page 117 Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Features
Standards
MIBs
RFCs
Script Files System
No standards are supported by this feature.
No MIBs are supported by this feature.
No RFCs are supported by this feature
Configuring Default Settings
No standards are supported by this feature.
No MIBs are supported by this feature.
No RFCs are supported by this feature
Zero Configuration Networking
No standards are supported by this feature.
No MIBs are supported by this feature.
RFC 2131, Dynamic Host Configuration Protocol RFC 2132, DHCP Options and BOOTP Vendor Extensions
Software Upgrade and Boot Options
No standards are supported by this feature.
No MIBs are supported by this feature.
No RFCs are supported by this feature.
Boot Loader
No Standards are supported by this feature.
No MIBs are supported by this feature.
No RFCs are supported by this feature.
Managing the System Time and Date
No standards are supported by this feature.
No MIBs are supported by this feature.
RFC 867, Daytime Protocol RFC 868, Time Protocol
DHCP Client
No standards are supported by this feature.
No MIBs are supported by this feature.
RFC 951, Bootstrap Protocol (BOOTP) RFC 1542, Clarifications and Extensions for the Bootstrap Protocol RFC 2131, Dynamic Host Configuration Protocol RFC 2132, DHCP Options and BOOTP Vendor Extensions
CPU Resource Control
No standards are supported by this feature.
Private MIB, prvt_bist.mib
No RFCs are supported by this feature.
Page 118 Device Administration (Rev. 11)
Configuring Interfaces Table of Figures ······················································································ 3 Features Included in this Chapter ································································ 4 Fast Ethernet and Giga Ethernet Ports ·························································· 5 Overview ·························································································· 5 Fast and Giga Ethernet Ports Default Configuration ········································· 6 Fast and Giga Ethernet Ports Configuration Commands····································· 7 Link Aggregation Control Protocol (LACP) ···················································23 LACP Modes·····················································································23 LACP Parameters················································································23 Link Aggregation Groups (LAGs) ·····························································24 LAG Default Configuration ····································································26 LAG Configuration Flow ·······································································26 LAG Configuration Commands································································27 Configuration Examples ········································································34 Resilient Links·······················································································43 Overview ·························································································43 Resilient Links Default Configuration ·························································43 Resilient Links Configuration Flow ····························································44 Resilient Links Configuration Commands ····················································45 Configuration Example ·········································································50 Port Security Techniques ··········································································51 Overview ·························································································51 The Port Security Default Configuration······················································52 The Port Security Configuration Commands ·················································52 Configuration Examples ········································································57 The Port Limit Feature ············································································61 Overview ·························································································61 Port Limit Default Configuration ······························································61 Port Limit Commands ··········································································61
Page 1 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Interfaces Management············································································65 Overview ·························································································65 Interfaces Management Commands ···························································65 Alarm Propagation Feature ·······································································67 Overview ·························································································67 Alarm Propagation Commands ································································67 Configuration Example ·········································································69 Supported Platforms ················································································72 Supported Standards, MIBs and RFCs ·························································72
Page 2 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Table of Figures Figure 1: Four Ports Combined into a Link Aggregation Group ···························24 Figure 2: Example of LAG Containing Two Ports···········································34 Figure 3: Example of Two LAGs Configured on the Same Device ························35 Figure 4: Example of Two Static LAGs with RSTP··········································40 Figure 5: Example of a Resilient Link Topology··············································50 Figure 6: Alarm Propagation Configuration Example········································69
Page 3 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Features Included in this Chapter This chapter describes the T-Marc 300 Series device interface types and their configuration. In addition, the chapter includes port security methods. The chapter includes the following sections: •
Fast Ethernet and Giga Ethernet Ports This section details the T-Marc 300 Series device interfaces and the commands to configure them.
•
Link Aggregation Control Protocol (LACP) This protocol provides increased bandwidth, increased redundancy, and higher availability.
•
Resilient Links Resilient links allow protecting critical links and preventing network downtime.
•
Port Security Techniques Using port security techniques on T-Marc 300 Series device provides control over every device plugged into the internal network.
•
Alarm Propagation Feature Alarm Propagation is a fault detection feature that identifies faults in network uplinks and alarms downstream devices.
Page 4 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Fast Ethernet and Giga Ethernet Ports Overview T-Marc 300 Series device allows service providers to deliver multiple services on separate user ports. It supports multiple application-flows over a single customer interface, mapping each flow to a different traffic class. The device supports: •
Flexible Ethernet combo-port interfaces Dual-speed (100M and 1000M) fiber interfaces Pluggable optics, including CWDM Tri-speed (10/100/1000M) copper interfaces
•
ASCII/RJ-45 management ports
Page 5 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Fast and Giga Ethernet Ports Default Configuration Table 1: Fast Ethernet and Giga Ethernet Ports Default Configuration Parameter
Default Value
Interface state
Enabled
Port name
None
Backpressure mode
Disabled
Duplex speed
For Fast Ethernet Fiber: Auto-negotiation. For Giga Ethernet Fiber: Auto-negotiation. For Fast Ethernet and Giga Ethernet Copper: Autonegotiation.
Flow Control mode
Disabled
Default VLAN
1
Broadcast rate limit
Unlimited
Multicast rate limit
Unlimited
Unknown rate limit
Unlimited
Packet size limit
1632
Remote fault detect
Disabled
Crossover detection
Automatic
Learning new address
Enabled
Page 6 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Fast and Giga Ethernet Ports Configuration Commands Table 2: Fast and Giga Ethernet Configuration Commands Command
Description
interface
Enters the configuration mode of a specific physical interface, a LAG, an interface range, or a LAG range (see Entering the Interface Configuration Mode)
name
Assigns a name to a physical interface or a group of interfaces (see Specifying the Interface Name)
speed
Specifies the interface speed (see Specifying the Interface Speed)
duplex
Specifies a duplex parameter for the specified interface (see Specifying the Interface Duplex Mode)
backpressure
Enables/disables the backpressure mode (see Defining the Backpressure Mode)
flow control
Changes the flow control mode (see Defining the Flow Control Mode)
default vlan
Specifies a default VLAN for a physical interface or group of interfaces (see Adding Ports to a Default VLAN)
packet-size-limit
Specifies the jumbo frame size (see Specifying the Jumbo Frames Size)
remote-fault-detect
Enables remote fault detection on the configured interface that is connected to a 100Base Fiber pair (see Configuring the Remote Fault Detection)
shutdown
Disables all functions of a specific port (see Disabling an Interface)
Table 3: IP Interface Commands Command
Description
interface
Enters the IP interface configuration mode (see IP Interface Configuration Mode)
show ip interface
Displays the IP interface configuration and statistics (see Displaying the IP Interface Configuration)
Page 7 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Table 4: Commands for Displaying and Clearing Interface Settings and Statistics Command
Description
show
Display the status and configuration of all interfaces or for the specified interface (see Displaying Interface Configuration Settings).
and show interface show interface statistics
Displays interface statistics and packet counters (see Displaying Interface Statistics)
reset
Clear all current statistics from a specific physical interface or a group of interfaces (see Clearing Interface Statistics)
and clear interface statistics
Entering the Interface Configuration Mode The interface command enters the configuration mode of a specific physical interface, a LAG, an interface range, or a LAG range. When in the Range Configuration mode, all the commands are applied to all ports/LAGs within that range, until exiting this mode. CLI Mode:
Global Configuration, Interface Configuration, Interface Range Configuration, LAG Configuration, and LAG Range Configuration
Command Syntax device-name(config)#interface {UU/SS/PP | ag0N | range PORT-LIST | range
PORT-AG-LIST} device-name(config-if UU/SS/PP)# device-name(config-if AG0N)# device-name(config-if UU1/SS1/PP1)#interface UU2/SS2/PP2 device-name(config-if UU2/SS2/PP2)# device-name(config-if-group)#interface {UU/SS/PP | ag0N | range PORT-LIST| range PORT-AG-LIST} device-name(config-ag-group)#interface {UU/SS/PP | ag0N | range PORT-LIST| range PORT-AG-LIST} device-name(config-if AG0N)#interface {UU/SS/PP | ag0N | range PORT-LIST| range PORT-AG-LIST}
Argument Description UU/SS/PP
Represents the unit, slot, and port numbers of the configured interface.
ag0N
Represents a LAG ID in the range of .
range PORT-
Specifies one or more port numbers. Use commas as separators and hyphens to indicate sub-ranges (for example, 1/2/1–1/2/8, 1/1/2).
LIST
Page 8 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Specifies a LAG names’ list (for example AG01, AG04–AG07), in the range .
range PORT-
AG-LIST
Example 1 device-name(config)#interface 1/1/1 device-name(config-if 1/1/1)#interface 1/1/2 device-name(config-if 1/1/2)#
Example 2 device-name(config)#interface ag01 device-name(config-if AG01)#interface 1/1/2 device-name(config-if 1/1/2)#
Example 3 device-name(config)#interface range ag01 device-name(config-ag-group)#interface 1/1/1 device-name(config-if 1/1/1)#
Specifying the Interface Name The name command assigns a name to a physical interface or a group of interfaces. CLI Mode:
Interface Configuration and Range Interface Configuration
By default, the port has no name. Command Syntax device-name(config-if UU/SS/PP)#name NAME device-name(config-if UU/SS/PP)#no name device-name(config-if-group)#name NAME device-name(config-if-group)#no name
Argument Description NAME
An alphanumeric name of up to 256 characters. Spaces are allowed.
no
Removes the port name.
Page 9 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Specifying the Interface Speed The speed command defines the duplex speed of a specified interface or interface range. The Giga copper ports support crossover detection. This feature allows a device port to automatically detect, transmit, and receive the Ethernet cable’s polarity (the relevant cable type). NOTE To ensure reliable performance, it is essential to configure the same settings for two Gigabit fiber ports communicating with each other. Either enable autonegotiation on both interfaces or set the same duplex speed for both. CLI Mode:
Interface Configuration and Range Interface Configuration
By default, the device is configured to use auto-negotiation to determine the port speed and duplex setting. Command Syntax device-name(config-if UU/SS/PP)#speed {auto | 10 | 100 | 1000} device-name(config-if-group)#speed {auto | 10 | 100 | 1000}
Argument Description auto
The port automatically finds the highest speed supported on the link.
10
Sets the duplex speed type to 10Mbps.
100
Sets the duplex speed type to 100Mbps.
1000
Sets the duplex speed type to 1Gbps.
Specifying the Interface Duplex Mode The duplex command specifies the duplex mode of a physical interface or a group of interfaces. CLI Mode:
Interface Configuration and Range Interface Configuration
In full-duplex mode, two devices can send and receive at the same time. Full-duplex communication is often an effective solution for collisions, which are major constrictions in Ethernet networks. 10 Mbps ports usually operate in half-duplex mode (the device can either receive or transmit). NOTE To ensure reliable performance, it is essential to configure the same settings for two Gigabit fiber ports communicating with each other. Either enable autonegotiation on both interfaces or set the same duplex mode for both.
By default, the device is configured to use auto-negotiation to determine the port speed and duplex setting.
Page 10 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Command Syntax device-name(config-if UU/SS/PP)#duplex {auto | full | half} device-name(config-if-group)#duplex {auto | full | half}
Argument Description auto
Enables the auto detect mode.
full
Enables the full duplex mode.
half
Enables the half duplex mode.
Defining the Backpressure Mode The backpressure command enables/disables the backpressure mode. CLI Mode:
Interface Configuration and Range Interface Configuration
Backpressure is a technique for ensuring that a transmitting port does not send too much data to a receiving port at a given time. When the buffer capacity of a receiving port exceeds, it sends a Jam message to the transmitting port to halt transmission. NOTE Backpressure functions only if the port operates in half-duplex mode.
By default, backpressure is disabled. Command Syntax device-name(config-if UU/SS/PP)#backpressure {enable | disable} device-name(config-if-group)#backpressure {enable | disable}
Argument Description enable
Enables backpressure mode.
disable
Disables backpressure mode.
Defining the Flow Control Mode The flow-control command enables/disables the flow control mode. Flow control is a technique for ensuring that a transmitting port does not send too much data to a receiving port at a given time. When the port’s buffer is filled, the port transmits a special packet requesting remote ports to delay sending packets for a period of time. NOTE Valid only in full-duplex mode. CLI Mode:
Interface Configuration and Range Interface Configuration
By default the flow control is disabled.
Page 11 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Command Syntax device-name(config-if UU/SS/PP)#flow-control {enable | disable | autonegotiate} device-name(config-if-group)#flow-control {enable | disable | autonegotiate}
Argument Description enable
Enables flow control.
disable
Disables flow control.
autonegotiate
Enables flow control autonegotiation.
Adding Ports to a Default VLAN The default interfaces.
vlan command specifies a default VLAN for a physical interface or a group of
You can define only one default VLAN per port. For more information regarding VLAN commands, refer to the Configuring VLANs and Super VLANs chapter of this User Guide. CLI Mode:
Interface Configuration and Range Interface Configuration
By default, the default VLAN (PVID) for all ports is 1. Command Syntax device-name(config-if UU/SS/PP)#default vlan device-name(config-if UU/SS/PP)#no default vlan device-name(config-if-group)#default vlan device-name(config-if-group)#no default vlan
Argument Description vlan-id
The interface’s default VLAN, in the range of .
no
Restores the default VLAN to VLAN 1.
Specifying the Jumbo Frames Size The packet-size-limit command specifies the maximum packet size allowed for a specific physical interface or a group of interfaces. CLI Modes:
Interface Configuration and Range Interface Configuration
The default packet size limit is 1632 bytes. Command Syntax device-name(config-if UU/SS/PP)#packet-size-limit {NUMBER | default} device-name(config-if-group)#packet-size-limit {NUMBER | default}
Page 12 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Argument Description NUMBER
Specifies the maximum allowed packet size on the port, bytes.
default
Restores the default value of the packet size to 1632 bytes.
Example device-name(config-if 1/1/1)#packet-size-limit 1522 device-name(config-if 1/1/1)#show ... ... Maximum Packet Size (MTU) = 1522
Configuring the Remote Fault Detection The remote-fault-detect command enables remote fault detection on the configured interface that is connected to a 100Base Fiber pair. CLI Mode:
Interface Configuration and Range Interface Configuration
When enabling remote fault detection on such an interface, the device indicates link down on the port if the remote peer detects link down. NOTE The remote-fault-detect command is available only on 100Base Fiber ports. Command Syntax device-name(config-if UU/SS/PP)#remote-fault-detect {on | off} device-name(config-if-group)#remote-fault-detect {on | off}
Argument Description on
Enables the remote fault detection.
off
Disables the remote fault detection.
Disabling an Interface The shutdown command disables all functions of a specific port (receive, forward, and learn). CLI Mode:
Interface Configuration and Range Interface Configuration
By default, the port is enabled (active). Command Syntax device-name(config-if UU/SS/PP)#shutdown device-name(config-if UU/SS/PP)#no shutdown device-name(config-if-group)#shutdown device-name(config-if-group)#no shutdown
Page 13 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Argument Description no
Enables the interface.
IP Interface Configuration Mode The interface command enters the IP Interface Configuration mode. CLI Mode:
Global Configuration
Command Syntax device-name(config)#interface sw0 device-name(config-if sw0)#
Displaying the IP Interface Configuration The show
ip interface command displays the IP interface configuration and statistics.
CLI Mode:
Privileged (Enable)
Command Syntax device-name#show ip interface [brief | sw0 | lo0]
Argument Description brief
(Optional). Displays brief information of all the defined IP interfaces.
sw0
(Optional). Specifies the number of the IP interface.
lo0
(Optional). Specifies the loopback interface.
Example 1 device-name#show ip interface sw0 Interface sw0 index 3 metric 1 mtu 1500 directed-broadcast disabled Flags : inet 1.1.1.1/8 broadcast 1.255.255.255 Secondary inet 2.1.1.1/8 broadcast 2.255.255.255 239538 packets received; 15206 packets sent 3617 multicast packets received 56 multicast packets sent 0 input errors; 0 output errors 0 collisions; 0 dropped 0 down count
Page 14 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Example 2 device-name#show ip interface brief Interface lo0 index 2 metric 1 mtu 32767 directed-broadcast disabled Flags : inet 127.0.0.1/8 Interface sw0 index 3 metric 1 mtu 1500 directed-broadcast disabled Flags : inet 1.1.1.1/8 broadcast 1.255.255.255 Secondary inet 2.1.1.1/8 broadcast 2.255.255.255
Table 5: Parameters Displayed by the show
ip interface
Command
Parameter
Description
index
The Internal index of the IP interface
metric
The IP interface metric value
mtu
The Maximum Transfer Unit
flags
UP/DOWN—IP interface status BROADCAST—The broadcast address is valid NOTRAILERS—The device must avoid using trailers RUNNING—The device has successfully allocated needed resources SIMPLEX—The device cannot hear its own transmissions MULTICAST—The device supports multicast ALLMULTI—This port receives all multicast packets LOOPBACK—This is a loopback net NOARP—There is no address resolution protocol POINTOPOINT—The IP interface is a point-to-point link
inet
The interface's configured IP address and subnet mask
broadcast
The broadcast address of the IP interface
Ethernet address
The MAC address of the IP interface
packets received
The number of packets received on the IP interface
packets sent
The number of packets sent from the IP interface
multicast packets sent
The number of multicast packets sent from the IP interface
input errors
The number of error packets received on the IP interface
output errors
The number of error packets sent from the IP interface
collisions
(always 0)
dropped
The number of packets dropped on the IP interface
down count
The number of times the IP interface went down
Page 15 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Displaying Interface Configuration Settings The commands below display the status and configuration for all ports or for a specified port: •
show interface
CLI Mode:
•
command Privileged (Enable)
show command
CLI Mode:
Interface Configuration
Command Syntax device-name#show interface [UU/SS/PP] device-name(config-if UU/SS/PP)#show
Argument Description UU/SS/PP
(Optional). Selects a specific port to display.
Example 1
The following example displays the settings of all the device interfaces: device-name#show interface ========================================================================== |Port |Name |Type |State |Link|DuplSpeed |Flow |Backpres|Default +-----+--------+--------+-------+----+----------+-------+--------+-------1/1/1 DUAL disable down unknown disable disable 0001 1/1/2 DUAL enable up full-100 disable disable 0001 1/2/1 DUAL enable down unknown disable disable 0001 1/2/2 DUAL enable down unknown disable disable 0001 1/2/3 DUAL enable down unknown disable disable 0001 1/2/4 DUAL enable down unknown disable disable 0001 1/2/5 DUAL enable down unknown disable disable 0001 1/2/6 DUAL enable down unknown disable disable 0001 1/2/7 DUAL enable down unknown disable disable 0001 1/2/8 DUAL enable down unknown disable disable 0001
Page 16 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Example 2
The following example displays the settings of a specific interface: device-name#show interface 1/1/2 Name = Type = DUAL (10/100/1000BaseT,MEDIA not installed) EnableState = enable Link = up (TX) Duplex mode = autonegotiate Speed = autonegotiate Duplex speed status = full-100 Flow control mode = disable Flow control status = disable Backpressure = disable Broadcast limit = unlimited Default VLAN = 1 Super VLAN Port = No Learning new address = Enabled Max Packet Size (MRU)= 1632
Displaying Interface Statistics The commands below display the interface statistics and packet counters: •
show interface statistics
CLI Mode:
•
show statistics
CLI Mode:
command
Privileged (Enable)
command Interface Configuration and LAG Interface Configuration
NOTE The MaxPacketSize refers to the maximum supported packet size depending on the configuration (512 bytes or 9216 Kbytes). Command Syntax device-name#show interface [UU/SS/PP | ag0N] statistics [extended] device-name(config-if AG0N)#show statistics [extended]
Argument Description UU/SS/PP
(Optional). Displays statistics information of a specified interface.
ag0N
(Optional). N, the LAG ID number, in the range .
extended
(Optional). Displays additional packet counters.
Page 17 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Example 1
The following example display various packet counters for 1/2/1 interface: device-name#show interface 1/2/1 statistics Octets 24512 In/OutPkts 64 Collisions 0 In/OutPkts 65-127 Broadcast 0 In/OutPkts 128-255 Multicast 0 In/OutPkts 256-511 CRCAlignErrors 0 In/OutPkts 512-1023 Undersize 0 In/OutPkts 1024-MaxFrameSize Oversize 0 TotalInPkts Fragments 0 TotalIn/OutPkts Jabbers 0 DownCount DropEvents 0 Last5secInPkts 50 Last5secInBps Last1minInPkts 353 Last1minInBps Last5minInPkts 353 Last5minInBps Last5secOutPkts 0 Last5secOutBps Last1minOutPkts 0 Last1minOutBps Last5minOutPkts 0 Last5minOutBps
Table 6: Counters Displayed by the show
interface statistics
383 0 0 0 0 0 383 383 0 409 408 81 0 0 0
Command
Counter
Description
Octets
The number of data octets of all received packets on the line. This includes data octets of rejected and local packets that are not forwarded to the switching core for transmission. In case of oversized packets that exceed the allocated buffer-size, only buffer-size bytes are counted.
Collisions
The number of received packet when detecting a collision event.
Broadcast
The number of good Broadcast packet received.
Multicast
The number of good Multicast packet received.
CRCAlignErrors
The number of received packets that meet all the following conditions:
• • • • Undersize
data-length is between bytes inclusive have an invalid CRC not detected a collision event not detected a late collision event
The number of received packets that meet all the following conditions:
• • • •
data length is less than 64 bytes not detected a collision event not detected a late collision event have a valid CRC
Page 18 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Counter
Description
Oversize
The number of received packets that meet all the following conditions:
• •
data length is greater than MRU have valid CRC NOTE When the maximum packet size is below 1632, oversized packets are counted as FCS errored bytes. The default MRU size is 1632 bytes.
Fragments
Jabbers
The number of received packets that meet all the following conditions:
•
data length is less than 64 bytes, or the packet does not have a Start Frame Delimiter (SFD) and is less than 64 bytes
• • •
not detected a collision event not detected a late collision event have an invalid CRC
The number of packets that meet one of the following conditions:
• •
data length is greater than MaxFrameSize and CRC is invalid packet length is greater than MaxPacketSize
DropEvents
Not supported.
Down Count
The number of port disconnections. The counter is initialized in the following cases:
•
When the device starts running (provided that the link to the port is connected), the counter is zeroed
•
When the module is inserted at run-time (hot-swapped), the counter is initialized to one
•
When the link to the port is connected for the first time during runtime, the counter is initialized to one
TotalInPkts
The number of received packets received on the line. This includes rejected and local packets that are not forwarded to the switching core for transmission.
In/OutPkts 64
The number of 64 bytes received and transmitted packets including rejected, received, and transmitted packets.
In/OutPkts 65-127
The number of received and transmitted packets in the range of bytes including rejected, received, and transmitted packets.
In/OutPkts 128255
The number of received and transmitted packets in the range of bytes including rejected, received, and transmitted packets.
In/OutPkts 256511
The number of received and transmitted packets in the range of bytes, including rejected, received, and transmitted packets.
In/OutPkts 5121023
The number of received and transmitted packets in the range of bytes including rejected, received, and transmitted packets.
In/OutPkts 1024MaxFrameSize
The number of received and transmitted packets in the range of bytes including rejected, received, and transmitted packets. The default MaxFrameSize is 1632 bytes.
TotalIn/OutPkts
The number of received and transmitted packets in the range of bytes including rejected, received, and transmitted packets.
Page 19 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Counter
Description
Last5secInPkts
The number of packets received during the five seconds before executing the command.
Last1minInPkts
The number of packets received during the minute before executing the command.
Last5minInPkts
The number of packets received during the five minutes before executing the command.
Last5secOutPkts
The number of packets transmitted during the five seconds before executing the command.
Last1minOutPkts
The number of packets transmitted during the minute before executing the command.
Last5minOutPkts
The number of packets transmitted during the five minutes before executing the command.
Last5secInBps
The rate of packets received, in bits per second, during the five seconds before executing the command.
Last1minInBps
The rate of packets received, in bits per second, during the minute before executing the command.
Last5minInBps
The rate of packets received, in bits per second, during the five minutes before executing the command.
Last5secOutBps
The rate of packets transmitted, in bits per second, during the five seconds before executing the command.
Last1minOutBps
The rate of packets transmitted, in bits per second, during the minute before executing the command.
Last5minOutBps
The rate of packets transmitted, in bits per second, during the five minutes before executing the command.
NOTE The Last5secInBps, Last1minInBps, Last5minInBps, Last5secOutBps, Last1minOutBps, and Last5minOutBps counters are updated every 5 seconds. After receiving/transmitting the packets, you must wait for 10 seconds to pass in order to receive a correct value of the corresponding statistics. Example 2
The following example uses the extended keyword to display additional packet counters: device-name#show interface 1/1/1 statistics extended InOctets 41061272 OutOctets InUcastPkts 73572 OutUcastPkts InNUcastPkts 3873 OutNUcastPkts InDiscards 0 OutDiscards InErrors 1 OutErrors InUnknownProtos N/A
7948538 73825 28439 N/A N/A
Page 20 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Table 7: Counters Displayed by the show
interface statistics extended
Command
Counter
Description
InOctets
The number of data octets of all the received packets on the line. This includes data octets of rejected and local packets that are not forwarded to the switching core for transmission. In case of oversized packets that exceed the allocated buffer-size, only buffer-size bytes are counted.
InUcastPkts
The number of good unicast packets (not including Multicast and Broadcast packets) received.
InNUcastPkts
The number of good Broadcast and Multicast packets received.
InDiscards
The number of incoming packets dropped due to lack of receive buffers or due to exceeding the interface’s Rx buffer threshold.
InErrors
This counter is incremented when any of the following events occurs:
•
Undersized frames (less than 64 bytes) that are correctly aligned and well formed without Frame Check Sequence (FCS) Errors
•
Fragments (less than 64 bytes) that are misaligned and/or with Frame Check Sequence (FCS) Errors
•
Oversized frames (frames with size bigger than the MTU value) that are without FCS errors
•
Jabber frames (frames with size bigger than the MTU value) that have FCS errors
• •
CRC errors
•
Increment in InDiscards counter
Fragments and Runts—when the interface goes down while receiving traffic
InUnknownProtos
Not supported.
OutOctets
The number of data octets of good packets transmitted.
OutUcastPkts
The number of good Unicast packets transmitted (not including Multicast and Broadcast packets).
OutNUcastPkts
The number of good Broadcast and Multicast packets transmitted.
OutDiscards
Not supported.
OutErrors
Not supported.
Clearing Interface Statistics The commands below clear all current statistics from a specific physical interface, a group of interfaces, or LAG interface: •
reset
command
CLI Mode:
•
Interface Configuration, Range Interface Configuration, and LAG Interface Configuration
clear interface statistics
CLI Mode:
command
Privileged (Enable)
Page 21 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Command Syntax device-name(config-if UU/SS/PP)#reset [all] device-name(config-if-group)#reset [all] device-name(config-if AG0N)#reset [all] device-name#clear interface statistics
Argument Description all
(Optional). Clear the statistics of all ports.
Page 22 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Link Aggregation Control Protocol (LACP) LACP, defined in IEEE 802.3ad, dynamically groups similarly configured ports into a single logical link (aggregate port). This protocol provides increased bandwidth, increased redundancy, and higher availability. You can group ports based on hardware, administrative, and port parameter constraints. The device exchanges LACP frames for synchronizing the databases of the LACP-enabled ports. Due to hardware limitations, you can group up to eight compatible ports in a LAG.
LACP Modes There are two LACP operation modes: •
Active—an interface in active mode can start LACP negotiation and thus form a link with another device (whether active or passive).
•
Passive—does not start LACP negotiation; thus cannot form a link with another device.
LACP Parameters A port’s ability to aggregate with other ports is determined by the following factors: •
The port physical characteristics such as, data transfer rate, duplex capability, and medium type
•
User defined configuration constraints
To use LACP, you need to define the following parameters: 1.
System ID: the ID identifying an LACP system negotiating with other LACP systems. The device uses its MAC address as a unique system ID.
2.
System priority: the system priority along with the port priority allows connected LACP ports to determine their exchange policy dynamically.
3.
Administrative key: define the port’s ability to aggregate with other ports.
4.
Port priority: the port priority and the system priority allow connected LACP ports to determine their exchange policy dynamically.
When enabled, LACP attempts to group the maximum of eight compatible ports in a LAG. However, if LACP is unable to aggregate compatible ports (for example, due to limitations of the remote device), it leaves these ports in a hot standby state and uses them when one of the channeled ports fails.
Page 23 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Link Aggregation Groups (LAGs) LAGs, also known as trunks, provide increased bandwidth and high reliability while saving the cost of upgrading the hardware. By combining several interfaces in one logical link, LAGs fill the gaps between 10 Mbps, 100 Mbps, and 1 Gbps with intermediate bandwidth values. LAGs also enable bandwidths beyond 1 Gbps by aggregating multiple Giga ports (as shown in the below figure). NOTE The LAGs are numbered from 1 to 7. Each LAG can consist of up to eight compatibly configured interfaces.
Figure 1: Four Ports Combined into a Link Aggregation Group
There are two LAG types: •
Static LAGs consist of individual Gigabit Ethernet links bundled into a single logical link. They provide the ability to treat multiple device ports as one device port. These port groups act as a single logical port for high-bandwidth connections between two network devices. A static LAG balances the traffic load across the links in the channel. If a physical link within the static LAG fails, traffic previously carried over the failed link is moved to the remaining links. Most protocols operate over either single ports or aggregated device-ports and do not recognize the physical interface within the port group.
•
Dynamic LAGs dynamically adapt aggregated links to changes in traffic conditions. This allows load sharing and automatic readjustments in case of LAG link-failures and recovery.
Page 24 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
You can configure both static and dynamic LAGs simultaneously, assuming the following restrictions: •
LAG IDs of both static and dynamic LAGs occupy the same available LAG IDs’ space
•
You cannot define a static LAG and a dynamic LAG with the same LAG ID number
•
You can include each port in a single LAG that is either static or dynamic
Prerequisites Follow the below guidelines for LAG configuration: •
You do not need to modify existing higher-layer protocols or applications in order to use LACP
•
Some links cannot participate in LAGs due to inherent capabilities, capabilities of the devices they are connected to, or management configuration. These links operate as individual links.
•
LACP supports only point-to-point full-duplex links. You cannot aggregate links among more than two devices (multipoint aggregations) and half-duplex operation.
•
When the device is connected to a LAN and Spanning Tree protocol (STP) is not active, you need to physically attach the aggregated ports only after completing the LAG configuration.
Page 25 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
LAG Default Configuration Table 8: LAG Default Configuration Parameter
Default Value
Static Link Aggregation
Disabled
Global Link Aggregation Control Protocol (LACP)
Disabled
Per port Link Aggregation Control Protocol (LACP)
Disabled
LACP system priority
32768
LACP port mode
Active
LACP port priority
32768
LACP administrative key
1
LAG distribution
MAC address
The marker PDU responder per port
Disabled
LAG Configuration Flow To create a static LAG, proceed as follows:
1.
Add a specific interface to a static LAG (see Configuring a Static LAG)
2.
Optional configuration: Assign a user-defined name for a specific static LAG (see Naming a Static LAG)
To create a dynamic LAG, proceed as follows:
1.
Configure LACP (see Enabling LACP)
2.
Assign a physical interface(s) to a LAG (see Assigning Interfaces to a Dynamic LAG)
3.
Optional configuration: Specify the LACP system priority (see Specifying the LACP System Priority) Specify the LACP administrative key (see Specifying the LACP Administrative Key) Configure the processing of LACP PDU marker (see Configuring the LACP Marker) Specify the LAG packet distribution between the ports (see Specifying the LAG Distribution)
Page 26 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
LAG Configuration Commands Table 9: Static LAG Configuration Commands Command
Description
link-aggregation static id
Adds a physical interface or a group of interfaces to a static LAG (see Configuring a Static LAG)
link-aggregation static id name
Assigns a user-defined name for a specific static LAG (see Naming a Static LAG)
Table 10: Dynamic LAG Configuration Commands Command
Description
link-aggregation lacp enable/disable
Configures LACP (see Enabling LACP)
link-aggregation lacp
Assigns a physical interface or group of interfaces to a LAG, and specifies LACP parameters (see Assigning Interfaces to a Dynamic LAG)
link-aggregation lacp system-priority
Specifies the LACP system priority (see Specifying the LACP System Priority)
link-aggregation lacp key
Specifies the LACP administrative key (see Specifying the LACP Administrative Key)
link-aggregation lacp marker
Configures the processing of LACP PDU marker (see Configuring the LACP Marker)
link-aggregation distribute
Specifies the LAG packet distribution between the ports (see Specifying the LAG Distribution)
Table 11: Commands for Displaying the Static LAG and LACP Configuration Command
Description
show interface linkaggregation
Displays all static and dynamic LAGs (see Displaying LAGs)
show link-aggregation lacp
Displays a list of all LACP enabled interfaces (see Displaying LACP Interfaces)
show link-aggregation distribute
Displays the LAG packet distribution configuration (see Displaying the LAG Distribution)
Page 27 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Configuring a Static LAG The link-aggregation a static LAG. CLI Mode:
static id command adds a physical interface or a group of interfaces to
Interface Configuration and Range Interface Configuration
NOTE The link-aggregation static command replaces the trunk command.
By default, static LAG is disabled Command Syntax device-name(config-if UU/SS/PP)#link-aggregation static id device-name(config-if UU/SS/PP)#no link-aggregation device-name(config-if-group)#link-aggregation static id device-name(config-if-group)#no link-aggregation
Argument Description id
LAG ID in the range .
no
Removes the configured interface or a group of interface from the static LAG.
Naming a Static LAG The link-aggregation static LAG. CLI Mode:
static id name command assigns a user-defined name for a specific
Global Configuration
By default, the static LAG is not named. Command Syntax device-name(config)#link-aggregation static id name NAME device-name(config)#no link-aggregation static id name
Argument Description id-number
LAG ID in the range .
NAME
Alphanumeric string up to 32 characters.
no
Removes the user-defined name.
Page 28 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Enabling LACP The
link-aggregation lacp enable/disable command enables LACP.
CLI Mode:
Protocol Configuration
By default, LACP is disabled. Command Syntax device-name(cfg protocol)#link-aggregation lacp {enable | disable}
Argument Description enable
Enables LACP.
disable
Disables LACP.
Assigning Interfaces to a Dynamic LAG The link-aggregation lacp command enables LACP on a physical interface or group of interfaces, assigns them to a dynamic LAG, and specifies the LACP parameters. If you do not specify optional arguments and you do not enable LACP on the interface, the interface is configured with default argument values. If you enable LACP on the interface, only explicitly defined optional arguments take effect. CLI Mode:
Interface Configuration and Range Interface Configuration
By default, the LACP port is in active LACP mode with priority 32768. Command Syntax device-name(config-if UU/SS/PP)#link-aggregation lacp [active | passive] [portpriority [] key ]] device-name(config-if UU/SS/PP)#no link-aggregation lacp port-priority device-name(config-if UU/SS/PP)#no link-aggregation device-name(config-if-group)#link-aggregation lacp [active | passive] [portpriority [] key ]] device-name(config-if-group)#no link-aggregation lacp port-priority device-name(config-if-group)#no link-aggregation
Argument Description active
(Optional). Enables LACP in active mode.
passive
(Optional). Enables LACP in passive mode.
port-priority
The port priority value, in the range .
key
(Optional). Number of the LACP administrative key, in the range .
Page 29 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
no
Disables LACP and restores to defaults.
Specifying the LACP System Priority The link-aggregation CLI Mode:
lacp system-priority command specifies the LACP system priority.
Protocol Configuration
By default, the LACP system priority is 32768. Command Syntax device-name(cfg protocol)#link-aggregation lacp system-priority [] device-name(cfg protocol)#no link-aggregation lacp system-priority
Argument Description priority
(Optional). Priority value, in the range of 1 (highest priority) to 65535 (lowest priority).
no
Restores to default.
Specifying the LACP Administrative Key The link-aggregation lacp key command specifies the LACP administrative key, determining the ability of the port to aggregate with other ports. CLI Mode:
Interface Configuration, Range Interface Configuration
By default, the LACP administrative key is 1. Command Syntax device-name(config–if UU/SS/PP)#link-aggregation lacp key device-name(config–if-group)#link-aggregation lacp key
Argument Description number
LACP administrative key in the range .
Page 30 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Example
The following example shows how to set the LACP key to 65535: device-name#configure terminal device-name(config)#interface 1/1/1 device-name(config-if 1/1/1)#link-aggregation lacp device-name(config–if 1/1/1)#link-aggregation lacp key 65535
Value is displayed in the output issued by the show
link-aggregation lacp command:
device-name#show link-aggregation lacp System ID = 00 a0 12 17 01 00 System priority = 32768 ========+========+=======+========= Port | Mode | Key | Prty | --------+--------+-------+--------+ 1/1/1 | active | 65535| 32768 | ========+========+=======+=========
Configuring the LACP Marker The link-aggregation lacp marker on a specific port. CLI Mode:
marker command configures the processing of the LACP PDU
Interface Configuration and Range Interface Configuration
By default, the marker PDU responder per port is disabled. Command Syntax device-name(config–if UU/SS/PP)#link-aggregation lacp marker {enable | disable} device-name(config–if-group)#link-aggregation lacp marker {enable | disable}
Argument Description enable
Enables the processing of LACP PDU marker.
disable
Disables the processing of LACP PDU marker.
Example device-name(config-if 1/1/1)#link-aggregation lacp marker enable
Page 31 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Specifying the LAG Distribution The link-aggregation the ports.
distribute command specifies the LAG packet-distribution between
You can define the packet distribution based on: •
the source and destination MAC addresses (Layer 2)
•
the source and destination IP addresses (Layer3) CLI Mode:
Protocol Configuration
By default, the traffic on the LAG is distributed by Layer 2 (MAC addresses). Command Syntax device-name(cfg protocol)#link-aggregation distribute {layer3 | layer4} device-name(cfg protocol)#no link-aggregation distribute
Argument Description layer3
Distributes packets based on the packets’ source and destination IP addresses.
layer4
Distributes packets based on the TCP/UDP ports and the source and destination IP addresses for the TCP and UDP packets.
no
Restores to the default settings.
Displaying LAGs The show
interface link-aggregation command displays all static and dynamic LAGs.
CLI Mode:
Privileged (Enable)
NOTE The show link aggregation command replaces the show trunk command. The show trunk command is also supported. Command Syntax device-name#show interface link-aggregation [static | dynamic | id ]
Argument Description static
(Optional) displays static LAGs only.
dynamic
(Optional) displays dynamic LAGs only.
id
(Optional) displays the LAG specified.
Page 32 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Example device-name#show interface link-aggregation ==========+========+=================+===================== Agg# |Type | Management Name | Ports | ----------+--------+-----------------+--------------------+ AG01 | static | TRUNK1 | 1/1/1,1/1/2,1/2/5 | |=========+========+=================+=====================
Displaying LACP Interfaces The show
link-aggregation lacp command displays a list of all LACP enabled interfaces.
CLI Mode:
Privileged (Enable)
Command Syntax device-name#show link-aggregation lacp
Example device-name#show link-aggregation lacp System ID = 00 a0 12 02 02 02 System priority = 32768 ========+========+=======+=======+ Port | Mode | Key | Prty | --------+--------+-------+-------+ 1/2/1 | active | 1 | 32768 | 1/2/2 | active | 1 | 32768 | ========+========+=======+=======+
Displaying the LAG Distribution The show link-aggregation configuration. CLI Mode:
distribute command displays the LAG packet-distribution
Privileged (Enable)
Command Syntax device-name#show link-aggregation distribute
Example device-name#show link-aggregation distribute Link aggregation distribution mode is Layer 2
Page 33 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Configuration Examples Simple LACP Configuration The following example establishes dynamic link aggregation between two devices, as shown in Figure 2.
Figure 2: Example of LAG Containing Two Ports
On each of the two devices, LACP is enabled in active mode on interfaces 1/1/1 and 1/1/2 as an aggregated link. The configuration of Device2 is identical to that of Device1. 4.
Display the LACP status: device-name#show link-aggregation lacp LACP disabled on the system
5.
Enable the LACP: device-name#configure terminal device-name(config)#protocol device-name(cfg protocol)#link-aggregation lacp enable device-name(cfg protocol)#end
6.
Display the LACP configuration: device-name#show link-aggregation lacp System ID = 00 A0 12 03 04 05 System priority = 32768 No LAC ports configured
7.
Enable LACP on interface 1/1/1: device-name#configure terminal device-name(config)#interface 1/1/1 device-name(config-if 1/1/1)#link-aggregation lacp
8.
Enable LACP on interface 1/1/2: device-name(config-if 1/1/1)#interface 1/1/2 device-name(config-if 1/1/2)#link-aggregation lacp device-name(config-if 1/1/2)#end
Page 34 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
9.
Display the LACP configuration: device-name#show link-aggregation lacp System ID = 00 A0 12 03 04 05 System priority = 32768 ========+========+=======+======+ Port | Mode | Key |Prty | --------+--------+-------+------+ 1/1/1 | active | 1 |32768 | 1/1/2 | active | 1 |32768 | ========+========+=======+======+
10. If there is a link between the devices, the following results on each device are displayed: device-name#show interface link-aggregation ==========+========+=================+===================== Agg# |Type | Management Name | Ports | ----------+--------+-----------------+--------------------+ AG01 | LACP | LACP1 | 1/1/1,1/1/2 | ==========+========+=================+=====================
Complex LACP Configuration The following example establishes two dynamic link aggregation groups between Device 1, Devices2 and 3, as shown in Figure 3.
Figure 3: Example of Two LAGs Configured on the Same Device
Page 35 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Configuring Device 1:
On Device1, LACP is enabled in active mode on the following interfaces: •
1/1/1, 1/1/2, 1/2/1 and 1/2/2, as an aggregated link to Device2
•
1/2/3 and 1/2/4, as an aggregated link to Device3
1.
Enter Protocol Configuration mode and enable the LACP on Device1: Device1#configure terminal Device1(config)#protocol Device1(cfg protocol)#link-aggregation lacp enable Device1(cfg protocol)#end
2.
Display the LACP configuration: Device1#show link-aggregation lacp System ID = 00 00 02 03 04 05 System priority = 32768 No LAC ports configured
3.
Enable LACP on interfaces 1/1/1, 1/1/2, 1/2/1, 1/2/2, 1/2/3 and 1/2/5: Device1(config)#interface range 1/1/1-1/2/5 Device1(config-if-group)#link-aggregation lacp Device1(config-if-group)#end
4.
Display the LACP configuration: Device1#show link-aggregation lacp System ID = 00 00 02 03 04 05 System priority = 32768 ========+========+=======+======+ Port | Mode | Key |Prty | --------+--------+-------+------+ 1/1/1 | active | 1 |32768 | 1/1/2 | active | 1 |32768 | 1/2/1 | active | 1 |32768 | 1/2/2 | active | 1 |32768 | 1/2/3 | active | 1 |32768 | 1/2/5 | active | 1 |32768 | ========+========+=======+======+
Page 36 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Configuring Device 2:
On Device2, LACP is enabled in active mode on interfaces 1/1/1, 1/1/2, 1/2/1 and 1/2/2, as an aggregated link to Device1. 1.
Enter Protocol Configuration mode and enable the LACP on Device2: Device2#configure terminal Device2(config)#protocol Device2(cfg protocol)#link-aggregation lacp enable Device2(cfg protocol)#end
2.
Display the LACP configuration: Device2#show link-aggregation lacp System ID = 00 a0 12 05 3a 80 System priority = 32768 No LAC ports configured
3.
Enable LACP on interfaces 1/1/1, 1/1/2, 1/2/1 and 1/2/2: Device2#configure terminal Device2(config)#interface range 1/1/1-1/2/2 Device2(config-if-group)#link-aggregation lacp Device2(config-if-group)#end
4.
Display the LACP configuration: Device2#show link-aggregation lacp System ID = 00 a0 12 05 3a 80 System priority = 32768 ========+========+=======+======+ Port | Mode | Key |Prty | --------+--------+-------+------+ 1/1/1 | active | 1 |32768 | 1/1/2 | active | 1 |32768 | 1/2/1 | active | 1 |32768 | 1/2/2 | active | 1 |32768 | ========+========+======+======+
Page 37 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Configuring Device 3:
On Device3, LACP is enabled in active mode on interfaces 1/2/3 and 1/2/4, as an aggregated link to Device 1. 1.
Enter Protocol Configuration mode and enable the LACP on Device3: Device3#configure terminal Device3(config)#protocol Device3(cfg protocol)#link-aggregation lacp enable Device3(cfg protocol)#end
2.
Display the LACP configuration: Device3#show link-aggregation lacp System ID = 00 a0 12 10 94 c0 System priority = 32768 No LAC ports configured
3.
Enable LACP on interfaces 1/2/3 and 1/2/4: Device3#configure terminal Device3(config)#interface 1/2/3 Device3(config-if 1/2/3)#link-aggregation lacp Device3(config-if 1/2/3)#interface 1/2/4 Device3(config-if 1/2/4)#link-aggregation lacp Device3(config-if 1/2/4)#end
4.
Display the LACP configuration: Device3#show link-aggregation lacp System ID = 00 a0 12 10 94 c0 System priority = 32768 ========+========+=======+=======+ Port | Mode | Key | Prty | --------+--------+-------+-------+ 1/2/3 | active | 1 |32768 | 1/2/4 | active | 1 |32768 | ========+========+=======+=======+
Page 38 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
After the LACP operation the following results on each device are displayed: Displaying Device 1 Configuration: Device3#show interface link-aggregation ==========+========+=================+===================== Agg# |Type | Management Name | Ports | ----------+--------+-----------------+--------------------+ AG01 | LACP | LACP1 | 1/1/1,1/1/2 | AG02 | LACP | LACP2 | 1/2/3,1/2/5 | ==========+========+=================+=====================
Displaying Device 2 Configuration: Device2#show interface link-aggregation ==========+========+=================+========================= Agg# |Type | Management Name | Ports | ----------+--------+-----------------+------------------------+ AG01 | LACP | LACP1 | 1/1/1,1/1/2,1/2/1,1/2/2| ==========+========+=================+=========================
Displaying Device 3 Configuration: Device3#show interface link-aggregation ==========+========+=================+===================== Agg# |Type | Management Name | Ports | ----------+--------+-----------------+--------------------+ AG02 | LACP | LACP2 | 1/2/3,1/2/4 | ==========+========+=================+=====================
Page 39 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Static LAG with RSTP The following example shows how to establish two static LAGs between two devices. This setup requires a mechanism such as RSTP to prevent the two LAGs from forming a loop. For more information, refer to the Configuring Rapid Spanning Tree Protocol (RSTP) chapter of this User Guide. The configuration of Device2 is identical to that of Device1. However, there are differences in the RSTP configuration parameters, since RSTP automatically selects one device (Device 1 in our case) as the root bridge and the other device (Device 2) as the designated bridge.
Figure 4: Example of Two Static LAGs with RSTP
Configuring Device 1:
1.
Enable RSTP: Device1#configure terminal Device1(config)#protocol Device1(cfg protocol)#rapid-spanning-tree enable Device1(cfg protocol)#end
2.
Enable static LAG on interfaces 1/1/1 and 1/2/4: Device1#configure terminal Device1(config)#interface 1/1/1 Device1(config-if 1/1/1)#link-aggregation static id 1 Device1(config-if 1/1/1)#interface 1/2/4 Device1(config-if 1/2/4)#link-aggregation static id 1
3.
Enable Static LAG on interfaces 1/2/7 and 1/2/8: Device1(config-if 1/2/4)#interface 1/2/7 Device1(config-if 1/2/7)#link-aggregation static id 2 Device1(config-if 1/2/7)#interface 1/2/8 Device1(config-if 1/2/8)#link-aggregation static id 2 Device1(config-if 1/2/8)#end
NOTE Repeat the above steps on device 2
Page 40 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Displaying Device 1 Configuration:
1.
Display the static LAG configuration: Device1#show interface link-aggregation static =========+======+=======================+======================= Agg# | Type | Management Name | Ports ---------+------+-----------------------+----------------------AG01 |STATIC|TRUNK1 |1/1/1,1/2/4 AG02 |STATIC|TRUNK2 |1/2/7,1/2/8
2.
Display the RSTP parameters and Rapid Spanning-Tree topology: Device1#show rapid-spanning-tree Rapid spanning tree = enabled ProtocolSpecification = ieee8021w Priority = 32768 TimeSinceTopologyChange = 41 (Sec) TopChanges = 2 DesignatedRoot = This bridge is the root MaxAge = 20 (Sec) HelloTime = 2 (Sec) ForwardDelay = 15 (Sec) BridgeMaxAge = 20 (Sec) BridgeHelloTime = 2 (Sec) BridgeForwardDelay = 15 (Sec) TxHoldCount = 3 MigrationTimer = 3 (Sec) DetectLineCRCReconfig = disabled DetectLineFlapping = disabled SpanIgmpFastRecovery = disabled =============================================================================== Port |Pri|Prt role|State|PCost |DCost |Designated bridge |DPrt |FwrdT --------+---+--------+-----+---------+---------+------------------+------+----AG01 128 Designat frwrd 10000 0 32768.00A0121102A3 128.88 1 AG02 128 Designat frwrd 10000 0 32768.00A0121102A3 128.90 1
Displaying Device 2 Configuration:
1.
Display the static LAG configuration: Device2#show interface link-aggregation static =========+======+=======================+======================= Agg# | Type | Management Name | Ports ---------+------+-----------------------+----------------------AG01 |STATIC|TRUNK1 |1/1/1,1/2/4 AG02 |STATIC|TRUNK2 |1/2/7,1/2/8
Page 41 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
2.
Display the RSTP parameter settings and Rapid Spanning-Tree topology: Device2#show rapid-spanning-tree Rapid spanning tree = enabled ProtocolSpecification = ieee8021w Priority = 32768 TimeSinceTopologyChange = 4 (Sec) TopChanges = 1 DesignatedRoot = 32768.00:A0:12:11:02:A3 RootPort = AG01 RootCost = 10 MaxAge = 20 (Sec) HelloTime = 2 (Sec) ForwardDelay = 15 (Sec) BridgeMaxAge = 20 (Sec) BridgeHelloTime = 2 (Sec) BridgeForwardDelay = 15 (Sec) TxHoldCount = 3 MigrationTimer = 3 (Sec) DetectLineCRCReconfig = disabled DetectLineFlapping = disabled SpanIgmpFastRecovery = disabled
=============================================================================== Port |Pri|Prt role|State|PCost |DCost |Designated bridge |DPrt |FwrdT --------+---+--------+-----+---------+---------+------------------+------+----AG01 128 Root frwrd 10000 0 32768.00A0121102A3 128.88 1 AG02 128 Altern discr 10000 0 32768.00A0121102A3 128.90 1
Page 42 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Resilient Links Overview Resilient links allows protecting critical links and preventing network downtime. A resilient link consists of a main link and a standby (backup) link together forming a resilient-link pair. Under normal network conditions, the main link carries network traffic. In case of signal loss, the device immediately enables the standby link which takes over the main link’s task. Since the switchover time to the standby link is less than 1 second, there is no session timeout. If the main link has a higher bandwidth than its standby or if the main link is configured as a preferred one, traffic is switched back to the main link as soon as its connection is recovered. Otherwise, you must manually switch traffic back to the main link.
Resilient Links Default Configuration Table 12: Resilient Link Default Configuration Parameter
Default Value
Preferred port
The port with the higher bandwidth.
Active port
The port with the higher bandwidth, if both ports are up. If both ports have the same bandwidth, the active port is the port with the lower port number (for example, for ports 1/2/3 and 1/2/6 the active port is 1/2/3).
Backup port status
Power-on enabled.
Page 43 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Resilient Links Configuration Flow Configuration Notes When configuring resilient links, note the following: •
You should define a resilient-link pair only on one end of the link. This provides the ability for a full redundant network, even when connecting the device to other devices, such as routers and servers.
•
If using the shutdown mode, configure it on one device (either local or remote).
•
If you configure a VLAN, the resilient link ports must belong to the same VLAN.
•
Adding a new port to an existing resilient link, synchronizes the port’s VLAN to the resilient link’s VLAN
•
If the ports do not use the same VLAN tagging system (802.1Q tagging), the VLAN tagging of the first port is applied to the second port added.
You can configure a resilient link pair only if: •
the ports have the same PVID
•
neither of the ports is part of a LAG
•
neither of the ports belongs to another resilient-link pair
Step by Step Configuration To configure a resilient link, proceed as follows: 1.
Enter the Resilient-link Configuration mode (see Entering the Resilient Link Configuration Mode)
2.
Add a port pair as a resilient link (see Assigning Ports to a Resilient Link)
3.
Optional Configuration: Specify one of the ports of the resilient link as preferred (see Selecting a Preferred Port) Switch the active port of the currently edited resilient link (see Switching the Active Port) Specify the backup link behavior (see Specifying the Backup Link Behavior)
Page 44 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Resilient Links Configuration Commands Table 13: Resilient Link Configuration Commands Command
Description
resilient-link
Enters the Resilient-link Configuration mode (see Entering the Resilient Link Configuration Mode)
ports
Adds a port pair as a resilient link (see Assigning Ports to a Resilient Link)
Table 14: Resilient Link Optional Commands Command
Description
prefer port
Specifies one of the ports of the resilient link as preferred (see Selecting a Preferred Port)
active port
Changes the active port of the selected resilient link (see Switching the Active Port)
backup-link shutdown
Specifies the backup link behavior (see Specifying the Backup Link Behavior)
Table 15: Resilient Link Display Commands Command
Description
show
Displays a table of the configured resilient links (see Displaying the Resilient Link Configuration)
show resilient-links
Displays a table of the configured resilient links (see Displaying the Resilient Link Configuration)
show counter
Displays how many swaps each resilient link has undergone in the current session (see Displaying Resilient Link Counters)
show resilient-links counter
Displays how many swaps each resilient link has undergone in the current session (see Displaying Resilient Link Counters)
Page 45 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Entering the Resilient Link Configuration Mode The resilient-link command enables the resilient link feature and enters the Resilient-link Configuration mode. You can use this command within one resilient-link’s configuration mode to enter a different resilient link configuration. CLI Mode:
Global Configuration
Command Syntax device-name(config)#resilient-link device-name(config-resil-link N)# device-name(config-resil-link N1)#resilient-link device-name(config)#no resilient-link
Argument Description N
The resilient link’s number in the range of .
no
Removes the specified resilient link.
Example device-name(config)#resilient-link 1 device-name(config-resil-link 1)#
Assigning Ports to a Resilient Link The ports command assigns a pair of ports to a resilient link. CLI Mode:
Resilient-link Configuration
Command Syntax device-name(config-resil-link N)#ports UU1/SS1/PP1 UU2/SS2/PP2
Argument Description UU1/SS1/PP1
The first resilient link port number.
UU2/SS2/PP2
The second resilient link port number.
Page 46 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Selecting a Preferred Port The prefer
port command specifies one port as the preferred resilient-link port.
The preferred port is the active port as long as it has a link and traffic is switched back to this port when its connection is recovered. CLI Mode:
Resilient-link Configuration
By default, the port with the higher bandwidth (operational speed). If both ports have the same bandwidth, no port is the preferred one. Command Syntax device-name(config-resil-link N)#prefer port UU/SS/PP device-name(config-resil-link N)#no prefer port
Argument Description UU/SS/PP
The preferred port number.
no
Cancels the port preference.
Switching the Active Port The active port command changes the current active port (the port currently carrying traffic) of the selected resilient link. NOTE You can use this command only if you did not define a preferred port. CLI Mode:
Resilient-link Configuration
By default, (in case the two ports have the same bandwidth capacity and no preferred port was defined) the first port added to the resilient link using the ports command. Command Syntax device-name(config-resil-link N)#active port UU/SS/PP
Argument Description UU/SS/PP
The active port number.
Page 47 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Specifying the Backup Link Behavior The
backup-link shut-down
4.
The port is powered off (the port’s LED is off). Use this option when transmitting to a nonresilient link device.
5.
The port is powered on (the port’s LED is on). Use this option when transmitting to a resilient link on a remote device. CLI Mode:
command specifies the standby link behavior:
Resilient-link Configuration
Command Syntax device-name(config-resil-link N)#backup-link shut-down device-name(config-resil-link N)#no backup-link shut-down
Argument Description Powers on the standby port.
no
Displaying the Resilient Link Configuration The show and show
resilient-links commands display the list of configured resilient links.
The command output displays the resilient-link ID, the resilient link’s ports, the preferred port (if defined), the standby link behavior, and the current active link. CLI Mode:
Resilient-link Configuration and Privileged (Enable)
Command Syntax device-name(config-resil-link N)#show [N1 | N1 N2] device-name#show resilient-links [N1 | N1 N2]
Argument Description N1
(Optional). The resilient link’s ID number.
N1 N2
(Optional). A range of resilient link ID numbers.
Example 1
Displaying information on all currently configured resilient links: device-name(config-resil-link 1)#show ===================================================== | RLink | Port1 | Port2 | Prefer | Backup | Active | +-------+-------+-------+--------+---------+--------+ | 1 | 1/2/1 | 1/2/2 | 1/2/1 |shut down| 1/2/1 | | 2 | 1/2/3 | 1/2/4 | | standby | 1/2/4 | =====================================================
Page 48 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Displaying Resilient Link Counters The show counter command and the show resilient-links counter command display how many swaps each resilient link has undergone in the current session. CLI Mode:
Resilient-link Configuration and Privileged (Enable)
Command Syntax device-name(config-resil-link N)#show counter [N1 | N1 N2] device-name#show resilient-link counter [N1 | N1 N2]
Argument Description N1
(Optional). The resilient link’s ID number.
N1 N2
(Optional). A range of resilient link ID numbers.
Example 1
Displaying information on all currently configured resilient links: device-name(config-resil-link 1)#show ===================================================== | RLink | Port1 | Port2 | Prefer | Backup | Active | +-------+-------+-------+--------+---------+--------+ | 1 | 1/1/1 | 1/1/2 | 1/1/1 |shut down| 1/1/1 | | 2 | 1/2/5 | 1/2/6 | | standby | 1/2/5 | | 3 | 1/2/3 | 1/2/4 | | standby | 1/2/3 | =====================================================
Example 2
Displaying information on specific resilient link #3: device-name(config-resil-link 1)#show 3 ===================================================== | RLink | Port1 | Port2 | Prefer | Backup | Active | +-------+-------+-------+--------+---------+--------+ | 3 | 1/2/3 | 1/2/4 | | standby | | =====================================================
Example 3
Displaying information on the configured resilient links in the range #1 to #2: device-name#show resilient-links 1 2 ===================================================== | RLink | Port1 | Port2 | Prefer | Backup | Active | +-------+-------+-------+--------+---------+--------+ | 1 | 1/1/1 | 1/1/2 | 1/1/1 | standby | 1/1/1 | | 2 | 1/2/5 | 1/2/6 | | standby | 1/2/5 | =====================================================
Page 49 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Configuration Example The following figure shows a simple network diagram of the resilient link on an Ethernet LAN.
Figure 5: Example of a Resilient Link Topology
1.
Enter Resilient-link Configuration mode: device-name(config)#resilient-link 2
2.
Set ports 1/1/1 and 1/2/1 as Resilient Links: device-name(config-resil-link 2)#ports 1/1/1 1/2/1
3.
Set the port 1/2/1 to be preferred: device-name(config-resil-link 2)#prefer port 1/2/1
4.
Display the Resilient Link configuration: device-name(config-resil-link 2)#show ======================================================= | RLink | Port 1 | Port 2 | Prefer | Backup | Active | +-------+--------+--------+--------+---------+--------| | 2 | 1/1/1 | 1/2/1 | 1/2/1 | standby | 1/2/1 |
Page 50 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Port Security Techniques Overview The Port Security feature restricts an interface or VLAN input by limiting and identifying MAC addresses of devices allowed to access the interface/VLAN. When a secured port receives a packet, it compares the packet’s source MAC address to the secured MAC address list. •
If the packet’s source MAC address is in the list, the incoming packet is forwarded.
•
If the packet’s source MAC address is not in the secured list, the port does not forward the packet. In this case, the port either shuts down permanently or drops incoming packets from the unauthorized device, generating an SNMP trap.
You can configure two types of secured MAC addresses: •
Static secured MAC addresses created manually by the mac-address-table command (for more information, refer to the Device Administration chapter of this User Guide). These addresses are stored in the address table and added to the device’s running configuration
•
Dynamic secured MAC addresses that are learned dynamically learned. These addresses are stored in the address table but are removed when the device restarts. NOTE Secured MAC addresses do not age.
Page 51 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
The Port Security Default Configuration Table 16: Port Security Default Configuration Parameter
Default Value
Port security
Disabled
Port security action
Trap
Learning the filtered MAC addresses
Disabled
The Port Security Configuration Commands Table 17: Port Security Configuration Commands Command
Description
port security
Configures port security (see Configuring Port Security)
port security enableshutdown-port
Re-enables a port that shuts down due to a security violation (see Re-Enabling a Shut Down Port)
Table 18: Port Security Display Commands Command
Description
show port security
Displays the security status of a specific port (see Displaying the Port Security Configuration)
Page 52 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Configuring Port Security The port
security command configures port security on a specific interface or interface range.
NOTE When configuring port security on a port, the initial frame is lost since the first packet received from any source is used solely for learning its MAC address. NOTE When a packet with a secured source MAC address matches more than one port security setting, the port security per port and VLAN has precedence over the port security per port.
By default: •
filtered MAC addresses are learned in the MAC address table
•
SNMP trap and a log message are generated when a security violation occurs
•
all MAC addresses are learned as secured
Command Syntax device-name(config-if UU/SS/PP)#port security [max-mac-count [filter-learn-disable]] [vlan ] device-name(config-if UU/SS/PP)#no port security [max-mac-count [filter-learndisable]] [vlan ] device-name(config-if UU/SS/PP)#no port security all device-name(config-if UU/SS/PP)#port security action {shutdown | trap} [vlan ] device-name(config-if UU/SS/PP)#no port security action {shutdown | trap} [vlan ] device-name(config-if-group)#port security [max-mac-count [filter-learn-disable]] [vlan ] device-name(config-if-group)#no port security [max-mac-count [filter-learndisable]] [vlan ] device-name(config-if-group)#no port security all device-name(config-if-group)#port security action {shutdown | trap} [vlan ] device-name(config-if-group)#no port security action {shutdown | trap} [vlan ]
Page 53 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Argument Description
The arguments are mutually exclusive. You can specify an action (shutdown or trap) in one port security command and specify the maximum number of secured MAC addresses (max-maccount) in a second port security command for the same port. Both settings are effective. action {shutdown | trap}
max-mac-count
Defines the port reaction upon a security violation:
• •
The port shuts down An SNMP trap and log message are generated
(Optional). The maximum numbers of secured MAC addresses the port supports, in the range of . In this case, an attempt to exceed the maximum-allowed secured MAC addresses on the port produces an address violation event.
NOTE Enable new MAC address learning prior to using this argument to ensure its proper function (see the Device Administration chapter of this User Guide). When MAC address learning is not enabled the following warning message is displayed: “Warning! Port security may not work correctly since learning is disabled on the port.” filter-learndisable
(Optional). The filtered MAC addresses are not learned in the MAC address table.
vlan
(Optional). Enables port security on the specified VLAN the port is a member of. The VLAN ID number is in the range of .
no
Restores to default.
NOTE Using the no port security action trap command stops the SNMP trap generation when a security violation occurs. Example 1
The following example disables learning of the violating MAC address in the MAC address table: device-name(config)#interface 1/2/3 device-name(config-if 1/2/3)#port security max-mac-count 15 filter-learndisable
Example 2
The following example displays how to secure port 1/2/3 for VLAN 5 with a maximum of 5 secured MAC addresses: device-name(config)#interface 1/2/3 device-name(config-if 1/2/3)#port security max-mac-count 5 vlan 5
Page 54 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Re-Enabling a Shut Down Port The port security security violation. CLI Mode:
enable-shutdown-port command re-enables a port shut down due to a
Interface Configuration and Range Interface Configuration
Command Syntax device-name(config-if UU/SS/PP)#port security enable-shutdown-port [vlan ] device-name(config-if-group)#port security enable-shutdown-port [vlan ]
Argument Description vlan
(Optional). Re-enables the port also on the VLAN this port is a member of. The VLAN ID number is in the range of .
Displaying the Port Security Configuration The show
port security command displays the port security configuration for all device ports.
CLI Mode:
Privileged (Enable)
Command Syntax device-name#show port security [UU/SS/PP] [vlan ]
Argument Description UU/SS/PP vlan
(Optional). Displays the port security configuration of a specified port. (Optional). Displays the port security configuration of a specified VLAN.
Example 1
The following example shows the port security configuration on port 1/1/1 and VLAN 5 when the allowed numbers of secured MAC addresses is 5: device-name(config-if 1/1/1)#port security max-mac-count 5 vlan 5 device-name(config-if 1/1/1)#end device-name#show port security |===================================================================| | port #| vid | action | max addr |secure addr|filtered addr|status | |-------+-----+--------+----------+-----------+-------------+-------| | 1/1/1 | 5 | trap | 5 | 0 | 0 |enabled|
Page 55 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Example 2
The following example details how to enable port security on port 1/1/1 per VLAN 5, set a maximum of 5 MAC addresses, and set the action to shutdown: device-name(config-if device-name(config-if device-name(config-if device-name#show port
1/1/1)#port security max-mac-count 5 vlan 5 1/1/1)#port security action shutdown vlan 5 1/1/1)#end security
|===================================================================| |port # | vid | action | max addr |secure addr|filtered addr|status | |-------+-----+--------+----------+-----------+-------------+-------| | 1/1/1 | 5 |shutdown| 5 | 0 | 0 |enabled|
After sending traffic with tag 5 on port 1/1/1 with more than 5 source MAC addresses, only 5 MAC addresses are learned and the port is disabled: device-name#show port security |===================================================================| |port # | vid | action | max addr|secure addr|filtered addr| status | |-------+-----+--------+---------+-----------+-------------+--------| | 1/1/1 | 5 |shutdown| 5 | 5 | 0 |disabled|
Example 3
The following example details how to set the port security on port 1/2/4 with a maximum of 20 secured MAC addresses. The example also details how to set a maximum of 10 secured MAC addresses per port and VLAN: device-name(config-if device-name(config-if device-name(config-if device-name#show port
1/2/4)#port security max-mac-count 20 1/2/4)#port security max-mac-count 10 vlan 100 1/2/4)#end security
|===================================================================| |port # | vid |action|max addr|secure addr|filtered addr|status | |-------+---------+------+--------+-----------+-------------+-------| | 1/2/4 |all vlans| trap | 20 | 0 | 0 |enabled| | 1/2/4 | 100 | trap | 10 | 0 | 0 |enabled|
device-name#show port security 1/2/4 vlan 100 VLAN 100: The port/vlan is State Action Limit Type: Max secured addresses Current secured addresses Current filtered addresses
: : : : = = =
secured enabled send a trap learn as filtered 10 0 0
Page 56 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Configuration Examples Defining Port Security with Dynamic Learned MAC Addresses The following example configures various port security settings for ports 1/1/2, 1/1/3, and 1/1/4 for all VLANs. 1.
Enable port security with default settings on port 1/2/2. All the MAC addresses are learned as secure. device-name#configure terminal device-name(config)#interface 1/2/2 device-name(config-if 1/2/2)#port security
2.
Enable port security on port 1/2/3 with action shutdown and a maximum of six MAC addresses. After six MAC addresses are learned as secure, any additional MAC address sent to this interface causes the interface to shut down: device-name(config-if 1/2/2)#interface 1/2/3 device-name(config-if 1/2/3)#port security max-mac-count 6 device-name(config-if 1/2/3)#port security action shutdown
3.
Enable port security on port 1/2/4 with a maximum of six MAC addresses. After six MAC addresses are learned as secure, the following MAC addresses are learned as filtered and a security violation trap is generated: device-name(config-if 1/2/3)#interface 1/2/4 device-name(config-if 1/2/4)#port security max-mac-count 6 device-name(config-if 1/2/4)#end
4.
The configured settings are displayed by the show command in Privileged mode as follows: device-name#show port security |======================================================================| |port#| vid |action | max addr |secure addr|filtered addr|status | |-----+---------+--------+-----------+-----------+-------------|-------| |1/2/2|all vlans|trap | unlimited | 0 | 0 |enabled| |1/2/3|all vlans|shutdown| 6 | 0 | 0 |enabled| |1/2/4|all vlans|trap | 6 | 0 | 0 |enabled|
Page 57 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Defining Port Security with Static MAC Addresses The following example sets a maximum three addresses and sends SNMP traps in the event of over-learning. 1.
Configure the SNMP trap host to receive traps: device-name#configure terminal device-name(config)#snmp-server enable device-name(config)#snmp-server view viewAll 1.3 included device-name(config)#snmp-server group notify_only v1 read none write none notify viewAll device-name(config)#snmp-server user notify_user group notify_only v1 device-name(config)#snmp-server target-param MyParam notify_user v1 device-name(config)#snmp-server target-addr blaaddr1 10.2.3.44 162 MyParam tag_1 device-name(config)#snmp-server notify portSecurityViolation tag_1
2.
Configure the port 1/2/2 to learn a maximum of three MAC addresses. device-name(config)#interface 1/2/2 device-name(config-if 1/2/2)#port security max-mac-count 3 device-name(config-if 1/2/2)#exit
3.
Return to Global Configuration mode and define three MAC addresses to be learned: device-name(config)#mac-address-table secure 00:02:4b:82:60:e2 interface 1/2/2 vlan 2 device-name(config)#mac-address-table secure 00:02:55:58:0d:8c interface 1/2/2 vlan 2 device-name(config)#mac-address-table secure 00:02:55:98:52:f4 interface 1/2/2 vlan 2
4.
In Privileged (Enable) mode, check that the MAC addresses are learned: device-name(config)#exit device-name#show mac-address-table +===========+===================+=========+===========+========== | vid | mac | port | status | priority +-----------+-------------------+---------+-----------+---------| 0000 | 00:a0:12:07:13:29| | self | 0 | 0001 | 00:a0:12:07:13:29| | self | 0 | 0002 | 00:02:4b:82:60:e2| 1/2/2 | secure | 0 | 0002 | 00:02:55:58:0d:8c| 1/2/2 | secure | 0 | 0002 | 00:02:55:98:52:f4| 1/2/2 | secure | 0 | 0002 | 00:40:95:30:0b:f8| 1/2/3 | dynamic | 0
Page 58 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
5.
Check the port security definitions: device-name#show port security 1/2/2 ALL VLANS: The port is : secured State : enabled Action : send a trap Limit Type: : learn as filtered Max secured addresses = 3 Current secured addresses = 3 Current filtered addresses = 0
Re-Enabling Shut-down Ports The following example sets the maximum number of secure addresses to five. The example details how to re-enable a port that is shut down due to a security violation. 1.
Configure port 1/2/4 as secured, learning maximum 5 secure addresses, and shutting down in case of a security violation: device-name#configure terminal device-name(config)#interface 1/2/4 device-name(config-if 1/2/4)#port security max-mac-count 5 device-name(config-if 1/2/4)#port security action shutdown device-name(config-if 1/2/4)#end device-name#show port security |===================================================================| |port#| vid |action |max addr|secure addr|filtered addr|status | |-----+---------+--------+--------+-----------+-------------+-------| |1/2/4|all vlans|shutdown| 5 | 1 | 0 |enabled|
2.
Allow the port to learn 10 addresses and inspect what show port security displays. The port has learned 5 addresses as secure and the rest as filtered. The port’s current state is disabled (shut down): device-name#show port security |====================================================================| |port#| vid |action |max addr|secure addr|filtered addr|status | |-----+---------+--------+--------+-----------+-------------+--------| |1/2/4|all vlans|shutdown| 5 | 5 | 5 |disabled|
Page 59 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
3.
Re-enable the port: device-name#configure terminal device-name(config)#interface 1/2/4 device-name(config-if 1/2/4)#port security enable-shutdown-port device-name(config-if 1/2/4)#end device-name#show port security |===================================================================| |port#| vid |action |max addr|secure addr|filtered addr|status | |-----+---------+--------+--------+-----------+-------------+-------| |1/2/4|all vlans|shutdown| 5 | 5 | 5 |enabled|
device-name#show port security 1/2/4 All Vlans: The port is State Action Max secured addresses Current secured addresses Current filtered addresses
: : : = = =
secured enabled shutdown 5 5 5
Page 60 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
The Port Limit Feature Overview The Port Limit feature limits the number of MAC addresses learned by a port. When enabling this feature: •
MAC addresses within the limit are learned as dynamic
•
MAC addresses that exceed the limit are learned as filtered MAC addresses.
Port Limit Default Configuration Table 19: Port Limit Default Configuration Parameter
Default Value
Port limit
Disabled
Port Limit Commands Table 20: Port Limit Configuration Commands Command
Description
port limit
Configures a limit on the number of learned MAC addresses on a physical interface or a group of interfaces (see Limiting MAC Addresses a Port)
Table 21: Port Limit Display Commands Command
Description
show port limit
Displays the port limit configuration for all device ports (see Displaying the Port Limit Configuration)
Page 61 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Limiting MAC Addresses a Port The port limit command limits the number of learned MAC addresses on a physical interface or a group of interfaces. CLI Mode:
Interface Configuration and Range Interface Configuration
NOTE When configuring port limit on a port, the initial frame is lost since the first packet received from any source is used solely for learning its MAC address. NOTE A secured port does not support the port limit functionality.
By default, the port limit feature is disabled. Command Syntax device-name(config-if UU/SS/PP)#port limit max-mac-count [filterlearn-disable] [vlan ] device-name(config-if UU/SS/PP)#no port limit [max-mac-count filter-learndisable] [vlan ] device-name(config-if UU/SS/PP)#no port limit all device-name(config-if UU/SS/PP)#port limit forward-unknown device-name(config-if UU/SS/PP)#no port limit forward-unknown device-name(config-if-group)#port limit max-mac-count [filterlearn-disable] [vlan ] device-name(config-if-group)#no port limit [max-mac-count filter-learn-disable] [vlan ] device-name(config-if-group)#port limit forward-unknown device-name(config-if-group)#no port limit forward-unknown device-name(config-if-group)#no port limit all
Argument Description max-mac-count
The number of MAC addresses the port is allowed to learn, in the range of .
NOTE Enable new MAC address learning prior to using this argument to ensure its proper function (see the Device Administration chapter of this User Guide). When MAC address learning is not enabled the following warning message is displayed: “Warning! Port limit may not work correctly since learning is disabled on the port.” filter-learndisable
(Optional). The filtered MAC addresses are not learned in the MAC address table.
Page 62 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
MAC addresses are learned in the MAC address table vlan
(Optional). Enables port limit on the specified VLAN the port is a member of. The VLAN ID number is in the range of .
forward-unknown
Forwards unknown egress traffic on a port when this port is secured/limited. This command can be used together with the port security command to allow egress flooding.
no
Restores to default.
NOTE Using the no port limit all command removes port limit on a port per all VLANs. Example
The following example disables learning of the violating MAC address in the MAC address table. The filtered MAC addresses corresponding to VLAN 20 are not learned on port 1/2/3. device-name(config)#interface 1/2/3 device-name(config-if 1/2/3)#port limit max-mac-count 15 filter-learn-disable vlan 20
Displaying the Port Limit Configuration The show
port limit command displays the port limit configuration for all device ports.
CLI Mode:
Privileged (Enable)
Command Syntax device-name#show port limit [UU/SS/PP] [vlan ]
Argument Description UU/SS/PP
(Optional). Displays the port limit configuration of a specified port.
vlan
(Optional). Displays the port limit configuration of a specified VLAN.
Example 1 device-name#show port limit =========================================================== |port num | vlan | max-mac-count |current mac-count -------------+--------+-----------------+-----------------1/2/3 20 15 0
Example 2 device-name#show port limit 1/2/3 VLAN 20: The port/vlan is : limited Limit type : learn as filtered Max limited addresses = 15
Page 63 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Current limited addresses
=
0
Page 64 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Interfaces Management Overview The interface management feature allows system administrators to isolate the device’s management traffic from the normal data traffic. This way they can eliminate unauthorized users and malicious attacks to the device. Disabling port management disallows: •
Telnet to the device
•
SSH to the device
•
SNMP management
•
SNMP traps and informs
•
Ping to the device
•
TFTP download or upload
•
Outgoing Syslog messages
Interfaces Management Commands Table 22: Interface management Commands Command
Description
port management
Limits the device management access only to ports that you specify in the PORT LIST (see Setting Management Ports)
show port management
Displays which ports provide management access (see Displaying Management Ports)
Setting Management Ports The port
management command limits the device management access only to specified ports.
NOTE Ensure that your PC is connected to a management enabled port prior to disabling management on ports. NOTE You can also disable management on a VLAN (refer to the Configuring VLANs and Super VLANs chapter of this User Guide). Management traffic on a VLAN is allowed on a member port only if management is enabled both on the port and the VLAN. CLI Mode:
Global Configuration
By default, management of the device is accessible on all ports.
Page 65 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Command Syntax device-name(config)#port management PORT-LIST device-name(config)#no port management PORT-LIST
Argument Description PORT-LIST
Specifies one or more port numbers. Use commas as separators and hyphens to indicate sub-ranges (for example, 1/2/1–1/2/8, 1/1/2).
no
Specifies a list of ports prohibited from management access.
Displaying Management Ports The show device.
port management command displays the ports that provide management access to the
CLI Mode:
Privileged (Enable)
Command Syntax device-name#show port management
Example device-name#show port management Management ports: 1/2/1,1/2/2
Page 66 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Alarm Propagation Feature Overview Alarm Propagation is a fault detection feature that identifies faults in network uplinks and alarms downstream devices. When the uplink interface goes down, the user interfaces are also shut down and the customer device stops sending traffic over the original route, until the authorized person becomes aware of the alarm. The customer device can attempt to forward traffic over another available (alternative) route.
Alarm Propagation Commands Table 23: Alarm Propagation Commands Command
Description
alarm-statusinherit source-port
Enables the alarm propagation process on a group of interfaces or a group of aggregated interfaces (see Enabling Alarm Propagation )
show alarm-inherit
Displays the alarm propagation configuration (see Displaying the Alarm Propagation)
Enabling Alarm Propagation The alarm-status-inherit source-port command enables the alarm propagation process on a group of interfaces or a group of aggregated interfaces that will be shut down when the network uplink goes down. CLI Mode:
Interface Configuration
NOTE Notes and limitations: If all alarm-inherit configurations on a port are either a user (downlink) or uplink, for example a port cannot be uplink in part of the configurations and user in the rest of them. An alarm-inheriting (user) port cannot be part of a resilient link nor can port security with shutdown-violation-action be configured on it. Command Syntax device-name(config-if UU/SS/PP)#alarm-status-inherit source-port {PORT-LIST | PORT-AG-LIST} device-name(config-if UU/SS/PP)#no alarm-inherit
Page 67 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Argument Description PORT-LIST
Specifies one or more port numbers. Use commas as separators and hyphens to indicate sub-ranges (for example, 1/2/1–1/2/8, 1/1/2).
PORT-AG-LIST
Specifies the list of LAG names (for example AG01, AG04–AG06). The LAG ID is in the range .
no
Disables the Alarm Propagation.
Displaying the Alarm Propagation The show
alarm-inherit command displays the alarm propagation configuration.
CLI Mode:
Privileged (Enable)
Command Syntax device-name#show alarm-inherit
Example device-name#show alarm-inherit |==================================================| | port # | propagating alarm for uplink ports | |--------------------------------------------------| | 1/2/1 | 1/1/2
Page 68 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Configuration Example The following example (Figure 6) shows how to the set alarm propagation feature:
Figure 6: Alarm Propagation Configuration Example
1.
Set user port 1/2/1 link state to be dependent upon the state of uplink port 1/1/2 (inherit alarm on the uplink port): DeviceC#configure terminal DeviceC(config)#interface 1/2/1 DeviceC(config-if 1/2/1)#alarm-status-inherit source-port 1/1/2 DeviceC(config-if 1/2/1)#end DeviceC#show alarm-inherit |==================================================| | port # | propagating alarm for uplink ports | |--------------------------------------------------| | 1/2/1 | 1/1/2
Page 69 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
2.
Verify the port states and configuration. Port 1/2/1 inherits on the state of port 1/1/2.Initially the two ports are up: DeviceC#show interface Name = Type = EnableState = Link = Duplex mode = Speed = Duplex speed status = Flow control mode = Flow control status = Backpressure = Broadcast limit = Default VLAN = Super VLAN Port = Learning new address = Max Packet Size (MRU)= DeviceC#show interface Name = Type = EnableState = Link = Duplex mode = Speed = Duplex speed status = Flow control mode = Flow control status = Backpressure = Broadcast limit = Default VLAN = Super VLAN Port = Learning new address = Max Packet Size (MRU)=
1/1/2 DUAL (10/100/1000BaseT,MEDIA not installed) enable up autonegotiate autonegotiate full-10000 disable disable disable unlimited 1 No Enabled 1632 1/2/1 DUAL (10/100/1000BaseT,MEDIA not installed) enable up autonegotiate autonegotiate full-10000 disable disable disable unlimited 1 No Enabled 1632
Page 70 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
3.
Disconnect port 1/1/2 forces port link state 1/2/1 to go also down: DeviceC#show interface Name = Type = EnableState = Link = Duplex mode = Speed = Duplex speed status = Flow control mode = Flow control status = Backpressure = Broadcast limit = Default VLAN = Super VLAN Port = Learning new address = Max Packet Size (MRU)= DeviceC#show interface Name = Type = EnableState = Link = Duplex mode = Speed = Duplex speed status = Flow control mode = Flow control status = Backpressure = Broadcast limit = Default VLAN = Super VLAN Port = Learning new address = Max Packet Size (MRU)=
1/1/2 DUAL (10/100/1000BaseT,MEDIA not installed) enable down autonegotiate autonegotiate unknown disable disable disable unlimited 1 No Enabled 1632 1/2/1 DUAL (10/100/1000BaseT,MEDIA not installed) enable down autonegotiate autonegotiate unknown disable disable disable unlimited 1 No Enabled 1632
Page 71 Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Supported Platforms Features
T-Marc 340
T-Marc 380
Fast Ethernet and Giga Ethernet Port
+
+
Link Aggregation Groups (LAGs)
+
+
Resilience Links
+
+
Port Security Techniques
+
+
Alarm Propagation
+
+
Supported Standards, MIBs, and RFCs Features
Standards
MIBs
RFCs
Fast Ethernet and Giga Ethernet Port
IEEE 802.3 Ethernet IEEE 802.3u Fast Ethernet IEEE 802.3x Flow Control IEEE 802.3z Gigabit Ethernet
Public MIBs:
RFC 2863 The Interfaces Group MIB (configL2IfaceTable and interface table)
•
RFC 1213, Management Information Base for Network Management of TCP/IP-based internets:MIB-II (qwerinterface table and onfigL2IfaceTable)
• RMON MIB Private MIB, prvt_switch.mib Link Aggregation Groups (LAGs)
IEEE 802.3ad
Private MIB, prvt_Ports_Aggregation.mib
No RFCs are supported by this feature.
Resilience Links
No standards are supported by this feature.
Private MIB, prvt_resilient_link.mib
No RFCs are supported by this feature.
Port Security Techniques
No standards are supported by this feature.
No MIBs are supported by this feature.
No RFCs are supported by this feature.
Alarm Propagation
IEEE 802.3 Ethernet IEEE 802.3u Fast Ethernet IEEE 802.3x Flow Control IEEE 802.3z Gigabit Ethernet
Public MIBs:
RFC 2863 The Interfaces Group MIB (configL2IfaceTable and interface table)
•
RFC 1213, Management Information Base for Network Management of TCP/IP-based internets:MIB-II (qwerinterface table and onfigL2IfaceTable)
•
RMON MIB Private MIB, prvt_switch.mib
Page 72 Configuring Interfaces (Rev. 08)
Configuring VLANs and Super VLANs Table of Figures ······················································································ 3 Features Included in this Chapter ································································ 4 Virtual LANs ·························································································· 5 Overview ·························································································· 5 The VLAN Tagging Benefits ···································································· 5 VLAN Traffic Behavior·········································································· 6 VLAN Tagging and Ingress Traffic ······················································· 6 VLAN Tagging and Egress Traffic ························································ 7 VLAN Default Configuration ··································································· 8 VLAN Configuration Flow ······································································ 9 VLAN Configuration Commands ·····························································10 Entering the VLAN Configuration Mode ···············································12 Creating a New VLAN ····································································12 Entering an Existing VLAN Configuration Mode ······································12 Adding Ports to a VLAN ··································································13 Adding Ports to a Default VLAN ························································14 Creating a Range of VLANs ······························································14 Securing Management Access Based on VLAN ID·····································15 Modifying the CPU Port Membership ···················································16 Removing the CPU Port···································································16 Deleting a VLAN (by VLAN Name) ·····················································17 Deleting a VLAN (by VLAN ID) ························································17 Deleting a Range of VLANs ······························································18 Removing Ports from a VLAN ···························································19 Removing Ports from a Default VLAN··················································20 Displaying the VLAN Configuration ·····················································20 Displaying VLAN Management Information············································20
Page 1 Configuring VLANs and Super VLANs (Rev. 07)
T-Marc 300 Series User Guide
Configuration Examples ········································································21 VLAN Configuration Example ···························································21 Management VLAN Configuration Example············································31 Super VLANs ························································································33 Overview ·························································································33 Super VLAN Types ·············································································34 The Super VLAN Default Configuration ·····················································35 The Super VLAN Configuration Commands·················································35 Defining a Super VLAN ···································································35 Configuring the Super VLAN Ring Topology···········································36 Displaying the Super VLAN Configuration ·············································36 Configuration Examples ········································································37 Super VLAN Configuration Example ····················································37 Super VLAN with Aggregated Uplink Configuration Example ·······················39 Super VLAN Ring Topology Configuration·············································41 Supported Platforms ················································································44 Supported Standards, MIBs and RFCs ·························································44
Page 2 Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Table of Figures Figure 1: IEEE 802.1Q Frame Tag Structure·················································· 6 Figure 2: VLANs in Ingress Traffic····························································· 7 Figure 3: VLANs in Egress Traffic ····························································· 7 Figure 4: VLAN Configuration Flow ··························································· 9 Figure 5: VLAN Configuration Example······················································21 Figure 6: Management VLAN Configuration Example ······································31 Figure 7: Switching Decisions without the Super VLAN Agent ····························33 Figure 8: Switching Decisions with the Super VLAN Agent ································33 Figure 9: Super VLAN Ring Mode Configuration Example ································34 Figure 10: Super VLAN Configuration························································37 Figure 11: Super VLAN Configuration with LAG Uplink···································39 Figure 12: Super VLAN Ring Topology Example············································41
Page 3 Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Features Included in this Chapter This chapter provides an overall understanding of Virtual Local Area Network (VLAN) concepts, including different configuration examples. The chapter contains the following sections: •
Virtual LANs VLANs are used to group users’ traffic with common requirements, as if they were on the same LAN although they may be in separate physical locations. The key benefit of VLANs is its flexibility in allowing any logical LAN to be implemented on any physical infrastructure.
•
Super VLANs The Super VLAN is a mechanism for aggregating VLANs that share the same default router address and subnet mask, but remain isolated from one another's network traffic.
Page 4 Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Virtual LANs Overview VLAN tagging is a standard designed for grouping hosts with common requirements, allowing them to communicate as if they were on the same LAN regardless of their physical location. This allows a logical partition of a physical LAN into different broadcast domains. This standard also ensures that VLAN traffic is isolated from hosts that are not members of the VLAN. This technology is based on tagging Ethernet frames with VLAN IDs, assigning each user to a specific VLAN. This prohibits Layer 2 mutual access between workgroups with different VLAN IDs.
The VLAN Tagging Benefits Implementing VLANs on the network has the following advantages: •
Flexibility—when a user moves to a different broadcast domain, the system administrator only has to reconfigure the port the user is connected to.
•
Security—VLANs provide a greater degree of security than a traditional LAN since data packets of one VLAN are not transmitted to a different VLAN.
•
Scalability—VLANs are not limited to a single device, spanning over an enterprise organization or a WAN link.
•
Service per VLAN—you can use separate VLANs for different services and features corresponding to each VLAN.
Page 5 Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
VLAN Traffic Behavior VLAN tagging inserts a VLAN ID into the Ethernet frame header, associating each frame with a specific VLAN. Using this method, the port that interconnects devices can carry traffic for multiple VLANs over the same physical connection.
Figure 1: IEEE 802.1Q Frame Tag Structure
A port can be a member of one or more VLANs. However, only one of these VLANs can be the port’s default VLAN. Initially all the device ports are members of a VLAN named Default (VLAN ID 1). Ports assigned to different VLANs can communicate only through routing (and not on Layer 2).
VLAN Tagging and Ingress Traffic The VLAN membership and the port’s default VLAN affect the incoming (ingress) traffic process as follows: •
When the traffic has a VLAN tagging: if the port is a member of the VLAN, it processes the traffic otherwise, the port drops this traffic
•
If the traffic has no VLAN tagging, the port adds its default VLAN ID to the frames and processes them accordingly.
Page 6 Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Figure 2: VLANs in Ingress Traffic
VLAN Tagging and Egress Traffic In addition to the VLANs a port is assigned to, the system administrator defines whether the port is a tagged or an untagged member of a specified VLAN. This affects the outgoing (egress) traffic process: •
If the port is an untagged member of a VLAN, it removes the VLAN ID tagging from these VLAN’s frames before forwarding them
•
If the port is a tagged member of a VLAN, it forwards these VLAN’s frames with their VLAN ID (without changing the frames)
Figure 3: VLANs in Egress Traffic
Page 7 Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
VLAN Default Configuration Table 1: VLAN Default Configuration Parameter
Default Value
All ports’ VLAN
VLAN 1
PVID of all ports
VLAN 1
VLAN management
Enabled
Page 8 Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
VLAN Configuration Flow Start
Enter VLAN Configuration mode
Create a VLAN
Enter a specific VLAN Configuration mode
Add port(s) as tagged or untagged members
Configure a Default VLAN
Yes
Add ports to a default VLAN No
Modify Management VLANs
Yes Secure management access Remove CPU from VLAN
No
Modify the CPU port membership
Yes
Remove the CPU port No End
Figure 4: VLAN Configuration Flow
Page 9 Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
VLAN Configuration Commands Table 2: VLAN Configuration Commands Command
Description
vlan
Enters the VLAN Configuration mode (see Entering the VLAN Configuration Mode)
create
Creates a VLAN with a specific name and ID number (see Creating a New VLAN)
config
Enters a specific VLAN Configuration mode (see Entering an Existing VLAN Configuration Mode)
add ports
Adds specified ports as either tagged or untagged ports (see Adding Ports to a Default VLAN)
add ports default
Specifies a default VLAN for a group of ports (see Adding Ports to a Default VLAN)
create range
Creates a range of VLANs (see Creating a Range of VLANs)
Table 3: VLAN Optional Commands Command
Description
management
Limits the device management access to VLANs that you specify by a list of VLAN ID numbers (see Securing Management Access Based on VLAN ID)
add cpu-port
Enables the device to receive broadcast and multicast traffic in the specified VLAN (see Modifying the CPU Port Membership)
remove cpu-port
Protects the device from receiving broadcast and multicast traffic in the specified VLAN (see Removing the CPU Port)
Table 4: Commands for Removing VLANs Command
Description
delete
Deletes a VLAN, specified by its name (see Deleting a VLAN (by VLAN Name))
delete id
Deletes a VLAN, specified by its VLAN ID (see Deleting a VLAN (by VLAN ID))
delete range
Deletes a range of VLANs (see Deleting a Range of VLANs)
Table 5: Commands for Removing Ports from a VLAN Command
Description
remove ports
Removes ports from a VLAN (see Removing Ports from a VLAN)
remove ports default
Removes ports from the default VLAN (see Removing Ports from a Default VLAN)
Page 10 Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Table 6: VLAN Display Commands Command
Description
show, show vlan
Displays the static VLAN configuration (see Displaying the VLAN Configuration)
show vlan management
Display VLAN management access information (see Displaying VLAN Management Information)
Page 11 Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Entering the VLAN Configuration Mode The vlan command enters the VLAN Configuration mode. CLI Mode:
Global Configuration
Command Syntax device-name(config)#vlan device-name(config vlan)#
Creating a New VLAN The create command creates a VLAN with the specified name and ID (VLAN tag). CLI Mode:
VLAN Configuration
NOTE
vlan_ and default are reserved names and you cannot use them as VLAN names.
Attempting to do so generates the following message (vlan-id represents the VLAN ID that the user is attempting to create): “% VLAN system name“ Command Syntax device-name(config vlan)#create NAME
Argument Description NAME
The VLAN name.
vlan-id
The VLAN tag number, in the range .
Example
Use the following example to create a VLAN named accounting with tag number 2: device-name(config vlan)#create accounting 2
Entering an Existing VLAN Configuration Mode The config command enters the configuration mode for a specific VLAN. Use this command in a Specific VLAN Configuration mode to switch to a different VLANs Configuration mode. CLI Mode:
VLAN Configuration and Specific VLAN Configuration
Page 12 Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Command Syntax device-name(config vlan)#config NAME1 device-name(config-vlan NAME1)# device-name(config-vlan NAME1)#config NAME2 device-name(config-vlan NAME2)#
Argument Description The names of existing VLANs.
NAME1, NAME2
Examples
•
Access vlan_52 configuration from Global VLAN Configuration mode, as indicated by the prompt-line: device-name(config vlan)#config vlan_52 device-name(config-vlan vlan_52)#
•
Switch from vlan_52 Configuration mode to XYZ Configuration mode, as indicated by the prompt-line: device-name(config-vlan vlan_52)#config XYZ device-name(config-vlan XYZ)#
Adding Ports to a VLAN The add ports command assigns ports to a VLAN. Ports drop ingress packets tagged with a different VLAN-tag than the one they belong to. In egress traffic tagged ports send tagged packets while untagged ports send these packets without a VLAN tag. CLI Mode:
Specific VLAN Configuration
Command Syntax device-name(config-vlan VLAN-NAME)#add ports PORT-LIST {tagged | untagged}
Argument Description PORT-LIST
•
(Optional) specifies one or more port numbers. Use commas as separators and hyphens to indicate sub-ranges (for example, 1/2/1–1/2/8, 1/1/2).
• NOTE Do not leave blank spaces before or after the comma separating sequential lists. tagged
(Optional) the specified ports are tagged.
untagged
(Optional) the specified ports are untagged
Page 13 Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Adding Ports to a Default VLAN The add
ports default command specifies a default VLAN for a group of ports.
CLI Mode:
Specific VLAN Configuration
Command Syntax device-name(config-vlan VLAN-NAME)#add ports default PORT-LIST
Argument Description
See the Argument Description table above.
Creating a Range of VLANs The create range command creates a range of VLANs and automatically assigns VLAN names that match the tag-numbers. The VLAN name format is Vlan_dddd, where dddd represents the matching VLAN ID. For example, VLAN ID 123 is named Vlan_123. CLI Mode:
VLAN Configuration
Command Syntax device-name(config vlan)#create range [PORT-LIST tagged [PORT-LIST untagged]] [remove cpu-port] device-name(config vlan)#create range [PORT-LIST untagged [PORT-LIST tagged]] [remove cpu-port]
Argument Description vlan-id1
The first VLAN ID, in the range of
vlan-id2
The last VLAN ID, in the range of
PORT-LIST
(Optional) one or more port numbers, specified by the following options:
• • • •
UU/SS/PP—a single port specified by unit, slot, and port number
•
Several port numbers and/or ranges, separated by commas (for example: 1/1/1, 1/1/2, 1/2/1–1/2/8).
UU—all ports on the specified unit UU/SS—all ports on the specified slot that A hyphenated range of ports (for example: 1/2/1–1/2/8 or 1/1–1/2)
NOTE Do not leave blank spaces before or after the comma separating sequential lists. tagged
(Optional) the specified ports are tagged
untagged
(Optional) the specified ports are untagged
Page 14 Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
remove cpuport
(Optional) prevents the device from receiving broadcast and multicast traffic in the specified VLAN (see the remove cpu-port command)
Example
Use the following example to create a sequence of VLANs and then to display the results: device-name(config vlan)#create range 15 21 1/1/1-1/1/2 untagged 1/2/2 tagged device-name(config vlan)#show ================================================================== Name |VTag| Rout If | Tagged ports | Untagged ports -----------------+----+---------+-----------------+--------------default |1 | sw0 | |1/1/1-1/2/8 Vlan_15 |15 | | 1/2/2 |1/1/1,1/1/2 Vlan_16 |16 | | 1/2/2 |1/1/1,1/1/2 Vlan_17 |17 | | 1/2/2 |1/1/1,1/1/2 Vlan_18 |18 | | 1/2/2 |1/1/1,1/1/2 Vlan_19 |19 | | 1/2/2 |1/1/1,1/1/2 Vlan_20 |20 | | 1/2/2 |1/1/1,1/1/2 Vlan_21 |21 | | 1/2/2 |1/1/1,1/1/2
Securing Management Access Based on VLAN ID The management command limits the device management access only to VLANs that you specify by a list of VLAN ID numbers. You may include VLANs that have not been created yet. The management VLAN isolates the device’s management IP address from data traffic, preventing unauthorized access and malicious attacks. When using this feature, you can manage the device though a PC—connected to a port assigned to a management VLAN—via Telnet or SNMP. When management VLAN is disabled, you are not allowed to perform the following tasks: •
Telnet to the device
•
SSH to the device
•
SNMP management
•
Ping the device
•
TFTP download or upload
•
Receive outgoing Syslog messages
You cannot delete the management VLAN 1. By default, management of the device is accessible on all VLANs. NOTE You can also disable management on a port by the port management command in Global Configuration mode (refer to the Configuring Interfaces chapter of this User Guide). Management traffic on a VLAN is allowed on a port that is a member of that VLAN only if management is enabled both on the port and on the VLAN.
Page 15 Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
CLI Mode:
VLAN Configuration
Command Syntax device-name(config vlan)#management VLAN-LIST device-name(config vlan)#no management VLAN-LIST
Argument Description VLAN-LIST
A list of VLAN IDs in the below format:
• •
A hyphenated range of VLANs (for example: 8–32) Several VLAN numbers and/or ranges, separated by commas (for example: 2,4,8–32)
The list of VLANs with no management access.
no
Modifying the CPU Port Membership The add cpu-port command enables the device to receive broadcast and multicast traffic in the specified VLAN. CLI Mode:
Specific VLAN Configuration
By default, the CPU port is a member of all VLANs. Command Syntax device-name(config-vlan VLAN-NAME)#add cpu-port
Removing the CPU Port The remove cpu-port command protects the device's CPU from receiving broadcast and multicast traffic on the specified VLAN. NOTE The device performs switching even if its CPU is not a member of the VLAN. Enabling this feature does not block unicast traffic to the CPU. CLI Mode:
Specific VLAN Configuration
Command Syntax device-name(config-vlan VLAN-NAME)#remove cpu-port
Page 16 Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Deleting a VLAN (by VLAN Name) The delete command deletes an existing VLAN by its VLAN name. NOTE The VLAN named default (VLAN ID 1) is part of the default configuration and you cannot delete it. CLI Mode:
VLAN Configuration
Command Syntax device-name(config vlan)#delete NAME
Argument Description The name of an existing VLAN
NAME
Example
The following example deletes the VLAN named accounting: device-name(config vlan)#delete accounting
Deleting a VLAN (by VLAN ID) The delete
id command deletes an existing VLAN by its VLAN ID.
CLI Mode:
VLAN Configuration
Command Syntax device-name(config vlan)#delete id
Argument Description vlan-id
An existing VLAN ID
Example
This following example deletes the VLAN with ID 10: device-name(config vlan)#delete id 10
Page 17 Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Deleting a Range of VLANs The delete
range command deletes a range of VLANs.
CLI Mode:
VLAN Configuration
Command Syntax device-name(config vlan)#delete range
Argument Description vlan-id1
The first VLAN ID in the range (must be smaller than vlan-id2). The valid range is .
vlan-id2
The last VLAN ID (must be greater than vlan-id1). The valid range is .
Example device-name(config vlan)#show =================================================================== Name |VTag| Rout If | Tagged ports | Untagged ports -----------------+----+---------+-----------------+---------------default |1 | sw0 | |1/1/1-1/2/8 Vlan_15 |15 | | 1/2/2 |1/1/1,1/1/2 Vlan_16 |16 | | 1/2/2 |1/1/1,1/1/2 Vlan_17 |17 | | 1/2/2 |1/1/1,1/1/2 Vlan_18 |18 | | 1/2/2 |1/1/1,1/1/2 Vlan_19 |19 | | 1/2/2 |1/1/1,1/1/2 Vlan_20 |20 | | 1/2/2 |1/1/1,1/1/2 Vlan_21 |21 | | 1/2/2 |1/1/1,1/1/2 device-name(config vlan)#delete range 15 19 device-name(config vlan)#show =================================================================== Name |VTag| Rout If | Tagged ports | Untagged ports -----------------+----+---------+-----------------+---------------default |1 | sw0 | |1/1/1-1/2/8 Vlan_20 |20 | | 1/2/2 |1/1/1,1/1/2 Vlan_21 |21 | | 1/2/2 |1/1/1,1/1/2
Page 18 Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Removing Ports from a VLAN The remove
ports command removes the specified port(s).
CLI Mode:
Specific VLAN Configuration
Command Syntax device-name(config-vlan VLAN-NAME)#remove ports PORT-LIST
Argument Description PORTLIST
(Optional) one or more port numbers assigned to the VLANs, specified by the following options:
• • • •
UU/SS/PP—a single port specified by unit, slot, and port number
•
Several port numbers and/or ranges, separated by commas (for example: 1/1/1, 1/1/2, 1/2/1–1/2/8).
UU—all ports on the specified unit UU/SS—all ports on the specified slot that A hyphenated range of ports (for example: 1/2/1–1/2/8 or 1/1–1/2)
NOTE Do not leave blank spaces before or after the comma separating sequential lists. Example
The example shows how to remove ports from the VLAN named xxx. The result displayed by the show command that can be applied in any Specific or Global VLAN Configuration mode: device-name(config-vlan xxx)#remove ports 1/2/2-1/2/4 device-name(config-vlan xxx)#show ================================================================== Name |VTag| Rout If | Tagged ports | Untagged ports -------------+----+---------+---------------------+--------------default |1 | sw0 | |1/1/1-1/2/8 xxx |9 | |1/1/1,1/2/1, |1/2/1,1/2/5 | | |1/2/5-1/2/7 |
Page 19 Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Removing Ports from a Default VLAN The remove
ports default command removes ports from the default VLAN.
CLI Mode:
Specific VLAN Configuration
Command Syntax device-name(config-vlan VLAN-NAME)#remove ports default PORT-LIST
Argument Description
See the argument table above.
Displaying the VLAN Configuration The commands below display VLAN configuration information: •
show command
CLI Mode:
•
VLAN Configuration and Specific VLAN Configuration
show vlan command
CLI Mode:
Privileged (Enable)
Command Syntax device-name#show vlan device-name(config vlan)#show device-name(config-vlan VLAN-NAME)#show
Displaying VLAN Management Information The show
vlan management command displays VLAN management access information.
CLI Mode:
Privileged (Enable)
Command Syntax device-name#show vlan management
Example
The following example shows that by default, management is accessible on all VLANs. device-name#show vlan management Management VLANs: 1-4094
Page 20 Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Configuration Examples VLAN Configuration Example The figure below represents an example of a simple VLAN configuration.
Figure 5: VLAN Configuration Example
Configuring Device 1:
1.
Create VLAN user_100 with VLAN ID 100: device-name#configure terminal device-name(config)#vlan device-name(config vlan)#create user_100 100
2.
Remove port 1/1/1 from Default VLAN, add port 1/1/1 as untagged (connected to a user) to VLAN user_100 and add VLAN user_100 as PVID to port 1/1/1. Add port 1/2/1 as tagged (connected to Device 4): device-name(config vlan)#config default device-name(config-vlan default)#remove ports 1/1/1 device-name(config-vlan default)#exit device-name(config vlan)#config user_100 device-name(config-vlan user_100)#add ports 1/1/1 untagged device-name(config-vlan user_100)#add ports default 1/1/1 device-name(config-vlan user_100)#add ports 1/2/1 tagged device-name(config-vlan user_100)#exit
Page 21 Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
3.
Create VLAN user_101 with VLAN ID 101: device-name(config vlan)#create user_101 101
4.
Remove port 1/1/2 from Default VLAN, add port 1/1/2 as untagged (connected to a user) to VLAN user_101, and add VLAN user_101 as PVID to port 1/1/2. Add port 1/2/1 as tagged (connected to Device 4): device-name(config vlan)#config default device-name(config-vlan default)#remove ports 1/1/2 device-name(config-vlan default)#exit device-name(config vlan)#config user_101 device-name(config-vlan user_101)#add ports 1/1/2 untagged device-name(config-vlan user_101)#add ports default 1/1/2 device-name(config-vlan user_101)#add ports 1/2/1 tagged device-name(config-vlan user_101)#exit
5.
Create the VLAN user_102 with VLAN ID 102: device-name(config vlan)#create user_102 102
6.
Remove port 1/2/3 from Default VLAN, add port 1/2/3 as untagged (connected to a user) to VLAN user_102, and add VLAN user_102 as PVID to port 1/2/3. Add port 1/2/1 as tagged (connected to Device 4): device-name(config vlan)#config default device-name(config-vlan default)#remove ports 1/2/3 device-name(config-vlan default)#exit device-name(config vlan)#config user_102 device-name(config-vlan user_102)#add ports 1/2/3 untagged device-name(config-vlan user_102)#add ports default 1/2/3 device-name(config-vlan user_102)#add ports 1/2/1 tagged
7.
Display the configured VLANs: device-name(config-vlan user_102)#show ================================================================== Name |VTag| Rout If | Tagged ports | Untagged ports ---------------+----+---------+------------------+---------------default |1 | sw0 | |1/1/1-1/2/8 user_100 |100 | |1/2/1 |1/1/1 user_101 |101 | |1/2/1 |1/1/2 user_102 |102 | |1/2/1 |1/2/3 device-name(config-vlan user_102)#end device-name#show running-config port ... ! Port configuration: ! interface 1/1/1 default vlan 100 ! interface 1/1/2 default vlan 101 !
Page 22 Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
interface 1/2/3 default vlan 102 ! ... ! VLAN configuration: ! vlan create user_100 100 config user_100 add ports 1/2/1 tagged add ports 1/1/1 untagged ! vlan create user_101 101 config user_101 add ports 1/2/1 tagged add ports 1/1/2 untagged ! vlan create user_102 102 config user_102 add ports 1/2/1 tagged add ports 1/2/3 untagged ! ...
Configuring Device 2:
1.
Create VLAN user_200 with VLAN ID 200: device-name#configure terminal device-name(config)#vlan device-name(config vlan)#create user_200 200
2.
Remove port 1/1/1 from Default VLAN, add port 1/1/1 as untagged (connected to a user) to VLAN user_200, and add VLAN user_200 as PVID to port 1/1/1. Add port 1/2/1 as tagged (connected to Device 4): device-name(config vlan)#config default device-name(config-vlan default)#remove ports 1/1/1 device-name(config-vlan default)#exit device-name(config vlan)#config user_200 device-name(config-vlan user_200)#add ports 1/1/1 untagged device-name(config-vlan user_200)#add ports default 1/1/1 device-name(config-vlan user_200)#add ports 1/2/1 tagged device-name(config-vlan user_200)#exit
3.
Create VLAN user_201 with VLAN ID 201: device-name(config vlan)#create user_201 201
Page 23 Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
4.
Remove port 1/1/2 from Default VLAN add port 1/1/2 as untagged (connected to a user) to VLAN user_201 and add VLAN user_201 as PVID to port 1/1/2. Add port 1/2/1 as tagged (connected to Device 4): device-name(config vlan)#config default device-name(config-vlan default)#remove ports 1/1/2 device-name(config-vlan default)#exit device-name(config vlan)#config user_201 device-name(config-vlan user_201)#add ports 1/1/2 untagged device-name(config-vlan user_201)#add ports default 1/1/2 device-name(config-vlan user_201)#add ports 1/2/1 tagged device-name(config-vlan user_201)#exit
5.
Create the VLAN user_202 with VLAN ID 202: device-name(config vlan)#create user_202 202
6.
Remove port 1/2/3 from Default VLAN, add port 1/2/3 as untagged (connected to a user) to VLAN user_202, and add VLAN user_202 as PVID to port 1/2/3. Add port 1/2/1 as tagged (connected to Device 4) device-name(config vlan)#config default device-name(config-vlan default)#remove ports 1/2/3 device-name(config-vlan default)#exit device-name(config vlan)#config user_202 device-name(config-vlan user_202)#add ports 1/2/3 untagged device-name(config-vlan user_202)#add ports default 1/2/3 device-name(config-vlan user_202)#add ports 1/2/1 tagged device-name(config-vlan user_202)#exit
7.
Display the configured VLANs: device-name(config-vlan user_202)#show ================================================================= Name |VTag| Rout If | Tagged ports | Untagged ports ---------------+----+---------+------------------+--------------default |1 | sw0 | |1/1/1-1/2/8 user_200 |200 | |1/2/1 |1/1/1 user_201 |201 | |1/2/1 |1/1/2 user_202 |202 | |1/2/1 |1/2/3 device-name(config-vlan user_202)#end device-name#show running-config port ... ! Port configuration: ! interface 1/1/1 default vlan 200 ! interface 1/1/2 default vlan 201 ! interface 1/2/3 default vlan 202 !
Page 24 Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
... ! VLAN configuration: ! vlan create user_200 200 config user_200 add ports 1/2/1 tagged add ports 1/1/1 untagged ! vlan create user_201 201 config user_201 add ports 1/2/1 tagged add ports 1/1/2 untagged ! vlan create user_202 202 config user_202 add ports 1/2/1 tagged add ports 1/2/3 untagged ! ...
Configuring Device 3:
1.
Create VLAN user_300 with VLAN ID 300: device-name#configure terminal device-name(config)#vlan device-name(config vlan)#create user_300 300
2.
Remove port 1/1/1 from Default VLAN, add port 1/1/1 as untagged (connected to a user) to VLAN user_300, and add VLAN user_300 as PVID to port 1/1/1. Add port 1/2/1 as tagged (connected to Device 4): device-name(config vlan)#config default device-name(config-vlan default)#remove ports 1/1/1 device-name(config-vlan default)#exit device-name(config vlan)#config user_300 device-name(config-vlan user_300)#add ports 1/1/1 untagged device-name(config-vlan user_300)#add ports default 1/1/1 device-name(config-vlan user_300)#add ports 1/2/1 tagged device-name(config-vlan user_300)#exit
3.
Create VLAN user_301 with VLAN ID 301: device-name(config vlan)#create user_301 301
Page 25 Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
4.
Remove port 1/1/2 from Default VLAN, add port 1/1/2 as untagged (connected to a user) to VLAN user_301 and add VLAN user_301 as PVID to port 1/1/2. Add port 1/2/1 as tagged (connected to Device 4): device-name(config vlan)#config default device-name(config-vlan default)#remove ports 1/1/2 device-name(config-vlan default)#exit device-name(config vlan)#config user_301 device-name(config-vlan user_301)#add ports 1/1/2 untagged device-name(config-vlan user_301)#add ports default 1/1/2 device-name(config-vlan user_301)#add ports 1/2/1 tagged device-name(config-vlan user_301)#exit
5.
Create VLAN user_302 with VLAN ID 302: device-name(config vlan)#create user_302 302
6.
Remove port 1/2/3 from Default VLAN, add port 1/2/3 as untagged (connected to a user) to VLAN user_302, and add VLAN user_302 as PVID to port 1/2/3. Add port 1/2/1 as tagged (connected to Device 4) device-name(config vlan)#config default device-name(config-vlan default)#remove ports 1/2/3 device-name(config-vlan default)#exit device-name(config vlan)#config user_302 device-name(config-vlan user_302)#add ports 1/2/3 untagged device-name(config-vlan user_302)#add ports default 1/2/3 device-name(config-vlan user_302)#add ports 1/2/1 tagged device-name(config-vlan user_302)#exit
7.
Display the configured VLANs: device-name(config-vlan user_302)#show ================================================================== Name |VTag| Rout If | Tagged ports | Untagged ports ---------------+----+---------+------------------+---------------default |1 | sw0 | |1/1/1-1/2/8 user_300 |300 | |1/2/1 |1/1/1 user_301 |301 | |1/2/1 |1/1/2 user_302 |302 | |1/2/1 |1/2/3 device-name(config-vlan user_302)#end device-name#show running-config port ... ! Port configuration: ! interface 1/1/1 default vlan 300 ! interface 1/1/2 default vlan 301 ! interface 1/2/3 default vlan 302 !
Page 26 Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
... ! VLAN configuration: ! vlan create user_300 300 config user_300 add ports 1/2/1 tagged add ports 1/1/1 untagged ! vlan create user_301 301 config user_301 add ports 1/2/1 tagged add ports 1/1/2 untagged ! vlan create user_302 302 config user_302 add ports 1/2/1 tagged add ports 1/2/3 untagged ! ...
Configuring Device 4:
1.
Create VLAN user_100 with VLAN ID 100: device-name#configure terminal device-name(config)#vlan device-name(config vlan)#create user_100 100
2.
Add ports 1/1/1, 1/2/1 as tagged (1/1/1 is connected to the users on Device 1 and 1/2/1 is connected to the router) to VLAN user_100: device-name(config vlan)#config user_100 device-name(config-vlan user_100)#add ports 1/1/1,1/2/1 tagged device-name(config-vlan user_100)#exit
3.
Create the VLAN user_101 with VLAN ID 101: device-name(config vlan)#create user_101 101
4.
Add ports 1/1/1, 1/2/1 as tagged (1/1/1 is connected to the users on Device 1 and 1/2/1 is connected to the router) to VLAN user_101: device-name(config vlan)#config user_101 device-name(config-vlan user_101)#add ports 1/1/1,1/2/1 tagged device-name(config-vlan user_101)#exit
5.
Create the VLAN user_102 with VLAN ID 102: device-name(config vlan)#create user_102 102
Page 27 Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
6.
Add ports 1/1/1, 1/2/1 as tagged (1/1/1 is connected to the users on Device 1 and 1/2/1 is connected to the router) to VLAN user_102: device-name(config vlan)#config user_102 device-name(config-vlan user_102)#add ports 1/1/1,1/2/1 tagged device-name(config-vlan user_102)#exit
7.
Create the VLAN user_200 with VLAN ID 200: device-name(config vlan)#create user_200 200
8.
Add ports 1/1/2, 1/2/1 as tagged (1/1/2 is connected to the users on Device 2 and 1/2/1 is connected to the router) to VLAN user_200: device-name(config vlan)#config user_200 device-name(config-vlan user_200)#add ports 1/1/2,1/2/1 tagged device-name(config-vlan user_200)#exit
9.
Create the VLAN user_201 with VLAN ID 201: device-name(config vlan)#create user_201 201
10. Add ports 1/1/2, 1/2/1 as tagged (1/1/2 is connected to the users on Device 2 and 1/2/1 is connected to the router) to VLAN user_201: device-name(config vlan)#config user_201 device-name(config-vlan user_201)#add ports 1/1/2,1/2/1 tagged device-name(config-vlan user_201)#exit
11. Create the VLAN user_202 with VLAN ID 202: device-name(config vlan)#create user_202 202
12. Add ports 1/1/2, 1/2/1 as tagged (1/1/2 is connected to the users on Device 2 and 1/2/1 is connected to the router) to VLAN user_202: device-name(config vlan)#config user_202 device-name(config-vlan user_202)#add ports 1/1/2,1/2/1 tagged device-name(config-vlan user_202)#exit
13. Create the VLAN user_300 with VLAN ID 300: device-name(config vlan)#create user_300 300
14. Add ports 1/2/3, 1/2/1 as tagged (1/2/3 is connected to the users on Device 3 and 1/2/1 is connected to the router) to VLAN user_300: device-name(config vlan)#config user_300 device-name(config-vlan user_300)#add ports 1/2/3,1/2/1 tagged device-name(config-vlan user_300)#exit
15. Create the VLAN user_301 with VLAN ID 301: device-name(config vlan)#create user_301 301
16. Add ports 1/2/3, 1/2/1 as tagged (1/2/3 is connected to the users on Device 3 and 1/2/1 is connected to the router) to VLAN user_301: device-name(config vlan)#config user_301 device-name(config-vlan user_301)#add ports 1/2/3,1/2/1 tagged device-name(config-vlan user_301)#exit
Page 28 Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
17. Create the VLAN user_302 with VLAN ID 302: device-name(config vlan)#create user_302 302
18. Add ports 1/2/3, 1/2/1 as tagged (1/2/3 is connected to the users on Device 3 and 1/2/1 is connected to the router) to VLAN user_302: device-name(config vlan)#config user_302 device-name(config-vlan user_302)#add ports 1/2/3,1/2/1 tagged device-name(config-vlan user_302)#exit
19. Display the configured VLANs: device-name(config-vlan user_302)#show ================================================================== Name |VTag| Rout If| Tagged ports | Untagged ports ------------+----+---------+---------------------+---------------default |1 | sw0 | |1/1/1-1/2/8 user_100 |100 | |1/1/1,1/2/1 | user_101 |101 | |1/1/1,1/2/1 | user_102 |102 | |1/1/1,1/2/1 | user_200 |200 | |1/1/2,1/2/1 | user_201 |201 | |1/1/2,1/2/1 | user_202 |202 | |1/1/2,1/2/1 | user_300 |300 | |1/2/3,1/2/1 | user_301 |301 | |1/2/3,1/2/1 | user_302 |302 | |1/2/3,1/2/1 | device-name(config-vlan user_302)#end device-name#show running-config vlan ... ! VLAN configuration: ! vlan create user_100 100 config user_100 add ports 1/1/1,1/2/1 tagged ! vlan create user_101 101 config user_101 add ports 1/1/1,1/2/1 tagged ! vlan create user_102 102 config user_102 add ports 1/1/1,1/2/1 tagged ! vlan create user_200 200 config user_200 add ports 1/1/2,1/2/1 tagged ! vlan
Page 29 Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
create user_201 201 config user_201 add ports 1/1/2,1/2/1 ! vlan create user_202 202 config user_202 add ports 1/1/2,1/2/1 ! vlan create user_300 300 config user_300 add ports 1/2/3,1/2/1 ! vlan create user_301 301 config user_301 add ports 1/2/3,1/2/1 ! vlan create user_302 302 config user_302 add ports 1/2/3,1/2/1 !...
tagged
tagged
tagged
tagged
tagged
Page 30 Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Management VLAN Configuration Example This is an example for the management VLAN configuration. The device can be managed only by VLAN 2. VLANs 100, 101 and 102 are created but the device cannot be managed from the workstations, only from the management station.
Figure 6: Management VLAN Configuration Example
1.
Enter VLAN Configuration mode: device-name#configure terminal device-name(config)#vlan
2.
Remove management from VLANs 1, be use to manage the device):
3–4094 (only ports configured with VLAN ID 2
can
device-name(config vlan)#no management 1,3-4094
3.
Create the VLAN manage with VLAN ID 2: device-name(config vlan)#create manage 2
4.
Add port 1/1/2 as untagged to VLAN manage and add VLAN manage as PVID to port 1/1/2: device-name(config vlan)#config manage device-name(config-vlan manage)#add ports 1/1/2 untagged device-name(config-vlan manage)#add ports default 1/1/2 device-name(config-vlan manage)#exit
5.
Create the VLAN v100 with VLAN ID 100: device-name(config vlan)#create v100 100
Page 31 Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
6.
Add port 1/2/3 as untagged to VLAN v100 and add VLAN v100 as PVID to port 1/2/3. Add port 1/2/7 as tagged to VLAN v100: device-name(config vlan)#config v100 device-name(config-vlan v100)#add ports 1/2/3 untagged device-name(config-vlan v100)#add ports default 1/2/3 device-name(config-vlan v100)#add ports 1/2/7 tagged device-name(config-vlan v100)#exit
7.
Create the VLAN v101 with VLAN ID 101: device-name(config vlan)#create v101 101
8.
Add port 1/2/4 as untagged to VLAN v101 and set VLAN v101 as PVID. Add port 1/2/7 as tagged to VLAN v101: device-name(config vlan)#config v101 device-name(config-vlan v101)#add ports 1/2/4 untagged device-name(config-vlan v101)#add ports default 1/2/4 device-name(config-vlan v101)#add ports 1/2/7 tagged device-name(config-vlan v101)#exit
9.
Create the VLAN v102 with VLAN ID 102: device-name(config vlan)#create v102
102
10. Add port 1/2/5 as untagged to VLAN v102 and set VLAN v102 as PVID. Add port 1/2/7 as tagged to VLAN v102: device-name(config vlan)#config v102 device-name(config-vlan v102)#add ports 1/2/5 untagged device-name(config-vlan v102)#add ports default 1/2/5 device-name(config-vlan v102)#add ports 1/2/7 tagged device-name(config-vlan v102)#exit
11. Remove ports 1/1/2–1/2/5 from VLAN default: device-name(config vlan)#config default device-name(config-vlan default)#remove ports 1/1/2-1/2/5 device-name(config-vlan default)#end
12. Display the management VLANs: device-name#show vlan management Management VLANs: 2
13. Display the VLAN configuration: device-name#show vlan =================================================================== Name |VTag| Rout If | Tagged ports | Untagged ports -----------+----+---------+--------------------+------------------default |1 | sw0 | |1/1/1,1/2/6-1/2/8 manage |2 | | |1/1/2 v100 |100 | |1/2/7 |1/2/3 v101 |101 | |1/2/7 |1/2/4 v102 |102 | |1/2/7 |1/2/5
Page 32 Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Super VLANs Overview Super VLAN is a mechanism used to separate users which reside in the same VLAN into multiple virtual broadcast domains. With Super VLAN, systems administrators can use the same IPv4 subnet and default gateway IP address for users residing in the same switched infrastructure. This helps in decreasing IPv4 address consumption and the need for dedicated IP subnet for each VLAN. VLANs that are members of a Super VLAN are called sub-VLANs. Each sub-VLAN is a broadcast domain isolated at Layer 2. When users in different sub-VLANs need to communicate with each other, they use the IP address of the virtual interface of the Super VLAN as the IP address of the gateway. The virtual interface IP address is shared by multiple VLANs. This minimizes the number of required IP addresses. In case a sub VLAN needs to communicate with a sub VLAN in a different sub VLAN at Layer 3, or in case a sub-VLAN communicates with other networks, you need to enable ARP proxy (for more information, refer to the Device Administration chapter of this User Guide). The below example illustrates the traffic flow in case Super VLAN is not configured: traffic entering the user device port is not restricted to the uplink port; therefore, all the broadcast, unknown, and multicast packets are spread over the entire device VLANs.
Figure 7: Switching Decisions without the Super VLAN Agent
As oppose to the above, the below example illustrates the traffic flow in case Super VLAN is configured: once switching decisions are done, the Super VLAN agent overrules these decisions and directs the traffic to the Super VLAN uplink port.
Figure 8: Switching Decisions with the Super VLAN Agent
Page 33 Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Super VLAN Types There are two types of Super VLAN: •
Super VLAN layer 2—Suitable for a Layer-2 switching environment, where the sub-VLANs and Super VLAN share the same IP subnet mask. The Super VLAN provides enhanced security between the customers, by disallowing communication between the sub-VLANs, whether or not they are located in the same LAN.
•
Super VLAN ring topology—Suitable for ring topology networks using the Multiple Spanning Tree Protocol (MSTP). In these cases traffic can flow either clockwise or counterclockwise. Both ports connected to the ring are referred to as uplink ports, while the rest of the ports are referred to as user ports. In this case the Super VLAN uplink has to be one of the two ports that are connected to the rest of the ring. Use this topology when the Super VLAN port has to be the root port of the bridge. In this topology, the Super VLAN uplink-port is selected dynamically by the bridge between the two uplink ports. If a topology change occurs, the Super VLAN uplink changes automatically and the new Root port is selected as a Super VLAN uplink port. In the figure below, one of the clients connected to device D sends broadcast traffic. The traffic travels counterclockwise only, since the Super VLAN active uplink-port is the root port. If the link between device B and A is disconnected, a topology change occurs and Device D selects a new Super VLAN uplink-port. As a result traffic flows clockwise only. Dynamic Super VLAN takes affect on all the bridges, except for the root bridge since it does not have a root port (only designated ports).
Figure 9: Super VLAN Ring Mode Configuration Example
Page 34 Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
The Super VLAN Default Configuration Table 7: Super VLAN Default Configuration Parameter
Default Value
Super VLAN
Disabled
Residential user
Disabled
Super VLAN ring mode
Disabled
The Super VLAN Configuration Commands Table 8: Super VLAN Commands Command
Description
super-vlan
Configures Super VLAN (see Defining a Super VLAN)
super-vlan ring-topology
Configures Super VLAN for networks with a ring topology (see Configuring the Super VLAN Ring Topology)
show super-vlan
Displays the Super VLAN configuration (see Displaying the Super VLAN Configuration)
Defining a Super VLAN The super-vlan command configures Super VLAN on a physical port or a group of ports. CLI Mode:
Interface Configuration, Range Interface Configuration, LAG Range Interface Configuration, and LAG Interface Configuration
Command Syntax device-name(config-if UU1/SS1/PP1)#super-vlan {UU2/SS2/PP2 | ag0N} device-name(config-if UU1/SS1/PP1)#no super-vlan device-name(config-if-group)#super-vlan {UU2/SS2/PP2 | ag0N} device-name(config-if-group)#no super-vlan device-name(config-ag-group)#super-vlan {UU2/SS2/PP2 | ag0N} device-name(config-ag-group)#no super-vlan device-name(config-if AG0N)#super-vlan {UU2/SS2/PP2 | ag0N} device-name(config-if AG0N)#no super-vlan
Argument Description UU2/SS2/PP2
The Unit, slot, and port number of the uplink port.
ag0N
The LAG interface name, where N represents the LAG ID number in the range of . For detailed information, refer to the Configuring Interfaces chapter of this User Guide.
Page 35 Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
no
Removes the Super VLAN from the port.
Configuring the Super VLAN Ring Topology The super-vlan topology.
ring-topology command configures Super VLAN for networks with a ring
NOTE You can enable the Super VLAN for a ring topology only if the MSTP (Multiple Spanning Tree Protocol) is enabled.
By default, the Super VLAN ring topology is disabled. CLI Mode::
Interface Configuration
Command Syntax device-name(config-if UU/SS/PP)#super-vlan ring-topology UU1/SS1/PP1 UU2/SS2/PP2 [vlan ] device-name(config-if UU/SS/PP)#no super-vlan
Argument Description UU1/SS1/PP1
The first ring-port of the Super VLAN.
UU2/SS2/PP2
The second ring-port of the Super VLAN.
vlan
(Optional) an existing VLAN ID in the range . When you specify this argument, only the corresponding MSTP instance root decision is taken. If you do not use this argument, the MSTP instance zero root decision is taken.
no
Removes Super VLAN from the configured user port.
Displaying the Super VLAN Configuration The show
super-vlan command displays the Super VLAN configuration.
CLI Mode:
Privileged (Enable)
Command Syntax device-name#show super-vlan
Example device-name#show super-vlan =========================================================== User Interface | Super VLAN Type | Uplink -----------------+-----------------+----------------------1/1/1 | regular | 1/2/2 1/2/2 | regular | 1/2/4
Page 36 Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Configuration Examples Super VLAN Configuration Example In the figure below three users are connected to one uplink port. The users can connect only to this uplink port.
Figure 10: Super VLAN Configuration
1.
Enable Super VLAN on port 1/1/1 with the uplink 1/2/1: device-name#configure terminal device-name(config)#interface 1/1/1 device-name(config-if 1/1/1)#super-vlan 1/2/1
2.
Enable Super VLAN on port
1/1/2 with the uplink 1/2/1:
device-name(config-if 1/1/1)#interface 1/1/2 device-name(config-if 1/1/2)#super-vlan 1/2/1
3.
Enable Super VLAN on port 1/2/3 with the uplink 1/2/1: device-name(config-if 1/1/2)#interface 1/2/3 device-name(config-if 1/2/3)#super-vlan 1/2/1 device-name(config-if 1/2/3)#end
Page 37 Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
4.
Display the port 1/1/1 configuration: device-name#show interface 1/1/1 Name = Type = DUAL (10/100/1000BaseT,MEDIA not installed) EnableState = enable Link = down Duplex mode = autonegotiate Speed = autonegotiate Duplex speed status = full-100 Flow control mode = disable Flow control status = disable Backpressure = disable Broadcast limit = unlimited Default VLAN = 1 Super VLAN Port = 1/2/1 Learning new address = Enabled
5.
Display the Super VLAN configuration: device-name#show super-vlan ================================================== User Interface | Super VLAN Type | Uplink -----------------+-----------------+-------------1/1/1 | regular | 1/2/1 1/1/2 | regular | 1/2/1 1/2/3 | regular | 1/2/1
Page 38 Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Super VLAN with Aggregated Uplink Configuration Example In the following example, two users are connected to one uplink LAG (Link Aggregation Group) port.
Figure 11: Super VLAN Configuration with LAG Uplink
Configuring Device 1:
Configure static link aggregation on ports 1/1/1 and
1/1/2:
device-name#configure terminal device-name(config)#interface 1/1/1 device-name(config-if 1/1/1)#link-aggregation static id 1 device-name(config-if 1/1/1)#interface 1/1/2 device-name(config-if 1/1/2)#link-aggregation static id 1
Page 39 Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Configuring Device 2:
1.
Configure static link aggregation on ports 1/2/1 and 1/2/2: device-name#configure terminal device-name(config)#interface 1/2/1 device-name(config-if 1/2/1)#link-aggregation static id 7 device-name(config-if 1/2/1)#interface 1/2/2 device-name(config-if 1/2/2)#link-aggregation static id 7
2.
Enable Super VLAN on ports 1/1/1 and 1/1/2 with uplink ag07: device-name(config-if device-name(config-if device-name(config-if device-name(config-if device-name(config-if
3.
1/2/2)#interface 1/1/1 1/1/1)#super-vlan ag07 1/1/1)#interface 1/1/2 1/1/2)#super-vlan ag07 1/1/2)#end
Display the Super VLAN configuration: device-name#show super-vlan ===================================================================== User Interface | Super VLAN Type | Uplink -----------------+-----------------+--------------------------------1/1/1 | regular | AG07 1/1/2 | regular | AG07
Page 40 Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Super VLAN Ring Topology Configuration The figure below shows a ring topology with an entry point. Devices 2, 3 and 4 are configured with Super VLAN in ring mode and MSTP is enabled. Device 1 is the MSTP Root and port 1/2/8 of Device 4 is blocked. For more information regarding the MSTP, refer to the Configuring Multiple Spanning Tree Protocol (MSTP) chapter of this User Guide.
Figure 12: Super VLAN Ring Topology Example
Configuring Device 1
1.
Configure Device 1 as MSTP Root and the bridge priority 0 for MST instance 0: Device1#configure terminal Device1(config)#protocol Device1(cfg protocol)#mstp 0 priority 0 Device1(cfg protocol)#exit
2.
Configure the ring ports as Super VLAN ports: Device1(config)#interface 1/2/6 Device1(config-if 1/2/6)#super-vlan ring-topology 1/1/1 1/1/2 Device1(config-if 1/2/6)#end
Page 41 Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
3.
Display the Super VLAN configuration: Device1#show super-vlan ===================================================================== User Interface | Super VLAN Type | Uplink -----------------+-----------------+--------------------------------1/2/6 | ring-topology | 1/1/1 (active), 1/1/2
Configuring Device 2
1.
Enable MSTP and MSTP fast ring: Device2#configure terminal Device2(config)#protocol Device2(cfg protocol)#mstp enable Device2(cfg protocol)#mstp fast-ring enable
2.
Configure the ring ports as Super VLAN ports: Device2(config)#interface 1/2/6 Device2(config-if 1/2/6)#super-vlan ring-topology 1/1/1 1/1/2 Device2(config-if 1/2/6)#end
3.
Display the Super VLAN configuration: Device2#show super-vlan ===================================================================== User Interface | Super VLAN Type | Uplink -----------------+-----------------+--------------------------------1/2/6 | ring-topology | 1/1/1 (active), 1/1/2
Configuring Device 3
1.
Enable MSTP and MSTP fast ring: Device3#configure terminal Device3(config)#protocol Device3(cfg protocol)#mstp enable Device3(cfg protocol)#mstp fast-ring enable Device3(cfg protocol)#mstp fast-ring ring-ports 1/1/1 1/1/2
2.
Configure Super VLAN on the user port 1/2/2: Device3(config)#interface 1/2/2 Device3(config-if 1/2/2)#super-vlan ring-topology 1/1/1 1/1/2 Device3(config-if 1/2/2)#end
3.
Display the Super VLAN configuration: Device3#show super-vlan ===================================================================== User Interface | Super VLAN Type | Uplink -----------------+-----------------+--------------------------------1/2/2 | ring-topology | 1/1/1, 1/1/2 (active)
Page 42 Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Configuring Device 4
1.
Enable MSTP and MSTP fast ring: Device4#configure terminal Device4(config)#protocol Device4(cfg protocol)#mstp enable Device4(cfg protocol)#mstp fast-ring enable Device4(cfg protocol)#mstp fast-ring ring-ports 1/2/7 1/2/8 Device3(cfg protocol)#end
2.
Configure Super VLAN on the user port
1/2/2:
Device4(config)#interface 1/2/2 Device4(config-if 1/2/2)#super-vlan ring-topology 1/2/7 1/2/8 Device4(config-if 1/2/2)#end
3.
Display port 1/2/2 configuration: Device4#show interface 1/2/2 … Super VLAN Ports = 1/2/7 (active), 1/2/8
4.
Display the Super VLAN configuration: Device4#show super-vlan ===================================================================== User Interface | Super VLAN Type | Uplink -----------------+-----------------+--------------------------------1/2/2 | ring-topology | 1/2/7 (active), 1/2/8
5.
Display the MSTP Configuration: Device4#show mstp … SpanIgmpFastRecovery = enabled FastRing = enabled … 01/01/21 128 Root frwrd 200000 01/01/22 128 Alternate block 200000 01/01/24 128 Designated frwrd 200000
0 04096.00A012170100 128.002 0 32768.00A012171600 128.001 0 32768.00A012010102 128.024
Page 43 Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Supported Platforms Features
T-Marc 340
T-Marc 380
Virtual LANs
+
+
Super VLANs
+
+
Supported Standards, MIBs, and RFCs Features
Standards
MIBs
RFCs
Virtual LANs
IEEE 802.1Q-1998 IEEE 802.1Q-2003 IEEE 802.1P IEEE 802.1u-2001
IEEE 802.1Q
No RFCs are supported by this feature.
Super VLANs
No standards are supported by this feature.
No MIBs are supported by this feature.
RFC 3069, VLAN Aggregation for Efficient IP Address Allocation
Page 44 Configuring VLANs and Super VLANs (Rev. 08)
Configuring Transparent LAN Services (TLS) Table of Figures ······················································································ 3 TLS Overview························································································· 4 802.1Q Tunneling ················································································ 4 Layer-2 Protocol Tunneling (L2PT) ···························································· 5 The TLS Default Configuration ··································································· 6 TLS Configuration Flow ············································································ 7 The TLS Configuration Commands······························································ 8 Configuring a TLS Service ······································································10 Configuring TLS Service Distribution Paths (SDP) ··········································10 Configuring TLS Service Access Point (SAP)·················································12 Configuring TLS ·················································································13 Configuring the TLS EtherType Value ························································13 Selecting a TLS Core (Uplink) Port ····························································13 Selecting a TLS Access (User) Port ····························································14 Securing the Management Device Access based on C-VLAN······························15 Configuring the Layer-2 Protocol Tunneling ·················································15 TLS Tunnel Profile Configuration Mode······················································16 Configuring Layer-2 Protocol PDUs ··························································16 Defining Tunnel MAC Addresses for Predefined Protocols ································17 Defining Tunnel MAC Addresses for User-Defined Protocols ·····························19 Tunneling of Layer-2 Protocol PDUs for SDP ···············································20 Tunneling of Layer-2 Protocol PDUs for SAP ···············································21 Displaying the TLS Configuration ·····························································22 Displaying the L2PT Encapsulation Information ············································22 Displaying the L2PT Configuration Information·············································23 Displaying Layer-2 Protocol Tunneling Statistics·············································24 Displaying TLS Profile Names ·································································25 Displaying TLS Services ········································································26 TLS Configuration Examples·····································································27
Page 1 Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
Example 1 ························································································27 Example 2 ························································································28 Supported Platforms ················································································30 Supported Standards, MIBs, and RFCs·························································30
Page 2 Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
Table of Figures Figure 1: 802.1Q Tunneling Configuration····················································· 4 Figure 2: TLS Configuration Flow ······························································ 7 Figure 3: TLS Interface Example ······························································27 Figure 4: TLS Tunneling Example ·····························································28
Page 3 Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
Overview Deploying the Transparent LAN Services (TLS) requires network operators to transport a large number of customers’ virtual LANs (VLANs) while keeping traffic secured in each VLAN. This mechanism establishes Layer-2 tunnels inside the service provider network where traffic from different customers is segregated and where it is marked with an appropriate tunnel name.
802.1Q Tunneling 802.1Q tunneling allows the deployment of secure TLS, using IEEE 802.1Q standard tags. The main advantage of 802.1Q tunneling is that it enables service providers to use a separate VLAN (service VLAN, S-VLAN) to support the customers who have multiple VLANs, while preserving the customer VLAN IDs and keeping traffic in the different customer’s VLANs (C-VLAN) segregated. 802.1Q tunneling expands the VLAN space by adding an additional 802.1Q tag (the tunnel ID) to all previously-tagged packets when they enter the service provider infrastructure, as illustrated in below figure.
Figure 1: 802.1Q Tunneling Configuration
The new frame contains the original C-VLAN tag and the new S-VLAN tag. A port that is configured to support 802.1Q tunneling is called a tunnel port. When you configure tunneling, you assign a tunnel port to a VLAN that you dedicate to tunneling. To keep the customer traffic segregated, each customer requires a separate VLAN, but that one VLAN supports all of the customer’s VLANs.
Page 4 Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
Three types of ports are defined in the network devices deployed by the service provider: •
Residential port—a port that is connected to a user and does not participate in the TLS. Packets that are transmitted through this port have no added tag
•
Access (SAP) ports—a port that is connected to a user. Packets that are transmitted through this port have no added tag (see Configuring TLS Service Access Point (SAP))
•
Core (SDP) port—a port that is connected to the service provider’s network. All packets that are transmitted through this port are either control packets or packets with an additional tag. If the packets arrive from an access (user) port the additional tag header will be added. If the packets arrive from a residential port the additional tag header will not be added (see Configuring TLS Service Distribution Paths (SDP))
When a access port (SAP) receives tagged customer traffic from an 802.1Q-port on the customer device, it does not strip the received 802.1Q tag from the frame header; instead, the access port (SAP) leaves the 802.1Q tag intact, adds a 2-byte EtherType field (0x8100) followed by a 2-byte field containing the priority (CoS) and the VLAN (see Configuring the TLS EtherType Value). An egress core port (SDP) strips the 2-byte EtherType field (0x8100) and the 2-byte length field and transmits the traffic with the 802.1Q tag still intact to the customer device. The 802.1Q-port on the customer device strips the 802.1Q tag and puts the traffic into the appropriate customer VLAN.
Layer-2 Protocol Tunneling (L2PT) Layer-2 protocol tunneling allows IEEE Layer-2 protocol data units (PDUs) to be tunneled through a network. The L2PT is based on PDUs software encapsulating in the ingress service provide edge devices. All devices inside the service provider network treat these encapsulated frames as regular data packets and forward them out appropriately. The egress service provides edge devices that listen for these special encapsulated frames and decapsulates them before forwarding them out of the tunnel. The encapsulation involves rewriting the destination media access control (MAC) address in the PDU. An ingress service provides edge devices that rewrite the destination multicast MAC address of the PDUs received with a predefined multicast tunnel MAC addresses that ensure transparent L2CP traffic flow (see Defining Tunnel MAC Addresses for Predefined Protocols and Defining Tunnel MAC Addresses for User-Defined Protocols).
Page 5 Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
The TLS Default Configuration Table 1: TLS Default Configuration Parameter
Default Value
Transparent LAN Services (TLS)
Disabled
TLS port
Residential port
EtherType
0x8100
IEEE control packets tunneling
Disabled
Page 6 Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
TLS Configuration Flow Start
Enable/disable the Layer 2 Protocol Tunneling
Yes
No
Configure the TLS tunnel profile
Set the TLS EtherType value
Yes
Configure the TLS tunnel profile
Yes No Specify the TLS EtherType value
Create TLS service
Create SDP
Configure Custom MAC Address for Tunneled Packets
Create SAP
No
End
Enable Tunneling of IEEE Control Packets
No
Yes
Define Tunnel MAC Addresses for Predefined Protocols
Yes
Define Tunnel MAC Addresses for UserDefined Protocols
Figure 2: TLS Configuration Flow
Page 7 Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
The TLS Configuration Commands Table 2: TLS Services Configuration Commands Command
Description
tls
Creates a specific TLS service instance (see Configuring a TLS Service)
sdp
Configures a service distribution point (SDP) for the specified TLS instance (see Configuring TLS Service Distribution Paths (SDP))
sap
Configures a service access point (SAP) for the specified TLS instance (see Configuring TLS Service Access Point (SAP))
Table 3: TLS Services Optional Commands Command
Description
tls
Enables/disables the TLS (see Configuring TLS)
tls ethertype
Assigns an EtherType value (see Configuring the TLS EtherType Value)
tls uplink
Configures a physical interface or group of interfaces as a TLS core (uplink) port/groups (see Selecting a TLS Core (Uplink) Port)
tls user
Configures a physical interface or group of interfaces as a TLS access (user) port/groups (see Selecting a TLS Access (User) Port )
management c-vlan
Limits the device management access only to a specified C-VLAN (see Securing the Management Device Access based on C-VLAN)
The following table lists the command for configuring L2PT. The whole L2PT configuration is optional. NOTE For the tls tunneled-ieee-pdu command to take effect, first enable TLS tunneling globally by the tls tunneled-ieee-pdu enable command.
Table 4: L2PT Configuration Command Command
Description
tls tunneled-ieee-pdu enable/disable
Enables/disables the Layer-2 protocol tunneling (see Configuring the Layer-2 Protocol Tunneling)
tls tunnel-profile
Enables a configuration of a specific TLS tunnel profile (see TLS Tunnel Profile Configuration Mode)
tls tunnel/discard
Specifies one of the allowed Layer-2 protocol PDUs to be tunneled/discarded (see Configuring Layer-2 Protocol PDUs)
Page 8 Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
Command
Description
tls tunneled-ieee-pdu HH:HH:HH:HH:HH:HH
Defines a multicast tunnel MAC address that rewrites the original multicast destination MAC address (see Defining Tunnel MAC Addresses for Predefined Protocols )
tls tunneled-ieee-pdu add
Defines a multicast tunnel MAC address that rewrites the original multicast destination MAC address (Defining Tunnel MAC Addresses for User-Defined Protocols)
tls tunneled-ieee-pdu
Enables tunneling of IEEE control packets for SDP (see Tunneling of Layer-2 Protocol PDUs for SDP)
(in SDP Service Configuration) tls tunneled-ieee-pdu
(in SAP Service Configuration)
Enables tunneling of IEEE control packets for SAP (see Tunneling of Layer-2 Protocol PDUs for SAP)
Table 5: TLS Display Commands Command
Description
show tls
Displays the global TLS configuration (see Displaying the TLS Configuration)
show tls tunneled-ieee-pdu
Displays the L2PT encapsulation information (see Displaying the L2PT Encapsulation Information)
show tls tunneled-ieee-pdu service
Displays the L2PT configuration information (see Displaying the L2PT Configuration Information)
show tls tunneled-ieee-pdu statistics
Displays Layer-2 protocol tunneling statistics (see Displaying Layer-2 Protocol Tunneling Statistics)
show tls tunnel-profile
Displays the specified custom profile name (see Displaying TLS Profile Names)
show tls-services
Displays information about all currently configured TLS services (see Displaying TLS Services)
Page 9 Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
Configuring a TLS Service The tls command creates a specific TLS service instance. CLI Mode:
Global Configuration
Command Syntax device-name(config)#tls SERVICE-NAME [] device-name(config)#no tls SERVICE-NAME device-name(config)#no tls id
Argument Description SERVICE-NAME
A unique alpha-numeric string service name. When defining the service via SNMP, it generates dynamically
service ID
(Optional) the unique service identifier, in the range
no
Removes the defined TLS instance
Example device-name(config)#tls serv 5 device-name(config-tls serv)
Configuring TLS Service Distribution Paths (SDP) The sdp command configures a service distribution point (SDP) for the specified TLS instance. CLI Mode:
TLS Service Configuration
NOTE Create the SDP VLAN and add ports as tagged to this VLAN before creating the SDP, see Example 1. Command Syntax device-name(config-tls SERVICE-NAME)#sdp {UU/SS/PP | ag0N} s-vlan [primary | secondary] device-name(config-tls SERVICE-NAME)#sdp {UU/SS/PP | ag0N} s-vlan [option] device-name(config-tls-sdp UU/SS/PP:SVLAN-ID:)# device-name(config-tls-sdp AG0N:SVLAN-ID:)# device-name(config-tls SERVICE-NAME)#no sdp {UU/SS/PP | ag0N}
Page 10 Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
Argument Description UU/SS/PP
The SDP port. The SDP port has to be a tagged member of the SVLAN
ag0N
The SDP aggregation port. N in the range
s-vlan
The SDP Service VLAN ID, in the range of
primary
(Optional) SDP EPS primary
secondary
(Optional) SDP EPS secondary
option
(Optional) changes the mode to SDP Service Configuration mode (see Example 2)
no
Removes the defined SDP
For detailed information about EPS, refer to the ITU-T G.8031 Ethernet Protection Switching (EPS) section of Operations, Administration and Maintenance (OAM) chapter. Examples
1.
Create the SDP VLAN and add ports as tagged to this VLAN before creating the SDP: device-name#configure terminal device-name(config)#vlan device-name(config vlan)#create v5 5 device-name(config vlan)#config v5 device-name(config-vlan v5)#add ports 1/2/1 tagged device-name(config-vlan v5)#exit device-name(config vlan)#exit device-name(config)#tls tunneled-ieee-pdu enable device-name(config)#tls serv 5 device-name(config-tls serv)#sdp 1/2/1 s-vlan 5 device-name(config-tls serv)#
2.
Enter SDP Service Configuration mode: device-name(config-tls serv)#sdp 1/2/1 s-vlan 5 option device-name(config-tls-sdp 1/2/1:5:)#
Page 11 Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
Configuring TLS Service Access Point (SAP) The sap command configures a service access point (SAP) for the specified TLS instance. CLI Mode:
TLS Service Configuration
Command Syntax device-name(config-tls SERVICE-NAME)#sap UU/SS/PP {c-vlans | cvlans VLAN-LIST | c-vlan-wildcard 0xffff 0xffff | c-vlan-wildcard all} [option | untagged] device-name(config-tls SERVICE-NAME)#no sap UU/SS/PP {c-vlans | cvlans VLAN-LIST | c-vlan-wildcard 0xffff 0xffff | c-vlan-wildcard all} [untagged]
Argument Description UU/SS/PP
The SAP port. The SAP port has to be an untagged member of the SVLAN. Default VLAN for SAP port is the S-VLAN
CVLAN-ID
The SAP Customer VLAN ID, in the range of
VLAN-LIST
The SAP Customer VLAN ID list (for example 2–4,8) defining the number of SAPs
c-vlan-wildcard 0xffff 0xffff
A group of Customer VLANs, identified by matching mask
c-vlan-wildcard all
Tunnels the tagged traffic only
option
(Optional) changes the mode to SAP Service Configuration mode (see Example 2)
untagged
(Optional) tunnels untagged traffic only
no
Removes the defined SAP
Examples
1.
Configure SAP: device-name(config-tls serv)#sap 1/1/1 c-vlan-wildcard all device-name(config-tls serv)#sap 1/2/2 c-vlans 4,7-9 device-name(config-tls serv)#sap 1/2/3 c-vlans 5 untagged
2.
Enter SAP Service Configuration mode: device-name(config-tls serv)#sap 1/2/2 c-vlans 4 option device-name(config-tls-sap 1/2/2:4:)#
Page 12 Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
Configuring TLS The tls command enables/disables the TLS. CLI Mode:
Global Configuration
Command Syntax device-name(config)#tls {enable | disable}
Argument Description enable
Enables TLS
disable
Disables TLS
Configuring the TLS EtherType Value The tls
ethertype command configures the EtherType value.
CLI Mode:
Global Configuration
By default, the EtherType value is 0x8100. Command Syntax device-name(config)#tls ethertype
Argument Description Hexadecimal VLAN EtherType value (for example 0x9000)
number
Selecting a TLS Core (Uplink) Port The tls uplink command configures a physical interface or group of interfaces as a TLS core (uplink) port/groups. CLI Mode:
Interface Configuration, LAG Interface Configuration, Range Interface Configuration, and LAG Range Interface Configuration
The TLS core port is configured at the Provider-network side of the provider-edge (PE) switch. NOTE For the tls uplink command to take effect, first enable TLS by using the tls enable command.
Page 13 Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
NOTE For TLS to be successfully enabled on an uplink, which is a port aggregation (LAG), the tls uplink command should be executed in Interface LAG Configuration mode. Enabling TLS on a single port of the LAG will have no effect on the aggregation.
By default, all ports are residential. Command Syntax device-name(config-if UU/SS/PP)#[no] tls uplink device-name(config-if AG0N)#[no] tls uplink device-name(config-if-group)#[no] tls uplink device-name(config-ag-group)#[no] tls uplink
Argument Description no
Configures the selected port or link aggregation to a residential port/group of ports
Selecting a TLS Access (User) Port The tls user command configures a physical interface or group of interfaces as a TLS access (user) port/groups. CLI Mode:
Interface Configuration, LAG Interface Configuration, Range Interface Configuration, and LAG Range Interface Configuration
The TLS access port is configured at the Provider-network side of the Customer Edge (CE) switch. NOTE For the tls user command to take effect, first enable TLS by using the tls enable command.
By default, all the ports are set as residential ports. Command Syntax device-name(config-if UU/SS/PP)#[no] tls user device-name(config-if AG0N)#[no] tls user device-name(config-if-group)#[no] tls user device-name(config-ag-group)#[no] tls user
Argument Description no
Configures the selected port or link aggregation to a residential port/group of ports
Page 14 Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
Securing the Management Device Access based on C-VLAN The management VLANs. CLI Mode:
c-vlan command limits the device management access only through specified C-
TLS Service Configuration
TLS service-enabled devices are located at the edge of two domains and thus at the administrative edge of two business entities. A remote business entity manages these devices remotely through a service-encapsulated traffic (the traffic that is encapsulated with TLS service tag). The management service-encapsulated traffic is tunneled through a dedicated management CVLAN in order to separate it from the data service-encapsulated traffic. Configuring a management C-VLAN is mandatory, in order to manage these devices through the TLS Service. If the management C-VLAN is disabled, the following are not allowed: •
Telnet to the device
•
SSH to the device
•
SNMP management NOTE Only one management C-VLAN per TLS service is supported.
The management C-VLAN must not match C-VLANs that are used in SAP definitions. By default, no management C-VLAN is configured on a TLS service. Command Syntax device-name(config-tls SERVICE-NAME)#management c-vlan
Argument Description CVLAN-ID
The C-VLAN ID, in the range of (CVLAN-ID)
Configuring the Layer-2 Protocol Tunneling The tls tunneled-ieee-pdu protocol tunneling. CLI Mode:
enable/disable command enables or disables the Layer-2
Global Configuration
By default, the Layer-2 protocol tunneling is disabled. Command Syntax device-name(config)#tls tunneled-ieee-pdu {enable | disable}
Page 15 Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
Argument Description enable
Enables the Layer-2 protocol tunneling
disable
Disables the Layer-2 protocol tunneling
TLS Tunnel Profile Configuration Mode The tls profile.
tunnel-profile command enters the configuration mode for a specific TLS tunnel
CLI Mode:
Global Configuration and TLS Tunnel Profile Configuration
NOTE Use this command in a Specific TLS Tunnel Profile Configuration mode to switch to the Configuration mode of another TLS tunnel profile; see Example.
Command Syntax device-name(config)#tls tunnel-profile TLS-PROFILE-NAME device-name(tls-profile TLS-PROFILE-NAME)# device-name(tls-profile TLS-PROFILE-NAME)#tls tunnel-profile TLS-PROFILE-
NAME1 device-name(tls-profile TLS-PROFILE-NAME1)#
Argument Description TLS-PROFILE-NAME
The TLS profile name
Example device-name(config)#tls tunnel-profile system device-name(tls-profile system)#tls tunnel-profile p5 device-name(tls-profile p5)#tls tunnel stp
Configuring Layer-2 Protocol PDUs The tls tunnel/discard command specifies one of the allowed Layer-2 protocol PDUs to be tunneled or discarded. CLI Mode:
TLS Tunnel Profile Configuration
Command Syntax device-name(tls-profile PROFILE-NAME)#tls {tunnel | discard} {all-brs | other | dot1x | efm-oam | e-lmi | garp | lacp | lldp | pvst | pb-stp | stp}
Page 16 Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
Argument Description tunnel
Specifies one of the allowed Layer-2 Protocol PDUs to be tunneled
discard
Specifies one of the allowed Layer-2 Protocol PDUs to be discarded
all-brs
Specifies that the PDUs intended for the MAC address that is reserved for the exclusive use by the All Bridges are tunneled
other
Specifies that the PDUs intended for the MAC addresses from the bridge block but are not PDUs of any of the specified protocols are tunneled
dot1x
IEEE 802.1x standard
efm-oam
Ethernet in the First Mile-Operations, Administration and Maintenance standard
e-lmi
Enhanced Local Management Interface
garp
Generic Attribute Registration Protocol
lacp
Link Aggregation Protocol
lldp
Link Layer Discovery Protocol
pvst
Per-VLAN Spanning Tree (PVST) maintains a spanning tree instance for each VLAN configured in the network. Since PVST treats each VLAN as a separate network, it has the ability to load balance traffic (at layer-2) by forwarding some VLANs on one link and other VLANs on another link without causing a spanning tree loop.
pb-stp
Provider Bridge Spanning Tree Protocol
stp
Spanning Tree Protocol
Defining Tunnel MAC Addresses for Predefined Protocols The tls tunneled-ieee-pdu HH:HH:HH:HH:HH:HH command defines a multicast tunnel MAC address that rewrites the original multicast destination MAC address in the encapsulated Layer-2 PDUs. The Layer-2 PDU is transported across the provider network transparently to the other end of the tunnel and the original multicast destination MAC address is restored when the packet is transmitted. CLI Mode:
Global Configuration
Command Syntax device-name(config)#tls tunneled-ieee-pdu {all-brs | other | dot1x | efm-oam | e-lmi | garp | lacp | lldp | pvst | pb-stp | stp} HH:HH:HH:HH:HH:HH
Page 17 Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
Argument Description all-brs
Specifies that PDUs intended for the MAC address that is reserved for the exclusive use by the All Bridges are tunneled
other
Specifies that PDUs intended for the MAC addresses from the bridge block but are not PDUs of any of the specified protocols are tunneled
dot1x
IEEE 802.1x standard
efm-oam
Ethernet in the First Mile-Operations, Administration and Maintenance standard
e-lmi
Enhanced Local Management Interface
garp
Generic Attribute Registration Protocol
lacp
Link Aggregation Protocol
lldp
Link Layer Discovery Protocol
pvst
Per-VLAN Spanning Tree (PVST) maintains a spanning tree instance for each VLAN configured in the network. Since PVST treats each VLAN as a separate network, it has the ability to load balance traffic (at layer-2) by forwarding some VLANs on one link and other VLANs on another link without causing a spanning tree loop.
pb-stp
Provider Bridge Spanning Tree Protocol
stp
Spanning Tree Protocol
HH:HH:HH:HH:HH:HH
Multicast tunnel MAC address, in hexadecimal format Refer to Table 6 for default multicast tunnel MAC addresses
NOTE If you do not specify a MAC address, the default replacement MAC address for each of the specified protocols is used.
Table 6: Default Multicast Tunnel MAC Addresses Protocol
MAC Address
xSTP
01-A0-12-FF-FF-00
LACP/LAMP
01-A0-12-FF-FF-02
Link OAM (802.3ah)
01-A0-12-FF-FF-02
Port Authentication (802.1x)
01-A0-12-FF-FF-03
E-LMI
01-A0-12-FF-FF-07
LLDP (802.1AB)
01-A0-12-FF-FF-0E
Bridge block of protocols
01-A0-12-FF-FF-0X
NOTE X denotes a random digit from 0 to F. When it is found in the original MAC, is preserved in the replacement MAC. All Bridges
01-A0-12-FF-FF-10
Page 18 Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
Protocol
MAC Address
GARP Block of protocols
01-A0-12-FF-FF-2X
NOTE X denotes a random digit from 0 to F. When it is found in the original MAC, is preserved in the replacement MAC. Provider bridge STP
01-A0-12-FF-FF-08
PVST
01-A0-12-CC-CC-CD
When you configure the destination MAC address for encapsulated PDUs, you must leave the last byte of the MAC address for protocols Bridge block of protocols and GARP Block of protocols as default values: •
00—for Bridge block of protocols
•
20—for GARP Block of protocols
Defining Tunnel MAC Addresses for User-Defined Protocols The tls tunneled-ieee-pdu add command defines a multicast tunnel MAC address that rewrites the original multicast destination MAC address in the encapsulated PDU for user-defined Layer-2 protocols. CLI Mode:
Global Configuration
Command Syntax device-name(config)#tls tunneled-ieee-pdu add L2TUN-PROTOCOL-NAME ORIGINAL_HH:HH:HH:HH:HH:HH [TUNNEL_HH:HH:HH:HH:HH:HH] [ETHERTYPE] device-name(config)#no tls tunneled-ieee-pdu L2TUN-PROTOCOL-NAME
Argument Description L2TUN-PROTOCOL-NAME
A text string of characters
ORIGINAL_HH:HH:HH:HH:HH:HH
Original multicast destination MAC address of the specified protocol
TUNNEL_HH:HH:HH:HH:HH:HH
(Optional) multicast tunnel MAC address used for the replacement
ETHERTYPE
(Optional) indicates which protocol is encapsulated in the payload of the Ethernet frame
no
Restores the original multicast destination MAC address
Page 19 Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
Tunneling of Layer-2 Protocol PDUs for SDP The tls
tunneled-ieee-pdu command enables tunneling of Layer-2 protocol PDUs for SDP.
CLI Mode:
SDP Service Configuration
By default, TLS tunneling is disabled. When TLS tunneling is enabled on a TLS service, the default policy is Discard-all. Command Syntax device-name(config-tls-sdp UU/SS/PP:SVLAN-ID:)#tls tunneled-ieee-pdu [discardall | tunnel-all | tunnel-bpdu | TLS-PROFILE-NAME] device-name(config-tls-sdp UU/SS/PP:SVLAN-ID:)#no tls tunneled-ieee-pdu device-name(config-tls-sdp AG0N:SVLAN-ID:)#tls tunneled-ieee-pdu [discard-all | tunnel-all | tunnel-bpdu | TLS-PROFILE-NAME] device-name(config-tls-sdp AG0N:SVLAN-ID:)#no tls tunneled-ieee-pdu
Argument Description discard-all
(Optional) specifies a policy of discarding only Layer-2 protocol PDUs
tunnel-all
(Optional) specifies a policy of tunneling only Layer-2 protocol PDUs
tunnel-bpdu
(Optional) specifies a policy of tunneling only xSTP packets. When the tunneling of xSTP protocols is enabled, it allows tunneling BPDUs between the TLS access (user) ports over the TLS core (uplink) ports. The tunneling is done for packets with Multicast DA of 01-80-c2-00-0000 (STP).
TLS-PROFILE-NAME
(Optional) specifies the custom profile name used to define the tunneling policy on the specified SDP
no
Disables tunneling of IEEE Control packets
Example device-name(config-tls-sdp 1/1/1:4:)#tls tunneled-ieee-pdu tunnel-bpdu
Page 20 Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
Tunneling of Layer-2 Protocol PDUs for SAP The tls
tunneled-ieee-pdu command enables tunneling of Layer-2 protocol PDUs for SAP.
CLI Mode:
SAP Service Configuration
NOTE In SAP Service Configuration mode also exist: the apply-qos-service-policy command. For more information, refer to the Applying the Service Policy on a SAP section of the Configuring Quality of Service (QoS) chapter. the mac access-group and ip access-group commands. For more information, refer to the Configuring Access Control Lists (ACLs) chapter. the event-propagation profile command. For more information, refer to the Applying a Profile to a SAP or a Port section of the Operations, Administration & Maintenance (OAM) chapter.
By default, TLS tunneling is disabled. When TLS tunneling is enabled on a TLS service, the default policy is Discard-all. Command Syntax device-name(config-tls-sap UU/SS/PP:CVLAN-ID:)#tls tunneled-ieee-pdu [discardall | tunnel-all | tunnel-bpdu | TLS-PROFILE-NAME] device-name(config-tls-sap UU/SS/PP:CVLAN-ID:)#no tls tunneled-ieee-pdu
Argument Description discard-all
(Optional) specifies a policy of discarding only Layer-2 protocol PDUs
tunnel-all
(Optional) specifies a policy of tunneling only Layer-2 protocol PDUs
tunnel-bpdu
(Optional) specifies a policy of tunneling only xSTP packets. When the tunneling of xSTP protocols is enabled, it allows tunneling the BPDUs between the TLS access (user) ports over the TLS core (uplink) ports. The tunneling is done for packets with Multicast DA of 01-80-c2-00-0000 (STP).
TLS-PROFILE-NAME
(Optional) specifies the custom profile name used to define the tunneling policy on the specified SAP
no
Disables tunneling of IEEE Control packets
Example device-name(config-tls-sap 1/1/1:5:)#tls tunneled-ieee-pdu tunnel-all
Page 21 Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
Displaying the TLS Configuration The show
tls command displays the TLS configuration.
CLI Mode:
Privileged (Enable)
•
The TLS configuration includes:
•
The TLS status
•
The TLS EtherType
•
The TLS core (uplink) ports
•
The TLS access (user) ports
Command Syntax device-name#show tls
Example device-name#show tls TLS is enabled TLS EtherType 0x8100 ==============================+ |Interface |Mode | -------------+----------------+ |1/2/1 | User | |1/3/1 | Uplink | |AG01 | Residential | |AG02 | Residential | |AG03 | Residential | |AG04 | Residential | |AG05 | Residential | |AG06 | Residential | |AG07 | Residential |
Displaying the L2PT Encapsulation Information The show
tls tunneled-ieee-pdu command displays the L2PT encapsulation information.
CLI Mode:
Privileged (Enable)
Command Syntax device-name#show tls tunneled-ieee-pdu
Page 22 Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
Example device-name#show tls tunneled-ieee-pdu +-----------------+------------------+------------------+----------+ |Protocol |Protocol MAC |Encapsulation MAC |EtherType | +-----------------+------------------+------------------+----------+ |stp |01:80:c2:00:00:00 |01:a0:12:ff:ff:00 |N/A | |lacp |01:80:c2:00:00:02 |01:a0:12:ff:ff:02 |0x8809 | |efm-oam |01:80:c2:00:00:02 |01:a0:12:ff:ff:02 |0x8809 | |dot1x |01:80:c2:00:00:03 |01:a0:12:ff:ff:03 |N/A | |e-lmi |01:80:c2:00:00:07 |01:a0:12:ff:ff:07 |N/A | |lldp |01:80:c2:00:00:0e |01:a0:12:ff:ff:0e |N/A | |other |01:80:c2:00:00:0X |01:a0:12:ff:ff:0X |N/A | |all-brs |01:80:c2:00:00:10 |01:a0:12:ff:ff:10 |N/A | |garp |01:80:c2:00:00:2X |01:a0:12:ff:ff:2X |N/A | |pb-stp |01:80:c2:00:00:08 |01:a0:12:ff:ff:08 |N/A | |pvst |01:00:0c:cc:cc:cd |01:a0:12:cc:cc:cd |N/A | |protocol_name |01:80:c2:00:00:02 |01:a0:12:ff:ff:02 |0x9530 | +-----------------+------------------+------------------+----------+
Displaying the L2PT Configuration Information The show tls information.
tunneled-ieee-pdu service command displays the L2PT configuration
CLI Mode:
Privileged (Enable)
Command Syntax device-name#show tls tunneled-ieee-pdu service {sap SAPSTRING | sdp SDPSTRING}
Argument Description service ID
The unique service identifier, in the range of
sap SAPSTRING
The SAPSTRING has the form UU/SS/PP:CVLANID: The C-VLAN ID is in the range of .
sdp SDPSTRING
The SDPSTRING has the forms:
•
UU/SS/PP:SVLANID:—use it if you configured the SDP on a port
•
ag0N:SVLANID:—use it if you configured the SDP on a link
aggregation The S-VLAN ID is in the range of
Page 23 Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
Example device-name(config)#tls serv 5 device-name(config-tls serv)#sdp 1/2/1 s-vlan 5 device-name(config-tls serv)#sdp 1/2/1 s-vlan 5 option device-name(config-tls-sdp 1/2/1:5:)#tls tunneled-ieee-pdu tunnel-bpdu device-name(config-tls-sdp 1/2/1:5:)#end device-name#show tls tunneled-ieee-pdu service 5 sdp 1/2/1:5: +--------------------------------+--------------------------------+ |Vi Id |Profile Applied | +--------------------------------+--------------------------------+ |1/2/1:5: |tunnel-bpdu |
Displaying Layer-2 Protocol Tunneling Statistics The show statistics.
tls tunneled-ieee-pdu statistics command displays Layer-2 protocol tunneling
CLI Mode:
Privileged (Enable)
Command Syntax device-name#show tls tunneled-ieee-pdu statistics
Example device-name#show tls tunneled-ieee-pdu statistics +--------------------------------------------------------------------------+ | SVC_ID|SAP/SDP_STRING|PROTO_NAME| ACTION| RX| TX| +--------------------------------------------------------------------------+ | 7268| 1/1/2:5| stp| tunnel| 0| 0| | 7268| 1/1/2:5| lacp|discard| 0| 0| | 7268| 1/1/2:5| efm-oam|discard| 0| 0| | 7268| 1/1/2:5| dot1x|discard| 0| 0| | 7268| 1/1/2:5| e-lmi|discard| 0| 0| | 7268| 1/1/2:5| lldp|discard| 0| 0| | 7268| 1/1/2:5| other|discard| 0| 0| | 7268| 1/1/2:5| all-brs|discard| 0| 0| | 7268| 1/1/2:5| garp|discard| 0| 0| | 7268| 1/1/2:5| pb-stp|discard| 0| 0| | 7268| 1/1/2:5| pvst|discard| 0| 0| +--------------------------------------------------------------------------+
Page 24 Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
Displaying TLS Profile Names The show tls tunnel-profile command displays the TLS profile names used to define the tunneling policy. CLI Mode:
Privileged (Enable)
Command Syntax device-name#show tls tunnel-profile [TLS-PROFILE-NAME]
Argument Description TLS-PROFILE-NAME
(Optional) displays the specified custom profile name used to define the tunneling policy on a specified port
Example device-name#show tls tunnel-profile ProfileName: my_tunnel +-----------------+-----------+ |Protocol |Action | +-----------------+-----------+ |stp |tunnel | |lacp |tunnel | |efm-oam |discard | |dot1x |discard | |e-lmi |discard | |lldp |discard | |other |discard | |all-brs |tunnel | |garp |discard | |pb-stp |discard | |pvst |discard | +-----------------+-----------+ ProfileName: lacp_tunnel +-----------------+-----------+ |Protocol |Action | +-----------------+-----------+ |stp |discard | |lacp |tunnel | |efm-oam |discard | |dot1x |discard | |e-lmi |discard | |lldp |discard | |other |discard | |all-brs |discard | |garp |discard | |pb-stp |discard |
Page 25 Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
|pvst |discard | +-----------------+-----------+
Displaying TLS Services The show services.
tls-services command displays information about all currently configured TLS
CLI Mode:
Privileged (Enable), and TLS Service Configuration
Command Syntax device-name#show tls-services device-name(config-tls SERVICE-NAME)#show tls-services
Example device-name#show tls-services +---------+--------------------------------+------+-----+-----+ | Idx | Service Name |S-VLAN|Encap|State| +---------+--------------------------------+------+-----+-----+ |00007615 |test | 0002 |QinQ |Up |
Page 26 Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
TLS Configuration Examples Example 1 The following figure shows an example of an interface TLS configuration.
Figure 3: TLS Interface Example
1.
Enable TLS: device-name#configure terminal device-name(config)#tls enable
2.
Configure the TLS core (uplink) port on port 1/2/1: device-name(config)#interface 1/2/1 device-name(config-if 1/2/1)#tls uplink
3.
Configure the TLS access (user) port on port 1/2/8: device-name(config-if 1/2/1)#interface 1/2/8 device-name(config-if 1/2/8)#tls user device-name(config-if 1/2/8)#exit
4.
Add the TLS core (uplink) port as a tagged member to VLAN 10. Also add access (user) port as an untagged member to that VLAN. device-name(config)#vlan device-name(config vlan)#create v10 10 device-name(config vlan)#config v10 device-name(config-vlan v10)#add ports 1/2/1 tagged device-name(config-vlan v10)#add ports 1/2/8 untagged device-name(config-vlan v10)#add ports default 1/2/8 device-name(config-vlan v10)#end
Page 27 Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
5.
Display the TLS configuration: device-name#show tls TLS is enabled TLS EtherType 0x8100 +===========+================+ | Interface | Mode | +-----------+----------------+ | 1/2/1 | uplink | | 1/2/8 | user | |AG01 | Residential | … |AG07 | Residential |
Example 2 Figure 4 shows an example of a TLS tunneling configuration.
Figure 4: TLS Tunneling Example
1.
Create the VLAN vl5 with ID 5 and add to it the 1/2/1 port (SDP port) as tagged and 1/2/2 port (SAP port) as untagged: device-name#configure terminal device-name(config)#vlan device-name(config vlan)#create v5 5 device-name(config vlan)#config v5 device-name(config-vlan v5)#add ports 1/2/1 tagged device-name(config-vlan v5)#add ports 1/2/2 untagged device-name(config-vlan v5)#add ports default 1/2/2 device-name(config-vlan v5)#exit device-name(config vlan)#exit
2.
Define a new TLS service and enable TLS tunneling: device-name(config)#tls tunneled-ieee-pdu enable device-name(config)#tls serv 5
3.
Define SDP: device-name(config-tls serv)#sdp 1/2/1 s-vlan 5 device-name(config-tls serv)#sdp 1/2/1 s-vlan 5 option device-name(config-tls-sdp 1/2/1:5:)#tls tunneled-ieee-pdu tunnel-bpdu device-name(config-tls-sdp 1/2/1:5:)#exit
Page 28 Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
4.
Add wildcard VLAN for SAP: device-name(config-tls serv)#sap 1/2/2 c-vlans 6 device-name(config-tls serv)#sap 1/2/2 c-vlans 6 option device-name(config-tls-sap 1/2/2:6:)#tls tunneled-ieee-pdu tunnel-bpdu device-name(config-tls-sap 1/2/2:6:)#end
5.
Display TLS services: device-name#show tls-services +---------+--------------------------------+------+-----+-----+ | Idx | Service Name |S-VLAN|Encap|State| +---------+--------------------------------+------+-----+-----+ |00000005 |serv | 0005 |QinQ |Up |
6.
Display TLS tunneling: device-name#show tls tunneled-ieee-pdu service 5 sdp 1/2/1:5: +--------------------------------+--------------------------------+ |Vi Id |Profile Applied | +--------------------------------+--------------------------------+ |1/2/1:5: |tunnel-bpdu | device-name#show tls tunneled-ieee-pdu service 5 sap 1/2/2:6: +--------------------------------+--------------------------------+ |Vi Id |Profile Applied | +--------------------------------+--------------------------------+ |1/2/2:6: |tunnel-bpdu |
Page 29 Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
Supported Platforms Feature
T-Marc 340
T-Marc 380
Transparent LAN Services (TLS)
+
+
Supported Standards, MIBs, and RFCs Feature
Standards
MIBs
RFCs
Transparent LAN Services (TLS)
No standards are supported by this feature.
Private MIBs:
No RFCs are supported by this feature.
• •
prvt_serv.mib prvt_L2tunneling.mib
Page 30 Configuring Transparent LAN Services (TLS) (Rev. 10)
Configuring Spanning Tree Protocol (STP) Table of Figures ······················································································ 3 Overview ······························································································· 4 Architecture ··························································································· 4 The Election Algorithm············································································· 4 Selecting a Root Bridge ·········································································· 4 Selecting a Designated Bridge per Network Segment ········································· 4 Selecting the Root and Alternate Ports ························································· 5 Line Error Detection ············································································· 5 Bridge Protocol Data Units (BPDUs) ·························································· 5 The STP Path Cost ·················································································· 6 The STP Port States ················································································· 6 Topology Changes Detection······································································ 8 Broadcasting an Event to the Network························································· 9 The STP Timers······················································································ 9 Message Age ·····················································································10 The STP Diameter···············································································11 Calculating the STP Timers·····································································11 STP Address Management ········································································12 STP Loop Guard ····················································································12 Internet Group Multicast Protocol (IGMP) Fast Recovery ·································13 STP Default Configuration ·····································································15 STP Configuration Flow ···········································································16 STP Configuration Commands···································································17 Enabling/Disabling STP ········································································19 Enabling/Disabling STP per Port······························································19 Defining the STP Bridge Priority ······························································20 Defining the STP Priority per Port ····························································20
Page 1 Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series User Guide
Defining the Hello-Time········································································21 Defining the Maximum Aging Timer ··························································21 Defining the Forward-Delay Timer ····························································22 Defining the Port Path Cost ····································································22 Enabling/Disabling STP Topology Change Detection ······································23 Enabling/Disabling Line Error Detection ····················································23 Enabling/Disabling Line Flapping Detection ················································24 Setting the BPDU Guard ·······································································24 Enabling/Disabling the Loop Guard per Port················································25 Enabling/Disabling Root Restriction··························································25 Configuring the BPDUs MAC Address ·······················································26 Restoring STP Port Parameters to Defaults···················································26 Configuring IGMP Fast Recovery ·····························································26 Displaying the STP Configuration ·····························································27 Displaying the Ports’ STP Configuration······················································28 Displaying the STP Topology for a Specific Port ············································32 Enabling STP Debug Information ·····························································33 Displaying the STP Debug Status ······························································33 STP Configuration Example ······································································34 Supported Platforms ················································································38 Supported Standards, MIBs, and RFCs·························································38
Page 2 Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series User Guide
Table of Figures Figure 1: The Spanning Tree Port States ······················································· 7 Figure 2: Topology Change ······································································ 8 Figure 3: Topology Change with TC Message ················································· 9 Figure 4: BPDU Age Parameter ································································10 Figure 5: Calculating the Diameter ·····························································11 Figure 6: Spanning Tree IGMP Configuration················································13 Figure 7: Spanning Tree IGMP Fast Recovery Configuration ······························14 Figure 8: STP Configuration Flow ·····························································16 Figure 9: Spanning Tree Configuration Example·············································34
Page 3 Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Overview Spanning Tree Protocol (STP, IEEE 802.1d) is a Layer 2 protocol that provides path redundancy, ensuring a loop-free topology for bridged LANs. Using this protocol, a network can include redundant links that provide automatic backup paths in case of an active link failure. It controls the links, leaving only a single active path between any two network nodes.
Architecture The STP algorithm calculates each path cost throughout all the devices within the network’s spanning tree, remaining the paths with the lower cost as active paths and blocking others. It activates the blocked paths in case the active link fails or if the path cost changes.
The Election Algorithm Selecting a Root Bridge In order to elect the active paths within a network, STP first determines a Root bridge. The Root is the device towards which all other devices calculate the path cost. The protocol then selects the path with the lowest cost between each device to the Root as the active path, while blocking all other redundant paths. Each bridge within the spanning tree has a unique ID that is made up of the bridge’s user-defined priority and MAC address. The protocol selects the bridge with the lowest ID as the Root. System administrators can alter the bridge ID by configuring the bridge priority, thus control the probability of a bridge becoming a Root.
Selecting a Designated Bridge per Network Segment After selecting the Root bridge, STP selects a Designated bridge per network segment. This is the closest bridge to the Root, forwarding packets from that segment towards the root bridge. Each segment has only one Designated bridge. The Designated bridge has one Designated port that forwards packets from the Root bridge to this segment.
Page 4 Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Selecting the Root and Alternate Ports The last election step is selecting a Root port (per bridge) that sends data towards the Root bridge. In order to avoid loops, all other ports that provide redundant paths to the Root bridge are set as Alternate ports. These ports do not forward traffic unless the Root port goes down. Each bridge has only one Root port, as a single path toward the Root bridge.
Line Error Detection The protocol allows interchanging the roles of the Root port and an Alternate port when the CRC errors on the line reach a critical level. In this case the Root port’s path cost automatically changes into a higher value, triggering the interchange of the Root and Alternate port statuses. For detailed information regarding the port role assignments, refer to the RSTP Port Roles section from Configuring Rapid Spanning Tree Protocol (RSTP) chapter.
Bridge Protocol Data Units (BPDUs) Bridges exchange the above information using Bridge Protocol Data Units (BPDUs) that include the following information: •
the Root bridge ID
•
the designated bridge ID
•
the path cost—the distance between the Root to the device
•
the designated port ID
The protocol uses three BPDU types: •
Configuration BPDUs, used for the election algorithm
•
Topology Change Notification (TCN) BPDUs, announcing network topology changes
•
Topology Change Notification Acknowledgment BPDUs, sent when a device receives a TCN, forwarding the TCN on its Root port.
Page 5 Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
The STP Path Cost Each bridge port has an assigned path cost, a user-definable parameter that determines the port’s preference to be included in the active spanning tree topology. During BPDU exchange, STP sums up the path costs along all Designated ports (Designated path cost). This value then serves as the bridge’s distance from the Root. The lower the cost, the closer the device is to the Root. If two devices have identical path costs, STP selects the path based on port priority and bridge IDs as a tiebreaker.
The STP Port States STP uses five port states controlling the BDPU traffic. To ensure a loop-free network during topology changes inactive ports: •
cannot start forwarding prior to the new topology-information propagating through the switched LAN
•
have to allow frames—that were forwarded using the old topology—to expire
Table 1: STP States STP State
Description
Blocking
The port does not forward frames. It moves to this state after the initialization phase, when a different device/port was elected as Root. If there is only one device in the network, no exchange occurs, the forwarddelay timer expires, and the ports move to Listening state. A port in blocking state:
• • • •
discards frames discards frames switched from another port for forwarding does not learn MAC addresses
receives BPDUs A Blocking port can enter Listening or Disabled states. Listening
This is the first state a Blocking port transitions to when STP determines that the port should participate in frame forwarding. The device processes BPDUs and waits for possible new information that might cause it to return to the Blocking state. A port in Listening state performs the same steps as Blocking state. From this state the port can enter Learning or Disabled states.
Page 6 Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
STP State
Description
Learning
This is the second state the port enters when preparing to participate in frame-forwarding. The port does not yet forward frames. However it learns source addresses from received frames, adding them to the filtering database. A port in Learning state:
• • • •
discards frames discards frames switched from another port for forwarding learns MAC addresses
receives BPDUs From this state the port can enter Forwarding or Disabled states. Forwarding
The port forwards frames. The device processes BPDUs and waits for possible new information that might cause it to return to Blocking state to prevent a loop. A port in Forwarding state:
• • • •
receives and forwards frames forwards frames switched from other ports learns MAC addresses
receives BPDUs From this state the port can enter Disabled state. Disabled
A port in this state does not participate in frame forwarding and spanning tree. The port performs the same steps as Blocking state, except it does not receive BPDUs.
The following figure illustrates how a port moves through the above states.
Figure 1: The Spanning Tree Port States
Page 7 Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Topology Changes Detection When a bridge detects a topology change in the network (such as a link failure or the link changing to Forwarding state), it sends this event to the entire bridged network. The process is done in two stages: 1.
The bridge notifies the STP Root.
2.
The Root broadcasts the information to the whole network.
Upon a topology change the address tables of all devices are flushed and new paths are learned. The below figure illustrates the network’s reaction to a topology change. The initial data path between Computer 1 and Computer 2 is via Device A→Device B→Device C.
Figure 2: Topology Change
After a topology change the new data path becomes Device A→Device D→Device C. During the topology-change period, devices C and D are not aware of the topology change. During this period frames sent from Computer 1 are forwarded to Device B and there is no connection between the Computer 1 and Computer 2 until the address table ages out. To avoid connection loss caused by a topology change, STP implements a mechanism called Topology Change Notification (TCN). This mechanism flushes the devices’ MAC addresses upon a topology change.
Page 8 Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Broadcasting an Event to the Network When the Root is aware of a topology change, it sends out configuration BPDUs with the Topology Change (TC) flag set. As a result, all bridges become aware of the topology change and reduce the MaxAge timer to the forward-delay timer (see below The STP Timers). Bridges receive topology-change BPDUs on both forwarding and blocking ports.
Figure 3: Topology Change with TC Message
The STP Timers The following table describes the timers affecting the STP performance. Table 2: STP Timers Variable
Description
Hello timer
The interval between two consecutive BPDUs a device sends to other devices.
Forward-delay timer
The time a port is in Listening and Learning states before the port begins forwarding.
Maximum-age timer (MaxAge)
The time the device stores protocol information received on a port.
Message Age
How far a device is from the Root when it receives a BDPU
Page 9 Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Message Age The message age value of all BPDUs the Root sends are zero. Each subsequent device increments the message age value by one, as illustrated in the below figure:
Figure 4: BPDU Age Parameter
After receiving a new BPDU equal to or greater than the recorded information on the port, all BPDU information is stored, and the age timer begins to run, starting at the message age. If this age timer reaches MaxAge before receiving another BPDU, the information ages out for that port. For example, in the above figure: •
Device B and C receive a BPDU from Device A with message age value zero. On the port going to Device A, it takes MaxAge seconds before the information ages out.
•
Device D and E receive a BPDU from Device B with message age value one. On the port going to Device A, it takes MaxAge-1 seconds before the information ages out.
•
Device F receives a BPDU from Device E with message age value two. On the port going to Device E, it takes MaxAge-2 seconds before the information ages out.
Page 10 Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
The STP Diameter The STP timers’ settings are based on the STP diameter, the maximum number of bridges between any two end points on the network. IEEE 802.1D specification recommends a maximum network diameter of 7 hops. (Therefore the maximum STP ring size is 14 devices: a distance of seven hops from the root to the last bridge in the ring.) The below figure illustrates a network built up of a diameter of five (path A-C-B-E-D). It contains three access devices (C, D, and E) attached to two distribution devices (A and B) and a Layer 3 boundary between the distribution devices and the core. The bridged domain stops at the distribution devices. The maximum STP diameter of five is between: •
C-A-D-B-E
•
D-A-C-B-E
Figure 5: Calculating the Diameter
Calculating the STP Timers To calculate the STP timers use the following formulas: Max_age = 4 x hello +2 x dia - 2 Forward_delay = (4 x hello + 3 x dia) / 2
Based on the above formulas, lowering the hello-timer value decreases the other STP parameters. However, it doubles the amount of BPDUs sent/received by each bridge, causing additional load on the CPU.
Page 11 Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
STP Address Management IEEE 802.1D specifies 17 multicast MAC addresses, with a valid range from 0x0180C2000000 to 0x0180C2000010, to use by different bridge protocols. These addresses are static addresses that cannot be removed. Regardless of the STP state, the device receives but does not forward packets destined for addresses between 0x0180c2000000 and 0x0180C200000F. If STP is enabled, the CPU of the device receives packets destined for 0x0180C2000000 and 0x0180C2000010. If STP is disabled, the device forwards those packets as unknown multicast addresses.
STP Loop Guard STP relies on continuous reception or transmission of BPDUs based on port roles. However, there are cases where an STP loop is created when a Blocking port in a redundant topology transitions to Forwarding state by mistake. This happens when one of the ports of a physically redundant topology no longer receives STP BPDUs. As a result the Alternate port, Backup port, or Root port eventually becomes Designated and moves to Forwarding state, creating a loop. The STP Loop Guard feature provides additional protection against STP loops. This feature implements a mechanism that maintains the port in Blocking state, instead of transitioning it to Forwarding state, whenever BPDUs from a neighbor are lost.
Page 12 Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Internet Group Multicast Protocol (IGMP) Fast Recovery When using the IGMP Fast Recovery feature, the multicast traffic takes advantage of the connectivity and convergence time provided by STP. In the following figure, all devices run IGMP snooping and a spanning tree protocol (STP, RSTP, or MSTP). In this figure: 1.
The Multicast Router floods traffic for multicast groups that the client is subscribed to.
Figure 6: Spanning Tree IGMP Configuration
2.
The Multicast Router sends an IGMP query to the clients for their multicast group memberships.
3.
The client(s) reply with IGMP Reports. The traffic flows from the Multicast Router, through Device D and Device A, to Device C. All ports between the devices and the Multicast Router are mrouter ports. Device C’s mrouter port that links to Device B is blocked. If a topology change occurs and the link between Device C and Device A goes down, the Device C’s blocked port transitions into Forwarding state.
4.
If you configure IGMP Fast Recovery on Device C, the device reacts to the topology change by sending an IGMP General Query to all its non-mrouter ports.
Page 13 Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
5.
The client(s) respond to the General IGMP Query with an IGMP report.
6.
Device C forwards the IGMP report to its mrouter ports and the report is then sent to the Multicast Router through Device B and Device D.
7.
Client(s) traffic connected to Device C is transmitted through Device B instead of Device A, as shown on the figure below.
Figure 7: Spanning Tree IGMP Fast Recovery Configuration
Page 14 Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
STP Default Configuration Table 3: STP Default Configuration Parameter
Default Value
Spanning Tree Protocol
Disabled
STP bridge priority
32768
STP hello-time
2 seconds
STP forward-delay timer
15 seconds
STP MaxAge timer
20 seconds
Line error detection
Disabled
STP path cost
10
STP port priority
128
STP topology change detection
Enabled
Debug STP
Disabled
Page 15 Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
STP Configuration Flow Start
Enable STP
Yes
Is this bridge the root?
Change the priority to the lowest in the network
No
Set the STP Timers (hello-timer, MaxAge, forward-delay)
Define the ports path cost
Disable TC detection on loop-free ports (Optional)
Optional STP Configuration
End Figure 8: STP Configuration Flow
Page 16 Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
STP Configuration Commands The STP default values are sufficient for obtaining a loop-free redundant network topology. However, to enforce topology demands on the dynamically built topology, configure several parameters before connecting the network. Table 4: STP Configuration Commands Command
Description
spanning-tree
Enables/disables the STP on the device (see Enabling/Disabling STP)
spanning-tree
Enables/disables the STP per port (see Enabling/Disabling STP per Port)
spanning-tree priority
Defines the STP bridge priority (see Defining the STP Bridge Priority)
spanning-tree priority
Defines the STP port priority (see Enabling/Disabling STP per Port)
spanning-tree hello-time
Defines the hello-time interval (see Defining the Hello-Time)
spanning-tree max-age
Defines the Maximum Age timer (see Defining the Maximum Aging Timer)
spanning-tree forwarddelay
Defines the forward-delay timer (see Defining the ForwardDelay Timer)
spanning-tree path-cost
Defines the STP port path cost (see Defining the Port Path Cost)
Table 5: Optional STP Configuration Commands Command
Description
spanning-tree detect-tc
Enables topology-change detection on the configured port (see Enabling/Disabling STP Topology Change Detection)
spanning-tree lineerror-detect
Enables line-error detection (see Enabling/Disabling Line Error Detection)
spanning-tree lineflapping-detect
Causes the Root and Alternate ports to change roles in case of flapping (see Enabling/Disabling Line Flapping Detection)
spanning-tree bpdu-rx
Prevents an STP port from receiving BPDUs (see Setting the BPDU Guard)
spanning-tree detectbpdu-loss
Enables/disables the Loop Guard on a port (see Enabling/Disabling the Loop )
spanning-tree restrictroot
Enables/disables the selection of a port as the Root port (see Enabling/Disabling Root Restriction)
spanning-tree destination
Specifies the MAC address used for BPDUs destination address (see Configuring the BPDUs MAC Address)
spanning-tree defaults
Restores a port’s STP parameters to their defaults (see Restoring STP Port Parameters to Defaults)
spanning-tree igmp-fastrecovery
Configures the IGMP fast recovery feature (see Configuring IGMP Fast Recovery)
Page 17 Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Table 6: STP Display Commands Command
Description
spanning-tree
Displays the current STP configuration (see Displaying the STP Configuration)
spanning-tree interface
Displays the STP settings and topology per port or for all ports (see Displaying the Ports’ STP Configuration)
spanning-tree all show spanning-tree show spanning-tree interface
Displays the spanning tree topology for a specified port (see Displaying the STP Topology for a Specific Port)
Table 7: STP Debugging Commands Command
Description
debug stp
Enables the debugging STP information (see Enabling STP Debug Information)
show debug stp
Displays the STP debug status (see Displaying the STP Debug Status)
Page 18 Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Enabling/Disabling STP The spanning-tree command enables/disables STP on the device. CLI Mode:
Protocol Configuration
STP is disabled by default. Command Syntax device-name(cfg protocol)#spanning-tree [enable | disable] device-name(cfg protocol)#no spanning-tree
Argument Description enable
(Optional) enables STP, the device becoming a node in the tree
disable
(Optional) disables STP
no
Restores to default
Enabling/Disabling STP per Port The spanning-tree command enables/disables STP per port. You can enable/disable STP per port only if the feature is enabled on the device. CLI Modes:
Interface Configuration and Interface Range Configuration
By default, enabling STP on the device enables the feature on all ports. Disabling STP on the device disables it on all ports. Command Syntax device-name(config-if UU/SS/PP)#spanning-tree [enable | disable | all] device-name(config-if-group)#spanning-tree [enable | disable]
Argument Description enable
(Optional) enables STP on the specified port
disable
(Optional) disables STP on the specified port
all
(Optional) enables STP on all ports
Page 19 Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Defining the STP Bridge Priority The spanning-tree CLI Mode:
priority command defines the STP bridge priority.
Protocol Configuration
The default bridge priority is 32768. Command Syntax device-name(cfg protocol)#spanning-tree priority device-name(cfg protocol)#no spanning-tree priority
Argument Description bridge-priority
The bridge priority, in the range of . The bridge with the highest bridge priority (the lowest numerical priority value) is selected as Root device
no
Restores to default
Defining the STP Priority per Port The spanning-tree priority command defines the STP port priority. The STP port priority represents the location of a port in the network topology and determines how well it is located for forwarding traffic. CLI Modes:
Interface Configuration and Interface Range Configuration
The default port priority is 128. Command Syntax device-name(config-if UU/SS/PP)#spanning-tree priority device-name(config-if UU/SS/PP)#no spanning-tree priority device-name(config-if-group)#spanning-tree priority device-name(config-if-group)#no spanning-tree priority
Argument Description priority
The port STP priority, in the range of . This value is a multiple of 16. Assign lower values (higher priorities) to preferred ports. If all the ports have the same priority value, STP selects the port with the lowest number in Forwarding state and blocks other ports.
no
Restores to default
Page 20 Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Defining the Hello-Time The spanning-tree device transmits.
hello-time command defines the interval between consecutive BPDUs the
Use this command when the device is the Root, or trying to become one. CLI Mode:
Protocol Configuration
The default hello-time is 2 seconds. Command Syntax device-name(cfg protocol)#spanning-tree hello-time device-name(cfg protocol)#no spanning-tree hello-time
Argument Description hello-time
The interval between transmitting BPDUs, in the range of seconds. This value must be less than MaxAge/2-1 (refer to the Defining the Maximum Aging Timer section).
no
Configures the hello-time interval to its default value.
Defining the Maximum Aging Timer The spanning-tree max-age command defines the interval the device waits for receiving a BPDU before attempting a reconfiguration. CLI Mode:
Protocol Configuration
The default value is 20 seconds. Command Syntax device-name(cfg protocol)#spanning-tree max-age device-name(cfg protocol)#no spanning-tree max-age
Argument Description max-age
The maximum aging time, in the range of seconds. The MaxAge value must be greater than 2*(hello-time+1) and less than 2*(forwarddelay-1).
no
Restores to default
Page 21 Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Defining the Forward-Delay Timer The spanning-tree forward-delay command defines the interval the device waits before transitioning from Learning and Listening states to Forwarding state. CLI Mode:
Protocol Configuration
The default forward-delay value is 15 seconds. NOTE The forward-delay value must be greater than MaxAge/2+1. Command Syntax device-name(cfg protocol)#spanning-tree forward-delay device-name(cfg protocol)#no spanning-tree forward-delay
Argument Description forward-delay
The interval before transitioning from Listening and Learning states to Forwarding State, in the range of seconds. This value must be greater than MaxAge/2+1. When a topology change is underway and is detected, use this parameter to age all dynamic entries in the Forwarding database.
no
Restores to default
Defining the Port Path Cost The spanning-tree CLI Modes:
path-cost command defines the STP port path cost.
Interface Configuration and Interface Range Configuration
The default port path cost is 10. Command Syntax device-name(config-if UU/SS/PP)#spanning-tree path-cost device-name(config-if UU/SS/PP)#no spanning-tree path-cost device-name(config-if-group)#spanning-tree path-cost device-name(config-if-group)#no spanning-tree path-cost
Argument Description path-cost
The path cost value, in the range of . Assign lower cost values to ports that you want to select first. If all ports have the same cost value, STP selects the port with the lowest number in Forwarding state and blocks other ports.
no
Restores to default
Page 22 Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Enabling/Disabling STP Topology Change Detection The spanning-tree port. CLI Modes:
detect-tc command enables topology change detection on the configured
Interface Configuration and Interface Range Configuration
Topology change detection is enabled by default. Command Syntax device-name(config-if UU/SS/PP)#spanning-tree detect-tc device-name(config-if UU/SS/PP)#no spanning-tree detect-tc device-name(config-if-group)#spanning-tree detect-tc device-name(config-if-group)#no spanning-tree detect-tc
Argument Description no
Disables topology change detection on specified ports, preventing the switch from detecting and propagating topology changes on the specified port/s.
Enabling/Disabling Line Error Detection The spanning-tree line-error-detect command enables/disables line error detection. The error level is considered critical when the CRC error rate exceeds 1% within a 3 seconds interval. CLI Mode:
Protocol Configuration
Line error detection is disabled by default. Command Syntax device-name(cfg protocol)#spanning-tree line-error-detect {enable | disable}
Argument Description enable
Enables line error detection
disable
Disables line error detection
Page 23 Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Enabling/Disabling Line Flapping Detection The spanning-tree line-flapping-detect command causes the Root and Alternate ports to change roles in case of flapping (continued and uncontrolled link up and down event) on a physical port. CLI Mode:
Protocol Configuration
Command Syntax device-name(cfg protocol)#spanning-tree line-flapping-detect {enable | disable}
Argument Description enable
Enables line flapping detection
disable
Disables line flapping detection
Setting the BPDU Guard The spanning-tree specified port. CLI Modes:
bpdu-rx
command defines the STP reaction when receiving a BPDU on the
Interface Configuration and Interface Range Configuration
Command Syntax device-name(config-if UU/SS/PP)#spanning-tree bpdu-rx {discard | disable-port | standard} device-name(config-if-group)#spanning-tree bpdu-rx {discard | disable-port | standard}
Argument Description discard
The device drops received BPDUs (ignores the BPDU information)
disable-port
Receiving a BPDU disables the port
standard
BPDUs are processed according to standard STP mechanisms (default)
Page 24 Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Enabling/Disabling the Loop Guard per Port The spanning-tree specific port. CLI Modes:
detect-bpdu-loss command enables/disables the Loop Guard on a
Interface Configuration and Interface Range Configuration
The Loop Guard is disabled by default. Command Syntax device-name(config-if UU/SS/PP)#spanning-tree detect-bpdu-loss {enable | disable} device-name(config-if-group)#spanning-tree detect-bpdu-loss {enable | disable}
Argument Description enable
Enables BPDU loss detection (Loop Guard is disabled).
disable
Disables BPDU loss detection (Enables Loop Guard on the port). This parameter does not change the port’s state, if the port is not a Designated port, even if the port stops receiving BPDUs from its peer port. Disables Loop Guard on the specified port: the port state does not change, even if stops receiving BPDUs.
Enabling/Disabling Root Restriction The spanning-tree CLI Modes:
restrict-root command enables/disables selecting a port as the Root port.
Interface Configuration and Interface Range Configuration
Root restriction is disabled by default. Command Syntax device-name(config-if UU/SS/PP)#spanning-tree restrict-root {enable | disable}
device-name(config-if-group)#spanning-tree restrict-root {enable | disable}
Argument Description enable
Enables root restriction on the specified port (the port is not selected as Root port)
disable
Disables root restriction
Page 25 Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Configuring the BPDUs MAC Address The spanning-tree destination address.
destination command specifies the MAC address used for BPDUs
This command configures STP to send BPDUs to destination MAC address 01:80:C2:00:00:08. CLI Mode:
Protocol Configuration
The default value is customer, when BPDUs are sent to destination MAC address 01:80:C2:00:00:00. Command Syntax device-name(cfg protocol)#spanning-tree destination {customer | provider}
Argument Description customer
Customer mode 802.1D compliant
provider
Provider mode 802.1ad compliant
Restoring STP Port Parameters to Defaults The spanning-tree CLI Modes:
defaults command restores the port’s STP parameters to default values.
Interface Configuration and Interface Range Configuration
Command Syntax device-name(config-if UU/SS/PP)#spanning-tree defaults device-name(config-if-group)#spanning-tree defaults
Configuring IGMP Fast Recovery The spanning-tree on the device. CLI Mode:
igmp-fast-recovery command configures the IGMP fast recovery feature
Protocol Configuration
Command Syntax device-name(cfg protocol)#spanning-tree igmp-fast-recovery {enable | disable | vlan VLAN-LIST ports PORT-LIST} device-name(cfg protocol)#no spanning-tree igmp-fast-recovery vlan VLAN-LIST ports PORT-LIST
Page 26 Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Argument Description enable
Globally enables the fast recovery
disable
Globally disables the fast recovery Disabled
vlan VLAN-LIST
A list of VLAN IDs, in the range of , in the below format:
• •
A hyphenated range of VLANs (for example: 8–32) Several VLAN numbers and/or ranges, separated by commas (for example: 2,4,8–32)
ports PORT-LIST
Specifies one or more port numbers. Use commas as separators and hyphens to indicate sub-ranges (for example: 1/1/1, 1/2/1–1/2/8)
no
Disables the fast recovery on specified VLAN and port lists.
Displaying the STP Configuration The spanning-tree command displays the current STP configuration. CLI Mode:
Protocol Configuration
NOTE You can also display the current STP configuration using the show spanning-tree command. Command Syntax device-name(cfg protocol)#spanning-tree
Example device-name(cfg protocol)#spanning-tree Spanning tree enabled ProtocolSpecification = ieee8021d Priority = 32768 TimeSinceTopologyChange = 372 (Sec) TopChanges = 3 DesignatedRoot = This bridge is the root MaxAge = 20 (Sec) HelloTime = 2 (Sec) ForwardDelay = 15 (Sec) HoldTime = 1 (Sec) BridgeMaxAge = 20 (Sec) BridgeHelloTime = 2 (Sec) BridgeForwardDelay = 15 (Sec) DetectLineCRCReconfig = disabled DetectLineFlapping = disabled SpanIgmpFastRecovery = disabled
Page 27 Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Table 8: The Parameters Displayed by the STP show Commands Parameter
Description
Spanning tree
The STP global state
ProtocolSpecification
The protocol standard
Priority
The bridge priority
TimeSinceTopologyChange
The time since the last topology change, in seconds
TopChanges
The number of times the topology change flag parameter for the bridge was set the last time the device was turned on
DesignatedRoot
The Root’s unique bridge identifier. This value is used in all Configuration BPDUs transmitted by the bridge.
MaxAge
The configured maximum-aging timer, in seconds
HelloTime
The configured hello timer, in seconds
ForwardDelay
The configured forward-delay timer, in seconds
HoldTime
The minimum interval between Configuration BPDUs transmission through a given LAN port (this parameter is fixed to 1 second)
BridgeMaxAge
The maximum-aging timer when the bridge is the Root or is attempting to become the Root, in seconds
BridgeHelloTime
The hello timer when the bridge is the Root or is attempting to become the Root, in seconds
BridgeForwardDelay
The forward-delay timer when the bridge is the Root or is attempting to become the Root, in seconds
DetectLineCRCReconfig
Indicates whether line error detection is enabled or not
DetectLineFlapping
Indicates whether link flapping is enabled or not
SpanIgmpFastRecovery
Indicates whether IGMP fast recovery is enabled or disabled
Displaying the Ports’ STP Configuration The spanning-tree interface command displays the STP settings for a specified port. This command also enters the Interface Configuration mode. CLI Mode:
Protocol Configuration
The spanning-tree CLI Modes:
The
all
command displays the STP topology for all ports.
Interface Configuration and Interface Range Configuration
show spanning-tree command displays the STP settings and the STP topology for all ports.
CLI Mode:
Privileged (Enable)
Page 28 Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Command Syntax device-name(cfg protocol)#spanning-tree interface UU/SS/PP device-name(config-if UU/SS/PP)# device-name(cfg protocol)#spanning-tree interface all device-name(config-if UU/SS/PP)#spanning-tree all device-name#show spanning-tree
Argument Description UU/SS/PP
The port number, in a unit, slot, and port number format
all
Displays the STP settings for all ports
Example 1
Display the STP settings for port 1/1/1: device-name(cfg protocol)#spanning-tree interface 1/1/1 PortPriority = 128 PortState = disabled PortEnable = disabled PortPathCost = 10 DesignatedRoot = 08192.00:A0:12:00:00:03 DesignatedCost = 19 DesignatedBridge = 32768.00:A0:12:11:29:82 DesignatedPort = 128.1 FrwrdTransitions = 0 TopChangeDetection = Enabled
Example 2
Display the STP topology for all ports: device-name(cfg protocol)#spanning-tree interface all ======================================================================== Port |Pri|State|PCost| DCost |Designated bridge |DPrt |FwrdT|DtctTc --------+---+-----+-----+-------+------------------+------+-----+------01/02/01 128 listn 19 19 32768.00A012000003 128.01 2 Disabled 01/02/02 128 block 19 0 32768.000002030405 128.63 0 Enabled 01/02/03 128 listn 19 0 32768.000002030405 128.62 2 Enabled
Page 29 Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Example 3
Display the STP settings and topology for all ports: device-name#show spanning-tree Spanning tree enabled ProtocolSpecification = ieee8021d Priority = 32768 TimeSinceTopologyChange = 0 (Sec) TopChanges = 0 DesignatedRoot = This bridge is the root MaxAge = 20 (Sec) HelloTime = 2 (Sec) ForwardDelay = 15 (Sec) HoldTime = 1 (Sec) BridgeMaxAge = 20 (Sec) BridgeHelloTime = 2 (Sec) BridgeForwardDelay = 15 (Sec) DetectLineCRCReconfig = disabled DetectLineFlapping = disabled SpanIgmpFastRecovery = disabled Port
|Pri|State|PCost |
DCost
|Designated bridge |DPrt
|FwrdT|DtctTc
--------+---+-----+------+-------------+------------------+------+-----+-------01/02/01 128 listn
19
19
32768.00A012000003 128.02
2 Disabled
01/02/02 128 block
19
0
32768.000002030405 128.03
0 Enabled
01/02/03 128 listn
19
0
32768.000002030405 128.04
2 Enabled
Table 9: Parameters Displayed by the spanning-tree
interface
command
Parameter
Description
PortPriority
The port priority
PortState
The port state
PortEnable
Displays whether the port is enabled or disabled
PortPathCost
The STP port path cost
DesignatedRoot
The unique Root bridge identifier, in the root identifier parameter of Configuration BPDUs transmitted by the designated bridge of the LAN to which the port is attached. Use this parameter to test the root identifier parameter value conveyed in received Configuration BPDUs.
DesignatedCost
The designated port’s path cost (equal to the root path cost of the bridge), offered to the LAN to which the port is attached. Otherwise, this is the path cost to the root offered by the designated port on the LAN to which this port is attached. Use this parameter to test the value of the root path-cost parameter conveyed in received Configuration BPDUs.
Page 30 Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Parameter
Description
DesignatedBridge
The unique bridge identifier of one of the following:
•
in the case of a designated port, the bridge the port belongs to
•
the designated bridge of the LAN to which this port is attached Use this parameter:
DesignatedPort
•
together with the designated port and port identifier parameters to test if this port is the designated port for the LAN to which it is attached
•
to test the value of the bridge identifier parameter conveyed in received configuration BPDUs
The designated bridge-port identifier, through which the bridge transmits the configuration message-information stored by this port. Use this parameter:
•
together with the designated bridge and port identifier parameters to test if this port is the designated port for the LAN to which it is attached
•
by management to determine the topology of the bridged LAN
FrwrdTransitions
The number time the port transitioned into Forwarding state.
TopChangeDetection
Indicates whether topology-changes detection is enabled or not.
Table 10: Parameters Displayed by the spanning-tree interface all commands
all
and spanning-tree
Parameter
Description
Port
The port’s unit/slot/port
Pri
Refer to PortPriority in the above table
State
Refer to PortState in the above table
PCost
Refer to PortPathCost in the above table
DCost
Refer to DesignatedCost in the above table
Designated bridge
Refer to DesignatedBridge in the above table
DPrt
Refer to DesignatedPort in the above table
FwrdT
Refer to FrwrdTransitions in the above table
DtctTc
Refer to TopChangeDetection in the above table
Page 31 Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Displaying the STP Topology for a Specific Port The show
spanning-tree interface command displays the STP topology for the specified port.
CLI Mode:
Privileged (Enable)
Table 9 describes the parameters displayed by this command. Command Syntax device-name#show spanning-tree interface UU/SS/PP
Example 1
Display the STP topology when the bridge is not the root bridge: device-name#show spanning-tree interface 1/1/1 PortPriority = 128 PortState = disabled PortEnable = disabled PortPathCost = 10 DesignatedRoot = 08192.00:A0:12:00:00:03 DesignatedCost = 19 DesignatedBridge = 32768.00:A0:12:11:29:82 DesignatedPort = 128.1 FrwrdTransitions = 0 TopChangeDetection = Enabled
Example 2
Display the STP topology when the bridge is the root bridge: device-name#show spanning-tree interface 1/1/1 PortPriority = 128 PortState = disabled PortEnable = disabled PortPathCost = 10 DesignatedRoot = This bridge is the root DesignatedCost = 0 DesignatedBridge = This bridge DesignatedPort = 128.1 FrwrdTransitions = 0 TopChangeDetection = Enabled
Page 32 Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Enabling STP Debug Information The debug
stp command enables the STP debug information.
This command is not saved after a device reload. CLI Mode:
Privileged (Enable)
Debugging is disabled by default. Command Syntax device-name#debug stp {all | flush | tc | tcn} device-name#no debug stp {all | flush | tc | tcn}
Argument Description all
Activates all STP debug options
flush
Activates MAC address table flush debugging
tc
Activates debugging when the device receives or transmits BPDUs with topology changes
tcn
Activates debugging when the device receives TCNs or transmits BPDUs with topology change acknowledgment
no
Disables the debug information display
Displaying the STP Debug Status The show
debug stp command displays the STP debug status.
CLI Mode:
Privileged (Enable)
Command Syntax device-name#show debug stp
Example device-name#show debug stp STP debugging status: STP debug TNC is on STP debug flush is on STP debug TC is on
Page 33 Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
STP Configuration Example The following figure is a configuration example using STP.
Figure 9: Spanning Tree Configuration Example
Configuring Device A:
1.
Enable STP: DeviceA#configure terminal DeviceA(config)#protocol DeviceA(cfg protocol)#spanning-tree enable
2.
Set the STP bridge priority to 4096, to make Device A the Bridge Root. DeviceA(cfg protocol)#spanning-tree priority 4096
3.
Set the STP MaxAge timer to 10. Calculate the timer according to the following formula: Max_age = (4 x hello) + (2 x dia) - 2, when the hello-time is 2 and the diameter is 2 (based on the figure above): DeviceA(cfg protocol)#spanning-tree max-age 10
Page 34 Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
4.
Set the STP forward-delay timer to 7. Calculate this timer according to the following formula: Forward_delay = ((4 x hello) + (3 x dia)) / 2, when the hello-time is 2 and the diameter is 2 (based on the figure above): DeviceA(cfg protocol)#spanning-tree forward-delay 7
Configuring Device B:
1.
Enable STP: DeviceB#configure terminal DeviceB(config)#protocol DeviceB(cfg protocol)#spanning-tree enable
2.
Set port 1/2/1 with path cost 1: DeviceB(config)#interface 1/2/1 DeviceB(config-if 1/2/1)#spanning-tree path-cost 1
Configuring Device C:
Enable STP: DeviceC#configure terminal DeviceC(config)#protocol DeviceC(cfg protocol)#spanning-tree enable
Configuring Device D:
1.
Enable STP: DeviceD#configure terminal DeviceD(config)#protocol DeviceD(cfg protocol)#spanning-tree enable DeviceD(cfg protocol)#exit
2.
Set port 1/2/1 with path cost 4: DeviceD(config)#interface 1/2/1 DeviceD(config-if 1/2/1)#spanning-tree path-cost 4
3.
Disable topology change detection on ports 1/2/3 and 1/2/4 (these ports are attached to PCs): DeviceD(config-if 1/2/1)#interface 1/2/3 DeviceD(config-if 1/2/3)#no spanning-tree detect-tc DeviceD(config-if 1/2/3)#interface 1/2/4 DeviceD(config-if 1/2/4)#no spanning-tree detect-tc DeviceD(config-if 1/2/4)#end
Page 35 Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Configuring Device E:
1.
Enable STP: DeviceE#configure terminal DeviceE(config)#protocol DeviceE(cfg protocol)#spanning-tree enable DeviceE(cfg protocol)#exit
2.
Disable topology change detection on ports 1/2/3 and 1/2/4 (these ports are attached to PCs): DeviceE(config)#interface 1/2/3 DeviceE(config-if 1/2/3)#no spanning-tree detect-tc DeviceE(config-if 1/2/3)#interface 1/2/4 DeviceE(config-if 1/2/4)#no spanning-tree detect-tc DeviceE(config-if 1/2/4)#end
Displaying Device D Configuration: DeviceD#show spanning-tree Spanning tree enabled ProtocolSpecification = ieee8021d Priority = 32768 TimeSinceTopologyChange = 0 (Sec) TopChanges = 4 DesignatedRoot = 04096.00:A0:12:27:00:C0 RootPort = 1/2/1 RootCost = 8 MaxAge = 10 (Sec) HelloTime = 2 (Sec) ForwardDelay = 7 (Sec) HoldTime = 1 (Sec) BridgeMaxAge = 20 (Sec) BridgeHelloTime = 2 (Sec) BridgeForwardDelay = 15 (Sec) DetectLineCRCReconfig = disabled DetectLineFlapping = disabled SpanIgmpFastRecovery = disabled =============================================================================== Port
|Pri|State|PCost
|DCost
|Designated bridge |DPrt
|FwrdT|DtctTc
--------+---+-----+---------+---------+------------------+------+-----+-------01/01/01 128 frwrd
4
8 32768.00A012271420 128.01
1 Enabled
01/02/01 128 frwrd
4
4 32768.00A012270080 128.03
1 Enabled
01/02/02 128 block
19
4 32768.00A012270080 128.04
1 Enabled
01/02/03 128 frwrd
19
8 32768.00A012010101 128.05
1 Disabled
01/02/04 128 frwrd
19
8 32768.00A012010101 128.06
1 Disabled
Page 36 Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Displaying Device E Configuration: DeviceE#show spanning-tree Spanning tree enabled ProtocolSpecification = ieee8021d Priority = 32768 TimeSinceTopologyChange = 32 (Sec) TopChanges = 2 DesignatedRoot = 04096.00:A0:12:27:00:C0 RootPort = 1/1/1 RootCost = 12 MaxAge = 10 (Sec) HelloTime = 2 (Sec) ForwardDelay = 7 (Sec) HoldTime = 1 (Sec) BridgeMaxAge = 20 (Sec) BridgeHelloTime = 2 (Sec) BridgeForwardDelay = 15 (Sec) DetectLineCRCReconfig = disabled DetectLineFlapping = disabled SpanIgmpFastRecovery = disabled =============================================================================== Port
|Pri|State|PCost
|DCost
|Designated bridge |DPrt
|FwrdT|DtctTc
--------+---+-----+---------+---------+------------------+------+-----+-------01/01/01 128 frwrd
4
8 32768.00A012271420 128.01
2 Enabled
01/02/02 128 block
19
1 32768.00A012271240 128.01
2 Enabled
01/02/03 128 frwrd
19
38 32768.00A012270120 128.03
1 Disabled
01/02/04 128 frwrd
19
38 32768.00A012270120 128.04
1 Disabled
Page 37 Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Supported Platforms Feature
T-Marc 340
T-Marc 380
Spanning Tree Protocol (STP)
+
+
Supported Standards, MIBs, and RFCs Feature
Standards
MIBs
RFCs
Spanning Tree Protocol (STP)
IEEE 802.1d-1998
Public MIBs:
RFC 1493, Definitions of Managed Objects for Bridges RFC 2863, Interfaces Group MIB (configL2IfaceTable)
• •
bridge.mib
rstp.mib Private MIB, prvt_switch.mib
Page 38 Configuring Spanning Tree Protocol (STP) (Rev. 06)
Configuring Rapid Spanning Tree Protocol (RSTP) Table of Figures ······················································································ 3 Architecture ··························································································· 4 RSTP Port States ················································································· 4 RSTP Port Roles·················································································· 5 Rapid Recovery and Convergence ······························································ 6 Determining the Port Link-Type································································ 7 Synchronization of Port Roles··································································· 7 RSTP BPDU Format and Processing··························································· 8 Line Error Detection ············································································· 9 IGMP Fast Recovery ················································································ 9 RSTP Default Configuration······································································10 RSTP Configuration Flow ········································································· 11 RSTP Configuration Commands·································································12 Enabling/Disabling RSTP on the Device ·····················································14 Enabling/Disabling RSTP per Port····························································15 Defining the RSTP Bridge Priority·····························································15 Defining the RSTP Priority per Port···························································16 Defining the RSTP Hello-Time ································································17 Defining the RSTP Maximum Aging Timer ··················································17 Defining the RSTP Forward-Delay Timer ····················································18 Defining Edge Port(s) ···········································································18 Defining the RSTP Port Path Cost ····························································20 Defining the Link-Type ·········································································21 Forcing a Port to Work with RSTP ····························································22 Restoring the RSTP Port Parameters to Defaults ············································23 Displaying the RSTP Configuration ···························································23 Displaying the RSTP Port Configuration······················································25 Displaying the RSTP for a Specific Port·······················································28
Page 1 Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)
T-Marc 300 Series User Guide
Displaying the RSTP Configuration and Topology for All Ports ···························29 Enabling RSTP Debug Information ···························································30 Displaying the RSTP Debug Status ····························································31 RSTP Configuration Example····································································32 Supported Platforms ················································································36 Supported Standards, MIBs and RFCs ·························································36
Page 2 Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)
T-Marc 300 Series User Guide
Table of Figures Figure 1: Proposal and Agreement Handshaking for Rapid Convergence ·················· 6 Figure 2: Sequence of Events during Rapid Convergence ···································· 8 Figure 3: RSTP BPDU Flags ···································································· 8 Figure 4: RSTP Configuration Flow ···························································11 Figure 5: Point-to-point MAC··································································21 Figure 6: Rapid Spanning Tree Configuration Example ·····································32
Page 3 Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)
T-Marc 300 Series User Guide
Overview Rapid Spanning Tree Protocol (RSTP) is an evolution of STP providing faster convergence (less than one second) upon a network topology change. This is critical in networks that carry voice, video, and other delay-sensitive traffic. The RSTP algorithm dynamically creates a tree through the network, used to efficiently direct packets to their destinations. It reduces the bridged network to a single spanning tree topology in order to eliminate packet loops (multiple paths linking one device to another, resulting in an infinite loop situation). The RSTP algorithm reactivates redundant connections in the event of a link or device failure.
Architecture RSTP distinguishes between the port state and the port role: • The port state describes the relationship of that port to the frame processing (filtering and forwarding) and learning functions. • The port role describes the role of the port in the spanning tree function.
RSTP Port States There are three RSTP port states (as oppose to five STP states): Table 1: RSTP Port States Port State
Description
Learning
As in STP, the port prepares to participate in frame-forwarding. It learns source addresses from frames received and adds them to the filtering database. From this state the port can enter a Forwarding state.
Forwarding
As in STP, the port enters this state from the Learning state. The device processes BPDUs and waits for possible new information that may cause it to switch to the Discarding state to prevent a loop. A port in Forwarding state:
• • • •
Receives and forwards frames Forwards frames switched from another port Learns MAC addresses
Receives BPDUs From this state, the port can only switch to Discarding state. Discarding
STP states Disabled, Blocking, and Listening are merged into this state. This state describes a port that does not forward user traffic in either direction. The port discards received frames and no learning occurs. As a result, there are no entries in the filtering database pointing to this port and no traffic is forwarded across it.
Page 4 Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)
T-Marc 300 Series User Guide
RSTP Port Roles In order to create a loop-free environment and to provide rapid convergence, RSTP selects the device with the highest priority as the root bridge, assigns port roles, and determines the active topology. RSTP assigns a role to each bridge port throughout the bridged LAN: Table 2: RSTP Port Role Assignments Port Role
Description
Root port
Provides the best path (lowest cost) for packets forwarded from a device to the root device. A Root port is in Forwarding state.
Designated port
Connects to the designated device that provides the best path for packets forwarded from that LAN to the root device. A Designated port is in Forwarding state.
Alternate port
Offers an alternative path to the one provided by the current Root port. Alternate ports are in Discarding state. This role is equivalent to the STP Blocking state.
Backup port
Acts as a backup for the path provided by a Designated port in the direction of the spanning tree leaves (end nodes). A Backup port exists only when two ports are connected together in a loopback by a point-to-point link or when a device has two or more connections to a shared LAN segment. Backup ports are in Discarding state. This role is equivalent to the STP Blocking state.
Disabled port
Disabled ports do not participate in frame forwarding and are not operational. These ports:
• • • •
discard frames discard frames switched from another port for forwarding do not learn MAC addresses do not receive BPDUs
Page 5 Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)
T-Marc 300 Series User Guide
Rapid Recovery and Convergence Edge ports, new Root ports, and ports connected through point-to-point links converge rapidly upon a link failure. Table 3: The RSTP Rapid Convergence Port Type
Description
Edge ports
Edge ports are configured by users on RSTP enables devices. Once configured, these ports immediately transit to Forwarding state.
NOTE You should configure Edge ports only on ports connected to end devices (such as hosts and printers). Root ports
When RSTP selects a new Root port, it blocks the old Root port and immediately transitions the new Root port to Forwarding state.
Point-to-point links
Point-to-point links are links directly connecting two devices. When you connect two devices using a point-to-point link the Designated port negotiates rapid transition with the remote port by using the proposal-agreement handshake to ensure a loop-free topology.
The figure below shows a rapid convergence example. In this example, Devices A and B are connected through a point-to-point link and all the ports are in blocking state. Assume that Device A’s priority is higher than Device B’s. The proposal-agreement handshaking proceeds as follows: 1.
Device A proposes itself as the designated device by sending a proposal message (a configuration BPDU with the proposal flag set).
2.
Device B reacts to Device A’s proposal message as follows: 1.1. It assigns the port on which the proposal message was received as its new Root port. 1.2. It forces all non-edge ports to Discarding state to avoid loops. 1.3. It sends an agreement message to Device A (a BPDU with the agreement flag set) through its new Root port.
Figure 1: Proposal and Agreement Handshaking for Rapid Convergence
Page 6 Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)
T-Marc 300 Series User Guide
3.
Device A immediately transitions its Designated port to Forwarding state.
4.
The same handshaking process is repeated for each device that joins the active topology, progressing from the root toward the leaves of the spanning tree as the network converges.
Determining the Port Link-Type RSTP can implement a rapid transition only on point-to-point links. The link type is automatically derived from the port’s duplex mode: •
A port operating in full-duplex mode is assumed to be point-to-point
•
A port operating in half-duplex mode is considered as a shared port by default.
You can override this automatic link-type setting by explicit configuration. Today in most switched networks most links operate in full-duplex mode and are treated as pointto-point links by RSTP. This makes them candidates for rapid transition to Forwarding state. You can override the default setting that is determined by the duplex mode by using the rapidspanning-tree link-type command.
Synchronization of Port Roles Upon receiving a proposal message for best path to the root through a port, the RSTP selects that port as the new Root port and forces all other ports to synchronize with the new root information. An individual port on the device is synchronized if: •
the port is in Discarding state
•
it is an edge port
If a Designated port is in Forwarding state and is not configured as an edge port, it transitions to Discarding state when RSTP forces it to synchronize with new root information. When RSTP forces a port to synchronize with root information and the port does not satisfy any of the above conditions, it transitions to Discarding state. After synchronizing all ports, the device sends an agreement message to the designated device corresponding to its Root port. At this point RSTP immediately transitions the port states to Forwarding.
Page 7 Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)
T-Marc 300 Series User Guide
The sequence of events is displayed in the figure below:
Figure 2: Sequence of Events during Rapid Convergence
RSTP BPDU Format and Processing The RSTP BPDU has the same format as the STP BPDU except for the protocol version that is set to 2.
Figure 3: RSTP BPDU Flags
The sending device proposes itself to be the designated device by setting: •
the Proposal flag (bit 1)
•
the Port Role flag (bits 2-3) to Designated port
The receiving device accepts the proposal by setting: •
the Agreement flag (bit 6)
•
the Port role flag to Root port
Page 8 Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)
T-Marc 300 Series User Guide
RSTP uses the Topology Change (TC) flag to indicate topology changes. Unlike STP, the RSTP does not have a separate topology change notification (TCN) BPDU. However, for interoperability with STP devices, the RSTP device processes and generates TCN BPDUs. The Learning and Forwarding flags (bits 4 and 5) are determined according to the sending port state.
Line Error Detection This feature is the same as in STP. For more information, refer to the Line Error Detection section of Configuring Spanning Tree Protocol (STP) chapter of this User Guide.
IGMP Fast Recovery This feature is the same as in STP. For more information, refer to the Internet Group Multicast Protocol (IGMP) Fast Recovery section of the Configuring Spanning Tree Protocol (STP) chapter of this User Guide.
Page 9 Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)
T-Marc 300 Series User Guide
RSTP Default Configuration Table 4: RSTP Default Configuration Parameter
Default Value
Rapid Spanning Tree Protocol
Disabled
RSTP bridge priority
32768
RSTP hello-time
2 seconds
RSTP forward-delay
15 seconds
RSTP MaxAge time
20 seconds
Line error detection
Disabled
RSTP edge port
Disabled
RSTP link-type
Auto
RSTP port path cost
See Table 5
RSTP port priority
128
RSTP debug
Disabled
Table 5: Path Cost Default Configuration (IEEE802.1s) Link Speed
Recommended Value
Recommended Range
Range
