Release Note Software Version 2.8.1 For AT-8800, Rapier i, AT-8700XL, AT-8600, AT-9900, x900-48FE, AT-8900 and AT-9800 Series Switches and AR400 and AR700 Series Routers Introduction .......................................................................................................4 Upgrading to Software Version 2.8.1 .................................................................5 Backwards Compatibility Issue when Upgrading ......................................... 5 Overview of New Features ......
Release Note IP Route Preference Options ..................................................................... 66 IPv4 Filter Expansion ................................................................................. 67 Enhancements to Display of UDP Connections over IPv4 ........................... 68 Waiting for a Response to an ARP Request ............................................... 68 Adding Static ARP Entries with Multicast MAC Addresses .........................
Software Version 2.8.1 3 Command Reference Updates ................................................................ 173 SNMP MIBs .................................................................................................... 186 SHDSL Line MIB ...................................................................................... 186 Logging SNMP operation ........................................................................ 187 Traps on OSPF state changes .........................................
Introduction Release Note Introduction Allied Telesis announces the release of Software Version 2.8.1 on the products in the following table. This Release Note describes the new features and enhancements.
Software Version 2.8.1 5 Upgrading to Software Version 2.8.1 Software Version 2.8.1 is available as a flash release that can be downloaded directly from the Software/Documentation area of the Allied Telesis website: www.alliedtelesis.com/support/software Software versions must be licenced and require a password to activate. To obtain a licence and password, contact your authorised Allied Telesis distributor or reseller. The following table lists the file names for Software Version 2.8.1.
Overview of New Features Release Note Overview of New Features AT-9900 x900-48FE AT-8900 AT-9800 AT-8600 AT-8700XL AT-8800 Rapier AR750S AR7x5 AR400 The following table lists the new features and enhancements by product series. For supported models, see “Introduction” on page 4.
AT-9900 x900-48FE AT-8900 AT-9800 AT-8600 AT-8700XL AT-8800 Rapier AR750S AR7x5 7 AR400 Software Version 2.8.
AT-9900 x900-48FE AT-8900 AT-9800 AT-8600 AT-8700XL AT-8800 Rapier AR750S Release Note AR7x5 Overview of New Features AR400 8 SNMP MIBs: Traps on OSPF state changes 9 9 9 9 9 9 9 9 9 9 9 SNMP MIBs: Trap on VRRP topology changes 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 SNMP MIBs: Traps on MSTP state and topology changes 9 9 9 SNMP MIBs: Restart Log 9 9 9 9 9 9 9 9 9 9 9 SNMP MIBs: Trap on Login Failures 9 9 9 9 9 9 9 9 9 9 9 SNMP MIBs: VLAN-based port state changes 9 9 9 9 9 9 9 9 9 9 9 SNMP M
Software Version 2.8.1 9 System Enhancements This Software Version includes the following enhancements to system commands: ■ Clearing System Parameters ■ Extended Monitoring of CPU Utilisation This section describes the enhancements. The new and modified commands to implement them are described in Command Reference Updates.
System Enhancements Release Note To capture data when the CPU is experiencing a specific amount of instantaneous usage, set the start and start percentages with the command: activate cpu extended start=1..100 [stop=1..100] When a start percentage is set, the router or switch automatically disables extended monitoring once it has 500 data entries.
Software Version 2.8.1 11 Command Reference Updates This section describes each new command and the changed portions of modified commands and output screens. For modified commands and output, the new parameters, options, and fields are shown in bold. activate cpu extended Syntax Description ACTivate CPU EXTended STARt=1..100 [STOp=1..100] This new command lets you set monitoring so that it captures data when the CPU experiences a specific amount of instantaneous usage.
System Enhancements Release Note reset cpu utilisation Syntax Description Example RESET CPU UTIlisation This command, which resets all CPU utilisation percentages, has been modified to include resetting any start and stop percentages set with the activate cpu extended command. It also removes any data captured during extended utilisation monitoring, and clears this output from the show cpu command.
Software Version 2.8.1 13 show cpu Syntax Description SHow CPU [EXTended] The new extended parameter in this command displays information about extended CPU utilisation data. Figure 1: Example output from the show cpu extended command CPU Utilisation ( as a percentage ) ---------------------------------------Maximum since router restarted ..... 100 Maximum over last 5 minutes ........ 100 Average since router restarted ..... 5 Average over last 5 minutes ........ 6 Average over last minute ...........
System Enhancements Release Note Table 1: New parameters in output of the show cpu=extended command Example Parameter Meaning State Whether extended CPU utilisation is enabled. Current Time Current time in hh:mm:ss format. The time in milliseconds since midnight, and the current timestamp are also in brackets. Current Install Current installed release, with the size of the release in brackets.
Software Version 2.8.1 15 Command Line Interface (CLI) Enhancements The CLI has been enhanced in the following ways: ■ More flexibility in Separating Parameters and Values ■ Additional Shortcuts when Editing ■ New command show command history that displays past commands. Please note that it replaces the Ctrl-C shortcut. ■ You can now use the create config command to also set the router or switch to use the new configuration file. This section describes the enhancements.
Command Line Interface (CLI) Enhancements Release Note Command Part Description Keyword A generic term for a predefined sequence of characters that the CLI treats as a single unit. Actions, parameters, and some parameter values are keywords. Keywords are not case sensitive. In this Software Reference and the online help, uppercase letters indicate minimum keyword abbreviations. Action The first keyword in a command. This defines the type of operation to perform. Actions do not have values.
Software Version 2.8.1 17 Additional Shortcuts when Editing You can now move the cursor to the beginning or end of lines by using single keys on the keyboard. To move the cursor to the... You could only press... Now you can also press the... beginning of the command line Ctrl+A Home key end of the command line Ctrl+E End key Command Changes The following table summarises the changes new and modified commands. Software Version 2.8.
Command Line Interface (CLI) Enhancements Release Note Command Reference Updates This section describes each new command and the changed portions of modified commands and output screens. For modified commands and output, new parameters, options and fields are shown in bold. create config Syntax Description CREate CONfig=filename [SET] This command now lets you set the switch to a configuration file when you create it.
Software Version 2.8.1 19 set command assignmentoperator Syntax Description SET COMmand {ASSignmentoperator=[Equals|SPaceorequals]} This new command sets the assignment operator of the command parser thereby defining the format of the command syntax for the CLI. Parameter Description ASSignmentoperator Defines the operator between parameters when assigning values. Default: Equals Equals Requires users to enter = sign. To ensure clarity and accuracy, we recommend always using the = sign.
Command Line Interface (CLI) Enhancements Release Note show command history Syntax Description SHow COMmand History This new command replaces the Ctrl-C keyboard shortcut, and displays past commands for you to select one from the list (Figure 1).
Software Version 2.8.1 21 File System Enhancement This Software Version gives you 4 new commands for working with files. Command Changes The following table summarises the new commands: Command Change add file New command create file New command reset file permanentredirect New command show file permanentredirect New command Command Reference Updates This section describes each new command.
File System Enhancement Release Note Parameter (cont.) Description (cont.) PERManentredirect Permanently directs output to the designated text file until the reset file permanentredirect command is issued or the router or switch is rebooted. LIMIT A decimal number from 0 to 1048576 bytes specifying the maximum file size. Default: 204800 bytes Examples To add output one time only from the show trace command to a file called trace.txt command, use the command: add fi=trace.
Software Version 2.8.1 23 Parameter Description (cont.) LIMIT A decimal number from 0 to 1048 576 bytes specifying the maximum file size. Default: 204 800 bytes Example To permanently direct all debug output from the BGP module to a file named bgp.txt, use the command: cre fi=bgp.
File System Enhancement Release Note Figure 3: Example output from the show file permanentredirect command TTY Current Limit File Instance Size --------------------------------------------------17 12345 204800 bgp.txt Figure 4: Example output from the show file=filename permanentredirect command File............ TTY Instance.... Current Size.... Limit........... Input(s)........ bgp.
Software Version 2.8.
Switching Enhancements When to Use Port-Specific Mode Release Note Use the port-specific psf mode when you want non port-specific filters to override the port-specific filters for certain circumstances. In the following example: ■ the first (port-specific) filter stops all traffic from ingressing port 2 ■ the second (port-specific) filter allows traffic with the specific IP address (192.168.2.
Software Version 2.8.1 27 Limiting Rapid MAC Movement This Software Version introduces the ability to limit rapid MAC movement. MAC address thrashing occurs when MAC addresses move rapidly between one or more ports or trunks. For example, certain MAC addresses are learnt on one port, then very shortly afterwards are learnt on another port, then learnt on the original port again, and so on. This typically occurs when there is an uncontrolled loop on the network.
Switching Enhancements Release Note To view details about disabled ports for VLANs, use one of the commands: show vlan[={vlan-name|1..
Software Version 2.8.1 29 Route Update Queue Length When hardware learning delay is enabled (the default), the switch learns new routes in software, then places them into a queue for adding to its hardware routing table.
Switching Enhancements Release Note Removing a Description from a Switch Port You can now return the description of a switch port to its original blank value by entering the following command: set switch port=port-number description= and providing no value for the description parameter.
Software Version 2.8.
Switching Enhancements Release Note Change of Debug Command Syntax This Software Version includes a change in syntax for the enable switch debug and disable switch debug commands. To enable or disable debugging on the switch chip operations, you now use the dev option. Previously, this type of debugging was enabled or disabled using the m6 parameter. There is no change in the style or type of debugging information displayed.
Software Version 2.8.1 33 Command Reference Updates This section describes each new command and the changed portions of modified commands and output screens. For modified commands and output, new parameters, options and fields are shown in bold. create switch trunk Syntax Description CREate SWItch TRunk=trunk [POrt=port-list] [SPeed={10M|100M|1000M|10G}] [THRASHAction={LEarndisable|LINKDown|NONE|POrtdisable|V LANdisable}] [THRASHTimeout={None|1..
Switching Enhancements Release Note disable switch debug Syntax Description DISable SWItch DEBug={ARL|DEV|DMA|PHY|ALL} The m6 parameter is now replaced by the dev parameter in this command. Debug Option Description DEV Debugging occurs on operations related to the switch chip. disable switch filter vlansecure Syntax Description DISable SWItch FILter VLANSecure This new command modifies Layer 2 switch filtering by disabling vlansecure mode. The vlansecure mode is enabled by default.
Software Version 2.8.1 Example 35 To disable the default vlan on port 1, use the command: dis swi po=1 vlan=1 enable switch debug Syntax Description ENAble SWItch DEBug={ARL|DEV|DMA|PHY|ALL} [OUTPUT=CONSOLE] [TIMEOUT={1..4000000000|NONE}] The m6 parameter is now replaced by the dev parameter in this command. Debug Option Description DEV Debugging is disabled for operations related to the switch chip.
Switching Enhancements Release Note The vlan parameter specifies the VLAN or VLANs for which ports are enabled. Specified ports must be a member of the VLAN. If no value or all is specified, the specified ports are enabled for all VLANs to which they belong.
Software Version 2.8.1 37 If none is specified, the trunk is not automatically re-enabled, but individual ports can be re-enabled by using the enable switch port command for thrashaction=portdisable or linkdisable, and the enable switch port vlan command for thrashaction=vlandisable. The default is 1 second.
Switching Enhancements Example Release Note To make the queue as long as possible on a switch with 256Mbytes of memory, use the command: set swi hwr=4000000 set switch port SET SWItch POrt={port-list|ALL} [ACCeptable={ALL|VLAN}] [BCLimit={NONE|limit] [DESCription=[description]] [EGResslimit={bandwidth|DEFault}] [IGMPACtion={DENY|REPlace}] [IGMPFIlter={NONE|filter-id}] [IGMPMAxgroup={NONE|1..65535}] [INFILTering={OFF|ON}] [INTRusionaction={DISAble|DIScard|TRap}] [LEARn={NONE|0|1..
Software Version 2.8.1 39 thrashtimeout=none, and thrashaction is then changed to learndisable, then the router or switch automatically changes the thrashtimeout to 1 second. If none is specified, the port is not automatically re-enabled, but can be re-enabled by using the enable switch port command for thrashaction=portdisable or linkdisable, and the enable switch port vlan command for thrashaction=vlandisable. The default is 1 second.
Switching Enhancements Release Note ■ portdisable or linkdown to disable all ports in the thrashing trunk until either the period specified by the thrashtimeout parameter has elapsed, or until the ports or subset of ports in the trunk are re-enabled by the enable switch port command. If you specify linkdown, the link state is down; if you specify portdisable, the link state remains up.
Software Version 2.8.1 41 Table 4: New parameters in output of the show lacp command Parameter Description Address learn thrash The thrashaction value that is applied to any trunks created by action LACP. This specifies the action the router or switch takes when the address learn thrash limit is exceeded on the trunk.
Switching Enhancements Release Note Figure 6: New parameters in output of the show switch command when hardware learning delay is enabled Switch Configuration ----------------------------------------------------------Switch Address ............. 00-00-cd-12-78-03 Learning ................... ON Ageing Timer ............... ON IP route: Learn delay ............. 4 ms queue size ........ 0 queue limit ....... 1000000 percent in use .... 0 high water mark ... 0 queue maximum ..... 1500000 queue default .
Software Version 2.8.1 43 Table 5: New parameters in the output of the show switch command Parameter Meaning Learn delay Number of milliseconds that the switch waits after the last IP route is inserted before it starts to update the hardware routing system. Queue size The number of entries currently in the hardware route update queue. Queue limit The maximum number of entries that the queue can hold. Percent in use The percentage of the queue limit that is currently used.
Switching Enhancements Release Note show switch filter Syntax Description SHow SWItch FILter [POrt={port-list|ALL}] [ACtion={FORward|DIScard}] [DESTaddress=macadd] [ENTry=entry-list] [VLAN={vlan-name|1..4094}] This command displays information about Layer 2 switch filters. Figure 8: Example output from the show switch filter command Switch Filters --------------------------------------------------------------------------VlanSecure ................
Software Version 2.8.1 45 Table 8: Modified parameters in output of the show switch hwfilter command Parameter Meaning Mode Whether the router or switch expects hardware filters to be ordered with port-specific filters first (“PSF”), or non port-specific filters first (“NPSF”). This only displays for models with 48 ports (two switch instances). show switch port Syntax Description SHow SWItch POrt[={port-list|ALL}] This command displays general information about all ports or a specific one.
Switching Enhancements Release Note Table 9: New parameters in output of the show switch port command (cont.) Parameter Meaning Address learn thrash status The thrashing protection status of the port. If the thrash action is set to vlandisable, the status is shown for each VLAN that the port is a member of, with each VLAN listed on a separate line. Address learn thrash action Address learn thrash timeout Not Detected Thrashing has not been detected on the port.
Software Version 2.8.1 47 PPPoE Access Concentrator This release introduces the ability for the PPPoE Access Concentrator and a PPPoE Client to be active simultaneously. You can now specify the interface to which the PPPoE Access Concentrator should attach. Command Changes The following table summarises the modified commands: Command Change add ppp acservice New acinterface parameter to supercede the now deprecated vlan parameter.
PPPoE Access Concentrator Release Note delete ppp acservice Syntax DELete PPP ACservice=service-name [ACINTerface={NONE|interface}] where: ■ Description interface is an interface name formed by concatenating an interface type and an interface instance (e.g. eth0). Valid interface types are ETH and VLAN. This command deletes a PPP over Ethernet Access Concentrator service from the router or switch. Note that it is not possible to delete a service that is currently in use.
Software Version 2.8.1 49 ■ If the acinterface parameter is omitted, the service is mapped to its corresponding interface (if one exists). If multiple interfaces exist for the service, you are asked to specify an acinterface. The default for this parameter is none. The acinterface parameter supercedes the now deprecated vlan parameter in this command. show ppp pppoe Syntax Description SHow PPP PPPOE This command displays information about PPPoE interfaces and services that are currently configured.
MSTP Enhancement Release Note MSTP Enhancement Two new commands have been added to simplify MSTP operation. Command Changes The following table summarises the new commands: Command Change disable mstp port New command enable mstp port New command Command Reference Updates This section describes each new command.
Software Version 2.8.1 51 STP Enhancement You can now display the RSTP states for one or more ports by using the existing command: show stp port={port-list|all} rstpstate The information for each port now starts with the port number. This makes the output more readable. Command Changes The following table summarises the modified command: Command Change show stp port New Port field in output Command Reference Updates This section describes the changed portions of modified commands and output screens.
Asynchronous Port Enhancement Release Note Asynchronous Port Enhancement This section describes the enhancement. The modified commands to implement it are described in Command Reference Updates. Making Asynchronous Ports Respond More Quickly When an asynchronous port is in ten mode, it bundles together the characters that it receives within a certain time period, instead of passing them one at a time to a higher protocol layer for processing.
Software Version 2.8.1 53 Command Reference Updates This section describes the changed portions of modified commands and output screens. For modified commands and output, the new parameters, options, and fields are shown in bold.
Asynchronous Port Enhancement Release Note Figure 13: Example output from the show asyn=port-number command ASYN 0 : 0003896346 seconds ASYN information Name ...................... Status .................... Mode ...................... Data rate ................. Parity .................... Data bits ................. Stop bits ................. Test mode ................. In flow state (mode) ...... Out flow state (mode) ..... Autobaud mode ............. Max tx queue length ....... TX queue length .
Software Version 2.8.1 55 Internet Group Management Protocol (IGMP) Enhancements This Software Version includes the following enhancements to IGMP: ■ IGMP Proxy on x900 Series Switches ■ IGMP filtering extended to all IGMP message types ■ Monitoring reception of IGMP general query messages This section describes the enhancements. The new and modified commands to implement them are described in Command Reference Updates.
Internet Group Management Protocol (IGMP) Enhancements Release Note interface. The following table summarises how the IGMP proxy agent processes each IGMP message type. When this message... Is received on this interface... Then the IGMP proxy agent...
Software Version 2.8.1 57 To enable IGMP on the router or switch, use the command: enable ip igmp To enable IGMP on a specific interface, use the command: enable ip igmp interface=interface You can configure the IGMP proxy agent to monitor the reception of IGMP general query messages on an interface, and to generate a log message and an SNMP trap if an IGMP general query message is not received on the interface within a specified time interval.
Internet Group Management Protocol (IGMP) Enhancements Release Note Finally, apply the filter to a switch port, using the command: set switch port={port-list|all} igmpfilter=filter-id [other-options...] You can apply an IGMP filter to more than one switch port, but a single switch port can have only one IGMP filter assigned to it. To delete or modify an entry in a filter, use the commands: delete igmp filter=filter-id entry=1..65535 set igmp filter=filter-id entry=1..
Software Version 2.8.1 59 Monitoring reception of IGMP general query messages You can configure the IGMP proxy agent to monitor the reception of IGMP general query messages on an interface.
Internet Group Management Protocol (IGMP) Enhancements Release Note Command Reference Updates This section describes each new command and the changed portions of modified commands and output screens. For modified commands and output, the new parameters, options, and fields are shown in bold. add igmp filter Syntax ADD IGMP FILter=filter-id GROupaddress={ipadd|ipadd-ipadd} [MSGType={QUEry|REPort|LEAVe}] [ACtion={INCLude|EXCLude}] [ENTry=1..
Software Version 2.8.1 61 add ip interface Syntax ADD IP INTerface=interface IPaddress={ipadd|DHCP} [ADVertise={YES|NO}] [BROadcast={0|1}] [DIRectedbroadcast={False|NO|OFF|ON|True|YES}] [FILter={0..999|NONE}] [FRAgment={NO|OFF|ON|YES}] [GRAtuitousarp={ON|OFF}] [GRE={0..100|NONE}] [IGMPProxy={OFF|UPstream|DOWNstream}] [INVersearp={ON|OFF}] [MASK=ipadd] [METric=1..16] [MULticast={BOTH|NO|OFF|ON|RECeive|SENd|YES}] [OSPFmetric=1..65534] [POLicyfilter={0..999|NONE}] [PREferencelevel={-2147483648..
Internet Group Management Protocol (IGMP) Enhancements Release Note The groupaddress parameter specifies an IP multicast group address or a range of IP multicast group addresses to match. Set groupaddress to: ■ 0.0.0.0 to filter IGMP general query messages ■ a multicast address or a range of multicast addresses to filter IGMP group-specific query messages, report messages, and leave messages.
Software Version 2.8.1 Example 63 To set the maximum time period allowed between successive IGMP general query messages on interface vlan2 to 120 seconds, use the command: set ip igmp int=vlan2 query=120 set ip interface Syntax SET IP INTerface=interface [ADVertise={YES|NO}] [PREferencelevel={-2147483648..2147483647|NOTDEFAULT}] [BROadcast={0|1}] [DIRectedbroadcast={False|NO|OFF|ON|True|YES}] [FILter={0..999|NONE}] [FRAgment={NO|OFF|ON|YES}] [GRAtuitousarp={ON|OFF}] [GRE={0..
Internet Group Management Protocol (IGMP) Enhancements Release Note show igmp filter Syntax SHow IGMP FILter[=filter-id] where: ■ Description filter-id is a decimal number from 1 to 99. The output of this command includes new fields. Figure 14: Example output from the show igmp filter command IGMP Filters ------------------------------------------------------------------------------No.
Software Version 2.8.1 65 show ip igmp Syntax SHow IP IGMP [INTerface=interface] [DEStination=ipadd] where: Description ■ interface is an interface name formed by concatenating a Layer 2 interface type, an interface instance, and optionally a hyphen followed by a logical interface number from 0 to 15. If a logical interface is not specified, 0 is assumed. ■ ipadd is an IGMP multicast group address in dotted decimal notation. The output of this command includes a new field.
Internet Protocol (IP) Enhancements Release Note Internet Protocol (IP) Enhancements This Software Version includes the following enhancements to IP: ■ Expanded number of Eth interfaces per physical interface ■ Expanded IP Troubleshooting ■ IP Route Preference Options ■ IPv4 Filter Expansion ■ Enhancements to Display of UDP Connections over IPv4 ■ Display of UDP Connections over IPv6 ■ IPv6 Tunnel Expansion ■ Waiting for a Response to an ARP Request ■ Adding Static ARP Entries with Mu
Software Version 2.8.1 67 This allows you to set the route preference for all protocol types at once. Command Changes The following table summarises the modified command: Command Change set ip route preference New all option for protocol parameter IPv4 Filter Expansion This Software Version increases the amount of IP filters you can create, and allows you to assign a filter type to any IP filter. IP Filter Number Increase You can now create up to 1000 IP filters by using the add ip filter command.
Internet Protocol (IP) Enhancements Release Note You can display IP filters with their filter number and filter type using the command: show ip filter[=0..999] Command Changes The following table summarises the modified commands: Command Change add ip filter Modified number range for filter parameter. New type parameter. set ip filter Modified number range for filter parameter. show ip filter New Filter Type parameter and options in field. Type parameter modified to Pattern Type in field.
Software Version 2.8.1 69 Command Changes The following table summarises the new and modified commands: Command Change set ip arpwaittimeout New command show ip New Arp wait timeout field Adding Static ARP Entries with Multicast MAC Addresses This Software Version allows you to add ARP entries with multicast MAC addresses and allows the router or switch to accept packets with unicast IP addresses and multicast MAC addresses.
Internet Protocol (IP) Enhancements Release Note For an example of how to use ARP entries with multicast MAC addresses, see Guideline to Windows 2003 Network Load Balancing Clustering with Allied Telesyn Switches. This is available from the Resource Center on your Documentation and Tools CD-ROM, or from: www.alliedtelesis.co.uk/en-gb/solutions/techdocs.asp?area=howto Command Changes The following table summarises the new and modified commands: Command Change disable ip macdisparity New command.
Software Version 2.8.1 71 Command Reference Updates This section describes each new command and the changed portions of modified commands and output screens. For modified commands and output, the new parameters, options, and fields are shown in bold. add ip filter Syntax Traffic filter: ADD IP FILter=0..
Internet Protocol (IP) Enhancements Description Release Note This command adds a pattern to an IP traffic filter, policy filter, routing filter, or priority filter. You now specify the type of filter by using the type parameter. Parameter Description FILter The filter number, from 0 to 999, that the pattern is added to. When the type parameter is not specified, the router or switch may use the filter number to help determine the filter type.
Software Version 2.8.1 73 enable ip macdisparity Syntax Description ENAble IP MACdisparity This new command allows you to add static ARP entries with multicast MAC addresses, and allows packets with conflicting IP and MAC addresses to pass through the router or switch. Normally these packets are discarded as being invalid by the router or switch.
Internet Protocol (IP) Enhancements Release Note destination is unknown. You may need to increase the timeout period if you are communicating with devices that are slow to respond. The default is 1 second. Example To set the router or switch to wait 2 seconds after you ping a device before declaring that the device is unreachable, use the command: set ip arpw=2 set ip filter Syntax Description SET IP FILter=0..999 {ACtion={INCLude|EXCLude}|POLIcy=0..15|PRIOrity=P0..
Software Version 2.8.1 75 show ip Syntax SHow IP Figure 16: Modified example output from the show ip command IP Module Configuration -----------------------------------------------------------Module Status .................. IP Packet Forwarding ........... IP Echo Reply .................. Debugging ...................... IP Fragment Offset Filtering ... Default Name Servers Primary Name Server .......... Secondary Name Server ........ Name Server .................... Secondary Name Server ..........
Internet Protocol (IP) Enhancements Release Note Table 15: Modified parameters on output of the show ip command. Arp wait timeout The amount of time the router or switch waits for a response after it sends an ARP request message, in seconds. show ip cache Syntax Description SHow IP CAChe This new command displays information about the IP address cache when troubleshooting.
Software Version 2.8.1 77 Table 16: Parameters in output of the new show ip cache command (cont.) Parameter Meaning Type One of the following: Forward Local GenBcast SpcBcast MultOsp MultLmtd MultNorm MultLocl Age Age of the entry, which increases over time, but is reduced when the entry is used. Count Number of times the entry was found.
Internet Protocol (IP) Enhancements Release Note show ip filter Syntax SHow IP FILter[= 0..999] Figure 20: New parameters in example output from the show ip filter command IP Filters -------------------------------------------------------------------------------No. Filter Type Ent. Source Port Source Address Source Mask Session Size Dest. Port Dest. Address Dest. Mask Prot.
Software Version 2.8.1 79 Table 19: New and changed parameters in the output of the show ip udp command Parameter Meaning Software Version 2.8.1 C613-10477-00 REV B Local Address The IP address of the last interface that was used to transport UDP packets from the router or switch, for a given process. An address of 0.0.0.0 indicates that the UDP session is active, but either no packets have been transmitted yet, or packets have been transmitted without specifying the source IP address.
IPv6 Enhancements Release Note IPv6 Enhancements This Software Version includes the following enhancements to IPv6 functionality: ■ Display of UDP Connections over IPv6 ■ IPv6 Tunnel Expansion This section describes the enhancements. The new command to implement them are described in Command Reference Updates.
Software Version 2.8.1 81 Command Reference Updates This section describes the new command. show ipv6 udp Syntax Description SHow IPV6 UDP This new command displays the state of current UDP sessions over IPv6.
L2TP Enhancements Release Note L2TP Enhancements This Software Version includes the following enhancements to Layer 2 Tunnelling Protocol: ■ Decoding Debug Output and Setting a Time Limit for Debugging ■ Resetting General L2TP Counters ■ Handling PPP Link Negotiation Failures This section describes the enhancements. The new and modified commands to implement them are described in Command Reference Updates.
Software Version 2.8.1 83 Command Changes The following table summarises the modified commands: Command Change disable l2tp debug New decode option for debug parameter. enable l2tp debug New decode option for debug parameter. New timeout parameter. show l2tp tunnel New decode option for debug field. show l2tp tunnel call New decode option for debug field for a specific call.
L2TP Enhancements Release Note Command Reference Updates This section describes each new command and the changed portions of modified commands and output screens. For modified commands and output, new parameters, options and fields are shown in bold. add l2tp ip Syntax ADD L2TP IP=ipadd[-ipadd] PPPTemplate=0..
Software Version 2.8.1 85 enable l2tp debug Syntax ENAble L2TP DEBug={ALL|DECode|PKT|STAte} [CALL[=1..65535]|TUNnel[=1..65535]] [TIMEOut=1..300] Parameter Description DEBug The debugging options to enable on the specified call or tunnel, or on all currently active calls and tunnels. Default: no default DECode TIMEOut Decode debugging is enabled (Figure 23 on page 85, Table 21 on page 86). This decodes control and payload messages into a human-readable format.
L2TP Enhancements Release Note Table 21: Parameters in the output of the enable l2tp debug=decode command Parameter Meaning timestamp The system time when the entry was added. L2TP DECODE Indicates that the output is L2TP decode debugging. Tx Indicates that the router or switch transmitted the packet to a peer. Rx Indicates that the router or switch received the packet from a peer. TID The local tunnel ID number associated with the packet.
Software Version 2.8.1 87 show l2tp ip Syntax SHow L2TP IP Figure 24: Example output from the show l2tp ip command L2TP IP Range Information -----------------------------------------------------------IP Range ........................ 192.168.1.2 PPP template .................. 1 Sequence numbering ............ off Pre-draft 13 support .......... off ToS Reflect ................... off Proxy Authentication ..........
L2TP Enhancements Release Note show l2tp tunnel call Syntax SHow L2TP TUNnel CALL[=1..65535] Figure 26: New option in example output from the show l2tp tunnel call command for a specific call Call ID ..................... Tunnel ID ................... Server Type ................. Started ..................... Username .................... Sequence Numbers ............ Debug ....................... . . .
Software Version 2.8.1 89 Open Shortest Path First Enhancements Software Version 2.8.1 includes the following enhancements to OSPF: ■ OSPF Interface Password ■ NSSA Translator Role ■ Redistributing External Routes This section describes the enhancements. The modified commands to implement them are described in Command Reference Updates.
Open Shortest Path First Enhancements Release Note When the NSSA border router is acting as a translator it sets the Nt bit in router LSAs it originates into the NSSA. An elected translator loses its translator role when another NSSA border router with a higher router identifier is elected as translator or an NSSA router configured to always translate gains border router status.
Software Version 2.8.1 91 Redistributing External Routes OSPF static route redistribution has been enhanced to support additional route sources. OSPF can now import and redistribute BGP, RIP, non-OSPF interface, and statically configured routes.
Open Shortest Path First Enhancements Release Note When you change this set ospf parameter... From... To... Then OSPF...
Software Version 2.8.1 93 interface route redistribution definition to the OSPF configuration, using the command: add ospf redistribute protocol=interface [other-options...] Use a routemap to control which interface routes are imported. Command Changes The following table summarises the modified commands: Command Change add ospf redistribute New bgp, interface, and rip options for protocol parameter. New limit parameter. New original option for metric, tag, and type parameters.
Open Shortest Path First Enhancements Release Note Command Reference Updates This section describes each new command and the changed portions of modified commands and output screens. For modified commands and output, the new parameters, options, and fields are shown in bold. add ospf area Syntax ADD OSPF AREa={BAckbone|area-number} [AUthentication={NONE|PASSword|MD5}] [NSSAStability=1..3600] [NSSATranslator={CANdidate|ALWays}] [STUBArea={ON|OFF|YES|NO|NSSA|True|False}] [STUBMetric=0..
Software Version 2.8.1 95 add ospf interface Syntax ADD OSPF INTerface=interface AREa={BAckbone|area-number} [AUthentication={AREadefault|NONE|PASSword|MD5}] [BOOST1=0..1023] [DEadinterval=2..2147483647] [DEMand={ON|OFF|YES|NO|True|False}] [HEllointerval=1..65535] [NETwork={BROadcast|NON-broadcast}] [PASSIve={ON|OFF|YES|NO|True|False}] [PASSword={NONE|password}] [POLLInterval=1..2147483647] [PRIOrity=0..255] [RXmtinterval=1..3600] [TRansitdelay=1..
Open Shortest Path First Enhancements Release Note Adding a BGP, RIP, or static route redistribution definition will change the setting of the bgpimport, rip, and staticexport parameters of the set ospf command on page 97. If you configure a BGP route filter using the bgpfilter parameter of the set ospf command, the filter will be applied before any BGP route redistribution definition.
Software Version 2.8.1 97 debugging is set with the detail parameter, but the output always contains the direction of the packet, the type of packet, the version of OSPF, the packet’s source and destination, the router ID, area, length, checksum and authentication type. If redistribute is specified, route redistribution debugging is enabled. If spf is specified, debugging for the Shortest Path First routing calculations is enabled.
Open Shortest Path First Enhancements Release Note set ospf area Syntax SET OSPF AREa={BAckbone|area-number} [AUthentication={NONE|PASSword|MD5}] [NSSAStability=1..3600] [NSSATranslator={CANdidate|ALWays}] [STUBArea={ON|OFF|YES|NO|NSSA|True|False}] [STUBMetric=0..
Software Version 2.8.1 99 set ospf redistribute Syntax SET OSPF REDistribute PROTocol={BGP|INTerface|RIP|STAtic} [LIMit=1..4000] [METric={0..16777214|ORiginal}] [ROUTEMap={routemap|NONE}] [SUBNET={ON|OFF|YES|NO|True|False}] [TAG={1..65535|ORiginal}] [TYpe={1|2|ORiginal}] where routemap is the name of an IP route map Description The modified protocol parameter specifies the type of route to redistribute. Specify bgp or rip to redistribute routes derived from BGP or RIP, respectively.
Open Shortest Path First Enhancements Release Note show ospf area Syntax SHow OSPF AREa[={BAckbone|area-number}] [{FULl|SUMmary}] where area-number is a 4-byte OSPF area number in dotted decimal notation Description The output of this command includes new fields. Figure 27: Example output from the show ospf area command for a specific area Area 0.0.0.1: State ......................... Authentication .... ........... Stub area ..................... Stub cost ..................... NSSA .............
Software Version 2.8.1 101 show ospf redistribute Syntax Description SHow OSPF REDistribute The output of this command includes new and modified fields.
BGP Enhancements Release Note BGP Enhancements In Software Release 2.8.1, the following enhancements have been added to Border Gateway Protocol functionality: ■ BGP Backoff Lower Threshold ■ BGP Peer and Peer Template Enhancements ■ Displaying Routes Learned from a Specific BGP Peer This section describes the enhancements. The new and modified commands to implement them are described in Command Reference Updates.
Software Version 2.8.1 103 Enable and Disable Backoff BGP backoff can now be enabled or disabled using the commands enable bgp backoff and disable bgp backoff. BGP backoff is disabled by default, however it automatically enables the first time a peer is added.
BGP Enhancements Release Note Command Changes The following table summarises the modified commands: Command Change add bgp peer New none option for description, inroutemap and outroutemap parameter add bgp peertemplate New none option for description, inroutemap and outroutemap set bgp peer New none option for description, inroutemap and outroutemap set bgp peertemplate New none option for description, inroutemap and outroutemap Displaying Routes Learned from a Specific BGP Peer This enhanc
Software Version 2.8.1 105 Command Reference Updates This section describes each new command and the changed portions of modified commands and output screens. For modified commands and output, the new parameters, options, and fields are shown in bold. add bgp peer Syntax ADD BGP PEer=ipadd REMoteas=1 ..65534 [AUthentication={MD5|NONE}] [CLIEnt={NO|YES}] [CONnectretry={DEFault|0 ..4294967295}] [DEFaultoriginate={NO|YES}] [DESCription={NONE|description}] [EHOps={DEFault|1..
BGP Enhancements Release Note add bgp peertemplate Syntax ADD BGP PEERTemplate=1..30 [CLIEnt={NO|YES}] [CONnectretry={DEFault|0..4294967295}] [DESCription={NONE|description}] [HOLdtime={DEFault|0|3..65535}] [INFilter={NONE|prefixlist-name}] [INPathfilter={NONE|1..99}] [INRoutemap={NONE|routemap}] [KEEpalive={DEFault|1..21845}] [LOCal={NONE|1..15}] [MAXPREFIX={OFF|1..4294967295}] [MAXPREFIXAction={Terminate|Warning}] [MINAsoriginated={DEFault|0..3600}] [MINRouteadvert={DEFault|0..
Software Version 2.8.1 107 enable bgp backoff Syntax Description ENAble BGP BACkoff This new command allows BGP backoff. BGP backoff delays BGP processing when the system memory utilisation is high. BGP backoff is disabled by default, however it automatically enables the first time a peer is added. Example To enable BGP backoff, use the command: ena bgp bac set bgp backoff Syntax SET BGP BACkoff[=20..100] [BASEtime=0..100] [CONSecutive=0..1000] [LOW=15..99] [MULtiplier=1..1000] [STep=1..
BGP Enhancements Release Note set bgp peer Syntax SET BGP PEer=ipadd [AUthentication={MD5|NONE}] [CLIEnt={NO|YES}] [CONnectretry={DEFault|0 ..4294967295}] [DEFaultoriginate={NO|YES}] [DESCription={NONE|description}] [EHOps={DEFault|1..255}] [FASTFallover={NO|YES}] [HOLdtime={DEFault|0|3..65535}] [INFilter={NONE|prefixlist-name}] [INPathfilter={NONE|1..99}] [INRoutemap={NONE|routemap}] [KEEpalive={DEFault|1..21845}] [LOCal={NONE|1..15}] [MAXPREFIX={OFF|1..
Software Version 2.8.1 109 set bgp peertemplate Syntax SET BGP PEERTemplate=1..30 [CLIEnt={NO|YES}] [CONnectretry={DEFault|0..4294967295}] [DESCription={NONE|description}] [HOLdtime={DEFault|0|3..65535}] [INFilter={NONE|prefixlist-name}] [INPathfilter={NONE|1..99}] [INRoutemap={NONE|routemap}] [KEEpalive={DEFault|1..21845}] [LOCal={NONE|1..15}] [MAXPREFIX={OFF|1..4294967295}] [MAXPREFIXAction={Terminate|Warning}] [MINAsoriginated={DEFault|0..3600}] [MINRouteadvert={DEFault|0..
BGP Enhancements Release Note show bgp backoff Syntax SHow BGP BACkoff Figure 29: Example output of the modified show bgp backoff command BGP Backoff Stats: Stat Value ---------------------------------state NORMAL total hist backOffs 5 total backOffs 0 total backOff Limit 0 consecutive backOffs 0 consecutive backOffs limit 5 base Timeout 10 Timeout multiplier 100% Timeout step 1 Timeout length (sec) 10 Mem Upper Threshold Value 95% Mem Upper Notify TRUE Mem Lower Threshold Value 90% Mem Lower Notify
Software Version 2.8.1 111 show bgp peer Syntax Description SHow BGP PEer[=ipadd] When you specify a peer, the output of this command includes a new field. Figure 30: Example output of the show bgp peer command for a specific peer Peer ................ Description ......... State ............... Policy Template ..... Description ......... Private AS filter ... Remote AS ........... BGP Identifier ...... Routes learned ...... Authentication ...... Password .......... . . . 192.168.10.
MLD and MLD Snooping Enhancements Release Note MLD and MLD Snooping Enhancements This Software Version includes the following enhancements to MLD and MLD Snooping, in accordance with RFC 3810, Multicast Listener Discovery Version 2 (MLDv2) for IPv6: ■ MLD Packet Formats ■ ICMP type for MLDv2 Reports ■ MLD Snooping Group Membership Display ■ Change of Maximum Query Response Interval for MLD This section describes the enhancements.
Software Version 2.8.1 113 MLD Snooping Group Membership Display The command show mldsnooping no longer displays the port members of the All Routers group in the list of ports for groups other than the All Routers group. This change makes the output of this command more like output from the command show igmpsnooping. To illustrate the change, an example of the previous output is shown in Figure 32 on page 116, and an example of the new output is in Figure 33 on page 116.
MLD and MLD Snooping Enhancements Release Note Command Reference Updates This section describes the changed portions of modified commands and output screens. For modified commands and output, the new parameters, options, and fields are shown in bold. enable ipv6 mld interface Syntax Description ENAble IPV6 MLD INTerface=interface [QUERYversion={1|2}] [V2Draftcompat={No|Yes}] The new v2draftcompat parameter determines the ICMP type of MLDv2 reports.
Software Version 2.8.1 115 show ipv6 mld Syntax Description SHow IPV6 MLD INTerface=interface The output of this command includes a new field. Figure 31: Example output from the show ipv6 mld command MLD Protocol -------------------------------------------------------------------------------Status ............................. ENABLED Robustness ......................... 2 Query Interval ..................... 125 secs Query Response Interval ............ 10 secs Startup Query Interval .............
MLD and MLD Snooping Enhancements Release Note Figure 32: Previous example output from the show mldsnooping command . . . Interface: vlan300 (vlan300) -----------------------------------------------------------------------------Multicast Address ................ All Routers Ports .......................... 9 Multicast Address ................ ff01:1:0::0101 Ports .......................... 1, 2, 9 . . . Figure 33: New example output from the show mldsnooping command . . .
Software Version 2.8.1 117 Extension to Range of Classifier fields for x900 Switches This Software Version introduces the ability to match on more fields of an IPv4 packet. A number of new parameters have been added to Classifier commands to allow this. Command Changes The following table summarises the modified commands: Command Change create classifier New parameters: macsmask, macdmask, tcpflags, icmptype, icmpcode, igmptype, eipbyte01 -16.
Extension to Range of Classifier fields for x900 Switches Release Note create classifier Syntax CREate CLASSifier=rule-id [other-options] [MACSMask=macadd][MACDMask=macadd] [TCPFlags={{Urg|Ack|Rst|Syn|Fin}[,...
Software Version 2.8.1 119 The tcpflags parameter specifies the TCP flags of an IPv4 or IPv6 packet, one or more of urg, ack, rst, syn and fin. If any is specified, TCP flags are ignored. The default is any. The icmptype parameter specifies the ICMP type of an IPv4 packet. This can be one of the list of available options, or a decimal value in the range 0 to 255. The icmptype parameter is valid only if the ipprotocol parameter has either not been specified, or ipprotocol=icmp has been specified.
Extension to Range of Classifier fields for x900 Switches Release Note set classifier Syntax SET CLASSifier=rule-id [other-options] [MACSMask=macadd][MACDMask=macadd] [TCPFlags={{Urg|Ack|Rst|Syn|Fin}[,...
Software Version 2.8.1 121 show classifier Syntax SHow CLASSifier=rule-id [other-options] [MACSMask=macadd][MACDMask=macadd] [TCPFlags={{Urg|Ack|Rst|Syn|Fin}[,...
Extension to Range of Classifier fields for x900 Switches Release Note Figure 34: Example output from the show classifier command (TCP/IP data flow) Classifier Rules -----------------------------------------------------------Rule .................. 1 M-Type ............... L2UCAST VLAN ................. vlan1234 (1234) E-Format ............. ETHII-UNTAGGED Protocol ............. 0800 (IP EthII) S-IP Address ......... 192.168.123.123/32 D-IP Address ......... 192.168.123.123/32 IP Protocol ..........
Software Version 2.8.1 123 Figure 37: Example output from the show classifier command (Layer 3 byte data) Classifier Rules -----------------------------------------------------------Rule .................. 2222 D-MAC Address ........ aa-bb-cc-dd-ee-ff S-MAC Address ........ aa-bb-cc-dd-ee-ff M-Type ............... L2UCAST VLAN ................. vlan1234 (1234) E-Format ............. SNAP Protocol ............. 1234567890 (-) Layer 3 Byte 01: Offset ............. 0 Value ..............
Extension to Range of Classifier fields for x900 Switches Release Note Table 30: New parameters in output of the show classifier command (cont.) Parameter Meaning IGMP Type The IGMP message type to match against the IGMP type field in an IGMP packet header. A hexadecimal value is shown, with an equivalent parameter option in brackets if available. TCP Flags TCP data flow only. A series of letters representing the TCP/IP flag field, one of URG, ACK, RST, SYN, or FIN.
Software Version 2.8.1 125 QoS Enhancements This Software Version includes the following enhancements to Quality of Service: ■ Port Groups ■ Storm protection This section describes the enhancements. The new and modified commands to implement them are described in Command Reference Updates. Port Groups This enhancement introduces eight new commands and modifies two existing show commands for the AT-8948, x900-48, and AT-9900 switches.
QoS Enhancements Release Note To enable QoS counters, use the command: set switch enhancedmode=qoscounters To reset traffic class counters for a port group, use the command: reset qos portgroup counters trafficlass[={trafficclass-list|all}] To display information about port groups, use the commands: show qos portgroup show qos portgroup counters show qos port Command Changes The following table summarises the new and modified commands: Command Change add qos portgroup port New command create q
Software Version 2.8.1 127 The following table explains the basic concepts involved with storm protection. Concept Description Window The frequency at which traffic is measured to determine whether storm protection should be activated. Rate The amount of traffic per second that must be exceeded before the switch takes the configured action. Action What the switch does when it detects a storm on a port.
QoS Enhancements Release Note Command Reference Updates This section describes each new command and the changed portions of modified commands and output screens. For modified commands and output, the new parameters, options, and fields are shown in bold. add qos portgroup port Syntax Description ADD QOS PORTGroup=group-list POrt=port-list This new command adds ports to an existing port group. A policy can then be attached to the port group.
Software Version 2.8.1 129 Parameter Description DTCSTORMStatus Whether storm protection is enabled for the default traffic class. Default: disabled DTCSTORMWindow Time between the polling of traffic class counters that checks whether storm protection should be activated. Required when storm protection is enabled. Default: none DTCSTORMRate windowsize Number of milliseconds from 100 to 60 000. NONE Storm protection is inactive.
QoS Enhancements Release Note create qos portgroup Syntax Description CREate QOS PORTGroup=group-list [POrt=port-list] [DESCription=description] This new command creates a port group so that a policy can be attached to it. A switch instance refers to a single switch chip; port groups cannot span multiple switch instances. Parameter Description PORTgroup Port group that you want to create.
Software Version 2.8.1 131 Parameter (cont.) Description (cont.) STORMRate Storm protection is activated when this rate of traffic is exceeded. Required when storm protection is enabled. If the value of stormwindow is less than one second, the rate is averaged over the last second. Default: none STORMAction Rate Bits per second from 1Kbps to 10Gbps, specified in Kbps, Mbps or Gbps. If you do not specify a unit, it uses Kbps.
QoS Enhancements Release Note delete qos portgroup port Syntax Description DELete QOS PORTGroup=group-id POrt={port-list|ALL} This new command deletes specific ports from a port group, or all ports belonging to a port group. Parameter Description PORTgroup Port group from which you want to delete a port. The group-id can be an integer from 1 to 32. Default: no default POrt Port to delete from this port group.
Software Version 2.8.1 133 reset qos portgroup counters Syntax Description RESET QOS PORTGroup=group-list COUnters TRafficlass[={trafficclass-list|DEFault|ALL}] This new command resets traffic class counters for a port group. Use the set switch enhancedmode command in the Switching chapter to set counters. Parameter Description PORTgroup Port group for which you want to clear counters.
QoS Enhancements Release Note Parameter Description DTCSTORMStatus Whether storm protection is enabled for the default traffic class. Default: disabled DTCSTORMWindow Time between the polling of traffic class counters that checks whether storm protection should be activated. Required when storm protection is enabled. Default: none DTCSTORMRate windowsize Number of milliseconds from 100 to 60 000. NONE Storm protection is inactive.
Software Version 2.8.1 135 Parameter (cont.) Description (cont.) POLIcy Policy to attach or remove for this port group. Default: no default DESCription policy-list Integer from 0 to 255 for a specific policy. NONE Removes policy currently assigned to the port group. Description of the port group.
QoS Enhancements Release Note Parameter (cont.) STORMAction Description (cont.) Action QoS takes when a storm is detected on a port. Default: portdisable STORMTimeout LINKDown Operationally disables ports to which the traffic class is attached. POrtdisable Administratively disables ports to which the traffic class is attached. VLANdisable Administratively disables ports to which the traffic class is attached for the VLAN on which the classifier is matching.
Software Version 2.8.1 137 Figure 39: Example output of the modified show qos policy command Identifier .................. Description ................. TCs Assigned ................ Port(s) Assigned to ......... Port Group(s) Assigned to ... 1 all ports 5,7,22,31-33 1-24 1(1-12) 2(13-24) Trunk(s) Assigned to ........ None Default Traffic Class: Minimum Bandwidth ......... None Minimum Burst Size ........ 0 B Maximum Bandwidth ......... 10 Mbps Maximum Burst Size ........ 64 kbyte Drop BandwidthClass3 ..
QoS Enhancements Release Note Example output from the show qos port=1 command QOS Port Configuration Port ...................... Port Group ................ Trunk Group ............... Policy Assigned ........... Default Queue ............. Force Default Queue ....... Red Curve ................. . . . 1 1 None 1(all ports) 2 No 2 New parameters in output of the show qos port=1 command Parameter Meaning Port Group ID of the port group to which the port belongs.
Software Version 2.8.1 139 Table 33: Parameters in output of the show qos portgroup command Example Parameter Meaning ID/Identifier Port group ID. Description Description of the port group. Policy Assigned/Policy Assigned to Policy attached to the port group. Ports Ports that belong to the port group.
QoS Enhancements Release Note Figure 42: Example output from the show qos portgroup counters trafficclass command QOS Counter Information Port Group 1: Policy: 1 Traffic Class 1: Aggregate Bytes .............. BwConformanceClass1 bytes .... BwConformanceClass2 bytes .... BwConformanceClass3 bytes .... Dropped bytes ................ Default Traffic Class: Aggregate Bytes .............. BwConformanceClass1 bytes .... BwConformanceClass2 bytes .... BwConformanceClass3 bytes .... Dropped bytes ..........
Software Version 2.8.1 141 Table 34: Parameters in output of the show qos portgroup counters trafficclass command Example Parameter Meaning Port Group Port group ID. Policy Policy attached to the port group. Traffic Class Counters for this traffic class. Aggregate Bytes Total number of bytes this traffic class counted. BwConformanceClass1 bytes Number of bytes that conforms with band with class 1. BwConformanceClass2 bytes Number of bytes that conforms with band with class 2.
Secure Copy (SCP) Release Note Secure Copy (SCP) This Software Version includes the additional method of Secure Copy (SCP) to load files to and from the router or switch. This section describes the enhancement in: ■ Configuring Secure Copy ■ Loading using Secure Copy ■ Uploading using Secure Copy The new and modified commands to implement SCP are described in Command Reference Updates.
Software Version 2.8.1 143 Configuring Users To copy files using SCP, you must be configured as a SSH user. Use the command: add ssh user=username {password=password|keyid=id} [ipaddress=ipadd] [mask=mask] Further details on configuring and managing SSH users can be found in the Secure Shell chapter of the Software Reference. SSH users must use either password authentication, or RSA public/private key authentication.
Secure Copy (SCP) Debugging Secure Shell and Secure Copy Release Note Information which may be useful for troubleshooting SSH and SCP connections is now available using the SSH debugging function. By default this is disabled.
Software Version 2.8.1 145 To load a file onto the router or switch, use the command: load method=scp [delay=delay] [destfile=destfilename] [destination={cflash|flash|nvs}] [{file|srcfile}=filename] [{keyid=key-id|password=password}] [server={hostname|ipadd|ipv6add}] [username=username] Examples In this example, the SCP server has an IP address of 192.168.1.2, with the username “john”, and the password “secret” set on it. To download the file /atr-281/86s-281.
Secure Copy (SCP) Release Note To upload a file from the router or switch, use the command: upload method=scp [file=filename] [destfile=destfilename] [{keyid=key-id|password=password}] [server={hostname| ipadd|ipv6add}] [username=username] Examples In this example, the SCP server has an IP address of 192.168.1.2, with the username “john”, and the password “secret” set on it. To upload the file voip.cfg to the server, use this command on the router or switch: upload method=scp server=192.168.1.
Software Version 2.8.1 147 Command Reference Updates This section describes each new command and the changed portions of modified commands and output screens. For modified commands and output, it shows the new parameters, options, and fields in bold. delete ssh session syntax Description DELete SSH SEssion={session-id|ALL} This new command deletes Secure Shell and Secure Copy sessions that are currently active on the router or switch. This can include both server and client sessions.
Secure Copy (SCP) Release Note enable ssh debug Syntax Description Example ENAble SSH DEBug={SSH|SCP|ALL} This new command enables the SSH server debugging facility. If ssh is specified, debugging is turned on for Secure Shell. If scp is specified, debugging is turned on for Secure Copy. If all is specified, debugging for both SSH and SCP is turned on. Debugging is disabled by default.
Software Version 2.8.1 149 load Syntax Description LOAd [METhod=SCP] [DELay=delay] [DESTFile=destfilename] [DEStination={CFlash|FLash|NVs}] [{FIle|SRCFile}=filename] [{KEYid=key-id|PASSword=password}] [SErver={hostname|ipadd|ipv6add}] [USERName=username] The new method=scp option allows you to download a file using Secure Copy. Parameter Description METhod The method used to download the file. When scp is specified, Secure Copy is used.
Secure Copy (SCP) Release Note set loader Syntax SET LOAder [ASYn={port|DEFault}] [ATTribute={CErt|CRl|CAcert|DEFault}] [BASeobject={dist-name|DEFault}] [DElay={delay|DEFault}] [DESTFile=destfilename] [DEStination={BOOTblock|CFLASH|FLash|NVs}] [HTTPproxy={hostname|ipadd|DEFault}] [METhod={HTTP|LDAP|SCP|TFtp|WEB|WWW|ZModem|NONE| DEFault}] [{KEYid=key-id|PASSword=password|DEFault}] [PROxyport={1..65535|DEFault}] [SRCFile|FIle=filename] [SErver={hostname|ipadd|ipv6add|DEFault}] [SERVPort={1..
Software Version 2.8.1 151 set ssh client Syntax Description SET SSH CLIent [IDLEtimeout=0..4294967295] [LOGintimeout=1..600] [PREservemtime={ENAbled|DISabled}] This new command modifies the configuration of the Secure Shell client. When the router or switch is in security mode, this command requires a user with Security Officer privilege. Parameter Description IDLEtimeout The period of time, in seconds, set for the SSH client’s idle timer.
Secure Copy (SCP) Release Note set ssh server Syntax Description SET SSH SERver [HOSTKey=key-id] [SERVERKey=key-id] [EXPirytime=0..168] [IDLEtimeout=0..4294967295] [LOGintimeout=1..600] [MAXSessions=0..6] [SCP={ENAbled|DISabled}] This command modifies the configuration of the Secure Shell server. The new scp parameter allows you to enable or disable Secure Copy service. Parameter Description SCP Whether the SSH server supports SCP connections. Default: enabled ENAbled Allows SCP connections.
Software Version 2.8.1 153 show ssh Syntax Description SHow SSH This command displays the current configuration of the Secure Shell client and server. Figure 46: Example output from the show ssh command Secure Shell Server Configuration ------------------------------------------------------Version.................................. 1.5 SSH Server............................... Enabled SCP Service.............................. Enabled Maximum Sessions ........................ 6 Current Sessions ...........
Secure Copy (SCP) Release Note show ssh counter Syntax Description SHow SSH COUnter[={ALL|SSH|SCP}] This command displays client and server counters for Secure Shell and Secure Copy. If all is specified, both the SSH and the SCP client and server counters are displayed. If ssh is specified, the SSH counters display without the SCP counters. If scp is specified, only the SCP counters are displayed. If no parameter is specified, the command defaults to all.
Software Version 2.8.1 155 Table 37: Modified parameters in output of the show ssh counter={scp|all} command Example Parameter Meaning writeFileFailed The number of write failures. A write failure results in a load failure.
Secure Copy (SCP) Release Note Table 38: Modified parameters in output of the show ssh session=ssh command Parameter Meaning Secure Shell Session Type The type of Secure Shell connection: SCP Secure copy connection Table 39: Example output from the show ssh session=scp command SCP Sessions: ID Type Operation Filename Filesize State --------------------------------------------------------5 Server Download 86s-276.rez 4282204 RxData 8% 6 Client Upload test1.
Software Version 2.8.1 157 upload Syntax Description UPLoad [METhod=SCP] [DESTFile=destfilename] [FIle=filename] [{KEYid=key-id|PASSword=password}] [SErver={hostname|ipadd|ipv6add}] [USERName=username] The new scp parameter allows you to upload a file using Secure Copy. Parameter Description METhod The method used to upload the file. When scp is specified, Secure Copy is used.
SSL Counter Enhancement Release Note SSL Counter Enhancement New counters have been added to the show ssl counters command. Command Changes The following table summarises the modified command: Command Change show ssl counters New badSessionIdLen fields. Command Reference Updates This section describes the changed portions of the modified command and output screens. For modified commands and output, new parameters, options and fields are shown in bold.
Software Version 2.8.1 159 Figure 50: Example output from the show ssl counters command . . . Server: serverStart ............. inClientHello ........... inSSLv2ClientHello ...... inCert .................. inClientKeyExchange ..... inCertVerify ............ inFinished .............. 2 0 2 0 1 0 1 resumeRequest ........... cacheMiss ............... noCipherMatch ........... sslv2ResumeRequest ...... noCertLoaded ............ missingMessageCheckFail . hsHashFail(sha) ......... badSessionIdLen .........
Firewall Enhancements Release Note Firewall Enhancements This Software Version includes the following enhancements to the Firewall: ■ Firewall Licencing ■ Disabling SIP ALG Call ID Translation ■ Displaying SIP ALG Session Details ■ Firewall Policy Rules Expansion ■ Displaying a Subset of Policy Rules This section describes the enhancements. The new and modified commands to implement them are described in Command Reference Updates.
Software Version 2.8.1 161 Command Changes The following table summarises the new and modified commands: Command Change set firewall sipalg New command. Displaying SIP ALG Session Details This Software Version allows you to display configuration details for the SIP ALG, and details about the SIP sessions that are using the SIP ALG on the router or switch.
Firewall Enhancements Release Note Displaying a Subset of Policy Rules This Software Version allows you to display only a specific rule, or a subset of rules, when displaying details about firewall policies. Use the new rule parameter in the command: show firewall policy[=policy-name] [counter] [rule=rule-id[-rule-id]] [summary] Command Changes The following table summarises the new and modified commands: Command Change show firewall policy New rule parameter.
Software Version 2.8.1 163 show firewall SHow FIREwall Description This command displays a summary of all security policies that have been created and the interfaces assigned to each policy. Figure 51: Example output from the show firewall command Firewall Configuration Status .................... Enabled Notify Options .... Notify Port ............... Notify Mail To ............ Maximum Packet Fragments .. Sessions: Maximum ................. Peak .................... Active .................. . . .
Firewall Enhancements Release Note show firewall sipalg Syntax Description SHow FIREwall SIPAlg [IP=ipadd[-ipadd]]| [CALLId=call-id]]|[SUMmary] This command displays summary or detailed information for active SIP sessions using the SIP ALG on the router or switch (Figure 52 on page 164, Table 43 on page 165). Parameter Description IP Displays only the active sessions related to a specified IP address or range (Figure 52 on page 164, Table 43 on page 165).
Software Version 2.8.1 165 Table 43: Parameters in output of the show firewall sipalg command Software Version 2.8.1 C613-10477-00 REV B Parameter Meaning SIP ALG Configuration The current SIP ALG settings on the router or switch. Status Whether the SIP ALG is “enabled” or “disabled” on the router or switch. CALL-ID translation Whether Call-ID translation is “enabled” or “disabled” on router or switch.
Firewall Enhancements Release Note Table 43: Parameters in output of the show firewall sipalg command (cont.) Parameter Meaning Gbl IP This IP address is the source address of outbound packets and the destination address of inbound packets in this session, as seen on the public side of the firewall. Gbl Remote IP This IP address is the destination address of outbound packets and the source address of inbound packets in this session, as seen on the public side of the firewall.
Software Version 2.8.1 167 Table 44: Parameters in output of the show firewall sipalg summary command (cont.) Examples Parameter Meaning Direction The location of the devices using the SIP session, and who initiated the call. "Private" indicates a device located within the firewall, "public" indicates the device located outside of the firewall. The device that initiated the call is listed first.
Firewall Enhancements Release Note Table 45: Parameters in output of the show firewall sipalg counter command (cont.) Example Parameter Meaning SIP messages ignored since start up or reset Total number of SIP messages received that the SIP ALG ignored because the message was an unsupported type. These messages are forwarded without the SIP ALG altering them. To display counters for the SIP ALG’s activity on the router or switch, use the command: show fire sipa cou Software Version 2.8.
Software Version 2.8.1 169 Enhancements to IPsec/VPN This Software Version includes enhancements in the following IPsec functions: ■ Responding to IPsec Packets from an Unknown Tunnel ■ Modifying the Message Retransmission Delay ■ Retrying ISAKMP Phase 1 and 2 Negotiations ■ VPN Tunnel Licencing This section describes the enhancements. The modified commands to implement them are described in Command Reference Updates.
Enhancements to IPsec/VPN Release Note This feature provides an alternative to using heartbeat exchanges. Heartbeat exchanges are more robust under denial of service attacks, and may be able to detect the problem before any network traffic is lost; however heartbeat exchanges may be incompatible with some third party equipment. Command Changes The following table summarises the modified commands: Command Change create ipsec policy New respondbadspi parameter.
Software Version 2.8.1 171 4. Further retransmission have a progressively larger delay. The gap between the second and third retransmissions is 16 seconds, the gap between the third and fourth retransmissions is 24 seconds, the next gap is 32 seconds, then 40, 48 and 56 seconds after each retransmission attempt. 5. After the eighth retransmission, the exchange times out.
Enhancements to IPsec/VPN Release Note ISAKMP will not reattempt XAUTH authentication failures (phase 1.5). XAUTH failures indicate that either the router or switch and its peer have different authentication details, or a third party is attempting to connect to the router or switch. This needs to be investigated manually. Command Changes The following table summarises the modified commands: Command Change create isakmp policy New retryikeattempts parameter.
Software Version 2.8.1 173 Command Reference Updates This section describes the changed portions of modified commands and output screens. For modified commands and output, the new parameters, options, and fields are shown in bold.
Enhancements to IPsec/VPN Release Note create isakmp policy Syntax CREate ISAkmp POLICY=name PEer={ipv4add|ipv6add|ANy} [AUTHType={PREshared|RSAEncr|RSASig}] [DELETedelay=0..30] [DHExponentlength=160..1023] [ENCalg={3DES2key|3DESInner|3DESOuter|DES|AES128|AES192 |AES256}] [EXPIRYKbytes=1..1000] [EXPIRYSeconds=600..31449600] [GROup={0|1|2}] [HAShalg={SHa|MD5}] [HEARtbeatmode={Both|None|Receive|Send}] [HYBRIDxauth={ON|OFf|TRue|FAlse}] [IPVersion={4|6}] [KEY=0..
Software Version 2.8.1 175 Parameter Description RETRYIKEattempts The number of consecutive attempts ISAKMP makes to establish a connection. This parameter should only be used for permanent VPNs. If an ISAKMP exchange fails, then ISAKMP will attempt the key exchange again. If a phase 2 exchange fails, the exchange is attempted over new ISAKMP SAs. Default: 0 Software Version 2.8.1 C613-10477-00 REV B 0 No retry attempts occur. 1..16 The specified number of retry attempts occur.
Enhancements to IPsec/VPN Release Note set ipsec policy Syntax SET IPSec POLIcy=name [ACtion={DEny|IPSec|PErmit}] [BUNDlespecification=bundlespecification-id] [DFBit={SEt|COpy|CLear}] [GROup={0|1|2}] [ICmptype={list|NDall}] [IPROUtetemplate=template-name] [IPVersion={4|6}] [ISAkmppolicy=isakmp-policy-name] [LADdress={ANy|ipv4add[-ipv4add]| ipv6add[/prefix-length]|ipv6add-ipv6add}] [LMAsk=ipv4add] [LNAme={ANy|system-name}] [LPort={ANy|OPaque|port}] [PEERaddress={ipv4add|ipv6add|ANy|DYNAMIC}] [PKTDebu
Software Version 2.8.1 177 set isakmp policy Syntax SET ISAkmp POLicy=name [PEer={ipv4add|ipv6add|ANy}] [AUTHType={PREshared|RSAEncr|RSASig}] [DELETedelay=10] [DHExponentlength=160..1023] [ENCalg={3DES2key|3DESInner|3DESOuter|DES|AES128| AES192|AES256}] [EXPIRYKbytes=1..1000] [EXPIRYSeconds=600..31449600] [GROup={0|1|2}] [HAShalg={SHa|MD5}] [HEARtbeatmode={Both|None|Receive|Send}] [HYBRIDxauth={ON|OFf|TRue|FAlse}] [IPVersion={4|6}] [KEY=0..
Enhancements to IPsec/VPN Release Note Parameter Description RETRYIKEattempts The number of consecutive attempts ISAKMP makes to establish a connection. This parameter should only be used for permanent VPNs. If an ISAKMP exchange fails, then ISAKMP will attempt the key exchange again. If a phase 2 exchange fails, the exchange is attempted over new ISAKMP SAs. Default: 0 0 No retry attempts occur. 1..16 The specified number of retry attempts occur.
Software Version 2.8.1 179 show ipsec policy Syntax SHow IPSec POLIcy[=name] Figure 56: Example output from the show ipsec policy command for a specific policy. IPsec Policy Information Name ........................... Interface ...................... Source Interface ............... Position ....................... Action ......................... my_vpn PPP0 PPP0 1 IPSEC Key Management ................. Isakmp Policy Name ............. Bundle Specification ........... Peer IP Address Dynamic ........
Enhancements to IPsec/VPN Release Note show ipsec policy counter Syntax SHow IPSec POLIcy[=name] COUnter Figure 57: Modified output for the show ipsec policy counter command. . . .
Software Version 2.8.1 181 show isakmp counters Syntax SHow ISAkmp COUnters[={AGGressive|GENeral|HEArtbeat|INFo| IPSec|MAIn|NETwork|QUIck|SAD|SPD|TRAnsaction|XDB}] Figure 58: Example output from the show isakmp counter=general command ISAKMP General Counters Software Version 2.8.
Enhancements to IPsec/VPN Release Note Table 49: Modified parameters in output of the show isakmp counter=general command Parameter Meaning badSpiRequests The number of bad SPI requests that IPsec generated and sent to ISAKMP. These occur when an IPsec policy has the parameter respondbadspi set to true and packets processed by that policy have an unknown SPI value. If ISAKMP accepts the request, it establishes a new ISAKMP SA to the sending peer, then sends an initial contact notification message.
Software Version 2.8.1 183 show isakmp exchange Syntax SHow ISAkmp EXChange[=exchange-id] Figure 60: Modified Example output from the show isakmp exchange command for a specific exchange in Main mode ISAKMP Exchange Id .................................... Type .................................. State ................................. Phase ................................. Initiator ............................. DOI ................................... Policy name ........................... SA ..........
Enhancements to IPsec/VPN Release Note show isakmp policy Syntax SHow ISAkmp POLicy[=name] Figure 61: Modified example output from the show isakmp policy command for a specific policy. . . . Message Time Out ...................... Message Back-off ...................... Exchange Delete Delay ................. Source Interface ...................... VPN Client Policy File Name ........... Local ID .............................. Remote ID ............................. DebugFlag .......................
Software Version 2.8.1 185 show isakmp sa Syntax SHow ISAkmp SA[=sa-id] Figure 62: Modified example output from the show isakmp sa command for a specific Security Association. SA Id ................................. 1 Initiator Cookie .................... e418dba372510e53 Responder Cookie .................... 80c30ff4f2cb3f29 DOI ................................. IPSEC Policy name ......................... main State ............................... ACTIVE Local address ....................... 202.36.163.
SNMP MIBs Release Note SNMP MIBs This Software Version includes the following enhancements to SNMP MIBs: ■ SHDSL Line MIB ■ Logging SNMP operation ■ Traps on OSPF state changes ■ Trap on VRRP topology changes ■ Traps on MSTP state and topology changes ■ Restart Log ■ Trap on Login Failures ■ VLAN-based port state changes ■ Trap on Memory Levels This section describes the enhancements. The modified commands to implement them are described in Command Reference Updates.
Software Version 2.8.1 187 ■ The Segment Endpoint 1-Day Interval Status/Performance Group contains objects that describe the historic status and performance of segment endpoints in 1-day intervals. ■ The Maintenance Group contains objects for performing maintenance operations such as loopbacks for SHDSL lines. ■ The Span Configuration Profile Group contains objects that define configuration profiles for SHDSL Spans.
SNMP MIBs Release Note The SNMP agent now generates the following log message when there is insufficient system memory to send a trap message: Message SNMP Trap not sent due to excessive memory usage Severity 5 / IMPORTANT Module 59 / SNMP Log Type 089 / SNMP Log Subtype 001 / MEMORY Recommended Action Use the show buffer command to check system memory usage. Use the show snmp command to check for excessive polling.
Software Version 2.8.
SNMP MIBs Release Note from the Learning state to the Forwarding state, or from the Forwarding state to the Blocking state.
Software Version 2.8.1 191 ■ • swiPortVlanVlanId, the VID of the VLAN the port belongs to. • swiPortVlanControl, the current state of the port in the VLAN. The port can be enabled or disabled in the VLAN by setting swiPortVlanControl to enable (1) or disable (2), respectively.
SNMP MIBs Release Note Command Reference Updates This section describes the changed portions of the modified command and output screen. For modified commands and output, the new parameters, options, and fields are shown in bold. show buffer Syntax SHow BUFfer [SCAn[=address [QUEuepointers]]] where address is the memory address of a section of router or switch code expressed in hexadecimal Description The output of this command includes a new field.
Software Version 2.8.1 193 CDP over WAN Interfaces This Software Version expands the existing Cisco Discovery Protocol functionality to include PPP interfaces.
CDP over WAN Interfaces Release Note disable lldp cdp interface Syntax DISable LLDP CDP INTerface=interface where interface is the interface on which to disable CDP, one of: Description ■ ethn An Eth port, where n is the Eth port instance (for example, eth0) ■ portm A switch port, where m is the port number (for example, port2 for the switch port numbered 2) ■ pppm A PPP interface, where m is the interface number This command disables CDP on a specified interface.
Software Version 2.8.1 195 enabled on a particular device, no other debugging mode can be enabled on any other device simultaneously. CDP debugging is disabled by default. Parameter Description DEBug The debugging mode to enable. PACket Enables debugging of the reception of CDP advertisements. ADJacency Enables debugging of the creation and deletion of CDP neighbours EVent Enables debugging of error conditions, such as bad packets. PPP Enables debugging of PPP events.
CDP over WAN Interfaces Release Note show lldp cdp Syntax Description SHow LLDP CDP This command displays general information about the current CDP set up. Figure 64: Example output from the show lldp cdp command CDP general information --------------------------------------------Enabled ...................... Yes Number of CDP neighbours ..... 14 SysUpTime .................... 12345.42s CDP processing time .......... 3.385727s PPP Templates Enabled ........ 1,4 PPP Templates Disabled .......
Software Version 2.8.1 197 Permanent Assignments on AR400 Series Routers This Software Version adds support for permanent assignments on AR400 Series routers. Permanent assignments provide a method for creating permanent links between terminal ports on routers. For information and command syntax, see the "Permanent Assignments" chapter of the Software Reference for Software Version 2.7.6 or 2.8.1 Software Version 2.8.
Chapter 1 Ethernet Protection Switching Ring (EPSR) Introduction to Ethernet Protection Switching Ring (EPSR) .............................. 1-2 Ring Components and Operation ............................................................ 1-2 Fault Detection and Recovery ......................................................................... 1-4 Fault Recovery Procedure ......................................................................... 1-5 Restoring Normal Operation .................................
2 Software Reference Introduction to Ethernet Protection Switching Ring (EPSR) Ethernet Protection Switching Ring (EPSR) is a protection system employed to prevent loops within Ethernet ring based topologies. EPSR offers a rapid detection and recovery time (in the order of 50 ms, depending on configuration) if a link or node fails.
Ethernet Protection Switching Ring (EPSR) 3 The EPSR control VLAN, and its associated data VLANs, form a Ring Domain. Although a physical ring can have more than one domain, each domain must operate as a separate logical group of VLANs and must have its own master node. This means that several domains may share the same physical network, but must operate as logically separate VLAN groups.
4 Software Reference Fault Detection and Recovery EPSR uses two methods to detect and recover from outages in either a node or a link within the ring. These methods are: ■ Master node polling fault detection ■ Transit node unsolicited fault detection Master Node Polling Fault Detection The master node issues healthcheck messages from its primary port as a means of checking the condition of the EPSR network ring.
Ethernet Protection Switching Ring (EPSR) 5 Fault Recovery Procedure When the master node detects an outage somewhere in the ring, using either of the detection methods previously described, it will: ■ declare the ring to be in a “failed” state ■ unblock its secondary port to enable the data VLAN traffic to pass between its primary and secondary ports.
6 Software Reference Restoring Normal Operation Transit Nodes Once a fault in the ring or node has been rectified, the transit nodes that span the (previously) faulty link section will detect that link connectivity has returned. They will then move their appropriate ring port state, from “Links-Down” to “Pre-Forwarding,” and await the “Ring-Up-Flush” control message from the master node. See “Master Node” on page 1-6.
Ethernet Protection Switching Ring (EPSR) 7 Configuring EPSR EPSR can be configured in many ways ranging from the simple example shown below, through to complex rings with extended lobes running either EPSR or spanning tree protocols. Single Domain, Single Ring Network This example shows a very simple single ring, single domain configuration with no connecting lobes.
8 Software Reference Figure 1-4 shows a sample of the commands required to configure this network. Figure 1-4: Example script for a 4 node ring network # EPSR configuration for a simple 4 node ring network # For the Master Node # Set the Acceptable Frame Types parameter to admit only VLAN tagged frames on # ports 1 and 2.
Ethernet Protection Switching Ring (EPSR) 9 Single Ring, Dual Domain Network This example shows a slightly more complex EPSR configuration where two EPSR domains share the same physical ring. This configuration enables two sets of users to run totally separate layer two networks. Better load distribution around the ring can be achieved by configuring different nodes to be the master for each ring. Figure 1-5: EPSR Single Ring Network, Two Domain Network.
10 Software Reference Figure 1-6: Example script for a Single Ring, Two Domain Network - Node 1 # Node 1 (Master node for Ring_A - Transit Node for Ring_B) # Set the Acceptable Frame Types parameter to admit only VLAN tagged frames.
Ethernet Protection Switching Ring (EPSR) Figure 1-7: Example script for a Single Ring, Two Domain Network - Nodes 2 and 4 # Node 2 and Node 4 (Transit node for Ring_A - Transit Node for Ring_B) # Set the Acceptable Frame Types parameter to admit only VLAN tagged frames.
12 Software Reference Figure 1-8: Example script for a Single Ring, Two Domain Network - Node 3 # Node 3 (Transit node for Ring_A - Master Node for Ring_B) # Set the Acceptable Frame Types parameter to admit only VLAN tagged frames.
Ethernet Protection Switching Ring (EPSR) 13 EPSR and Spanning Tree Operation EPSR and the Spanning Tree protocols (STP) each address the issue of data loop prevention, although their method of doing so is quite different. For information on STP, see the Spanning Tree Chapter of your switch’s Software Refernce.
14 Software Reference Figure 1-10: Example script for a combined EPSR STP network - Master Node 1 # EPSR configuration with spanning tree lobe # For the Master Node (Node 1) # Set the Acceptable Frame Types parameter to admit only VLAN tagged frames on # ports 1 and 2.
Ethernet Protection Switching Ring (EPSR) 15 Figure 1-12: Example script for a combined EPSR STP network - Transit Nodes 2 and 4 # For Transit Nodes 2 and 4 # Set the Acceptable Frame Types parameter to admit only VLAN tagged frames on # ports 1 and 2.
16 add epsr datavlan Software Reference add epsr datavlan Syntax Description ADD EPSR=epsr-name DATAvlan={vlan-name|1..4094} This command adds a data VLAN to the selected EPSR instance, in order to provide protection against network loops in that VLAN. The following configuration rules apply when adding an EPSR data VLAN: ■ The maximum number of data VLANs that can be added to an EPSR instance is 512. ■ The VLAN must not already be in the EPSR instance as either a control VLAN or data VLAN.
Ethernet Protection Switching Ring (EPSR) create epsr 17 create epsr Syntax CREate EPSR=epsr-name MODE=MASTer CONtrolvlan={vlan-name| 1..4094} PRImaryport=port [HEllotime=time] [FAilovertime=time2] [RIngflaptime=0..65535] [TRap={ENAbled|DIsabled}] CREate EPSR=epsr-name MODE=TRANsit CONtrolvlan={vlan-name| 1..4078} [TRap={ENAbled|DIsabled}] Description This command creates an EPSR instance. Note that ingress filtering is automatically applied to a port when the port is added as an EPSR.
18 create epsr Software Reference Parameter Description (cont.) CONtrolvlan The identifier of the control VLAN. Note that you must first create the VLAN specified. To do this, use the create vlan command. For details of this command, see the Switching Chapter of your switch’s Software Reference. Default: no default PRImaryport vlan-name A unique name for the control VLAN. This name can be from 1 to 32 characters long.
Ethernet Protection Switching Ring (EPSR) delete epsr datavlan 19 delete epsr datavlan Syntax Description Warning DELete EPSR=epsr-name DATAvlan={vlan-name|1..4094|ALL} This command removes a data VLAN from the named EPSR instance. Deleting a VLAN that is still configured to a ring can cause loops and subsequent broadcast storms within the network. To avoid creating loops, take one or more of these steps before running this command: ■ disable the ports, using the disable switch port command.
20 destroy epsr Software Reference destroy epsr Syntax Description DESTroy EPSR={epsr-name|ALL} This command destroys the specified EPSR instance, or all EPSR instances. Before running this command you must first disable the appropriate EPSR instances by using the disable epsr command on page 1-21, and remove all their associated data VLANs. To avoid creating loops, take one or more of these steps before running this command: ■ disable the ports, using the disable switch port command.
Ethernet Protection Switching Ring (EPSR) disable epsr 21 disable epsr Syntax Description Warning DISable EPSR={epsr-name|ALL} This command disables the EPSR protocol for either the specified EPSR instance, or all EPSR instances. Disabling a VLAN that is still configured to a ring can cause loops and subsequent broadcast storms within the network.
22 disable epsr debug Software Reference disable epsr debug Syntax Description DISable EPSR={epsr-name|ALL} DEBug={INFo|MSG|PKT|STAte| ALL} This command disables debugging for either the selected EPSR instance, or all EPSR instances. Table 1-1: Parameters for the disable epsr debug command Parameter Description EPSR The EPSR instance on which debugging is to be disabled. Default: no default Debug epsr-name The name of the EPSR instance. This can be a character string, 1 to 15 characters long.
Ethernet Protection Switching Ring (EPSR) enable epsr 23 enable epsr Syntax Description ENAble EPSR={epsr-name|ALL} This command enables the operation of the EPSR protocol on the specified EPSR instance, or all EPSR instances. Parameter Description EPSR The EPSR instance to be enabled. Default: no default Examples epsr-name The name of the EPSR instance. This can be a character string, 1 to 15 characters long.
24 enable epsr debug Software Reference enable epsr debug Syntax ENAble EPSR={epsr-name|ALL} DEBug={INFo|MSG|PKT|STAte|ALL} [OUTput=CONsole] [TIMEOut={1..4000000000|NONE}] Description This command enables debugging for either the selected EPSR instance, or all EPSR instances. Parameter Description EPSR The EPSR instance whose debugging is to be enabled. Default: no default DEbug epsr-name The name of the EPSR instance. This can be a character string, 1 to 15 characters long.
Ethernet Protection Switching Ring (EPSR) purge epsr 25 purge epsr Syntax Description Warning PURge EPSR This command destroys all EPSR instances, returning the EPSR module to its status when it is first powered on. If the data VLANs of any EPSR instances are still configured in a ring formation, purging EPSR could cause a loop in the network. To avoid creating loops, take one or more of these steps before running this command: ■ disable the ports, using the disable switch port command.
26 set epsr Software Reference set epsr Syntax Description SET EPSR={epsr-name|ALL} [HEllotime=time] [FAilovertime=time2] [RIngflaptime=0..65535] [TRAP={ENAbled|DIsabled}] This command sets the parameters used by the EPSR protocol for the specified EPSR instance or all EPSR instances. Parameter Description EPSR The EPSR instance to be set. Default: no default HEllotime epsr-name The name of the EPSR instance. This can be a character string, 1 to 15 characters long.
Ethernet Protection Switching Ring (EPSR) set epsr port 27 create snmp community (SNMPv1 & v2) create epsr show epsr set epsr port Syntax Description SET EPSR=epsr-name POrt=port TYpe={PRIMary|SECOndary} This command sets or changes primary and secondary port designations for a selected EPSR instance. Setting one port to primary will automatically cause the other port to change to secondary; similarly setting one port to secondary will automatically cause the other port to change to primary.
28 show epsr Software Reference show epsr Syntax Description SHOW EPSR[={epsr-name|ALL}] This command displays information about the specified EPSR instance, or all EPSR instances on the switch (Figure 1-13, Table 1-2). Parameter Description EPSR The EPSR instance whose details are displayed. Default: all epsr-name The name of the EPSR instance. This can be a character string, 1 to 15 characters long.
Ethernet Protection Switching Ring (EPSR) show epsr 29 Table 1-2: Parameters displayed in the output of the show epsr command Parameter Meaning Name The name of the EPSR instance. Mode Whether the EPSR instance is running as a Master or Transit node on this device. Status The status of the named epsr instance: either Enabled or Disabled. State The state of the EPSR instance. In a master node, a state can be: Idle, Complete or Failed.
30 show epsr Software Reference Table 1-2: Parameters displayed in the output of the show epsr command (cont.) Examples Parameter Meaning First Port Status The status of the first ring port; either Unknown, Forwarding, Down or Blocking. Unknown is displayed when the EPSR instance is disabled. This parameter is only shown for a transit node.
Ethernet Protection Switching Ring (EPSR) show epsr counter 31 show epsr counter Syntax Description SHOW EPSR[={epsr-name|ALL}] COUnter This command displays the counter information about the specified EPSR instance, or all EPSR instances (Figure 1-14, Table 1-3). Parameter Description EPSR The EPSR instance whose details are displayed. Default: all COUnter epsr-name The name of the EPSR instance. This can be a character string, 1 to 15 characters long.
32 show epsr counter Software Reference Table 1-3: Parameters displayed in output of the show epsr counter command (cont.) Examples Parameter Meaning Link Down The number of valid link-down packets received. Invalid EPSR Packets The number of invalid EPSR control packets received. Transmit EPSR packets transmitted Total EPSR Packets The total number of EPSR control packets transmitted. Health The number of healthcheck packets transmitted. Ring Up The number of ring-up packets transmitted.
Ethernet Protection Switching Ring (EPSR) show epsr debug 33 show epsr debug Syntax Description SHOW EPSR[={epsr-name|ALL}] DEBug This command show the debugging modes enabled on each EPSR instance, or all EPSR instances (Figure 1-15, Table 1-4). Parameter Description EPSR The EPSR instance whose debugging details are displayed. Default: all DEBug epsr-name The name of the EPSR instance. This can be a character string, 1 to 15 characters long.
