6-Slot Layer 3 IPv6/IPv4 Routing Chassis Switch CS-6306R
Users Manual of CS-6306R Trademarks Copyright © PLANET Technology Corp. 2022. Contents are subject to revision without prior notice. PLANET is a registered trademark of PLANET Technology Corp. All other trademarks belong to their respective owners.
Users Manual of CS-6306R WEEE Warning To avoid the potential effects on the environment and human health as a result of the presence of hazardous substances in electrical and electronic equipment, end users of electrical and electronic equipment should understand the meaning of the crossed-out wheeled bin symbol. Do not dispose of WEEE as unsorted municipal waste and have to collect such WEEE separately.
Users Manual of CS-6306R Contents Chapter 1. 1.1 1.2 1.3 1.4 Chapter 2. INTRODUCTION 18 Packet Contents ...................................................................................................................................... 18 Product Description ................................................................................................................................. 19 Product Features ...............................................................................................
Users Manual of CS-6306R 4.3 4.3.1 4.3.2 4.3.3 4.3.4 4.3.5 4.3.6 Chapter 5. Network Management Configuration ...................................................................................................... 84 Configuring SNMP ......................................................................................................................... 84 RMON Configuration .....................................................................................................................
Users Manual of CS-6306R 6.1.9 AAA Accounting Configuration Task List ...................................................................................... 119 6.1.10 AA Accounting Configuration Task ............................................................................................... 119 6.2 Configuring RADIUS ............................................................................................................................. 122 Introduction ............................................
Users Manual of CS-6306R 7.6.2 7.6.3 7.7 7.8 7.9 7.10 Setting the Static Route ............................................................................................................... 162 IGMP Proxy.................................................................................................................................. 162 Advanced Configuration ........................................................................................................................ 163 QoS Configuration .
Users Manual of CS-6306R 11.2 Secure Port Configuration ..................................................................................................................... 188 Overview ...................................................................................................................................... 188 11.2.1 11.2.2 Configuration Task of the Secure Port ......................................................................................... 188 11.3 Configuring the Secure Port .....
Users Manual of CS-6306R 16.1 16.2 16.3 VLAN Introduction ................................................................................................................................. 201 VLAN Configuration Task List ............................................................................................................... 201 VLAN Configuration Task ...................................................................................................................... 201 Adding/Deleting VLAN .....
Users Manual of CS-6306R 19.2 Configuring MTSP ................................................................................................................................. 221 MSTP Overview ........................................................................................................................... 221 19.2.1 19.2.2 MSTP Configuration Task List...................................................................................................... 229 19.2.3 MSTP Configuration Task .......
Users Manual of CS-6306R 26.1.3 Types of EAPS Packets ............................................................................................................... 271 26.1.4 Fast Ethernet Ring Protection Mechanism .................................................................................. 271 26.2 Fast Ethernet Ring Protection Configuration ........................................................................................ 272 Default EAPS Settings ...........................................
Users Manual of CS-6306R 32.1.1 32.1.2 Chapter 33. 33.1 IPv6 Multicast Overview .............................................................................................................. 327 MLD-Snooping Multicast Configuration Tasks ............................................................................. 327 OAM Configuration 333 OAM Configuration ............................................................................................................................... 333 OAM Overview ..
Users Manual of CS-6306R Chapter 39. 39.1 371 DoS Attack Prevention Configuration 383 DoS Attack Prevention Configuration .................................................................................................... 383 DoS Attack Overview ................................................................................................................... 383 41.1.1 41.1.2 DoS Attack Prevention Configuration Task List............................................................................
Users Manual of CS-6306R 43.4.3 Chapter 44. 44.1 Configuring IP Access List Based on Physical Port ..................................................................... 424 IP ACL Application Configuration 427 Applying the IP Access Control List ...................................................................................................... 427 Applying ACL on Ports ................................................................................................................. 427 44.1.
Users Manual of CS-6306R 48.2 Multi-VRF CE Configuration .................................................................................................................. 481 Default VRF Configuration ........................................................................................................... 481 48.2.1 48.2.2 MCE Configuration Tasks ............................................................................................................ 481 48.2.3 MCE Configuration ....................
Users Manual of CS-6306R 50.4 PIM-DM Configuration .......................................................................................................................... 518 PIM-DM Introduction .................................................................................................................... 518 50.4.1 50.4.2 Configuring PIM-DM .................................................................................................................... 519 50.4.
Users Manual of CS-6306R Chapter 55. BFD Configuration 555 55.1 55.2 Overview ............................................................................................................................................... 555 BFD Configuration Tasks ...................................................................................................................... 555 Activating Port BFD ..................................................................................................................
Users Manual of CS-6306R Chapter 1. INTRODUCTION Thank you for purchasing PLANET CS-6306R 6-slot Layer 3 IPv6/IPv4 Routing Chassis Switch. The term “Chassis Switch” refers to the CS-6306R series mentioned this User’s manual. 1.1 Packet Contents Open the box of the Chassis Switch and carefully unpack it.
Users Manual of CS-6306R The term “Management Module” refers to the CS6-MCU mentioned in this user’s manual. And the term “Standard Ethernet Module” means the CS6-S24S8X, CS6-S24T8X, CS6-S48T, CS6-S48S, CS6-S24T24S, CS6-S16X and CS6-S4Q, mentioned in this user’s manual. 1.
Users Manual of CS-6306R Full IPv6 Support The CS-6306R Chassis Switch supports IPv4-to-IPv6 technologies including IPv4 manual/automatic tunnel, IPv6-to-IPv4 tunnel, and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) tunnel. It comprehensively supports IPv6 Neighbor Discovery, DHCPv6, Path MTU Discovery, IPv6-based Telnet, SSH and ACL, meeting the need of IPv6 network device management and service control.
Users Manual of CS-6306R Enhanced Quality of Service The CS-6306R Switch fully supports DiffServ module, so users can specify a queue bandwidth on each port. WRR/SP/SWRR scheduling is also provided. The CS-6306R supports the port security to enable trusted CoS, DSCP, IP precedence and port priority. Users can modify packets’ DSCP and COS values so that the traffic can be classified by port, VLAN, DSCP, IP precedence and ACL table.
Users Manual of CS-6306R Reliable, High-performance and High-density Enterprise Backbone Switch 10/40-Gigabit Ethernet supported equipment has become the fundamental unit of enterprises and network servers. PLANET CS-6306R is the cost-effective, high-density and high-bandwidth chassis switch, which meets today’s market requirements.
Users Manual of CS-6306R 1.
Users Manual of CS-6306R − 802.3ad Link Aggregation Control Protocol (LACP) − Cisco ether-channel (static trunk) Supports Spanning Tree Protocol − STP, IEEE 802.1D (Classic Spanning Tree Protocol) − RSTP, IEEE 802.1w (Rapid Spanning Tree Protocol) − MSTP, IEEE 802.
Users Manual of CS-6306R − Console and Telnet Command Line Interface − HTTP web switch management − SNMP v1 and v2c switch management − SSHv2, SSLv3, TLSv1.
Users Manual of CS-6306R 1.4 Product Specifications 1.4.1 CS-6306R +CS6-MCU Specification Product CS-6306R + CS6-MCU Hardware Specifications Total Number of Slots 6 Max. Management 2 (slots 5 and 6) Module Supports dual master control redundancy and automatic recovery Max. Switch Module 4 (slots 1 to 4) Number of Power Supply Bays Number of Fan Trays 3 1, hot-pluggable 443.5 x 370 x 397 mm Dimensions (W x D x H) 482 x 370 x 397 mm (with rack-mount kit) 9U high Weight 21.6kg (empty) 24.
Users Manual of CS-6306R CS6-S16X 16-Port 10GBASE-X SFP+ Backward compatible with 1000BASE-X SFP transceivers 4-Port 40GBASE-X QSFP+ CS6-S4Q Supports 40GBASE-SR4/LR4 QSFP+ transceivers and 40G QSFP+ to 4x10G SFP+ breakout cable Total Port Capacity Max. 10/100/1000BASE-T 192 Max. 1000BASE-X SFP Ports 192 Max. 10G SFP+ Ports 64 Max. 40G QSFP+ Ports 16 Switching Performance Switch Processing Scheme Store-and-Forward Switch Backplane 3Tbps Switch Capacity 2.
Users Manual of CS-6306R RIP v1/v2 IP Routing Protocol OSPFv2 BGP (Border Gateway Protocol) Static routing Multicast Routing Protocol Routing Interface PIM-SM/DM/SSM 256 VRRP Policy routing Routing Functions Load balance through equal-cost routing GR (Graceful Restart) of OSPF and BGP BFD (Bidirectional Forwarding Detection) for OSPF and BGP IS-IS, Intermediate system to intermediate system IPv6 Layer 3 Function RIPng IP Routing Protocol OSPFv3 BGP4+ Multicast Routing PIM-DM and PIM-SM Protocol
Users Manual of CS-6306R IEEE 802.1D Spanning Tree Protocol (STP) Spanning Tree Protocol IEEE 802.1w Rapid Spanning Tree Protocol (RSTP) IEEE 802.
Users Manual of CS-6306R - MAC Address - IPv4/IPv6 IP Address - Protocol-number - sport/dport - ToS/Precedence Ingress Filter: 2560 entries Egress Filter: 1024 entries MAC address limitation and MAC address filtering MAC sticky (IP + MAC + Port binding) Port isolation Security DHCP snooping, DHCP option 82 Dynamic ARP inspection IP source guard Defined against DoS or TCP attacks AAA TACACS+ and IPv4/IPv6 over RADIUS Network Access Control IEEE 802.
Users Manual of CS-6306R RFC 1643 Ether-like MIB RFC 1907 SNMPv2 RFC 2011 IP/ICMP MIB RFC 2012 TCP MIB RFC 2013 UDP MIB RFC 2096 IP forward MIB RFC 2233 if MIB RFC 2452 TCP6 MIB RFC 2454 UDP6 MIB RFC 2465 IPv6 MIB RFC 2466 ICMP6 MIB RFC 2573 SNMPv3 notification RFC 2574 SNMPv3 VACM RFC 2674 Bridge MIB Extensions Standards Conformance Regulatory Compliance FCC Part 15 Class A, CE IEEE 802.3 10BASE-T IEEE 802.3u 100BASE-TX IEEE 802.3z 1000BASE-SX/LX IEEE 802.3ab Gigabit 1000T IEEE 802.
Users Manual of CS-6306R RFC 3376 IGMP v3 RFC 2710 MLD v1 RFC 3810 MLD v2 RFC 2328 OSPF v2 RFC 1058 RIP v1 RFC 2453 RIP v2 RFC 2080 RIPng for IPv6 RFC 2740 OSPFv3 for IPv6 Environment Operating Storage Temperature: 0 ~ 50 degrees C Relative Humidity: 10 ~ 90% (non-condensing) Temperature: -10 ~ 70 degrees C Relative Humidity: 5 ~ 90% (non-condensing) 1.4.2 Management Module Specification CS-6306R Management Module Model Name Product CS6-MCU Hardware Specifications Switching Capacity 1.28/2.
Users Manual of CS-6306R Reset button: System reboot only Button Host-swap button: Force swap master and slave management modules Host LED is lit up to show the host swap procedure is completed. Switching Performance Switch Processing Scheme Store-and-Forward Switch Backplane 3Tbps Switch Capacity 2.
Users Manual of CS-6306R BFD (Bidirectional Forwarding Detection) for OSPF and BGP IS-IS (Intermediate system to intermediate system) IPv6 Layer 3 Functions RIPng IP Routing Protocol OSPFv3 BGP4+ Multicast Routing Protocol PIM-DM and PIM-SM PIM-SSM Manual tunnel Routing Features ISATAP tunnel 6-to-4 tunnel ICMPv6, DHCPv6, ACLv6, IPv6 Telnet IPv6 Functions IPv6 Neighbor Discovery Path MTU Discovery Layer 2 Functions Port disable/enable Auto-negotiation 10/100/1000Mbps full and half duplex mode sele
Users Manual of CS-6306R IPv6 MLD v1/v2 snooping IPv6 MLD Snooping Multicast VLAN Register (MVR) Up to 8K multicast groups 8 priority queues on all switch ports Scheduling for priority queues - Weighted Round Robin (WRR) - Strict priority (SP) - SP+WRR Traffic classification: QoS - IEEE 802.1p CoS DSCP DiffServ Precedence TOS VLAN ID IP ACL MAC ACL Policy-based ingress and egress QoS 802.
Users Manual of CS-6306R AAA TACACS+ and IPv4/IPv6 over RADIUS Network Access Control IEEE 802.
Users Manual of CS-6306R Standards Conformance Regulatory Compliance FCC Part 15 Class A, CE IEEE 802.3 10BASE-T IEEE 802.3u 100BASE-TX IEEE 802.3z 1000BASE-SX/LX IEEE 802.3ab Gigabit 1000T IEEE 802.3ae 10Gigabit Ethernet IEEE 802.3ba 40Gigabit Ethernet IEEE 802.3x Flow Control and Back Pressure IEEE 802.3ad Port Trunk with LACP IEEE 802.1d Spanning Tree protocol IEEE 802.1w Rapid Spanning Tree Protocol IEEE 802.1s Multiple Spanning Tree Protocol IEEE 802.1p Class of Service IEEE 802.
Users Manual of CS-6306R 1.4.3 Standard Ethernet Module Specifications CS-6306R Standard Chassis Switch Modules Model Name CS6-S24S8X Product CS6-S24T8X Hardware Specifications Copper Ports SFP Slots SFP+ Slots - 24 x 10/100/1000BASE-T RJ45 ports 24 x 100/1000BASE-SX/LX SFP slots 8 x 1/10GBASE-SR/LR SFP+ slots - 8 x 1/10GBASE-SR/LR SFP+ slots QSFP+ Slots - Switch Fabric 208Gbps 208Gbps Throughput 154Mpps@64bytes 154Mpps@64bytes 1 x Alarm LED –Red. 1 x Alarm LED –Red.
Users Manual of CS-6306R Switch Fabric 96Gbps 96Gbps Throughput 71Mpps@64bytes 71Mpps@64bytes 1 x Alarm LED –Red. 1 x Alarm LED –Red. 1 x SYS LED –Green 1 x SYS LED –Green LINK/ACT LED –Green. LINK/ACT LED –Green. LED Standards Compliance IEEE 802.3 10BASE-T IEEE 802.3u 100BASE-FX IEEE 802.3u 100BASE-TX IEEE 802.3z Gigabit SX/LX IEEE 802.
Users Manual of CS-6306R CS-6306R Standard Chassis Switch Modules Model Name CS6-S24T24S Product Hardware Specifications Copper Ports 24 x 10/100/1000BASE-T RJ45 ports SFP/mini-GBIC Slots 24 x 1000BASE-SX/LX SFP slots SFP+/mini-GBIC Slots - QSFP+ Slots - Switch Fabric 96Gbps Throughput 71Mpps@64bytes 1 x Alarm LED –Red. LED 1 x SYS LED –Green LINK/ACT LED –Green. IEEE 802.3 10BASE-T IEEE 802.3u 100BASE-TX / FX Standards Compliance IEEE 802.3ab Gigabit 1000T IEEE 802.
Users Manual of CS-6306R Chapter 2. INSTALLATION This section describes the hardware features and installation of the Chassis Switch on the desktop or rack mount. For easier management and control of the Chassis Switch, familiarize yourself with its display indicators and ports. Front panel illustrations in this chapter display the unit LED indicators. Before connecting any network device to the Chassis Switch, please read this chapter completely. 2.
Users Manual of CS-6306R Figure 2-2 CS-6306R Rear Panel 1.Power slots Used for system power supply modules and supports up to three 550W AC/DC modules (CS6-PWR550-AC/DC). 2.Management Slots 5 and 6 support management module like CS6-MCU. slots (Slot 5 Master) 3.Switch slots Slots 1 to 4 support Switch modules like CS6-S16X and CS6-S24S8X 4.Fan tray slot Supports one system fan assembly with each assembly consisting of four axial fans. 5.
Users Manual of CS-6306R 2.1.1 Management Module Description The unit’s front panel provides a simple interface monitoring the Management Module. Figure 2-3 shows the front panel of the Management Module. CS6-MCU Front Panel Figure 2-3 CS6-MCU Front Panel ■ Console Port The console port is an RJ45 type, RS-232 male serial connector. It is an interface for connecting a terminal directly.
Users Manual of CS-6306R Red Lights to indicate that the fan system is abnormal. Off If the red indicator is off, the fan system is normal. Fan Alarm Hot Swap Green Lights to indicate that the MCU can be hot-swappable. Red Lights to indicate that the power supply of the system is abnormal. Off If the red indicator is off, the power supply of the system is normal. PWR Alarm Green Lights to indicate that the MCU is in the master control state.
Users Manual of CS-6306R 2.1.2 Standard Chassis Switch Module Description The unit’s front panel provides a simple interface monitoring the Standard Module. Figure 2-5 shows the front panel of the Standard Chassis Switch Module. CS6-S24S8X Front Panel Figure 2-5 CS6-S24S8X Front Panel The CS6-S24S8X Chassis Switch provides 24 100/1000BASE-X SFP Fiber Slots and 8 1G/10G GBASE-X SFP+ Fiber Slots.
Users Manual of CS-6306R ■ 100/1000BASE-X SFP Interfaces LED Color Function Lights to indicate the link through that port is successfully established with speed 100/1000Mbps. The port is the in “up” Green LNK/ACT state. Blinks to indicate that the Management Module is actively sending or receiving data over that port.
Users Manual of CS-6306R CS6-S24T8X Front Panel Figure 2-7 CS6-S24T8X Front Panel The CS6-S24T8X Chassis Switch provides 24 10/100/1000BASE-T ports and 8 1G/10G GBASE-X SFP+ Fiber Slots. The board performs Layer 2 and Layer 3 wire-speed switching and ports trunking, and connects core layer and access layer to enable port and user QoS.
Users Manual of CS-6306R ■ 10/100/1000BASE-T Interfaces LED Color Function Lights to indicate the link through that port is successfully established with speed 10/100/1000Mbps. The port is in the “up” Green state. Blinks to indicate that the Management Module is actively sending LNK/ACT or receiving data over that port.
Users Manual of CS-6306R CS6-S48S Front Panel Figure 2-9 CS6-S48S Front Panel The CS6-S48S Chassis Switch provides 48 100/1000BASE-X SFP Fiber Slots. The board performs Layer 2 and Layer 3 wire-speed switching and ports trunking, and connects core layer and access layer to enable port and user QoS. CS6-S48S Interface 48 100/1000BASE-X SFP Fiber Slots Provides one debugging serial port for single board debugging, which is not open for the clients.
Users Manual of CS-6306R ■ 100/1000BASE-X SFP Interfaces LED Color Function Lights to indicate the link through that port is successfully established with speed 100/1000Mbps. The port is in the “up” Green state. Blinks to indicate that the Management Module is actively sending LNK/ACT or receiving data over that port.
Users Manual of CS-6306R CS6-S48T Front Panel Figure 2-11 CS6-S48T Front Panel The CS6-S48T Chassis Switch provides 48 10/100/1000BASE-T ports. The board performs Layer 2 and Layer 3 wire-speed switching and ports trunking, and connects core layer and access layer to enable port and user QoS. CS6-S48T Interface 48 10/100/1000BASE-T ports Provides one debugging serial port for single board debugging, which is not open for the clients.
Users Manual of CS-6306R ■ 10/100/1000BASE-T Interfaces LED Color Function Lights to indicate the link through that port is successfully established with speed 10/100/1000Mbps. The port is in the “up” Green state. Blinks to indicate that the Management Module is actively sending LNK/ACT or receiving data over that port.
Users Manual of CS-6306R CS6-S24T24S Front Panel Figure 2-13 CS6-S24T24S Front Panel The CS6-S24T24S Chassis Switch provides 24 10/100/1000BASE-T ports and 24 1000BASE-X SFP Fiber Slots. The board performs Layer 2 and Layer 3 wire-speed switching and ports trunking, and connects core layer and access layer to enable port and user QoS.
Users Manual of CS-6306R ■ 10/100/1000BASE-T Interfaces LED Color Function Lights to indicate the link through that port is successfully established with speed 10/100/1000Mbps. The port is in the “up” Green state. Blinks to indicate that the Management Module is actively sending LNK/ACT or receiving data over that port.
Users Manual of CS-6306R CS6-S16X Front Panel Figure 2-15 CS6-S16X Front Panel The CS6-S16X Chassis Switch provides 16 1G/10G GBASE-X SFP+ Fiber Slots. The board performs Layer 2 and Layer 3 wire-speed switching and ports trunking, and connects core layer and access layer to enable port and user QoS. CS6-S16X Interface 16 1G/10G GBASE-X SFP+ Fiber Slots. Provides one debugging serial port for single board debugging, which is not open for the clients.
Users Manual of CS-6306R ■ 1G/10GBASE-X SFP+ Interfaces LED Color Function Lights to indicate the link through that port is successfully established with speed 1G/10GMbps.The port is in the “up” state. Green Blinks to indicate that the Management Module is actively sending LNK/ACT or receiving data over that port.
Users Manual of CS-6306R CS6-S4Q Front Panel Figure 2-17 CS6-S4Q Front Panel The CS6-S4Q Chassis Switch provides 4 40G QSFP ports. The board performs Layer 2 and Layer 3 wire-speed switching and ports trunking, and connects core layer and access layer to enable port and user QoS. CS6-S4Q Interface 4 40G QSFP ports and supports QSFP 40G optical module. Provides one debugging serial port for single board debugging, which is not open for the clients.
Users Manual of CS-6306R ■ 40G QSFP Interfaces LED Color Function Lights to indicate the link through that port is successfully established with speed 40GMbps. The port is in the “up” state. Green Blinks to indicate that the Management Module is actively sending LNK/ACT or receiving data over that port.
Users Manual of CS-6306R 2.2 Installing the Chassis Switch This section describes how to install your Chassis Switch and make connections to the Chassis Switch. Please read the following topics and perform the procedures in the order being presented. To install your Chassis Switch on a desktop or shelf, simply complete the following steps. To avoid damage, do not place any weight on the CS-6306R. Maximum weight of various modules installed is 30kg and full configuration weight is 30kg.
Users Manual of CS-6306R Figure 2-19 Rack-mounting Brackets You must use the screws supplied with the mounting brackets. Damage caused to the parts by using incorrect screws would invalidate your warranty. Step 3 After the brackets are attached to the CS-6306R, use suitable screws to securely attach the brackets to the rack, as shown in Figure 2-20. Please make sure the device does not slip through your grasp, or else it may cause damage to the device or may even hurt the installer.
Users Manual of CS-6306R 2.2.3 Installing the SFP/SFP+ Transceiver The sections describe how to insert an SFP/SFP transceiver into an SFP/SFP+ slot. The SFP/SFP+ transceivers are hot-pluggable and hot-swappable. You can plug in and out the transceiver to/from any SFP/SFP+ port without having to power down the Chassis Switch as Figure 2-21 shows.
Users Manual of CS-6306R Gigabit Ethernet Transceiver (1000BASE-BX, Single Fiber Bi-directional SFP) Model Speed (Mbps) Connector Interface Fiber Mode Distance Wavelength (TX/RX) Operating Temp.
Users Manual of CS-6306R Before connecting the other chassis switch, workstation or media converter, 1. Make sure both sides of the SFP transceiver are with the same media type, for example, 1000BASE-SX to 1000BASE-SX, 1000BASE-LX to 1000BASE-LX. 2. Check whether the fiber-optic cable type matches the SFP transceiver model. To connect to 1000BASE-SX SFP transceiver, use the multi-mode fiber cable with one side being the male duplex LC connector type.
Users Manual of CS-6306R Figure 2-22 Pulling out the SFP/SFP+ transceiver Never pull out the module without pulling the handle or the push bolts on the module. Directly pulling out the module with force could damage the module and SFP/SFP+ module slot of the Chassis Switch. 2.2.4 Chassis Switch Grounding A good grounding system is the groundwork for the smooth and safe operation of the CS-6306R, and an excellent way to prevent lightning strikes and resistance interference.
Users Manual of CS-6306R The CS-6306R provides chassis grounding post in the lower front chassis, marked as “GND”. Chassis protection grounding should be properly connected to the rack grounding connector The ground cabling procedures are listed below: Step 1 Remove the nuts from the front chassis grounding posts. Step 2 Wrap one end of the green and yellow grounding cable to the grounding posts. Step 3 Attach the grounding post nut and tighten well.
Users Manual of CS-6306R Figure 2-23 Inserting the Optional Module into the Slot of CS-6306R 2.2.6 Removing and Installing the Dust Gauze Dust gauze is provided in the CS-6306R, which can be installed and removed from the back of the CS-6306R in right section. The dust gauze is meant to prevent large debris or particles in the air from being ingested into the Chassis Switch. Please perform cleaning on a regular basis according to the site conditions.
Users Manual of CS-6306R 2.2.7 Removing and Installing the Fan Tray One fan tray in the right section of the CS-6306R can be serviced from the front. The installation and removal of the fan tray is relatively simple. Please refer to the following procedure for reference. Removing the Fan Tray Step 1 Loosen the 2 screws on the front panel of the fan tray.
Users Manual of CS-6306R 2.2.8 Installing and Removing the Power Supply Unit into/from the Compartment To remove a power supply unit from the CS-6306R, press and hold the blue lever to the left till it is totally pulled out from the power supply unit. Figure 2-26 Installing and Removing the Power Supply Unit 2.2.9 Installing Wire Rack in the Chassis Switch You can see the front side of the CS-6306R with the wire rack slot in the left section .
Users Manual of CS-6306R Chapter 3. 3.1 Chassis Switch Management Management Options To set up the Chassis Switch, the user needs to configure the Chassis Switch for network management. The Chassis Switch provides two management options: Out-of-Band management and In-Band management. 3.1.1 Out-of-Band Management Out-of-band management is the management through Console interface.
Users Manual of CS-6306R 3.1.2 In-band Management In-band management refers to the management by logging to the Chassis Switch using Telnet, HTTP, or using SNMP management software to configure the Chassis Switch. In-band management enables the management of the Chassis Switch to attach some devices to the Switch. The following procedure is required to enable In-band management: 1. Logging on to console 2. Assigning/Configuring IP address 3. Creating a remote login account 4.
Users Manual of CS-6306R Step 1: Run Telnet Client program. Run Telnet client program included in Windows with the specified Telnet target. Figure 3-3 Run telnet client program included in Windows Step 2: Logging to the Chassis Switch. Log in to the Telnet configuration interface. The commands used in the Telnet CLI interface after the login is the same as that in the Console interface. Default IP Address: 192.168.1.
Users Manual of CS-6306R 3.1.2.2 Management via HTTP To manage the Chassis Switch via HTTP, the following conditions should be met: 1) Chassis Switch has an IPv4/IPv6 address configured (Default IP address 192.168.1.1); 2) The host IPv4/IPv6 address (HTTP client) and the switch’s VLAN interface IPv4/IPv6 address are in the same network segment; 3) If (2) is not met, HTTP client should connect to an IPv4/IPv6 address of the switch via other devices, such as a router.
Users Manual of CS-6306R Figure 3-6 Web Main Screen of CS-6306R Chassis Switch 4. The Chassis Switch Menu on the left side of the Web page lets you access all the commands and statistics the Chassis Switch provides. Now, you can use the Web management interface to continue the Chassis Switch management or manage the Chassis Switch by console interface. Please refer to the user manual for more detailed information. 3.1.2.
Users Manual of CS-6306R 3.1.2.4 CLI Interface The switch provides three management interfaces for users: CLI (Command Line Interface) interface, Web interface and Simple Network Management software. The command line interfaces for the switch can be classified into several modes. Each command mode enables you to configure different groupware. The command that can be used currently is up to the command mode where you are.
Users Manual of CS-6306R Enter a command, press the space key and enter the question mark. The command parameter list is displayed. Switch> show ? Press the “up” key and the commands entered before it can be displayed. Continue to press the “up” key to show more commands. After that, press the “down” key and the next command to be entered is displayed under the current command. 3.1.4 Canceling a Command To cancel a command or resume its default properties, add the keyword “no” before most commands.
Users Manual of CS-6306R Chapter 4. 4.1 Basic Configuration System Management Configuration 4.1.1 File Management Configuration 4.1.1.1 Managing the file system The filename in flash is no more than 20 characters and filenames are case insensitive. 4.1.1.2 Commands for the file system The boldfaces in all commands are keywords. Others are parameters. The content in the square brakcet “[ ]” is optional. Command Description format Formats the file system and delete all data.
Users Manual of CS-6306R 4.1.1.4 Updating software User can use this command to download switch system software locally or remotely to obtain version update or the custom-made function version (like data encryption and so on). There are two ways of software update in monitor mode. a) Through TFTP monitor#copy tftpflash [ip_addr] The previous command is to copy file from the tftp server to the flash in the system.
Users Manual of CS-6306R Parameter description Parameter Description local_filename Filename stored in the flash Users must enter the filename. Example The terminal program can be the Hyper Terminal program in WINDOWS 95, NT 4.0 or the terminal emulation program in WINDOWS 3.X. monitor#download c0 switch.bin Prompt: speed [9600]?115200 Then, modify the rate to 115200. After reconnection, select send file in the transfer menu of hyper terminal (terminal emulation).
Users Manual of CS-6306R 4.1.1.6 Using ftp to perform the update of software and configuration config #copy ftpflash [ip_addr|option] Use ftp to perform the update of software and configuration in formal program management. Use the copy command to download a file from ftp server to switch, also to upload a file from file system of the switch to ftp server. After you enter the command, the system will prompt you to enter the remote server name and remote filename.
Users Manual of CS-6306R Example The following example shows a main.bin file is read from the server, written into the switch and changed into the name switch. Bin. config#copy ftp flash Prompt: ftp user name[anonymous]? login-nam Prompt: ftp user password[anonymous]? login-password Prompt: Source file name[]?main.bin Prompt: Remote-server ip address[]?192.168.20.1 Prompt: Destination file name[main.bin]?switch.bin or config#copy ftp: //login-nam: login-password@192.168.20.1/main.bin flash: switch.
Users Manual of CS-6306R This command is used to configure the default route. You can configure only one default route. Parameter description Parameter Description ip_addr IP address of the gateway Example monitor#ip route default 192.168.1.1 4.1.2.3 Using ping to test network connection state monitor#ping This command is to test network connection state. Parameter description Parameter Description ip_address Destination IP address Example monitor#ping 192.168.20.100 PING 192.
Users Manual of CS-6306R 4.1.3 HTTP Configuration 4.1.3.1 Configuring HTTP Enabling the http service Modifying the port number of the http service Configuring the access password of the http service Specifying the access control list for the http service a) Enabling the http service The http service is disabled by default. The http service is enabled in the global configuration mode using the following command: Command Function Ip http server Enables the http service.
Users Manual of CS-6306R 4.1.3.2 Examples to http configuration The following example uses default port (80) as the http service port, and the access address is limited to 192.168.20.0/24: ip acl configuration: ip access-list standard http-acl permit 192.168.20.0 255.255.255.0 global configuration: ip http access-class http-acl ip http server 4.2 Terminal Configuration 4.2.1 VTY Configuration Introduction The system uses the line command to configure terminal parameters.
Users Manual of CS-6306R 4.2.3 Monitor and Maintenance Run showline to chek the VTY configuration. 4.2.4 VTY Configuration Example It shows how to cancel the limit of the line number per screen for all VTYs without more prompt: config#line vty 0 32 config_line#length 0 4.3 Network Management Configuration 4.3.1 Configuring SNMP 4.3.1.
Users Manual of CS-6306R received or the request timeouts. In addition, the trap is sent only once, while the “inform request” can be resent for many times. Resending "inform request" adds to network communications and causes more load on network. Therefore, trap and inform request provide balance between reliability and resource. If SNMP management side needs receiving every notification greatly, then the “inform request” can be used.
Users Manual of CS-6306R 4.3.1.
Users Manual of CS-6306R You can configure one or multiple group character strings. Run no snmp-server community to remove the specified community character string. For how to configure the community character string, refer to the part “SNMP Commands”. c) Configuring the contact method of system administrator and the system’s location SysContact and sysLocation are the management variables in the MIB’s system group, respectively defining the linkman’s identifer and actual location of the controlled node.
Users Manual of CS-6306R When the system is started, the SNMP agent will automatically run. All types of traps are activated. You can use the command snmp-server host to specify which host will receive which kind of trap. Some traps need to be controlled through other commands. For example, if you want SNMP link traps to be sent when an interface is opened or closed, you need to run snmp trap link-status in interface configuration mode to activate link traps.
Users Manual of CS-6306R i) Configuring SNMPv3 user You can run the following command to configure a local user. When an administrator logs in to a device, he has to use the username and password that are configured on the device. The security level of a user must be higher than or equals to that of the group which the user belongs to. Otherwise, the user cannot pass authentication. Command Function snmp-server user username Configures a local SNMPv3 user.
Users Manual of CS-6306R 4.3.1.3 Configuration example a) Example 1 snmp-server community public RO snmp-server community private RW snmp-server host 192.168.10.2 public The above example shows: how to set the community string public that can only read all MIB variables. how to set the community string private that can read and write all MIB variables. You can use the community string public to read MIB variables in the system.
Users Manual of CS-6306R 4.3.2 RMON Configuration 4.3.2.1 RMON configuration task RMON configuration tasks include: Configuring the rMon alarm function for the switch Configuring the rMon event function for the switch Configuring the rMon statistics function for the switch Configuring the rMon history function for the switch Displaying the rMon configuration of the switch a) Configuring rMon alarm for switch You can configure the rMon alarm function through the command line or SNMP NMS.
Users Manual of CS-6306R You can run no rmon alarm index to cancel alarm items whose indexes are index. b) Configuring eMon event for switch The steps to configure the rMon event are shown in the following table: Step Command Purpose 1. configure Enter the global configuration mode. 2. rmon event Add a rMon event item. index[descriptionstring] index means the index of the event item. Its effective range [log] [ownerstring] [trap is from 1 to 65535.
Users Manual of CS-6306R indexes are index. d) Configuring rMon history for switch The rMon history group is used to collect statistics information of different time sections on a port in a device. The rMon statistics function is configured as follows: Step Command Purpose 1. configure Enter the global configuration command. 2. interface iftype ifid Enter the port mode. iftype means the type of the port. ifid means the ID of the interface. 3.
Users Manual of CS-6306R e) Displaying rMon configuration of switch Run show to display the rMon configuration of the switch. Command Purpose show rmon [alarm] [event] Displays the rmon configuration information. [statistics] [history] alarm means to display the configuration of the alarm item. event means to show the configuration of the event item and to show the items that are generated by the occurance of events and are contained in the log table.
Users Manual of CS-6306R 4.3.3 Configuring PDP 4.3.3.1 Introduction PDP is a two-layer protocol specially used to detect network devices. PDP is used in Network Management Service (NMS) to detect all neighboring devices of a already known device. Using PDP enable you to learn the SNMP angent address and the types of neighboring devices. After neighboring devices are detected through PDP, the NMS can require neighboring devices through SNMP to obtain the network topology.
Users Manual of CS-6306R d) Enabling PDP on the switch PDP is not enabled in the default configuration. If you want to use PDP, run the following command in global configuration mode. Command Purpose pdp run Enables the PDP on the switch. e) Enabling PDP on the port of the switch PDP is not enabled in the default configuration. You can run the following command in interface configuration mode to enable PDP on the port after PDP is enabled on the switch.
Users Manual of CS-6306R 4.3.4 Introduction 4.3.4.1 SSH server A scure and encrypted communication connection can be created between SSH client and the device through SSH server. The connection has telnet-like functions. SSH server supports the encryption algorithms including des, 3des and blowfish. 4.3.4.2 SSH client SSH client is an application running under the ssh protocol.
Users Manual of CS-6306R 4.3.5.4 Configuring the times of authentication retrying If the times for failed authentications exeed the maximum times, SSH server will not allow you to retry authentication unless a new connction is established. The maximum times for retrying authentication is 3 by default.
Users Manual of CS-6306R Chapter 5. 5.1 Network Management Configuration Network Management Configuration 5.1.1 SNMP Configuration 5.1.2 Overview The SNMP system includes the following 3 parts: SNMP management server (NMS) SNMP agent (agent) MIB SNMP is a protocol for the application layer.It provides the format for the packets which are transmitted between NMS and agent. SNMP management server is a part of the network management system, such as CiscoWorks.
Users Manual of CS-6306R 5.2 LLC2 Configuration Task 5.2.1 Configuring Idle Time Value The command is used for controlling the frequency of query at the idle time (no data exchanged) The command “no” can be used for restoring to the default value. Command Purpose [no] llc2 idle-time [seconds] Used for controlling the frequency of query at the idle time (no data exchanged). seconds: The interval seconds of sending RR frame at the idle time.
Users Manual of CS-6306R 5.2.3 Configuring Busy Time Value of Remote Terminal Command Purpose [no] llc2 tbusy-time [seconds] Used for controlling the waiting time when the remote end is busy. The command “no” can be used for restoring to the default value. Seconds The waiting seconds when the remote end is busy. The maximum is 60 seconds, the minimum is 1 second and the default is 10 seconds.
Users Manual of CS-6306R 5.2.5 Configuring the Time of Rejection The command is Command Purpose [no] llc2 trej-time [seconds] Used for controlling the time of waiting for the response of remote end to the reject frame. The command “no” can be used for restoring to the default value. Seconds: The seconds of waiting when the remote end is busy. The maximum is 60 seconds, the minimum is 1 second and the default is 3 seconds.
Users Manual of CS-6306R 5.2.7 Configuring the Size of Window for Resending The command is Command Purpose [no] llc2 local-window packet-count Used for controlling the maximum size of I frame send (namely the size of window for resend) when I frame is not confirmed. The command “no” can be used for restoring to the default value. packet-count: The maximum size of I frame send. The maximum is 127, the minimum is 1 and the default is 7.
Users Manual of CS-6306R 5.2.9 Setting the Acknowledgement Time-Delay When an I-frame (information frame) is received, an acknowledgement frame shall be sent immediately. In order to reduce the unnecessary acknowledgement, the acknowledgement can be delayed. If information frame is sent, an information frame will be sent as an acknowledgement instead of acknowledge frame.
Users Manual of CS-6306R 5.2.12 Debugging LLC2 Link Information The command is Command Purpose debug llc2 [packet|error|state] Used for opening LLC2 debug switch. Configuration mode: Management Mode Packet -- Opening the debug switch of LLC2 link status information Example, opening the debug switch of LLC2 link. debug llc2 packet debug llc2 state debug llc2 error 5.2.13 Example of LLC2 Configuration The number of LLC2 frame received before the response can be configured.
Users Manual of CS-6306R Any one of the commands can be used under interface configuration mode for activating the two-way and concurrent mode: Command Purpose sdlc simultaneous full-datamode Setting the send of data from master station to the polled slave station and receive of data from it. sdlc simultaneous half-datamode Shutting down the master station sending the data to the slave station. 5.2.
Users Manual of CS-6306R 5.2.17 Controlling the Size of Cache The size of cache can be controlled. The cache is used for storing the data that is not decided to be sent to remote SDLC station. The command is especially useful in SDLC protocol convert equipment that implements the communication between SNA workstation whose link layer protocol is LLC2 in token-ring local area network (LAN) and SNA workstation whose link layer protocol is SDLC on serial link.
Users Manual of CS-6306R 5.2.19 Configuring SDLC Interface as Half-Duplex Mode Under default state, SDLC interface runs under full duplex mode. The command below can be used under interface configuration mode for configuring SDLC interface as half-duplex mode. Command Purpose half-duplex Configuring SDLC interface as half-duplex mode. 5.2.
Users Manual of CS-6306R Chapter 6. 6.1 Security Configuration AAAConfiguration 6.1.1 AAA Overview Access control is the way to control access to the network and services. Authentication, authorization, and accounting (AAA) network security services provide the primary framework through which you set up access control on your router or access server. 6.1.1.1 AAA Security Service AAA is an architectural framework for configuring a set of three independent security functions in a consistent manner.
Users Manual of CS-6306R As with authentication, you configure AAA authorization by defining a named list of authorization methods, and then applying that list to various interfaces. For information about configuring authorization using AAA, refer to the chapter "Configuring Authorization.
Users Manual of CS-6306R The software attempts authentication with the next listed authentication method only when there is no response from the previous method. If authentication fails at any point in this cycle—meaning that the security server or local username database responds by denying the user access—the authentication process stops and no other authentication methods are attempted.
Users Manual of CS-6306R 6.1.2.1 Overview of the AAA Configuration Process Configuring AAA is relatively simple after you understand the basic process involved. To configure security on a Cisco router or access server using AAA, follow this process: If you decide to use a separate security server, configure security protocol parameters, such as RADIUS, TACACS+, or Kerberos. Define the method lists for authentication by using an AAA authentication command.
Users Manual of CS-6306R Command Purpose aaa authentication login {default | list-name}method1 [method2...] line [ console | vty ] line-number [ending-line-number] login authentication {default | list-name} Enables AAA globally. Enters line configuration mode for the lines to which you want to apply the authentication list. Applies the authentication list to a line or set of lines. The list-name is a character string used to name the list you are creating.
Users Manual of CS-6306R (3) Login Authentication Using Local Password Use the aaa authentication login command with the local method keyword to specify that the Cisco router or access server will use the local username database for authentication.
Users Manual of CS-6306R 6.1.4.3 Configuring Message Banners for AAA Authentication AAA supports the use of configurable, personalized login and failed-login banners. You can configure message banners that will be displayed when a user logs in to the system to be authenticated using AAA and when, for whatever reason, authentication fails. 6.1.4.
Users Manual of CS-6306R 6.1.4.8 AAA authentication password-prompt To change the text displayed when users are prompted for a password, use the aaa authentication password-prompt command in global configuration mode. To return to the default password prompt text, use the no form of this command. password: The aaa authentication password-prompt command does not change any dialog that is supplied by a remote TACACS+ server.
Users Manual of CS-6306R 6.1.5 AAA Authentication Configuration Example 6.1.5.1 RADIUS Authentication Example This section provides one sample configuration using RADIUS.
Users Manual of CS-6306R 6.1.7.1 Configuring EXEC Authorization Using AAA Use the aaa authorization command to enable authorization Use aaa authorization exec command to run authorization to determine if the user is allowed to run an EXEC shell. This facility might return user profile information such as autocommand information. Use line configuration command login authorization to apply these lists.
Users Manual of CS-6306R 6.1.8 AAA Authorization Example EXEC local authorization example aaa authentication login default local aaa authorization exec default local ! username exec1 password 0 abc privilege 15 username exec2 password 0 abc privilege 10 username exec3 nopassword username exec4 password 0 abc user-maxlinks 10 username exec5 password 0 abc autocommand telnet 172.16.20.
Users Manual of CS-6306R 6.1.10.1 Configuring Accounting Connection Using AAA Use the aaa accounting command to enable AAA accounting. To create a method list to provide accounting information about all outbound connections made from the network access server, use the aaa accounting connection command. Command Purpose aaa accounting connection {default | list-name} {start-stop | stop-only | Establishes global accounting list.
Users Manual of CS-6306R 6.1.10.3 AAA Accounting Update To enable periodic interim accounting records to be sent to the accounting server, use the aaa accounting update command in global configuration mode. To disable interim accounting updates, use the no form of this command. Command Purpose aaa accounting update [newinfo] [periodicnumber] Enables AAA accounting update.
Users Manual of CS-6306R 6.2 Configuring RADIUS This chapter describes the Remote Authentication Dial-In User Service (RADIUS) security system, defines its operation, and identifies appropriate and inappropriate network environments for using RADIUS technology. The "RADIUS Configuration Task List" section describes how to configure RADIUS with the authentication, authorization, and accounting (AAA) command set. 6.2.1 Introduction 6.2.1.
Users Manual of CS-6306R 6.2.1.2 RADIUS Operation When a user attempts to log in and authenticate to an access server using RADIUS, the following steps occur: (1) The user is prompted for and enters a username and password. (2) The username and encrypted password are sent over the network to theRADIUS server. (3) The user receives one of the following responses from the RADIUS server: a. ACCEPT—the user is authenticated. b.
Users Manual of CS-6306R 6.2.3 RADIUS Configuration Task List Configuring Switch to RADIUS Server Communication Configuring Switch to Use Vendor-Specific RADIUS Attributes Specifying RADIUS Authentication Specifying RADIUS Authorization Specifying RADIUS Accounting 6.2.4 RADIUS Configuration Task 6.2.4.1 Configuring Switch to RADIUS Server Communication The RADIUS host is normally a multiuser system running RADIUS server software from Livingston, Merit, Microsoft, or another software provider.
Users Manual of CS-6306R 6.2.4.2 Configuring Switch to Use Vendor-Specific RADIUS Attributes The Internet Engineering Task Force (IETF) draft standard specifies a method for communicating vendor-specific information between the network access server and the RADIUS server by using the vendor-specific attribute (attribute 26). Vendor-specific attributes (VSAs) allow vendors to support their own extended attributes not suitable for general use.
Users Manual of CS-6306R 6.2.5 RADIUS Configuration Examples 6.2.5.1 RADIUS Authentication and Authorization Example The following example shows how to configure the router to authenticate and authorize using RADIUS: aaa authentication login use-radius group radius local The lines in this sample RADIUS authentication and authorization configuration are defined as follows: : aaa authentication login use-radius radius local configures the router to use RADIUS for authentication at the login prompt.
Users Manual of CS-6306R RADIUS server does not respond. The command login authentication admins specifies the method list admins as the login authentication method. 6.3 Web Authentication Configuration The section describes the concept of Web authentication and configuration and usage of the Web authentication. 6.3.1 Overview 6.3.1.1 Web Authentication The Web authentication of the switch is a connection control mode as PPPoE and 802.1x.
Users Manual of CS-6306R (2) The user accesses any Website through the browser (Write down the domain name, not the IP address, in the host part of the url column in the browser), which activates the DNS request of the user computer. (3) The DNS server returns the user a request response. The switch captures the request response message and changes the resolved address to the address of the built-in portal server in the switch.
Users Manual of CS-6306R DNS ser ver dhcp ser ver swi t ch cl i ent AAA ser ver DHCP ACK DNS REQUERY DNS RESPONSE ht t p r equest ht t p r esponse( ask user t o l ogi n) ht t p r equest ( l ogi n) aut hent i cat i on r equest aut hent i cat i on r esul t st ar t account i ng r equest st ar t account i ng r esul t aut hent i cat i on r esul t ht t p r equest ( keepal i ve) ht t p r esponse( keepal i ve r esponse) ht t p r equest ( l ogout ) st op account i ng r equest ht t p r esponse( l
Users Manual of CS-6306R 2. Planning network topology The switch takes the routing interface as a unit to set the authentication attribute. if the web authentication function is enabled on a routing interface, network accesses through the routing interface are all controlled by the web authentication. the dhcp server, dns server or aaa server should connect the switch through the interface with web authentication function disabled. figure 6-4 shows the relative typical network topology.
Users Manual of CS-6306R 3. Configuring the transmission period of the online notification Through the online notification sent by the browser, the switch checks whether the user is online. Run the following command in global configuration mode to configure the transmission period (unit: second): Run... To... web-auth keep-alive<60-65535> Configure the transmission period for the online notification. 4.
Users Manual of CS-6306R Different accounting method lists can be applied on each interface. By default, the accounting method list named default is applied on each interface. Run the following command in interface configuration mode to configure the accounting method list: Run... To... web-auth accounting WORD Configure the accounting method list. 6.3.2.
Users Manual of CS-6306R 6.3.4 Web Authentication Configuration Example Network topology See Figure 6-5: i nt er net DNS ser ver DHCP ser ver AAA ser ver ( 192. 168. 20. 1) ( 192. 168. 20.
Users Manual of CS-6306R Configuration of the layer-2 interface interface FastEthernet0/1 switchport pvid 1 ! interface FastEthernet0/2 switchport pvid 2 ! interface FastEthernet0/3 switchport pvid 3 ! interface FastEthernet0/4 switchport pvid 4 Configuration of the routing interface interface VLAN1 no ip directed-broadcast ip helper-address 192.168.20.1 web-auth accounting acct-weba web-auth authentication auth-weba web-auth mode vlan-id web-auth enable ! interface VLAN2 ip address 192.168.20.41 255.255.
Users Manual of CS-6306R Chapter 7. 7.1 Web Configuration HTTP Switch Configuration 7.1.1 HTTP Configuration Switch configuration can be conducted not only through command lines and SNMP but also through Web browser. The switches support the HTTP configuration, the abnormal packet timeout configuration, and so on. 7.1.1.1 Choosing the Prompt Language Up to now, switches support two languages, that is, English and Chinese, and the two languages can be switched over through the following command.
Users Manual of CS-6306R 7.1.1.5 Setting the Maximum Number of VLAN Entries on Web Page A switch supports at most 4094 VLANs and in most cases Web only displays parts of VLANs, that is, those VLANs users want to see. You can use the following command to set the maximum number of VLANs. The default maximum number of VLANs is 100. Command Purpose ip http web max-vlan { max-vlan } Sets the maximum number of VLAN entries displayed in a web page. 7.1.1.
Users Manual of CS-6306R 7.2 Configuration Preparation 7.2.1 Accessing the Switch through HTTP When accessing the switch through Web, please make sure that the applied browser complies with the following requirements: HTML of version 4.0 HTTP of version 1.1 TM JavaScript of version 1.5 What's more, please ensure that the main program file, running on a switch, supports Web access and your computer has already connected the network in which the switch is located. 7.2.1.
Users Manual of CS-6306R 7.2.1.2 Upgrading to the Web-Supported Version If your switch is upgraded to the Web-supported version during its operation and the switch has already stored its configuration files, the Web visit cannot be directly applied on the switch. Perform the following steps one by one to enable the Web visit on the switch: 1. Connect the console port of the switch with the accessory cable, or telnet to the management address of the switch through the computer. 2.
Users Manual of CS-6306R 7.2.3 Introduction of Web Interface The Web homepage appears after login, as shown in figure 2: Figure 2: Web homepage The whole homepage consists of the top control bar, the navigation bar, the configuration area and the bottom control bar. 7.2.3.1 Top Control Bar Figure 3: Top control bar Save All Write the current settings to the configuration file of the device. It is equivalent to the execution of the write command.
Users Manual of CS-6306R 7.2.3.2 Navigation Bar Figure 4 Navigation bar The contents in the navigation bar are shown in a form of list and are classified according to types. By default, the list is located at “Runtime Info”. If a certain item need be configured, please click the group name and then the sub-item. For example, to browse the flux of the current port, you have to click “Interface State" and then “Interface Flow”.
Users Manual of CS-6306R 7.2.3.3 Device Info Figure 5 Configuration Area The configuration display area shows the state and configuration of the device. The contents of this area can be modified by the clicking of the items in the navigation bar. 7.2.3.4 Bottom Control Bar Figure 6: Bottom control bar If you click the About button on the top control bar, the bottom control bar appears.
Users Manual of CS-6306R 7.
Users Manual of CS-6306R 7.3.1 Hostname Configuration If you click Basic Config -> Hostname in the navigation bar, the Hostname Configuration page appears, as shown in figure 2. Figure 2 Hostname configuration The hostname will be displayed in the login dialog box. The default name of the device is “Switch”. You can enter the new hostname in the text box shown in figure 8 and then click “Apply”. 7.3.2 Clock Management If you click Basic Config -> Clock Mgr. the Time Setting page appears.
Users Manual of CS-6306R 7.4 Port Config Figure 1: Physical port configuration list 7.4.1 Port Description If you click Port config -> Port description in the navigation bar, the Port description page appears, as shown in figure 2. Figure 2: Port description configuration You can modify the port description on this page and enter up to 120 characters. The description of the VLAN port cannot be set at present.
Users Manual of CS-6306R 7.4.2 Port Config If you click Port config -> Port Config in the navigation bar, the Port Configure page appears, as shown in figure 3. Figure 3: Configuring the port attributes On this page you can modify the on/off status, rate, duplex mode, flow control status and medium type of a port. 1. The Web page does not support the speed and duplex mode of the fast-Ethernet port. 2.
Users Manual of CS-6306R 7.4.4 Port Mirror If you click Port Config -> Port Mirror in the navigation bar, the Port Mirror page appears, as shown in figure 5. Figure 5: Port mirror configuration Click the drop-down list on the right side of "Mirror Port" and select a port to be the destination port of mirror. Click a checkbox and select a source port of mirror, that is, a mirrored port. RX The received packets will be mirrored to the destination port.
Users Manual of CS-6306R Figure 6: Filter Config You can set the loopback detection cycle on the Filter Config page. 7.4.7 Loopback Detection If you click Port Config -> Loopback Detection Global configuration in the navigation bar, the Setting the Loopback Detection Global configuration page appears, as shown in figure 6. Figure 6: Loopback Detection Global configuration You can set the loopback detection cycle on the Loopback Detection page. 7.4.8 Port security 7.4.8.
Users Manual of CS-6306R Click “Detail” and then you can conduct the binding of the source IP address for each physical port. In this way, the IP address that is allowed to visit the port will be limited. Figure 8: Setting the binding of the source IP address 7.4.8.2 MAC Binding Configuration If you click Port Config -> Port Security -> MAC bind in the navigation bar, the Configure the MAC-Binding Info page appears, as shown in figure 9.
Users Manual of CS-6306R Figure 13: Setting static MAC filtration entries 7.4.8.5 Setting the Dynamic MAC Filtration Mode If you click Port Config -> Port Security -> Dynamic MAC filtration mode in the navigation bar, the Configure the dynamic MAC filtration mode page appears, as shown in figure 14. Figure 14: Setting the dynamic MAC filtration mode You can set the dynamic MAC filtration mode and the allowable maximum number of addresses on this page.
Users Manual of CS-6306R Figure 16: Port Protect Group List You can select All / Select None and delect the on the Port Protect Group List page. 7.4.11 Interface Cable Info If you click Port Config -> Interface Cable Info in the navigation bar, the Setting the Interface Cable Info page appears, as shown in figure 17. Figure 17: Interface Cable Info You can set the port detail on the Interface Cable Information page.
Users Manual of CS-6306R 7.5 Layer 2 Configuration Figure 1: Layer-2 configuration list 7.5.1 VLAN Settings 7.5.1.1 VLAN Config If you click L2 Config -> VLAN Config in the navigation bar, the VLAN Config page appears, as shown in figure 2. Figure 2: VLAN configuration The VLAN list will display VLAN items that exist in the current device according to the ascending order. In case of lots of items, you can look for the to-be-configured VLAN through the buttons like “Prev”, “Next” and “Search”.
Users Manual of CS-6306R displayed. 7.5.1.2 VLAN Settings If you click "New" or “Edit” in the VLAN list, the VLAN configuration page appears, on which new VLANs can be created or the attributes of an existent VLAN can be modified. Figure 3: Revising VLAN configuration If you want to create a new VLAN, enter a VLAN ID and a VLAN name; the VLAN name can be null.
Users Manual of CS-6306R You can choose to enable GVRP Global Config or disable it. When you choose to disable, you cannot configure GVRP. 7.5.3 STP Config If you click L2 Config -> STP Config in the navigation bar, the STP Config page appears, as shown in figure 5. Figure 5: Configuring the global attributes of PDP The root STP configuration information and the STP port’s status are only-read.
Users Manual of CS-6306R Figure 11: Configuring the attributes of RSTP The configuration of the attributes of the port is irrelative of the global STP mode. For example, if the protocol status is set to “Disable” and the STP mode is also changed, the port will not run the protocol in the new mode. The default value of the path cost of the port is 0, meaning the path cost is automatically calculated according to the speed of the port. If you want to change the path cost, please enter another value. 7.5.
Users Manual of CS-6306R 7.5.4.2 IGMP Snooping VLAN List If you click Layer 2 Config -> IGMP snooping VLAN list, the IGMP snooping VLAN list page appears. Figure 13: IGMP-snooping VLAN list If you click New, IGMP snooping VLAN configuration can be done. Through Web up to 8 physical ports can be set on each IGMP snooping VLAN. If you click Cancel, a selected IGMP snooping VLAN can be deleted; if you click Edit, you can modify the member port, running status and immediate-leave of IGMP snooping VLAN.
Users Manual of CS-6306R 7.5.4.4 Multicast List Click the Multicast List Info option on the top of the page and the Multicast List Info page appears. Figure 16: Multicast List On this page the multicat groups, which exist in the current network and are in the statistics of IGMP snooping, as well as port sets on which members in each group are belong to are dislayed. Click “Refresh” to refresh the contents in the list. By default, a multicast list can display up to 15 VLAN items.
Users Manual of CS-6306R 7.5.6 LLDP Configuration 7.5.6.1 Configuring the Global Attributes of LLDP If you click L2 Config -> LLDP Config in the navigation bar, the Global LLDP Config page appears, as shown in figure 6. Figure 6: Configuring the global attributes of LLDP You can choose to enable LLDP or disable it. When you choose to disable LLDP, you cannot configure LLDP. The “HoldTime” parameter means the ttl value of the packet that is transmitted by LLDP, whose default value is 120s.
Users Manual of CS-6306R If you click New, an aggregation group can be created. Up to 32 aggregation groups can be configured through Web and up to 8 physical ports in each group can be aggregated. If you click Cancel, you can delete a selected aggregation group; if you click Modify, you can modify the member port and the aggregation mode. Figure 9: Setting the member port of the aggregation group An aggregation group is selectable when it is created but is not selectable when it is modified.
Users Manual of CS-6306R 7.5.9 Ring Protection Configuration 7.5.9.1 EAPS Ring List If you click Layer 2 Config -> Ring protection Config, the EAPS ring list page appears. Figure 19: EAPS Ring List In the list shows the currently configured EAPS ring, including the status of the ring, the forwarding status of the port and the status of the link. Click “New” to create a new EAPS ring. Click the “Operate” option to configure the “Time” parameter of the ring. 1. The system can support 8 EAPS rings. 2.
Users Manual of CS-6306R The dropdown box on the right of “Node Type” is used to select the type of the node. Please note that only one master node can be configured on a ring. Enter a value between 1 and 4094 in the text box on the right of “Control VLAN” as the control VLAN ID. When a ring is established, the control VLAN will be automatically established too.
Users Manual of CS-6306R Figure 2: Configuring the VLAN interface Click New to add a new VLAN interface. Click Cancel to delete a VLAN interface. Click Modify to modify the settings of a corresponding VLAN interface. When you click New, the name of the corresponding VLAN interface can be modified; but if you click Modify, the name of the corresponding VLAN interface cannot be modified. Figure 3: VLAN interface configuration Before the accessory IP of a VLAN interface is set, you have to set the main IP.
Users Manual of CS-6306R 7.6.2 Setting the Static Route If you click Layer 3 Config -> Static route Config, the Static route configuration page appears. Figure 4: Displaying the static route Click Create to add a static route. If you click Edit, you can modify the current static route. If you click Cancel, you can cancel the chosen static route. Figure 5: Setting the static route 7.6.3 IGMP Proxy 7.6.3.1 Enabling the IGMP Proxy If you click Layer-3 Config -> IGMP proxy, the IGMP proxypage appears.
Users Manual of CS-6306R 7.6.3.2 Setting the IGMP Proxy If you click Layer-3 Config -> IGMP proxy-> IGMPproxy Config, the IGMP proxy configuration page appears. Click New to create a new IGMP agent. Figure 7: Setting the IGMP agent 7.
Users Manual of CS-6306R 7.7.1 QoS Configuration 7.7.1.1 Configuring QoS Port If you click Advanced Config -> QoS -> Configure QoS Port, the Port Priority Config page appears. Figure 2: Configuring the QoS Port You can set the CoS value by clicking the dropdown box on the right of each port and selecting a value. The default CoS value of a port is 0, meaning the lowest priority. If the CoS value is 7, it means that the priority is the highest. 7.7.1.
Users Manual of CS-6306R 7.7.2 MAC Access List 7.7.2.1 Setting the Name of the MAC Access List If you click Advanced Config -> MAC access list -> MAC access list Config, the MAC ACL configuration page appears. Figure 4: MAC access list configuration Click New to add a name of the MAC access control list. Click Cancel to delete a MAC access control list. Figure 5: Setting the name of MAC access control list 7.7.2.
Users Manual of CS-6306R 7.7.2.3 Applying the MAC Access Control List If you click Advanced Config -> MAC access control list -> Applying the MAC access control list, the Applying the MAC access control list page appears. Figure 8: Applying the MAC access control list 7.7.3 IP Access Control List 7.7.3.1 Setting the Name of the IP Access Control List If you click Advanced Config -> IP access control list -> IP access control list Config, the IP ACL configuration page appears.
Users Manual of CS-6306R Figure 12: Setting the Rules of the standard IP access control list Extended IP access control list Figure 13: Extended IP access control list Click New to add a rule of the IPaccess control list. Click Cancel to delete a rule of the IP access control list. If you click Modify, the corresponding IP access control list appears and you can set the corresponding rules for the IP access control list.
Users Manual of CS-6306R 7.7.3.3 Applying the IP Access Control List If you click Advanced Config -> IP access control list -> Applying the IP access control list, the Applying the IP access control list page appears. Figure 15: Applying the IP access control list 7.8 Network Management Configuration Figure 1: Network management configuration list 7.8.
Users Manual of CS-6306R On the SNMP community management page, you can know the related configuration information about SNMP community. You can create, modify or cancel the SNMP community information, and if you click New or Edit, you can switch to the configuration page of SNMP community. Figure 3: SNMP community management settings On the SNMP community management page you can enter the SNMP community name, select the attributes of SNMP community, which include Read only and Read-Write. 7.8.1.
Users Manual of CS-6306R 7.8.2 RMON 7.8.2.1 RMON Statistic Information Configuration If you click Network Management Config -> RMON -> RMON Statistics -> New, the RMON Statistics page appears. Figure 6: Configuring the RMON statistic information You need to set a physical port to be the reception terminal of the monitor data. The index is used to identify a specific interface; if the index is same to that of the previous application interface, it will replace that of the previous application interface.
Users Manual of CS-6306R 7.8.2.3 RMON Alarm Information Configuration If you click Network Management Config -> RMON -> RMON Alarm -> New, the RMON Alarm page appears. Figure 8: Configuring the RMON alarm information The index is used to identify a specific alarm information; if the index is same to the previously applied index, it will replace the previous one. The MIB node corresponds to OID.
Users Manual of CS-6306R 7.9 Diagnosis Tools Figure 1: Diagnosis tool list 7.9.1 Ping 7.9.1.1 Ping If you click Diagnosis Tools -> Ping, the Ping page appears. Figure 2: Ping Ping is used to test whether the switch connects other devices. If a Ping test need be conducted, please enter an IP address in the “Destination address” textbox, such as the IP address of your PC, and then click the “PING” button.
Users Manual of CS-6306R 7.10 System Management Figure 1: Navigation list of system management 7.10.1 User Management 7.10.1.1 User List If you click System Manage -> User Manage, the User Management page appears. Figure 2: User list You can click “New” to create a new user. To modify the permission or the login password, click “Edit” on the right of the user list. 1. Please make sure that at least one system administrator exists in the system, so that you can manage the devices through Web. 2.
Users Manual of CS-6306R 7.10.1.2 Establishing a New User If you click “New” on the User Management page, the Creating User page appears. Figure 3: Creating new users In the “User name” text box, enter a name, which contains letters, numbers and symbols except “?”, “\”, “&”, “#” and the "Space". In the “Password” textbox enter a login password, and in the “Confirming password” textbox enter this login password again. In the “User permission” dropdown box set the user's permission.
Users Manual of CS-6306R 7.10.3 Managing the Configuration Files If you click System Manage -> Configuration file, the Configuration file page appears. 7.10.3.1 Exporting the Configuration Information Figure 5: Exporting the configuration file The current configuration file can be exported, saved in the disk of PC or in the mobile storage device as the backup file. To export the configuration file, please click the “Export” button and then select the “Save” option in the pop-up download dialog box.
Users Manual of CS-6306R 7.10.4 Software Management If you click System Manage -> Software Upgrade, the software managementpage appears. 7.10.4.1 Backing up the IOS Software Figure 7: Backing up IOS On this page the currently running software version is displayed. If you want to backup IOS, please click “Backuping IOS”; then on the browser the file download dialog box appears; click “Save” to store the IOS file to the disk of the PC, mobile storage device or other network location.
Users Manual of CS-6306R 7.10.5 Rebooting the Device If you click System Manage -> Reboot Device, the Rebooting page appears. Figure 9: Rebooting the device If the device need be rebooted, please first make sure that the modified configuration of the device has already been saved, and then click the “Reboot” button.
Users Manual of CS-6306R Chapter 8. 8.1 Interface Configuration Introduction This section helps user to learn various kinds of interface that our switch supports and consult configuration information about different interface types. For detailed description of all interface commands used in this section, refer to Interface configuration command. For files of other commands appeared in this section, refer to other parts of the manual.
Users Manual of CS-6306R 8.1.2 Interface Configuration Introduction The following description applies to the configuration process of all interfaces. Take the following steps to perform interface configuration in global configuration mode. (1) Run the interface command to enter the interface configuration mode and start configuring interface. At this time, the switch prompt becomes ‘config_’ plus the shortened form of the interface to be configured. Use these interfaces in terms of their numbers.
Users Manual of CS-6306R configuration mode. Various commands define protocols and application programs to be executed on the interface. These commands will stay until user exits the interface configuration mode or switches to another interface. (2) Once the interface configuration has been completed, use the show command in the following chapter ‘Monitoring and Maintaining Interface’ to test the interface state. 8.2 Interface Configuration 8.2.
Users Manual of CS-6306R The configuration of time delay is just an information parameter. Use this command cannnot adjust the actual time delay of an interface. 8.2.2 Monitoring and Maintaining Interface The following tasks can monitor and maintain interface: Checking interface state Initializing and deleting interface Shutting down and enabling interface 8.2.2.
Users Manual of CS-6306R 8.2.3 Configuring Logistical Interface This section describes how to configure a logical interface. The contents are as follows: Configuring null interface Configuring loopback interface. Configuring aggregation interface Configuring VLAN interface 8.2.3.1 Configuring Null Interface The whole system supports only one null interface. Its functions are similar to those of applied null devices on most operating systems.
Users Manual of CS-6306R 8.2.3.4 Configuring VLAN Interface V VLAN interface is the routing interface in switch. The VLAN command in global configuration mode only adds layer 2 VLAN to system without defining how to deal with the IP packet whose destination address is itself in the VLAN. If there is no VLAN interface, this kind of packets will be dropped. Run the following command to define VLAN interface: Command Description Interface vlannumber Configures VLAN interface. 8.2.3.
Users Manual of CS-6306R Command Description [no] subvlan[setstr] [add Configure SubVLAN in Super VLAN. The added Sub VLAN cannot addstr][removeremstr] possess a management interface or cannot belong to other Super VLANs. In original state, Super VLAN does not contain any Sub VLAN. Only one sub command can only be used every time. setstr means to set the Sub VLAN list. For example, List 2,4-6 indicate VLAN 2, 4, 5 and 6. add means to add VLAN list in the original SubVLAN list.
Users Manual of CS-6306R Chapter 9. 9.1 Interface Range Configuration Interface Range Configuration Task 9.1.1 Understanding Interface Range In the process of configuring interface tasks, there are cases when you have to configure the same attribute on ports of the same type. In order to avoid repeated configuration on each port, we provide the interface range configuration mode. You can configure ports of the same type and slot number with the same configuration parameters. This reduces the workload.
Users Manual of CS-6306R Chapter 10. Port Physical Characteristics Configuration 10.1 Configuring the Ethernet Interface The section describes how to configure the Ethernet interface. The switch supports the10Mbps Ethernet and the 100Mbps fastEthernet. The detailed configuration is shown as follows. The step described in section 1.1.1 is mandatory. Steps described in other sections are optional. 10.1.
Users Manual of CS-6306R Chapter 11. Port Additional Characteristics Configuration Interface Configuration 11.1 Configuring the Ethernet Interface The switch supports the 10Mbps/100Mbps Ethernet interfaces. See the following content for detailed configuration. Among the configuration, the first step is mandatory while others are optional. 11.1.1 Configuring Flow Control for the Port You can control the flow rate on the incoming and outgoing ports through configuration.
Users Manual of CS-6306R 11.1.3 Configuring the Storm Control on the Port The ports of the switch may receives the attack by the continuous abnormal unicast (MAC address lookup failing), multicast or broadcast message. In this case, the attacked ports or the whole switch may break down. The storm control mechanism of the port is therefore generated. Command Purpose storm-control {broadcast | multicast | Performs the storm control to the unicast} threshold count broadcast/multicast/unicast message.
Users Manual of CS-6306R 11.3 Configuring the Secure Port 11.3.1 Configuring the Secure Port Mode There are two static secure port modes: accept and reject. If it is the accept mode, only the flow whose source address is same to the local MAC address can be received by the port for communication. If it is the reject mode, only the flow whose source address is different to the local MAC address can be received by the port.
Users Manual of CS-6306R Chapter 12. Configuring Port Mirroring Configuring Port Mirroring Task List Configuring port mirroring Displaying port mirroring information 12.1 Configuring Port Mirroring Task 12.1.1 Configuring Port Mirroring Through configuring port mirroring, you can use one port of a switch to observe the traffic on a group of ports. Enter the privilege mode and perform the following steps to configure port mirroring: Command Description configure Enters the global configuration mode.
Users Manual of CS-6306R Chapter 13. Configuring MAC Address Attribute 13.1 MAC Address Configuration Task List Configuring Static Mac Address Configuring Mac Address Aging Time Configring VLAN-shared MAC Address Displaying Mac Address Table Clearing Dynamic Mac Address 13.2 MAC address Configuration Task 13.2.1 Configuring Static Mac Address Static MAC address entries are MAC address entries that do not age by the switch and can only be deleted manually.
Users Manual of CS-6306R 13.2.3 Displaying MAC Address Table Since debugging and management are required in operation process, we want to know content of the switch MAC address table. Use the show command to display content of the switch MAC address table. Command Purpose show mac address-table {dynamic Displays content of the MAC address [interface interface-id | vlan vlan-id] | table. static} Dynamic indicates the MAC address that acquires dynamically. Vlan-id indicates the VLAN number.
Users Manual of CS-6306R Chapter 14. Configuring MAC List 14.1 MAC List Configuration Task 14.1.1 Creating MAC List To apply the MAC list on the port, you must first create the MAC list. After the MAC list is successfully created, you log in to the MAC list configuration mode and then you can configure items of the MAC access list. Perform the following operations to add and delete a MAC list in privilege mode: Run… To… configure Log in to the global configuration mode.
Users Manual of CS-6306R MAC list configuration example Switch_config#mac acce 1 Switch-config-macl#permit host 1.1.1 any Switch-config-macl#permit host 2.2.2 any The above configuration is to compare the source MAC address, so the mask is the same. The configuration is successful. Switch_config#mac acce 1 Switch-config-macl#permit host 1.1.1 any Switch-config-macl#permit any host 1.1.
Users Manual of CS-6306R Chapter 15. Configuring 802.1x 15.1 802.1x Configuration Task List Configuring 802.1x port authentication Configuring 802.1x multiple port authentication Configuring maximum times for 802.1x ID authentication Configuring 802.1x re-authentication Configuring 802.1x transmission frequency Configuring 802.1x user binding Configuring authentication method for 802.1x port Selecting authentication type for 802.1x port Configuring 802.
Users Manual of CS-6306R Run the following command to start up the 802.1x authentication: Run… To… dot1x port-control auto Configure the 802.1x protocol control method on the port. aaa authentication dot1x {default Configure the AAA authentication of |list name} method 802.1x. Run one of the following commands in port configuration mode to select 802.1x control method: Run… To… dot1x port-control auto Start up the 802.1x authentication method on the port.
Users Manual of CS-6306R 15.2.3 Configuring Maximum Times for 802.1x ID Authentication When 802.1x authentication starts or 802.1x authentication is being performed again, 802.1x sends ID authentication request to guest hosts. If the request message is dropped or delayed because network problems, the requirement message will be sent again. If the message is resent certain times, 802.1x stops to send the message and the ID authentication fails.
Users Manual of CS-6306R 15.2.7 Configuring Authentication Method for 802.1x Port The 802.1x authentication can be performed in different methods at different ports. In the default configuration, the 802.1x authentication adopts the default method. Run the following command in interface configuration mode to configure the method of the 802.1x authentication: Run… To… dot1x authentication method yyy Configure the method of the 802.1x authentication. 15.2.8 Selecting Authentication Type for 802.
Users Manual of CS-6306R At the same time, You are required to enable the dot1x re-authentication function so that the switch can know when supplicant is abnormal. Run the following commands in interface configuration mode to enable the dot1x accounting and to configure the accounting method: Run… To… dot1xaccounting enable Enable the dot1x accounting. dot1x accounting method {method name} Configure the accounting method. Its default value is default. 15.2.10 Configuring 802.
Users Manual of CS-6306R 15.2.13 Monitoring 802.1x Authentication Configuration and State To monitor the configuration and state of 802.1x Authentication and decide which 802.1x parameter needs to be adjusted, run the following command in management mode: Run… To… show dot1x {interface ….} Monitor the configuration and state of 802.1x authentication. 15.3 802.1x Configuration Example Host A connects port F0/10 of the switch. Host B connects port F0/12. The IP address of the radius-server host is 192.
Users Manual of CS-6306R Chapter 16. VLAN Configuration 16.1 VLAN Introduction Virtual LAN (VLAN) refers to a group of logically networked devices on one or more LANs that are configured so that they can communicate as if they were attached to the same wire, when in fact they are located on a number of different LAN segments. In 1999 IEEE established IEEE 802.1Q Protocol Standard Draft used to standardize VLAN realization project.
Users Manual of CS-6306R Run… To… vlan vlan-id Enter the VLAN configuration mode. name str Name in the vlan configuration mode. Exit Exit vlan configuration mode, and establish vlan. vlan vlan-range Establish multiple VLANs at the same time. no vlan vlan-id | vlan-range Delete one or multiple VLANs. Vlan can perform dynamic addtion and deletion via vlan management protocol GVRP. 16.3.
Users Manual of CS-6306R The command to globally enable dot1q-tunnel is as follows: Command Description double-tagging Globally enables double-tagging feature of the switch. 16.3.3 Creating/Deleting VLAN Interface Vlan interface can be established to realize network management or layer 3 routing feature. The vlan interface can be used to specify ip address and mask. Run the following command to configure vlan interface: Run… To… [no] interface vlan vlan-id Create/Delete a VLAN interface. 16.3.
Users Manual of CS-6306R 16.3.5 Monitoring Configuration and State of VLAN Run the following commands in EXEC mode to monitor configuration and state of VLAN: Run… To… show vlan [ idx | interfaceintf ] Display configuration and state of VLAN. show interface {vlan | supervlan} x Display the states of vlan ports. 16.4 Configuration Examples Users PC1~PC6 connect the switch through ports 1~6. The IP addresses of these PCs belong to the network section 192.168.1.0/24.
Users Manual of CS-6306R Chapter 17. GVRP Configuration 17.1 Configuring GVRP 17.2 Introduction GVRP (GARP VLAN Registration Protocol GARP VLAN) is a GARP (GARP VLAN Registration Protocol GARP VLAN) application that provides IEEE 802.1Q-compliant VLAN pruning and dynamic VLAN creation on 802.1Q trunk ports.
Users Manual of CS-6306R 17.4.3 Monitoring and Maintenance of GVRP Perform the following operations in EXEC mode: Command Description show gvrp statistics [interface Displays GVRP statistics. port_list] show gvrp status Displays GVRP global state information. [ no ] debug gvrp [ packet | event ] Enables/disables GVRP data packet and event debug switches. All debug switches will be enabled/disabled if not specified the concrete switch.
Users Manual of CS-6306R Switch_config_g0/9# switchport mode trunk (6) Enable global GVRP of switch B: Switch_config#gvrp (7) Enable GVRP of interface 9 of Switch B Switch_config_g0/9#gvrp (8) Configure VLAN 40, Vlan 50 and Vlan60 on Switch B Switch_config#vlan 40 Switch_config#vlan 50 Switch_config#vlan 60 After completing the configuration, the VLAN configuration information will be displayed respectively on Switch A and Switch B, that is, VLAN10, VLAN20,VLAN30, VLAN40, VLAN50 and VLAN60 on both swit
Users Manual of CS-6306R Chapter 18. Private VLAN Settings 18.1 Private VLAN Settings 18.2 Overview of Private VLAN Private VLAN has settled the VLAN application problems facing ISPs: If ISP provides each user with a VLAN, the support by each device of 4094 VLANs will restrict the total of ISP-supported users. 18.
Users Manual of CS-6306R 18.3.4 Modifying the Fields in VLAN TAG This functionality supports to modify the VLAN ID and priority in VLAN tag and decides whether the egress packets of private VLAN carry the tag or not. 18.
Users Manual of CS-6306R 18.5.3 Configuring the L2 Port of Private VLAN to Be the Host Port Run the following commands to set the L2 port of private VLAN to be the host port: Command Purpose Interfaceinterface Enters the interface configuration mode. switchport mode private-vlan host Sets the layer-2 port to be in host’s port mode. no switchport mode Deletes the private VLAN mode configuration of L2 port.
Users Manual of CS-6306R 18.5.6 Displaying the Configuration Information of Private VLAN Run the following commands in global, interface or VLAN configuration mode to display the private VLAN configuration information of private VLAN and L2 port: Command Purpose show vlan private-vlan Displays the configuration of private VLAN. show vlan private-vlan interface interface Displays the configuration of the L2 port in the private VLAN. 18.
Users Manual of CS-6306R Switch_config#interface GigaEthernet0/3 Switch_config_g0/3#switchport mode private-vlan host Switch_config_g0/3#switchport private-vlan host-association 2 3 Switch_config_g0/3#switchport pvid 3 Switch_config#interface GigaEthernet0/4 Switch_config_g0/4#switchport mode private-vlan host Switch_config_g0/4#switchport private-vlan host-association 2 4 Switch_config_g0/4# switchport pvid 4 Switch_config#interface GigaEthernet0/5 Switch_config_g0/5#switchport mode private-vlan host Sw
Users Manual of CS-6306R Chapter 19. STP Configuration 19.1 Configuring STP 19.1.1 STP Introduction The standard Spanning Tree Protocol (STP) is based on the IEEE 802.1D standard. A switch stack appears as a single spanning-tree node to the rest of the network, and all stack members use the same bridge ID. Unless otherwise noted, the term switch refers to a standalone switch and to a switch stack.
Users Manual of CS-6306R The bridge with highest priority (the identifier value is the smallest) is selected as the root. Ports of each bridge have the attribute Root Path Cost, that is, the minimum of path cost summation of all ports from the root to the bridge. The designated port of each network segment refers to the port connecting to the network segment and having the minimum path cost.
Users Manual of CS-6306R 19.1.3.2 Disabling/Enabling STP Spanning tree is enabled by default. Disable spanning tree only if you are sure there are no loops in the network topology. Follow these steps to disable spanning-tree: Command Purpose no spanning-tree Disables STP. To enable spanning-tree, use the following command: Command Purpose spanning-tree Enables default mode STP (SSTP). spanning-tree mode {sstp | rstp} Enables a certain mode STP. 19.1.3.
Users Manual of CS-6306R 19.1.3.6 Configuring the Forward Delay Time Configure sstp forward delay to determine the number of seconds an interface waits before changing from its spanning-tree learning and listening states to the forwarding state. Use the following command to configure sstp forward delay: Command Purpose spanning-tree sstpforward-time Configures sstp Forward time. no spanning-tree sstp forward-time Returns forward time to default value (15s). 19.1.3.
Users Manual of CS-6306R 19.1.3.10 Monitoring STP State To monitor the STP configuration and state, use the following command in management mode: Command Purpose show spanning-tree Displays spanning-tree information on active interfaces only. show spanning-tree detail Displays a detailed summary of interface information. show spanning-tree interface Displays spanning-tree information for the specified interface. 19.1.4 Configuring VLAN STP 19.1.4.
Users Manual of CS-6306R configuration. spanning-tree vlan vlan-list max-age Configures Max-age for the designated value VLAN. no spanning-tree vlan vlan-list Resumes Max-age of the designated max-age VLAN to the default configuration. spanning-tree vlan vlan-list hello-time Configures HELLO-TIME for the value designated VLAN. no spanning-tree vlan vlan-list Resumes HELLO-TIME of the hello-time designated VLAN to the default configuration.
Users Manual of CS-6306R Command Purpose spanning-tree mode rstp Enables RSTP no spanning-tree mode Returns STP to default mode (SSTP) 19.1.6.2 Configuring the Switch Priority You can configure the switch priority and make it more likely that a standalone switch or a switch in the stack will be chosen as the root switch.
Users Manual of CS-6306R 19.1.6.4 Configuring the Hello Time The proper hello time value can ensure that the bridge detect link failures in the network without occupying too much network resources. Follow these configurations in the global configuration mode: Command Purpose spanning-tree rstp hello-time value Configures Hello Time no spanning-tree rstp hello-time Returns Hello Time to default value. We recommend user to use the default value. The default Hello Time is 4 seconds. 19.1.6.
Users Manual of CS-6306R The modification of the priority of the Ethernet port will arise the recalculation of the spanning tree. We recommend user to use the default value and let RSTP protocol calculate the path cost of the current Ethernet interface. When the port speed is 10Mbps, the path cost of the Ethernet interface is 2000000. When the port speed is 100Mbps, the path cost of the Ethernet interface is 200000. 19.1.6.
Users Manual of CS-6306R 19.2.1.2 MST Domain In MSTP, the relationship between VLAN and STP is described through the MSTP configuration table. MSTP configuration table, configuration name and configuration edit number makes up of the MST configuration identifier. In the network, interconnected bridges with same MST configuration identifier are considered in the same MST region. Bridges in the same MST region always have the same VLAN configuration, ensuring VLAN frames are sent in the MST region. 19.2.1.
Users Manual of CS-6306R 1. CIST Common and Internal Spanning Tree (CIST) means the spanning tree comprised by all single switches and interconnected LAN. These switches may belong to different MST regions. They may be switches running traditional STP or RSTP. Switches running STP or RSTP in the MST regions are considered to be in their own regions. After the network topology is stable, the whole CIST chooses a CIST root bridge.
Users Manual of CS-6306R 2. Alternate port Figure 2.3 Alternate port The alternate port is a backup path between the current switch and the root bridge. When the connection of root port is out of effect, the alternate port can promptly turn into a new root port without work interruption. 3. Designated port Figure 2.4 Designated port The designated port can connect switches or LAN in the next region. It is the path between the current LAN and root bridge.
Users Manual of CS-6306R 4. Backup port Figure 2.5 Backup port When two switch ports directly connect or both connect to the same LAN, the port with lower priority is to be the backup port, the other port is to be the designated port. If the designated port breaks down, the backup port becames the designated port to continue working. 5. Master port Figure 2.6 Master port The Master port is the shortest path between MST region and CIST root bridge.
Users Manual of CS-6306R 6. Boundary port The concept of boundary port in CIST is a little different from that in each MSTI. In MSTI, the role of the boundary port means that the spanning tree instance does not expand on the port. 7. Edge port In the RSTP protocol or MSTP protocol, edge port means the port directly connecting the network host. These ports can directly enter the forwarding state without causing any loop in the network. Figure 2.
Users Manual of CS-6306R Table 2.
Users Manual of CS-6306R 19.2.1.6 Stable State The MSTP switch performs calculation and compares operations according to the received BPDU, and finally ensures that: (1) One switch is selected as the CIST root of the whole network. (2) Each switch and LAN segment can decide the minimum cost path to the CIST root, ensuring a complete connection and prevent loops. (3) Each region has a switch as the CIST regional root. The switch has the minimum cost path to the CIST root.
Users Manual of CS-6306R 19.2.2 MSTP Configuration Task List Default MSTP configuration Enabling and disabling MSTP Configuring MSTP region Configuring network root Configuring secondary root Configuring bridge priority Configuring time parameters of STP Configuring network diameter Configuring maximum hop count Configuring port priority Configuring path cost for port Configuring port connection type Activating MST-compatible mode 19.2.2.
Users Manual of CS-6306R The main function of the compatible mode is to create the MST area for switches and other MSTP-running switches. In actual networking, make sure that the switch has the same configuration name and the same edit number. It is recommended to configure switches running other MSTP protocols to the CIST root, ensuring that the switch enters the compatible mode by receiving message.
Users Manual of CS-6306R 19.2.3.2 Enabling and Disabling MSTP The STP protocol can be started in PVST or SSTP mode by default. You can stop it running when the spanning-tree is not required. Run the following command to set the STP to the MSTP mode: Command Purpose spanning-tree Enables STP in default mode. spanning-tree mode mstp Enables MSTP. Run the following command to disable STP: Command Purpose no spanning-tree Disables the STP. 19.2.3.
Users Manual of CS-6306R spanning-tree mstp instanceinstance-id Maps VLAN to MSTI. vlanvlan-list instance-id represents the instance number of the spanning tree, meaning an MSTI. It ranges from 1 to 15. vlan-list means the VLAN list that is mapped to the spanning tree. It ranges from 1 to 4094. instance-id is an independent value representing a spanning tree instance. vlan-list can represent a group of VLANs, such as ”1,2,3”, ”1-5” and “1,2,5-10”.
Users Manual of CS-6306R Command Purpose spanning-tree mstpinstance-idroot primary Sets the switch to the root in the designated [ diameternet-diameter spanning tree instance. [ hello-timeseconds ] ] instance-id represents the number of the spanning tree instance, ranging from 0 to 15. net-diameter represents the network diameter, which is an optional parameter. It is effective when instance-id is 0. It ranges from 2 to 7. seconds represents the unit of the hello time, ranging from 1 to 10.
Users Manual of CS-6306R Command Purpose spanning-tree mstpinstance-idroot secondary Sets the switch to the secondary root in the designated [ diameternet-diameter [ hello-timeseconds ] ] spanning tree instance. instance-id represents the number of the spanning tree instance, ranging from 0 to 15. net-diameter represents the network diameter, which is an optional parameter. It is effective when instance-id is 0. It ranges from 2 to 7.
Users Manual of CS-6306R 19.2.3.7 Configuring STP Time Parameters The following are STP time parameters: Hello Time: The interval to send the configuration message to the designated port when the switch functions as the network root. Forward Delay: Time that the port needs when it changes from the Blocking state to the learning state and to the forwarding state in STP mode. Max Age: The maximum live period of the configuration information about the spanning tree.
Users Manual of CS-6306R 19.2.3.8 Configuring Network Diameter Network diameter stands for the maximum number of switches between two hosts in the network, representing the scale of the network. You can set the MSTP network diameter by running the command spanning-tree mstp diameternet-diameter. The parameter net-diameter is valid only to CIST. After configuration, three STP time parameters are automatically updated to comparatively better values.
Users Manual of CS-6306R Command Purpose spanning-tree port-priorityvalue Sets the port priority in all spanning tree instances. value stands for the port priority. It can be one of the following values: 0, 16, 32, 48, 64, 80, 96, 112 128, 144, 160, 176, 192, 208, 224, 240 no spanning-tree mstpinstance-id Resumes the port priority to the default value. port-priority no spanning-tree port-priority Resumes the port priority to the default value in all spanning tree instances.
Users Manual of CS-6306R 19.2.3.12 Configuring Port Connection Type If the connection between MSTP-supported switches is the point-to-point direct connection, the switches can rapidly establish connection through handshake mechanism. When you configure the port connection type, set the port connection to the point-to-point type. The protocol decides whether to use the point-to-point connection or not according to the duplex attribute.
Users Manual of CS-6306R The main function of the compatible mode is to create the MST area for switches and other MSTP-running switches. In actual networking, make sure that the switch has the same configuration name and the same edit number. It is recommended to configure switches running other MSTP protocols to the CIST root, ensuring that the switch enters the compatible mode by receiving message.
Users Manual of CS-6306R 19.2.3.15 Checking MSTP Information In monitor command, global configuration command or port configuration command, run the following command to check all information about MSTP. Command Purpose show spanning-tree Checks MSTP information. (Information about SSTP, PVST, RSTP and MSTP can be checked) show spanning-tree detail Checks the details of MSTP information.
Users Manual of CS-6306R Chapter 20. STP Optional Characteristic Configuration 20.1 Configuring STP Optional Characteristic 20.1.1 STP Optional Characteristic Introduction The spanning tree protocol module of the switch supports seven additional features (the so-called optional features). These features are not configured by default.
Users Manual of CS-6306R Figure 1.1 Port Fast Instruction: For the rapid convergent spanning tree protocol, RSTP and MSTP, can immediately bring an interface to the forwarding state, and therefore there is no need to use Port Fast feature. 20.1.1.2 BPDU Guard The BPDU guard feature can be globally enabled on the switch or can be enabled per port, but the feature operates with some differences.
Users Manual of CS-6306R 20.1.1.3 BPDU Filter The BPDU filtering feature can be globally enabled on the switch or can be enabled per interface, but the feature operates with some differences. In SSTP/PVST mode, if a Port Fast port with BPDU filter configured receives the BPDU, the features BPDU Filter and Port Fast at the port will be automatically disabled, resuming the port as a normal port. Before entering the Forwarding state, the port must be in the Listening state and Learning state.
Users Manual of CS-6306R Figure 1.3 Uplink Fast The Uplink Fast feature adjusts to the slowly convergent SSTP and PVST. In RSTP and MSTP mode, new root port can rapidly enter the Forwarding state without the Uplink Fast function. 20.1.1.5 Backbone Fast The Backbone Fast feature is a supplement of the Uplink Fast technology.
Users Manual of CS-6306R Figure 1.4 Backbone Fast Suppose the bridge priority of switch C is higher than that of switch B. When L1 is disconnected, switch B is selected to send BPDU to switch C because the bridge priority is used as root priority. To switch C, the information contained by BPDU is not prior to information contained by its own. When Backbone Fast is not enabled, the port between switch C and switch B ages when awaiting the bridge information and then turns to be the designated port.
Users Manual of CS-6306R 20.1.1.6 Root Guard The Root Guard feature prevents a port from turning into a root port because of receiving high-priority BPDU. The Layer 2 network of a service provider (SP) can include many connections to switches that are not owned by the SP. In such a topology, the spanning tree can reconfigure itself and select a customer switch as the root switch, as shown in Figure 17-8.
Users Manual of CS-6306R 20.1.2 Configuring STP Optional Characteristic 20.1.2.1 STP Optional Characteristic Configuration Task Configuring Port Fast Configuring BPDU Guard Configuring BPDU Filter Configuring Uplink Fast 20.1.2.2 Configuring Port Fast An interface with the Port Fast feature enabled is moved directly to the spanning-tree forwarding state without waiting for the standard forward-time delay.
Users Manual of CS-6306R 20.1.2.3 Configuring BPDU Guard When you globally enable BPDU guard on ports that are Port Fast-enabled (the ports are in a Port Fast-operational state), spanning tree shuts down Port Fast-enabled ports that receive BPDUs. In a valid configuration, Port Fast-enabled ports do not receive BPDUs.
Users Manual of CS-6306R 20.1.2.4 Configuring BPDU Filter When you globally enable BPDU filtering on Port Fast-enabled interfaces, it prevents interfaces that are in a Port Fast-operational state from sending or receiving BPDUs. The interfaces still send a few BPDUs at link-up before the switch begins to filter outbound BPDUs. You should globally enable BPDU filtering on a switch so that hosts connected to these interfaces do not receive BPDUs.
Users Manual of CS-6306R directly connected to access switches. BackboneFast optimizes the maximum-age timer, which controls the amount of time the switch stores protocol information received on an interface. When a switch receives an inferior BPDU from the designated port of another switch, the BPDU is a signal that the other switch might have lost its path to the root, and BackboneFast tries to find an alternate path to the root. Backbone fast feature is only valid in SSTP/PVST mode.
Users Manual of CS-6306R 20.1.2.8 Configuring Loop Guard You can use loop guard to prevent alternate or root ports from becoming designated ports because of a failure that leads to a unidirectional link. This feature is most effective when it is configured on the entire switched network. Loop guard operates only on interfaces that are considered point-to-point by the spanning tree. Loop Guard feature acts differently somehow in SSTP/PVST.
Users Manual of CS-6306R Chapter 21. Link Aggregation Configuration 21.1 Configuring Port Aggregation 21.1.1 Overview Link aggregation, also called trunking, is an optional feature available on the Ethernet switch and is used with Layer 2 Bridging. Link aggregation allows logical merge of multiple ports in a single link. Because the full bandwidth of each physical link is available, inefficient routing of traffic does not waste bandwidth. As a result, the entire cluster is utilized more efficiently.
Users Manual of CS-6306R 21.1.3.2 Aggregation of Physical Port To aggregate multiple physical ports into a logical channel, you can use static aggregation or LACP protocol for negotiation.
Users Manual of CS-6306R dst-mac It is to share the data traffic according to the destination MAC address, that is, the message with same MAC address attributes is to get through a physical port. both-mac It is to share the data traffic according to source and destination MAC addresses, that is, the message with same MAC address attributes is to get through a physical port.
Users Manual of CS-6306R Chapter 22. PDP Configuration 22.1 PDP Overview 22.1.1 Overview PDP is specially used to discover network equipment, that is, it is used to find all neighbors of a known device. Through PDP, the network management program can use SNMP to query neighboring devices to acquire network topology. Our company’s switches can discover the neighboring devices but they do not accept SNMP queries.
Users Manual of CS-6306R 22.1.2.3 Setting the PDP Version To set the PDP version, you can run the following command in global configuration mode. Command Purpose pdp version {1|2} Setts the PDP version. 22.1.2.4 Starting PDP on a Switch To enable PDP, you can run the following commands in global configuration mode. Command Purpose pdp run Starts PDP on a switch. 22.1.2.5 Starting PDP on a Port To enable PDP on a port by default, you can run the following command in port configuration mode.
Users Manual of CS-6306R Chapter 23. LLDP Configuration 23.1 LLDP 23.1.1 LLDP Introduction The 802.1ABlink layer discovery protocol (LLDP) at 802.1AB helps to detect network troubles easily and maintain the network topology. LLDP is a unidirectional protocol. One LLDP agent transmits its state information and functions through its connected MSAP, or receives the current state information or function information about the neighbor.
Users Manual of CS-6306R 23.1.3.2 Configuring holdtime You can control the timeout time of transmitting the LLDP message through modifying holdtime: Run the following command in global configuration mode to configure holdtime of LLDP: Command Purpose lldpholdtimetime Configures the timeout time of LLDP. nolldpholdtime Resumes the timeout time to the default value, 120 seconds. 23.1.3.3 Configuring timer You can control the interval of the switch to transmit message by configuring the timer of LLDP.
Users Manual of CS-6306R no lldptlv-selecttlv-type Tlvs or tlv-types which needs to be deleted include: macphy-confg management-address port-description port-vlan system-capabilities system-description system-name 23.1.3.6 Configuring the Transmission or Reception Mode LLDP can work under three modes: transmit-only, receive-only and transmit-and-receive. By default, LLDP works under the transmit-and-receive mode. You can modify the working mode of LLDP through the following commands.
Users Manual of CS-6306R 23.1.3.8 Configuring the Deletion Commands You can delete the received neighbor lists and all statistics information by running the following command in EXEC mode. Command Purpose clearlldpcounters Deletes all statistics data. clearlldptable Deletes all received neighbor information. 23.1.3.
Users Manual of CS-6306R Chapter 24. FlexLinkLite Configuration 24.1 FlexLinkLite Configuration 24.1.1 FlexLinkLite Overview FlexLinkLite is used in a network environment to easily construct two uplink links, which back up each other. If STP is not enabled in this network environment, FlexLinkLite can avoid the loop and conduct fast switchover when a link is out of effect. Figure 1: FlexLinkLite-enabled network FlexLinkLite includes a pair of ports that back up each other.
Users Manual of CS-6306R 24.1.2 FlexLinkLite Configuration 24.1.2.1 Run the following commands to set the backup port: Run the following commands to set the FlexLinkLite backup port: Command Purpose Switch# configure Enters the global configuration mode of the switch. Switch_config# interface intf-name Enters the interface configuration mode. Intf-name: stands for the name of a port, such as G0/1 or F0/10.
Users Manual of CS-6306R 24.1.2.3 Setting the Transmission and Reception of TCN Packets Command Purpose Switch_config_intf# switchport bakcup Allows a port to transmit the TCN packets. interface tcn transmit Switch_config_intf# switchport backup Allows a port to process the TCN packets. interface tcn accept The transmit command can be enabled on the device with a configured backup port. When a backup port is switched, it will transmit the TCN packets.
Users Manual of CS-6306R Active Backup State Preemption G0/1 G0/2 Active Up/Backup Down Role/15/0 Make the following settings to enable the TCN packets to be received: Switch# config Switch_config# interface range g0/10 , 11 Switch_config_if_range# switchport backup interface tcn accept Switch_config_if_range# exit Switch_config# 264
Users Manual of CS-6306R Chapter 25. BackupLink Configuration 25.1 BackupLink Overview 25.1.1 Overview Link aggregation, also called trunking, is an optional feature available on the Ethernet switch and is used with Layer 2 Bridging. Link aggregation allows logical merge of multiple ports in a single link. Because the full bandwidth of each physical link is available, inefficient routing of traffic does not waste bandwidth. As a result, the entire cluster is utilized more efficiently.
Users Manual of CS-6306R 25.1.2.2 Aggregation of Physical Port To aggregate multiple physical ports into a logical channel, you can use static aggregation or LACP protocol for negotiation.
Users Manual of CS-6306R dst-mac It is to share the data traffic according to the destination MAC address, that is, the message with same MAC address attributes is to get through a physical port. both-mac It is to share the data traffic according to source and destination MAC addresses, that is, the message with same MAC address attributes is to get through a physical port.
Users Manual of CS-6306R Chapter 26. EAPS Configuration 26.1 Introduction of Fast Ethernet Ring Protection 26.1.1 Overview The Ethernet ring protection protocol is a special type of link-layer protocol specially designed for constructing the ring Ethernet topology. The Ethernet protection protocol can shut down one link in a complete ring topology, preventing the data loop from forming the broadcast storm. If a link is broken, the protocol immediately resumes the link that is previously shut down.
Users Manual of CS-6306R 26.1.2.1 Roles of Ring’s Nodes Each switch on an Ethernet ring is a ring node. The ring nodes are classified into master nodes and transit nodes. Only one switch on the Ethernet ring can serve as a mere master node and other switches are worked as transit nodes. Master node: It positively knows whether the ring’s topology is complete, removes loopback, control other switches to update topology information.
Users Manual of CS-6306R 26.1.2.3 Control VLAN and Data VLAN A private control VLAN is used between master node and transit node to transmit protocol packets. This control VLAN is specified by user through configuration and ring's ports are added also by user to the control VLAN, which guarantees that the protocol packets can be normally forwarded.
Users Manual of CS-6306R 26.1.3 Types of EAPS Packets The EAPS packets can be classified into the following types, as shown in table 1.1. Table 1.1 Types of EAPS packets Type of the packet Remarks Loopback detection It is transmitted by the master node to detect whether the (HEALTH) topology of the ring network is complete. LINK-DOWN Indicates that link interruption happens in the ring. This kinds of packets are transmitted by the transit node.
Users Manual of CS-6306R 26.1.4.2 Notification of Invalid Link of Transit Node After the transit port of the transit node is out of effect, the LINK-DOWN packet will be immediately transmitted by the other transit port to notify other nodes. In normal case, the packet passes through other transit nodes and finally arrives at one port of the master node. After the master node receives the LINK-DOWN packet, it thinks that the ring network is invalid.
Users Manual of CS-6306R 26.2.2 Requisites before Configuration Before configuring MEAPS, please read the following items carefully: One of important functions of the ring protection protocol is to stop the broadcast storm, so please make sure that before the ring link is reconnected all ring nodes are configured.If the ring network is connected in the case that the configuration is not finished, the broadcast storm may easily occur.
Users Manual of CS-6306R Command Purpose Switch_config_ring#control-vlan vlan-id Configures the control VLAN. Vlan-id: ID of the control VLAN Switch_config_ring#master-node Configures the node type to be a master node. Switch_config_ring#hello-time value This step is optional. Configures the cycle for the master node to transmit the HEALTH packets. Value: It is a time value ranging from 1 to 10 seconds and the default value is 1 second. Switch_config_ring#fail-time value This step is optional.
Users Manual of CS-6306R 26.2.4.2 Configuring the Transit Node Configure a switch to be the transit node of a ring network according to the following steps: Command Purpose Switch#config Enters the switch configuration mode. Switch_config#ether-ring id Sets a node and enters the node configuration mode. id: Instance ID Switch_config_ring#control-vlan Configures the control VLAN. vlan-id Vlan-id: ID of the control VLAN Switch_config_ring#transit-node Configures the node type to be a transit node.
Users Manual of CS-6306R show ether-ring id detail Browses the detailed information about the ring protection protocol and the port of Ethernet ring. show ether-ring id interface intf-name Browses the state of the Ether-ring port or that of the common port. 26.2.5 MEAPS configuration 26.2.5.1 Configuration Example MEAPS configuration As shown in figure 2.1, master node S1 and transit node S2 are configured as follows. As to the settings of other nodes, they are same to S2's settings.
Users Manual of CS-6306R S1_config_g0/1#exit S1_config#interface gigaEthernet 0/3 S1_config_g0/3#ether-ring 1 secondary-port S1_config_g0/3#exit Establishes the control VLAN: S1_config#vlan 2 S1_config_vlan2#exit S1_config#interface range g0/1 , 3 S1_config_if_range#switchport mode trunk S1_config_if_range#exit Configuring switch S2: S1_config#no spanning-tree S1_config#ether-ring 1 S1_config_ring1#control-vlan 2 S1_config_ring1#transit-node S1_config_ring1#pre-forward-time 8 S1_config_ring1#exit S1_conf
Users Manual of CS-6306R Chapter 27. MEAPS Settings 27.1 MEAPS Introduction 27.1.1 MEAPS Overview EAPS is a protocol specially applied on the link layer of the Ethernet ring. When the Ethernet ring is complete, you should prevent the broadcast storm from occurring on the data loopback. But when a link of an Ethernet ring is broken, you should enable the backup link rapidly to resume the communication of different nodes in the ring. The role of switch is specified by you through configuration.
Users Manual of CS-6306R 27.1.2 Basic Concepts of MEAPS 27.1.2.1 Domain The domain specifies the protection range of the Ethernet loopback protection protocol and is marked by ID, which consists of integers; A group of switches that support the same protection data and have the same control VLAN can form a domain after they are connected with each other. One domain may include only one ring or multiple rings that intersect each other. See the following figure.
Users Manual of CS-6306R transmit the MEAPS packets. Each MEAPS has two control VLANs, that is, the main control VLAN and the sub control VLAN. You need to specify the main control VLAN when configuring the major ring or the sub ring. During configuration you just need to specify the main control VLAN and take a VLAN, the ID of which is 1 more than the ID of the main control VLAN, as the sub control VLAN.
Users Manual of CS-6306R 27.1.2.8 Transit Node All switches on the Ethernet except the master node can be called as the transit nodes. The transit node only checks the state of the local port of the ring, and notifies the master node of the invalid link. See the following figure, in which S1, S2, S5 and S6 are all transit nodes. 27.1.2.
Users Manual of CS-6306R A port can be set as the primary port or the transit port of a node and it cannot be reset. 27.1.2.12 Common Port and Edge Port The edge node and the assistant node are the places where the sub ring and the major ring intersect. As to the two ports that access the Ethernet, one is a common port, which is the public port of the sub ring and the major ring; the other is the edge port in the sub ring. The roles of the two ports are decided by users through configuration.
Users Manual of CS-6306R 27.1.2.14 Complete Flag of Ring Both the master node and the transit node can show whether the current ring network is complete through the state symbol “COMPLETE”. On the master node, only when all links of the ring network are normal, the primary port is in forwarding state and the secondary port is in blocking state can the "COMPLETE” symbol be real; on the transit node, only when its two transit ports are in forwarding state can the “COMPLETE” symbol be true.
Users Manual of CS-6306R RING-UP-FLUSH-FDB packets. As shown in the following figure, the master node, S4, transmits the HELLO packets periodically. If the loopback has no troubles, the HELLO packets will arrive at the secondary port of the master node, and the master node will block data forwarding of the data VLAN that the secondary port belongs to, preventing the loopback from happening.
Users Manual of CS-6306R Figure 4: Link status change notification After the transit port is resumed, it does not immediately transmit the packets of data VLANs, but enters the Pre-Forwarding state. A transit port in pre-forwarding state only transmits and receives the control packets from the control VLAN.
Users Manual of CS-6306R Figure 5: Intersection of the major ring and the sub ring When trouble occurs on the link of the major ring, and when the channel of the sub-ring protocol packets between the edge node and the assistant node are interrupted, the master node of the sub ring cannot receive the HELLO packets that the master node itself transmits. In this case, the Fail Time times out, and the master node of the sub ring changes to the Failed state and opens its secondary port.
Users Manual of CS-6306R The channel status checkup mechanism of the sub-ring protocol packet on the major ring is introduced to solve the problem about the dual homing ring. This mechanism is to monitor the status of the channel link on the major ring between the edge node and the assistant node, which requires the help of the edge node and the assistant node.
Users Manual of CS-6306R Figure 8. Check the channel status on the major ring between the edge node and the assistant node. 2. The edge node blocks the edge port at the interruption of the channel.
Users Manual of CS-6306R Figure 9: The edge node blocks the edge port at the interruption of the channel. 3. Channel recovery When the link of the major ring and the communication between the edge node and the assistant node resumes, the channel of the sub-ring protocol packet resumes to the normal function.
Users Manual of CS-6306R configuration is unfinished and therefore the node cannot be started. In this case, you are required to change or add basic information to complete the configuration of the node. The ring protection protocol supports a switch to configure multiple ring networks. The configuration of the control VLAN of the ring network does not automatically establish the corresponding systematic VLAN. You need to establish the systematic VLAN manually through global VLAN configuration command.
Users Manual of CS-6306R 27.2.2 MEAPS Configuration Tasks Configuring the Master Node Configuring the Transit Node Configuring the Edge Node and the Assistant Node Configuring the Ring Port Browsing the State of the Ring Protection Protocol 27.2.3 Fast Ethernet Ring Protection Configuration 27.2.3.1 Configuring the Master Node Configure a switch to be the master node of a ring network according to the following steps: Command Purpose Switch#config Enters the switch configuration mode.
Users Manual of CS-6306R Remarks: During configuration, both the major ring and the sub-ring should be set to have the same control VLAN—the control VLAN of the major ring. After this configuration is successfully set, the control VLAN of major ring and the control VLAN of sub-ring are created on the major ring, and at the same time the sub-ring control VLAN is created on the sub-ring and the major-ring control VLAN is forbidden on the sub-ring. 27.2.3.
Users Manual of CS-6306R 27.2.3.3 Configuring the Edge Node and the Assistant Node Configure a switch to be the master node of a ring network according to the following steps: Command Purpose Switch# config Enters the switch configuration mode. Sets a node and enters the node configuration mode. id1: instance ID of a node id2: instance ID of a domain (omitted when it is Switch_config#mether-ring id1 domainid2 0) Switch_config_ring1#edge-node[assistant- It is an obligatory step.
Users Manual of CS-6306R It is an obligatory step. Sets the control VLAN and establishes VLAN “id” and VLAN “id-1”. Switch_config_ring1#control-vlanvlan-id vlan-id: ID of the control VLAN It is an obligatory step. You can complete the ring configuration even if not using this command, but the system cannot enter the single-ring networking mode.
Users Manual of CS-6306R 27.2.3.6 Browsing the State of the Ring Protection Protocol Run the following command to browse the state of the ring protection protocol: Command Purpose show mether-ring Browses the summary information about the ring protection protocol and the ports of ring. show mether-ring id1 domain id2 Browses the summary information about the designated ring protection protocol and the ports of ring.
Users Manual of CS-6306R Figure 11: Complete state 27.3.2.1 Link-Down The link-down state of the ring is decided by the polling mechanism, the notification of the link state change and the channel status checkup mechanism of the sub-ring protocol packet. Surely the link-down state of the ring is also advocated as to only one ring. When some link in the ring is in link-down state, the ring changes from the compete state to the troubled state, that is, the link-down state.
Users Manual of CS-6306R After the master node receives the link-down packet, its state will be changed to the Failed state and at the same time the secondary port will be opened, the FDB table will be refreshed, and the RING-DOWN-FLUSH-FDB packets will be transmitted from two ports for notifying all nodes.
Users Manual of CS-6306R The transit port can transmit the control packet in preforwarding state, so the secondary port of the master node can receive the hello packet from the primary port. Hence, the master node shifts its state to Complete, blocks the secondary port and transmits the RING-UP-FLUSH-FDB packet from the primary port. After the transit node receives the RING-UP-FLUSH-FDB packet, the transit node will shift back to the Link-Up state, open the blocked port and refresh the FDB table.
Users Manual of CS-6306R 27.3.3 MEAPS configuration 27.3.3.1 Configuration Example MEAPS configuration As shown in figure 2.1, master node S1 and transit node S2 are configured as follows. As to the settings of other nodes, they are the same as S2's settings.
Users Manual of CS-6306R Switch_config_ring1#transit-node Switch_config_ring1#major-ring Switch_config_ring1#control-vlan 2 The following commands are used to set the time related parameters: Switch_config_ring1#pre-forward-time 12 Exits from the node configuration mode: Switch_config_ring1#quit The following commands are used to set the transit port of node 1: Switch_config#interface gigaEthernet 0/1 Switch_config_g0/1#mether-ring 1 domain 1 transit-port Switch_config_g0/1#switchport mode trunk Switch_
Users Manual of CS-6306R Switch_config_ring1#control-vlan 2 The following commands are used to set the time related parameters: Switch_config_ring1#pre-forward-time 12 Exits from the node configuration mode: Switch_config_ring1#quit The following commands are used to set the transit port of node 1: Switch_config#interface gigaEthernet 0/1 Switch_config_g0/1#mether-ring 1 domain 1 transit-port Switch_config_g0/1#switchport mode trunk Switch_config_g0/1#quit Switch_config#interface gigaEthernet 0/2 Switch
Users Manual of CS-6306R Switch_config_ring4#hello-time 4 Switch_config_ring4#fail-time 12 Exits from the node configuration mode: Switch_config_ring4#quit The following commands are used to set the primary port and secondary port of node 4: Switch_config#interface gigaEthernet 0/1 Switch_config_g0/1#mether-ring 4 domain 1 primary-port Switch_config_g0/1#switchport mode trunk Switch_config_g0/1#quit Switch_config#interface gigaEthernet 0/2 Switch_config_g0/2#mether-ring 4 domain 1 secondary-port Switch_c
Users Manual of CS-6306R Configuring switch S6: The following commands are used to set the major-ring master node, node 1: Switch_config#mether-ring 1 domain 1 Switch_config_ring1#master-node Switch_config_ring1#major-ring Switch_config_ring1#control-vlan 2 The following commands are used to set the time related parameters: Switch_config_ring1#hello-time 4 Switch_config_ring1#fail-time 12 Exits from the node configuration mode: Switch_config_ring1#quit The following commands are used to set the transit
Users Manual of CS-6306R Configuring switch S7: The following commands are used to set the major-ring transit node, node 1: Switch_config#mether-ring 1 domain 1 Switch_config_ring1#transit-node Switch_config_ring1#major-ring Switch_config_ring1#control-vlan 2 The following commands are used to set the time related parameters: Switch_config_ring1#pre-forward-time 12 Exits from the node configuration mode: Switch_config_ring1#quit The following commands are used to set the transit port of node 1: Switch_c
Users Manual of CS-6306R Configuring switch S8: The following commands are used to set the sub-ring transit node, node 4: Switch_config#mether-ring 4 domain 1 Switch_config_ring4# transit -node Switch_config_ring4#sub-ring Switch_config_ring4#control-vlan 2 The following commands are used to set the time related parameters: Switch_config_ring4#pre-forward-time 12 Exits from the node configuration mode: Switch_config_ring4#quit The following commands are used to set the transit port of node 4: Switch_con
Users Manual of CS-6306R Chapter 28. ELPS Configuration 28.1 ELPS Overview 28.1.1 Overview If DHCP snooping is enabled in a VLAN, the DHCP packets which are received from all distrusted physical ports in a VLAN will be legally checked. The DHCP response packets which are received from distrusted physical ports in a VLAN will then be dropped, preventing the faked or mis-configured DHCP server from providing address distribution services.
Users Manual of CS-6306R Setting an Interface to an ARP-Trusting Interface ARP monitoring is not enabled on those trusted interfaces. The interfaces are distrusted ones by default. Run the following commands in interface configuration mode. Command Purpose arp inspection trust Sets an interface to an ARP-trusting interface. no arp inspection trust Resumes an interface to an ARP-distrusting interface.
Users Manual of CS-6306R there is no binding relationship on this interface. After source IP address monitoring is enabled, the switch rejected forwarding all IP packets. After the TFTP server is configured for interface binding backup, the binding relationship will be backed up to the server through the TFTP protocol. After the switch is restarted, the switch automatically downloads the binding list from the TFTP server, securing the normal running of the network.
Users Manual of CS-6306R corresponding binding list. Note that the manually-configured binding items have higher priority than the dynamically-configured binding items. If the manually-configured binding item and the dynamically-configured binding item have the same MAC address, the manually-configured one updates the dynamically-configured one. The interface binding item takes the MAC address as the unique index. Run the following commands in global configuration mode.
Users Manual of CS-6306R ip arp inspection vlan 3 DHCP Snooping trust interface: FastEthernet0/1 ARP Inspect interface: FastEthernet0/11 The following shows the binding information about dhcp-relay snooping: switch#show ip dhcp-relay snooping binding Hardware Address IP Address a8-f7-e0-26-23-89 192.2.2.
Users Manual of CS-6306R Chapter 29. UDLD Configuration 29.1 Unidirectional Link Detection (UDLD) 29.1.1 UDLD Overview UDLD is a L2 protocol that monitors the physical location of the cable through the devices which are connected by optical cable or twisted-pair, and detects whether the unidirectional link exists. Only when the connected device supports UDLD can the unidirectional link be detected and shut down. The unidirectional link can cause a lot of problems, including the STP topology ring.
Users Manual of CS-6306R 29.1.1.2 Running Mechanism UDLD is a L2 protocol running on the LLC layer, which uses 01-00-0c-cc-cc-cc as its destination MAC address. SNAP HDLC is similar to 0x0111. When it runs with layer-1 FEFI and automatic negotiation, the completeness of a link in the physical layer and the logical link layer can be checked.
Users Manual of CS-6306R 29.1.1.5 Echo Detection The echo mechanism is the basis of the detection algorithm. Once a UDLD device learns a new neighbor or another synchronization request from an asynchronous neighbor, it will start or restart the detection window of the local terminal and transmit an echo message for full agreement. Because all neighbors are demanded a corresponding action, the echo sender expects an echos message.
Users Manual of CS-6306R 29.1.3.2 Enabling or Disabling the UDLD Interface In interface configuration mode, run the following command to enable the UDLD function of an interface. Command Purpose udld port Enables the UDLD module of an interfaces in some [aggressive] mode. If the aggressive parameter is not entered, the UDLD function of the interface is enabled in normal mode; if the aggressive parameter is entered, the UDLD function of the interface is enabled in aggressive mode.
Users Manual of CS-6306R It is used to display the running states of the UDLD modules of the current interfaces.
Users Manual of CS-6306R Interface FastEthernet0/1 --Port enable administrative configuration setting: Enabled Port enable operational state: Enabled Current bidirectional state: Bidirectional Current operational state: Advertisment Message interval: 15 Time out interval: 5 Entry 1 --Expiration time: 42 Cache Device index: 1 Device ID: Port ID: CAT0611Z0L9 FastEthernet0/1 Neighbor echo 1 device: Neighbor echo 1 port: S35000202 FastEthernet0/1 Message interval: 15 Time out interval: 5 UDLD Device
Users Manual of CS-6306R Chapter 30. IGMP-Snooping Configuration 30.1 IGMP-snooping Configuration 30.1.1 IGMP-snooping Configuration Task The task of IGMP-snooping is to maintain the relationships between VLAN and group address and to update simultaneously with the multicast changes, enabling layer-2 switches to forward data according to the topology structure of the multicast group.
Users Manual of CS-6306R IGMP-snooping can run on up to 16 VLANs. To enable IGMP-snooping on VLAN3, you must first run no ip IGMP-snooping to disable IGMP-snooping of all VLANs, then configure ipIGMP-snooping VLAN 3 and save configuration. 30.1.1.2 Adding/Deleting Static Multicast Address of VLAN Hosts that do not support IGMP can receive corresponding multicast message by configuring the static multicast address.
Users Manual of CS-6306R 30.1.1.4 Configuring the Function to Filter Multicast Message Without Registered Destination Addresss When multicast message target fails to be found (DHL, the destination address is not registered in the switch chip through igmp-snooping), the default process method is to send message on all ports of VLAN.Through configuration, you can change the process method and all multicast messages whose destination addresses are not registered to any port will be dropped.
Users Manual of CS-6306R 30.1.1.6 Configuring Response Time Timer of IGMP-Snooping The response time timer is the upper limit time that the host reports the multicast after IGMP inquirer sends the query message. If the report message is not received after the timer ages, the switch will delete the multicast address.
Users Manual of CS-6306R 30.1.1.8 Monitoring and Maintaining IGMP-Snooping Perform the following operations in management mode: Command Description show ip igmp-snooping Displays IGMP-snooping configuration information. show ip igmp-snooping timer Displays the clock information of IGMP-snooping. show ip igmp-snooping groups Displays information about the multicast group of IGMP-snooping. show ip igmp-snooping statistics Displays statistics information about IGMP-snooping.
Users Manual of CS-6306R Display IGMP-snooping timer: switch#show ip igmp-snooping timers vlan 1 router age : 251 Indicating the timeout time of the router age timer vlan 1 multicast address 0100.5e00.0809 response time : 1 Indicating the period from when the last multicast group query message is received to the current time; if no host on the port respond when the timer times out, the port will be deleted..
Users Manual of CS-6306R 30.1.1.9 IGMP-Snooping Configuration Example Figure 1 shows network connection of the example. Configuring Switch (1) Enable IGMP-snooping of VLAN 1 connecting Private Network A. Switch_config#ip igmp-snooping vlan 1 (2) Enable IGMP-snooping of VLAN 2 connecting Private Network B.
Users Manual of CS-6306R Chapter 31. IGMP-Proxy Configuration 31.1 IGMP-proxy Configuration 31.1.1.1 IGMP-proxy Configuration Tasks The IGMP Proxy allows the VLAN where the multicast user is located to receive the multicast source from other VLANs. The IGMP Proxy runs on layer 2 independently without other multicast routing protocols.
Users Manual of CS-6306R 31.1.1.3 Adding/Deleting VLAN Agent Relationship Run the following commands in global configuration mode. Command Purpose ip igmp-proxyagent-vlan avlan_map Adds the agent VLAN (avlan_map) to client-vlan map manage the represented vlan cvlan_map (cvlan_map). Deletes the agent relationship.
Users Manual of CS-6306R static: only display the entries of static multicast cache. [ no ] debug ip Enables or disables the IGMP-proxy debug switch. igmp-proxy [error | event | packet] The following example shows how to display the forwarding caches of IGMP proxy: Switch# show ip igmp-proxy mcache Codes: '+' synchronization, '-' deleted, 'S' static '^' unsynchronization Item 1: Group 225.1.1.2 +(192.168.213.163, 2, G3/24) VLAN 3,4 31.1.1.
Users Manual of CS-6306R Chapter 32. MLD-Snooping Configuration 32.1 MLD-Snooping Configuration 32.1.1 IPv6 Multicast Overview The task of MLD snooping is to maintain the forwarding relationship of IPv6 group addresses in VLAN and synchronize with the change of the multicast group, enabling the data to be forwarded according to the topology of the multicast group.
Users Manual of CS-6306R 32.1.2.2 Enabling/Disabling the Solicitation of Hardware Forward of Multicast Group Run the following commands in global configuration mode. Command Purpose ipv6 mld-snooping solicitation Enables the solicitation of hardware forward of multicast group. no ipv6 mld-snooping Disables the solicitation of hardware solicitation forward of multicast group. 32.1.2.3 Adding/Canceling the Static Multicast Address of VLAN Run the following commands in global configuration mode.
Users Manual of CS-6306R 32.1.2.5 Setting Response Time Timer of MLD-Snooping Run the following commands in global configuration mode. Command Operation ipv6 mld-snooping timer Sets the response time of MLD-Snooping. response-timetimer_value no ipv6 mld-snooping timer Resumes the default response time of MLD-Snooping. response-time The value of the timer cannot be set too small, or the multicast communication may be unstable. The default response time of MLD snooping is 15 seconds. 32.1.2.
Users Manual of CS-6306R 32.1.2.8 Monitoring and Maintaining MLD-Snooping Multicast Run the following commands in EXEC mode: Command Operation show ipv6 mld-snooping Displays the configuration of MLD-Snooping. show ipv6 mld-snooping timer Displays the clock of MLD-Snooping. show ipv6 mld -snooping groups Displays the multicast group of MLD-Snooping.
Users Manual of CS-6306R The multicast group of MLD-Snooping is displayed blow: #show ipv6 mld--snooping groups Vlan Group Type Port(s) ---- --------------- ---- ------------------------------------1 FF02: : 1: FF32: 1B9B MLD 1 FF02: : 1: FF00: 2 MLD G2/23 1 FF02: : 1: FF00: 12 MLD G2/23 1 FF02: : 1: FF13: 647D MLD 2 FF02: : 1: FF00: 2 2 FF02: : 1: FF61: 9901 MLD MLD G2/23 G2/23 G2/22 G2/22 The timer of MLD-Snooping is displayed blow: #show ipv6 mld-snooping timers vlan 1
Users Manual of CS-6306R The MLD-Snooping proxying is displayed below: #show ipv6 mld-snooping mac Vlan Mac Ref Flags ---- --------------- ---- -----1 3333: 0000: 2 3333: FF02: ff61: : 1: FF02: 1 3333: FF02: 1 3333: FF02: 1 3333: FF02: 2 3333: FF02: 1 3333: 1 ff00: : 1: ff00: : 1: ff13: : 1: ff32: : 1: ff00: : 1: ff00: 12 9901 1 0 FF61: 1 3333: 0000: 1 3333: 0001 9901 0002 12 0002 1 0 FF00: 2 0012 1 0 FF00: 12 647d 1 0 FF13: 647D 1b9b 1 0 FF32: 1B9B 0002 1 0 FF00: 2 0001 1 2 3333: f
Users Manual of CS-6306R Chapter 33. OAM Configuration 33.1 OAM Configuration 33.1.1 OAM Overview EFM OAM of IEEE 802.3ah provides point-to-point link trouble/performance detection on the single link. However, EFM OAM cannot be applied to EVC and so terminal-to-terminal Ethernet monitoring cannot be realized. OAM PDU cannot be forwarded to other interfaces. Ethernet OAM regulated by IEEE 802.3ah is a relatively slow protocol.
Users Manual of CS-6306R It is difficult to check troubles in the Ethernet, especially the case that the network performance slows down while physical network communication continues. OAM PDU defines a flag domain to allow Ethernet OAM entity to transmit the trouble information to the peer. The flag can stand for the following emergent link events: Link Fault: The physical layer detects that the reception direction of the local DTE has no effect.
Users Manual of CS-6306R Responding to the OAM discovery initialization process Yes Yes Transmitting the Information OAM PDU packet Yes Yes Permitting to transmit the Event Notification OAM PDU Yes Yes Yes No Allowing to transmit Variable Response OAM PDU packet Yes Yes Allowing to transmit the Loopback Control OAM PDU Yes No Yes,but the peer Yes packet Allowing to transmit the Variable Request OAM PDU packet packet Responding to Loopback Control OAM PDU terminal must be in active mode
Users Manual of CS-6306R Flags: a domain where the state of Ethernet OAM entity is shown Code: a domain where the type of the OAMPDU packet is shown Data/Pad: a domain including the OAMPDU data and pad values FCS: checksum of the frame Table 3 Type of the CODE domain CODE OAMPDU 00 Information 01 Event Notification 02 Variable Request 03 Variable Response 04 Loopback Control 05-FD Reserved FE Organization Specific FF Reserved The Information OAM PDU packet is used to transmit t
Users Manual of CS-6306R 33.1.3 OAM Configuration Tasks 33.1.3.1 Enabling OAM on an Interface Run the following command to enable OAM: Procedure Command Purpose Step1 config Enters the global configuration mode. Step2 interface intf-type intf-id Enters the interface configuration mode. Step3 ethernet oam Enables Ethernet OAM on an interface.
Users Manual of CS-6306R 33.1.3.2 Enabling Remote OAM Loopback The procedure to enable remote loopback on an interface is shown in the following table: Procedure Command Purpose Step1 config Enters the global configuration mode. Step2 interface intf-type intf-id Enters the interface configuration mode.
Users Manual of CS-6306R its default value is 1. The window parameter is used to configure the window size of the round-query period. The unit of the window size is the number of the 100M signal. The window size ranges between 10 and 600 on a 1000M Ethernet interface and its default value is 10 in this case, while the window size ranges between 1 and 60 on a 100M Ethernet interface and its default value is 1 in this case.
Users Manual of CS-6306R between 100 and 6000 on a 1000M Ethernet interface and its default value is 100 in this case, while the window size ranges between 10 and 600 on a 100M Ethernet interface and its default value is 10 in this case. Step7 ethernet oam link-monitor frame-seconds Sets the high and low thresholds of the {threshold {high { symbols |none} | low second event of error frame, which triggers {symbols}} | window symbols} the link events of error frame’s second.
Users Manual of CS-6306R Step9 Enables the local link monitoring. When the ethernet link-monitor on link monitoring function is supported, the local link monitoring is automatically enabled. 33.1.3.4 Configuring the Trouble Notification From Remote OAM Entity You can configure an error-disable action on an interface. The local interface will enter the errdisabled state in the following cases: 1. The high threshold of a normal link event on a local interface is exceeded. 2.
Users Manual of CS-6306R administrator or the OAM function of the local port is closed by the manager, the Dying Gasp packet will be transmitted to the remote terminal that connects the local port. 33.1.3.5 Displaying the Information About OAM Protocol Table 4 Displaying the information about OAM protocol Command Purpose show ethernet oam discovery Displays the OAM discovery information on all interface [intf-type intf-id] interfaces or a designated interface.
Users Manual of CS-6306R Switch_config_g0/1#ethernet oam link-monitor frame threshold low 10 Switch_config_g0/1#ethernet oam link-monitor frame window 30 Switch_config_g0/1#show ethernet oam configuration int g0/1 GigaEthernet0/1 General ------Admin state : Mode : enabled passive PDU max rate : PDU min rate 10 packets/second : Link timeout 1 seconds/packet : 1 seconds High threshold action: no action Remote Failure -------------Link fault action : no action Dying gasp action : no actio
Users Manual of CS-6306R Low threshold High threshold : : 1 error frame(s) none Errored Frame Seconds Summary Event Window : 60 seconds Low threshold High threshold : : 1 error second(s) none Errored CRC Frames Event Window : 1 seconds Low threshold High threshold : : 10 error frame(s) none Configuring switch B: Switch_config_g0/1#ethernet oam Switch_config_g0/1#show ethernet oam statistics link-monitor int g0/1 GigaEthernet0/1 Local Link Events: ------------Errored Symbol Period Event: No e
Users Manual of CS-6306R No errored frame event happened yet. Errored Frame Period Event: No errored frame period event happened yet. Errored Frame Seconds Summary Event: No errored frame seconds summary event happened yet. Errored CRC Frames Event: No errored CRC frame event happened yet.
Users Manual of CS-6306R Chapter 34. CFM Configuration 34.1 Overview 34.1.1 Stipulations 34.1.1.1 Format Stipulation in the Command Line Syntax Meaning Stands for the keyword in the command line, which stays unchanged and must be entered without Bold any modification. It is presented as a bold in the command line. Stands for the parameter in the command line, which must be replaced by the actual value. It must be {italic} presented by the italic in the brace.
Users Manual of CS-6306R ethernet cfm md mdnf {string} Adds a maintenance domain whose mdn [level<0-7> | name is char_string. creation | Note: sit | The system enters the maintenance ip] domain configuration mode after the maintenance domain is added. 34.2.3.
Users Manual of CS-6306R 34.2.4 CFM Maintenance 34.2.4.1 Using the Loopback Function Configuration mode: EXEC Command Purpose ethernet cfm loopback mdnf {string} Uses a designated MEP to conduct mdn manf {string} man loopback towards itself. mepid <1-8191> mac number <1-64> 34.2.4.
Users Manual of CS-6306R Chapter 35. DHCP-Snooping Configuration 35.1 DHCP-Snooping Configuration 35.1.1 DHCP-Snooping Configuration Tasks DHCP-Snooping is to prevent the fake DHCP server from providing the DHCP service by judging the DHCP packets, maintaining the binding relationship between MAC address and IP address. The L2 switch can conduct the DAI function and the IP source guard function according to the binding relationship between MAC address and IP address.
Users Manual of CS-6306R 35.1.1.2 Enabling DHCP-Snooping in a VLAN If DHCP snooping is enabled in a VLAN, the DHCP packets which are received from all distrusted physical ports in a VLAN will be legally checked. The DHCP response packets which are received from distrusted physical ports in a VLAN will then be dropped, preventing the faked or mis-configured DHCP server from providing address distribution services.
Users Manual of CS-6306R 35.1.1.5 Setting an Interface to an ARP-Trusting Interface ARP monitoring is not enabled on those trusted interfaces. The interfaces are distrusted ones by default. Run the following commands in interface configuration mode. Command Purpose arp inspection trust Sets an interface to an ARP-trusting interface. Resumes an interface to an no arp inspection trust ARP-distrusting interface. 35.1.1.
Users Manual of CS-6306R 35.1.1.8 Configuring the TFTP Server for Backing up Interface Binding After the switch configuration is rebooted, the previously-configured interface binding will be lost. In this case, there is no binding relationship on this interface. After source IP address monitoring is enabled, the switch rejected forwarding all IP packets. After the TFTP server is configured for interface binding backup, the binding relationship will be backed up to the server through the TFTP protocol.
Users Manual of CS-6306R to enable the host to access the network. You can run no ip source binding MAC IP to delete items from the corresponding binding list. Note that the manually-configured binding items have higher priority than the dynamically-configured binding items. If the manually-configured binding item and the dynamically-configured binding item have the same MAC address, the manually-configured one updates the dynamically-configured one.
Users Manual of CS-6306R ip dhcp-relay snooping vlan 3 ip arp inspection vlan 3 DHCP Snooping trust interface: FastEthernet0/1 ARP Inspect interface: FastEthernet0/11 The following shows the binding information about dhcp-relay snooping: switch#show ip dhcp-relay snooping binding Hardware Address IP Address a8-f7-e0-26-23-89 192.2.2.
Users Manual of CS-6306R 35.1.1.14 Example of DHCP-Snooping Configuration The network topology is shown in figure 1. Figure 1 Configuring Switch (1) Enable DHCP snooping in VLAN 1 which connects private network A. Switch_config# ip dhcp-relay snooping Switch_config#ip dhcp-relay snooping vlan 1 (2) Enable DHCP snooping in VLAN 2 which connects private network B.
Users Manual of CS-6306R Chapter 36. MACFF Configuration 36.1 MACFF Settings 36.1.1 Configuration Tasks MACFF is to isolate downlink ports of the same VLAN in a switch from exchanging inter-access packets, enabling these packets to be allocated to the default gateway of client through DHCP server and then to downlink ports.
Users Manual of CS-6306R 36.1.1.2 Enabling MACFF in VLAN If MACFF is enabled in a VLAN, the DHCP packets which are received from all DHCP-snooping untrusted physical ports in a VLAN will be legally checked. If the destination IP address is the IP address of any DHCP client, on which the physical port that receives the ARP packets is located, these ARP packets will be dropped; if these are ARP response packets, these packets will also be dropped.
Users Manual of CS-6306R 36.1.1.5 Specifying a Physical Port to Shut down MACFF If you specify a physical port to close MACFF, packets on this port will not be isolated and ARP packets will not be listened. Run the following commands in physical interface configuration mode. Command Operation macff disable Specifies a physical port to shut down MACFF. no macff disable Specifies a physical port to enable MACFF (it is enabled by default). In default settings, the ports are allowed to enable MACFF. 36.
Users Manual of CS-6306R (2) Enable MACFF in VLAN2, which connects private network B. The default gateway allocated by DHCP server is 192.168.2.2 (If necessary, the default gateway can also be 192.168.2.1). Switch_config#arp 192.168.2.2 a8: f7: e0: ea: 74: ee Switch_config#ip dhcp-relay snooping vlan 2 Switch_config#macff vlan 2 enable (3) Sets the ports that connect DHCP server, default gateway and other ARs respectively to be trusted.
Users Manual of CS-6306R Chapter 37. IEEE 1588 Transparent Clock Configuration 37.1 Task List for IEEE1588 Transparent Clock Configuration Enabling the Transparent Clock Creating the Transparent Clock Port Configuring the Link Delay Calculation Mode Configuring the Forwarding Mode of Sync Packets Configuring the Domain Filtration Function Setting the Transmission Interval of Pdelay_Req Packets 37.2 Tasks for IEEE1588 Transparent Clock Configuration 37.
Users Manual of CS-6306R 37.3.1 Creating the Transparent Clock Port The transparent clock can include multiple PTP ports to connect the master and slave clock respectively. Run the following commands in port configuration mode to create the PTP ports: Command Purpose ptp start l2 Creates the PTP L2 port. Ptp start l3 Creates the PTP L3 port. Run the following command in port configuration mode to delete the PTP ports: Command Purpose no ptp start Delete the PTP port. 37.3.
Users Manual of CS-6306R ptp sync-mechanism store-forward Sets the forwarding method of Sync packets to store-forward. To switch the forwarding mode over to straight forwarding, run the following command in global configuration mode: Command Purpose ptp sync-mechanism Sets the forwarding method of Sync straight-forward packets to store-forward. 37.3.
Users Manual of CS-6306R 37.4 PTP TC Configuration Example See the following figure: MASTER here stands for the master clock, which is a L2 PTP device. SLAVE here stands for the master clock, which is a L3 PTP device. TC stands for a switch that supports transparent clock. The master clock connects port g0/12 of the switch, while the slave clock connects port g0/10 of the switch. MASTER, TC and SLAVE are all working in P2P mode. Ports g0/10 and G0/12 belong to VLAN1.
Users Manual of CS-6306R Chapter 38. Layer 2 Tunnel Protocol Configuration 38.1 Configuring Layer-2 Protocol Tunnel 38.1.1 Introduction Layer-2 protocol tunnel allows users between two sides of the switch to transmit the specified layer 2 protocol on their own network without being influenced by the relevant layer 2 software module of the switch. The switch is a transparent media for users. 38.1.
Users Manual of CS-6306R Chapter 39. Loopback Detection Configuration 39.1 Setting Loopback Detection 39.1.1 Introduction of Loopback Detection The loopback in a network may trigger the repeated transmission of broadcast, multicast or unicast packets, wasting network resources and even leaving network breakdown.
Users Manual of CS-6306R SYSMAC 6 MAC address of the switch SEQUENCE 4 Sequence ID of packet, which is generated randomly by the system before the packet is transmitted DiID 4 Port ID, which is the ID of the global port of 85 Series End 2 0x0000, end character 39.1.
Users Manual of CS-6306R 39.1.3.3 Configuring a Port to Conduct Loopback Detection in Specified VLAN If you set loopback detection in a specified VLAN, a port shall transmit multiple detection packets with specified VLAN tag regularly and the port can transmit up to 10 detection packets with specified VLAN tag. One point to be noted is that the port must exist in the specified VLAN, or the configuration takes no effect.
Users Manual of CS-6306R ages. Nolearn: means to forbid the port to learn MAC addresses. When loopback is detected, the port will not conduct MAC address learning any more and at the same time the MAC address table of this port ages. shutdown: Means to close the port. When loopback is detected, except that trap message will be transmitted and the port’s MAC address table ages, the port will be automatically closed and it cannot forward packets any more until the err-disable-recover time.
Users Manual of CS-6306R 39.1.3.9 Displaying the Configuration of Port Loopback Detection Command Purpose show loopback-detection interface intf Displays the configuration of port loopback detection. This command is mainly used to display port loopback detection, including the port timer and the information about transmitted and received packets. 39.1.4 Configuration Example Figure 1.1 Loopback detection configuration As shown in figure 1.
Users Manual of CS-6306R Configuration of interface GigaEthernet0/2: switchport mode trunk Configuration of interface GigaEthernet0/3: switchport mode trunk Global Configuration vlan1-3 Switch S3: Configuration of interface GigaEthernet0/1: switchport pvid 3 If loopback exists in the network that S3 connects and the PVID of the interface, on which loopback exists, is 3, the packets will be transmitted to interface g0/1 of S1 and S1 will block interface g0/1 after finding loopback.
Users Manual of CS-6306R Chapter 40. QoS Configuration If you care to use your bandwidth and your network resources efficiently, you must pay attention to QoS configuration. 40.1 QoS Configuration 40.1.1 QoS Overview 40.1.1.1 40.1.1.1 QoS Concept In general, the switch works in best-effort served mode in which the switch treats all flows equally and tries its best to deliver all flows. Thus if congestion occurs all flows have the same chance to be discarded.
Users Manual of CS-6306R 2. Differentiated service As to the differentiated service, if a special service is to be transmitted in a network, each packet should be specified with a corresponding QoS tag. The switch uses this QoS rule to conduct classification and complete the intelligent queuing. The QoS of the switch provides Strict Priority (SP), Weighted Round Robin (WRR), Deficit Round Robin (DRR) and First-Come-First-Served (FCFS). 40.1.1.
Users Manual of CS-6306R 40.1.1.4 Weighted Random Early Detection Congestion avoidance and traditional packet loss mechanism Excessive congestion may inflict damage on network resources, so network congestion should be resolved through some measures. Congestion avoidance is a sort of flow control method of positively dropping packets and regulating network flows to solve network overload via network resource monitoring.
Users Manual of CS-6306R 40.1.2 QoS Configuration Task List In general, ONU will try its best to deliver each packet and when congestion occurs all packets have the same chance to be discarded. However, in reality different packets have different importance and the comparatively important packets should get the comparatively good service.
Users Manual of CS-6306R when the schedule policy of the CoS priority queue is set to WRR/DRR. This series of switches has 8 priority queues in total. If this command is run, the bandwidth of all priority queues on all interfaces are affected. This command validates only when the queue schedule policy is set to WRR or DRR. This command decides the bandwidth weight of the CoS priority queue when the WRR/DRR schedule policy is used.
Users Manual of CS-6306R bandwidth bigger than the configured maximum bandwidth shall all be dropped. Enter the privileged mode. Command Purpose config Enters the global configuration mode. interface g0/1 Enters the to-be-configured port. [no] cos bandwidth quid quid stands for the priority queue. min-bandwidth max-bandwidth min-bandwidth means the minimum bandwidth. max-bandwidth means the maximum bandwidth. exit Goes back to the global configuration mode. exit Goes back to the EXEC mode.
Users Manual of CS-6306R [no] cos default cos Sets the CoS value of the received untagged frames. cos stands for the corresponding CoS value. exit Goes back to the global configuration mode. exit Goes back to the EXEC mode. write Saves the settings. 40.1.3.7 Setting the CoS Priority Queue of a Port When a priority queue is set on a L2 port, the priority queue will be used by the L2 port; otherwise, you should conduct the configuration of a global CoS priority queue.
Users Manual of CS-6306R 40.1.3.9 Establishing the QoS Policy Mapping Flow classification means to identify a class of packets with certain attributes by applying a certain regulation and take designated actions towards to these packets. Enter the privileged mode and then run the following commands to establish a new QoS policy mapping. Command Purpose config Enters the global configuration mode. [no]policy-mapname Enters the configuration mode of the QoS policy map.
Users Manual of CS-6306R Command Purpose config Enters the global configuration mode. [no]policy-map name Enters the configuration mode of the QoS policy map. name stands for the name of the policy. description description-text Sets the description of the QoS policy. description-text stands for the text to describe the policy. classify {any | cos cos | Matches up with any packet. icosicos | vlanvlanid | Configures the matched COS value which ivlanivlanid | ranges between 0 and 7.
Users Manual of CS-6306R filtration rule, which include bandwidth limit, drop, update, etc. Enter the privileged mode and run the following commands to set the action of a policy, matching up the data flow. The action will replace the previous settings. Command Purpose config Enters the global configuration mode. [no]policy-map name Enters the configuration mode of the QoS policy map. name stands for the name of the policy.
Users Manual of CS-6306R queue, which ranges from 1 to 8. Redirects the egress port of the matched flow. stat-packet stands for the number of packets under statistics. stat-byte means the number of bytes under statistics. vlanID is used to replace or add the outer vlan ID, which ranges from 1 to 4094. exit Goes back to the global configuration mode. exit Goes back to the EXEC mode. 40.1.3.
Users Manual of CS-6306R 40.1.4 QoS Configuration Example 40.1.4.1 Example for Applying the QoS Policy on a Port The following example shows how to set packet’s cos to 2 on port g0/2: ip access-list extended ipacl permit ip 192.168.20.2 255.255.255.255 192.168.20.210 255.255.255.
Users Manual of CS-6306R Chapter 41. DoS Attack Prevention Configuration 41.1 DoS Attack Prevention Configuration 41.1.1 DoS Attack Overview 41.1.1.1 Concept of DoS Attack The DoS attack is also called the service rejection attack. Common DoS attacks include network bandwidth attacks and connectivity attacks. DoS attack is a frequent network attack mode triggered by hackers. Its ultimate purpose is to break down networks to stop providing legal users with normal network services.
Users Manual of CS-6306R 41.1.2 DoS Attack Prevention Configuration Task List As to global DoS attack prevention configuration, you configure related sub-functions and then the switch drops corresponding DoS attack packets. Hence, the bandwidth of the switch is guaranteed not to be used up. DoS attack prevention configuration tasks are shown below: Configuring Global DoS Attack Prevention Displaying All DoS Attack Prevention Configuration 41.1.3 DoS Attack Prevention Configuration Tasks 41.1.3.
Users Manual of CS-6306R 41.1.3.2 Displaying All DoS Attack Prevention Configurations You can display the Dos attack prevention configurations through the show command. Run the following command in EXEC mode to display the configured DoS attack prevention functions. Command Purpose show dos Displays Dos attack prevention configuration. 41.1.
Users Manual of CS-6306R Chapter 42. Attack Prevention Configuration 42.1 Attack Prevention Configuration 42.1.1 Overview To guarantee the reasonable usage of network bandwidth, our 6508 series switches provide the function to prevent vicious traffic from occupying lots of network bandwidth. In light of current attack modes, our 6508 series switches can limit the hosts that send lots of ARP, IGMP or IP message in a period of time and do not provide any service to these hosts.
Users Manual of CS-6306R 42.1.3.3 Starting up the Attack Prevention Function After all parameters for attack prevention are set, you can start up the attack prevention function. Note that small parts of processor source will be occupied when the attack prevention function is started. Command Description filter enable Starts up the attack prevention function. Use the no filter enable command to disable the attack prevention function and remove the block to all attack sources. 42.1.3.
Users Manual of CS-6306R Chapter 43. Network Protocol Configuration 43.1 Configuring IP Addressing 43.1.1 IP Introduction 43.1.1.1 IP Internet Protocol (IP) is a protocol in the network to exchange data in the text form. IP has the functions such as addressing, fragmenting, regrouping and multiplexing. Other IP protocols (IP protocol cluster) are based on IP. As a protocol working on the network layer, IP contains addressing information and control information which are used for routing.
Users Manual of CS-6306R 43.1.1.3 Choosing routing protocol It is a complex procedure to choose routing protocol. When you choose the routing protocol, consider the following items: Size and complexity of the network Whether the length-various network need be supported Network traffic Safety requirements Reliability requirements Strategy Others Details of the above items are not described in the section.
Users Manual of CS-6306R 43.1.3 Configuring IP Address 43.1.3.1 Configuring IP Address at Network Interface The IP address determines the destination where the IP message is sent to. Some IP special addresses are reserved and they cannot be used as the host IP address or network address. Table 1 lists the range of IP addresses, reserved IP addresses and available IP addresses. Type A B C D E Address or Range State 0.0.0.0 Reserved 1.0.0.0 to 126.0.0.0 Available 127.0.0.0 Reserved 128.0.0.
Users Manual of CS-6306R 43.1.3.2 Configuring Multiple IP Addresses on Network Interface Each interface can possess multiple IP addresses, including a primary IP address and multiple subordinate IP addresses. You need to configure the subordinate IP addresses in the following two cases: If IP addresses in a network segment are insufficient. For example, there are only 254 available IP addresses in a certain logical subnet, however, 300 hosts are needed to connect the physical network.
Users Manual of CS-6306R the link layer from the IP address is called as Address Resolution Protocol (ARP). The process on how to obtain the IP address from the local address of the link layer is called as Reverse Address Resolution (RARP). Our system adopts address resolution in two types: ARP and proxy ARP. The ARP and proxy ARP are defined in RFC 860 and 1027 respectively. ARP is used to map IP addresses to media or MAC address.
Users Manual of CS-6306R Activating proxy ARP The system uses the proxy ARP (defined by RFC 1027) to obtain the host’s MAC address on other networks for the hosts without corresponding routes.
Users Manual of CS-6306R 43.1.3.4 Configuring Routing Process You can configure one or multiple routing protocols according to your actual network requirements. The routing protocol provides information about the network topology. The details about configuring IP routing protocols such as BGP, RIP and OSPF are shown in the following sections. 43.1.3.5 Configuring Broadcast Message Handling The destination addresses of the broadcast message are all the hosts on a physical network.
Users Manual of CS-6306R Run the following command in interface configuration mode to allow message forwarding and to specify the destination address: Run… To… ip helper-addressaddress Allow to forward the UDP broadcast message and to specify the destination address. Run the following command in global configuration mode to specify protocols to be forwarded: Run… To… ip forward-protocol udp [port] Specify which interfaces’ UDP protocols will be forwarded. 43.1.3.
Users Manual of CS-6306R interface vlan 11 ip address 202.96.2.3 255.255.255.0 43.2 Configuring NAT 43.2.1 Introduction The Internet faces two key problems: insufficient IP address space and route measurement. Network Address Translation (NAT) is an attribute. You can find that a group of IP networks with this attribute use different IP address spaces, but you cannot find the actual address space used by the group of networks.
Users Manual of CS-6306R available, the software cannot distribute an address and NAT will drop the message and returns an ICMP message indicating the host cannot be reached. The switch with NAT configured should not publish the local network. However, the routing information that NAT receives from the outside can be published in the single-connection domain. 43.2.1.3 NAT Terms As said above, the term “inside” means those networks which are possessed by organizations and have to be transformed.
Users Manual of CS-6306R Translating inside source address Reloading inside global address Translating the overlapping address Providing TCP load balance Changing translation timeout time and limiting the number of connections Monitoring and maintaining NAT 43.2.3 NAT Configuration Task 43.2.3.
Users Manual of CS-6306R address as a keyword to query the NAT table, translates the address to the inside local address of host 1.1.1.1, and forwards message to host 1.1.1.1. (6) Host 1.1.1.1 receives the message and continues the session. The routing switch is to perform step 2 and step 5 for each message. 1.
Users Manual of CS-6306R Refer to section 2.4.1 “Dynamic Inside Source Address Transfer Example” for details. 43.2.3.2 Reloading Inside Global Address Multiple local addresses use one global address through the routing switch. All the addresses can be stored in the inside global address pool. When the reloading is configured, the routing switch maintains sufficient information from high-level protocols (such as TCP or UDP) and transfers the global address to the correct local address.
Users Manual of CS-6306R Run the following commands in global configuration mode to configure the reloading of the inside global address: Run… To… ip nat pool name start-ip end-ip Define a to-be-distributed global address netmask pool according to requirements. ip access-list standard Define a standard access list.
Users Manual of CS-6306R 43.2.3.3 Translating Overlapping Addresses When an internal local address is the same as the to-be-connected outside address, address overlapping occurs. The following figure shows how NAT translates the overlapping addresses. Figure 43-3 Network Condition Where NAT Translates Overlapping Addresses The routing switch performs the following steps when translating the overlapping addresses: (1) The user of host 1.1.1.1 uses domain name to send instructions for connecting host C.
Users Manual of CS-6306R 1. Configuring static transfer Run the following commands in global configuration mode to configure static source address translation: Run… To… ip nat outside source static global-ip Creates static translation between outside local-ip local address and outside global address. interface type number Specify the inside interface. ip nat inside Label the interface as one to connect the inside network. interfacetype number Specify the outside interface.
Users Manual of CS-6306R 43.2.3.4 Providing TCP Load Balance Another fashion of using NAT is unrelated to the Internet address. Your organization may have multiple hosts to communicate with a frequently used host. In this case, you can use NAT technology to create a virtual host in the inside network, helping the load balance among actual hosts. You need to replace the destination address of the access list with the address in the cycle address pool.
Users Manual of CS-6306R Run... To... ip nat pool name start-ip end-ip Define an address pool containing the addresses netmask of real hosts. ip access-list standard Define an access table permitting addresses of access-list-name permit source virtual hosts. [source-mask] ip nat inside destination list Create a dynamic inside target transfer access-list-name pool name mechanism and confirm the previously defined access list. interface type number Specify the inside interface.
Users Manual of CS-6306R ip nat translation Set the timeout time of the ICMP NAT icmp-timeoutseconds (the default time is 60 seconds). ip nat translation Set the timeout time of the NAT in the syn-timeoutseconds TCP SYN state (the default time is 60 seconds). ip nat translation finrst-timeout Change the TCP FIN/RST timeout seconds value (the default value is 60 seconds). There are three methods to limit the NAT connections.
Users Manual of CS-6306R Run one of the following commands in management mode to display the transfer information: Run... To... show ip nat translations [verbose] Display active translation. show ip nat statistics Display translation statistics. 43.2.4 NAT Configuration Example 43.2.4.1 Dynamic Inside Source Transfer Example The following example shows how to transfer all source addresses (192.168.1.0/24) that matches access list a1 to one address in the net-208 pool whose address range is from 171.
Users Manual of CS-6306R ip nat inside ! ip access-list standard a1 permit 192.168.1.0 255.255.255.0 ! 43.2.4.3 Example to overlapping address transfer The following example shows that other users in the Internet are legally using the address in the local network. Extra transfer is needed to access the outside network. The net-10 address pool is an outside local IP address pool.
Users Manual of CS-6306R interface vlan11 ip address 192.168.15.17 255.255.255.240 ip nat inside ! ip access-list standard a2 permit 192.168.15.1 255.255.255.0 43.3 Configuring DHCP 43.3.1 Introduction The Dynamic Host Configuration Protocol (DHCP) provides some parameters of network configuration fro hosts in the Internet. DHCP will be described in RFC 2131. The most important function of DHCP is to distribute IP addresses on the interface. DHCP supports three mechanisms of distributing IP addresses.
Users Manual of CS-6306R 43.3.1.3 DHCP Terminology DHCP is based on the Server/Client model. The DHCP-server and DHCP-client exist in the DHCP running conditions. DHCP-Server It is a device to distribute and recycle the DHCP-related sources such as IP addresses and lease time. DHCP-Client It is a device to obtain information from the DHCP server for devices of the local system to use, such as IP address information.
Users Manual of CS-6306R You can adjust the parameters for the DHCP protocol interaction according to requirements. Run the following commands in global configuration mode: Run... To... ip dhcp client minlease seconds Specify the minimum lease time. ip dhcp client retransmit count Specify the times of resending protocol message. ip dhcp client select seconds Specify the interval for SELECT. The command is optional when you perform operations to obtain an IP address. 4.
Users Manual of CS-6306R 43.3.3 Configuring DHCP Server 43.3.3.1 DHCP Server Configuration Tasks Enabling DHCP server Disabling DHCP server Configuring ICMP detection parameter Configuring database storage parameter Configuring the address pool of DHCP server Configuring the parameter for the address pool of DHCP server Monitoring DHCP server Clearing information about DHCP server 43.3.3.2 Configuring DHCP Server 43.3.3.
Users Manual of CS-6306R 43.3.3.6 Configuring database storage parameter To configure the interval when the address distribution information is stored in the agent database, run the following command in global configuration mode. Run... To... ip dhcpd write-time time Specify the interval at which the address distribution information is stored in the agent database. 43.3.3.
Users Manual of CS-6306R Run the following command to configure the lease time of the address that is distributed to the client: Run... To... lease {days [hours][minutes] | infinite } Configure the lease time of the address that is distributed to the client. Run the following command to configure the netbios server address that is distributed to the client: Run... To... netbios-name-serverip-addr… Configure the netbios server address that is distributed to the client.
Users Manual of CS-6306R 43.3.3.11 DHCP Server Configuration Example In the following example, the timeout time of the ICMP detection packet is set to 200ms; Address pool 1 is configured and the DHCP server is enabled. ip dhcpd ping timeout 2 ip dhcpd pool 1 network 192.168.20.0 255.255.255.0 range 192.168.20.211 192.168.20.215 domain-name my315 default-router 192.168.20.1 dns-server 192.168.1.3 61.2.2.10 netbios-name-server 192.168.20.1 lease 1 12 0 ! ip dhcpd enable 43.
Users Manual of CS-6306R Run… To… ip unreachables Enable the function to send an ICMP-unreachable message. 2. Sending ICMP redirection message Sometimes the host selects an unfavorable route. After a routing switch on the route receives a message from the host, it is to check the routing table and then forward the message through the message-receiving interface to another routing switch that is in the same network segment as the host.
Users Manual of CS-6306R from the original route. The routing switch then notifies the source host of the MTU of the new route. The IP message should be packaged with the minimum MTU of the route as much as possible. In this way, the segmentation is avoided and fewer messagesare sent, improving the communication efficiency. Relevant hosts must support the IP route MTU detection.
Users Manual of CS-6306R 7. Allowing IP fast exchange IP fast exchange uses the route cache to forward the IP message. Before the switch forwards message to a certain destination, its system will check the routing table and then forward the message according to a route. The selected route will be stored in the routing cache of the system software. If latter message will be sent to the same host, the switch will forward latter message according to the route stored in the routing cache.
Users Manual of CS-6306R 43.4.1.2 Configuring Performance Parameters 1. Setting the wait time for TCP connection When the routing switch performs TCP connection, it considers that the TCP connection fails if the TCP connection is not created during the wait time. The routing switch then notifies the upper-level program of the failed TCP connection. You can set the wait time for TCP connection. The default value of the system is 75 seconds.
Users Manual of CS-6306R number] fast IP message exchange. show ip sockets Display all socket information about the routing switch. show ip traffic Display statistics data about IP protocol. show tcp Display information about all TCP connection states. Briefly display information about TCP show tcp brief connection states. show tcp statistics Display TCP statistics data. show tcp tcb Display information about the designated TCP connection state. 4.
Users Manual of CS-6306R Use the access list by following the following steps: (1) Create the access list by designating the access list name and conditions. (2) Apply the access list to the interface. 43.4.2.2 Creating Standard and Extensible IP Access List Use a character string to create an IP access list. The standard access list and the extensible access list cannot have the same name.
Users Manual of CS-6306R After the access list is originally created, any part that is added later can be put at the end of the list. That is to say, you cannot add the command line to the designated access list. However, you can run no permit and no deny to delete items from the access list. When you create the access list, the end of the access list includes the implicit deny sentence by default. If the mask is omitted in the relative IP host address access list, 255.255.255.
Users Manual of CS-6306R 43.4.2.4 Extensible Access List Example In the following example, the first line allows any new TCP to connect the destination port after port 1023. The second line allows any new TCP to connect the SMTP port of host 130.2.1.2. ip access-list extended aaa permit tcp any 130.2.0.0 255.255.0.0 gt 1023 permit tcp any 130.2.1.2 255.255.255.255 eq 25 interface vlan 10 ip access-group aaa in Another example to apply the extensible access list is given.
Users Manual of CS-6306R 43.4.3 Configuring IP Access List Based on Physical Port 43.4.3.1 Filtering IP Message 43.4.3.2 Filtering IP Message Filtering message helps control the movement of packet in the network. The control can limit network transmission and network usage through a certain user or device. To make packets valid or invalid through the crossly designated interface, our routing switch provides the access list.
Users Manual of CS-6306R Run the following command in global configuration mode to create an extensible access list. Run… To… ip access-list extended name Use a name to define an extensible IP access list. {deny | permit} Designate one or multiple permit/deny protocolsourcesource-maskdes conditions in extensible access list tination destination-mask configuration mode. The previous setting [precedenceprecedence] decides whether the packet is approved or [tostos] [established] disapproved.
Users Manual of CS-6306R and returns an ICMP unreachable message. If the designated access list does not exist, all packets allows to pass. 43.4.3.5 Extensible Access List Example 1.
Users Manual of CS-6306R Chapter 44. IP ACL Application Configuration 44.1 Applying the IP Access Control List 44.1.1 Applying ACL on Ports After an ACL is established, it can be applied on one or many slots or globally. Run the following command in global or port configuration mode: Command Purpose config Enters the global configuration mode. interface g0/1 Enters the to-be-configured port.
Users Manual of CS-6306R Chapter 45. Routing Configuration 45.1 Configuring RIP 45.1.1 Overview The section describes how to configure the RIP. For details about RIP commands, refer to the setion “RIP Commands” in “Network Protocol Command Reference”. The routing information protocol (RIP) is still a commonly used interior gateway protocol (IGP), mainly applied to small-scale networks of the same type. RIP is a classical distance vector routing protocol, which appears in RFC 1058.
Users Manual of CS-6306R 45.1.3 Configuring RIP Tasks 45.1.3.1 Starting up RIP Run the following command in global configuration mode to activate RIP: Command Purpose Activates the RIP routing process and enters the switch routerrip configuration mode. networknetwork-number Specifies the network number related to the RIP routing process. 45.1.3.2 Allowing RIP Routing to Update the Single-Program Broadcast Normally, RIP is a broadcast protocol.
Users Manual of CS-6306R 45.1.3.5 Specifying the RIP Version Number The RIP-2 of our switches supports authentication, PIN management, routing summary, CIDR and VLSM. By default, the switch receives RIP-1 and RIP-2, but the switch only sends RIP-1. Through configuration, the switch can receive and send only the packet RIP-1, or only the packet RIP-2.
Users Manual of CS-6306R Command Purpose ip rip authentication simple Configures the interface to use the plain authentication. ip rip password [string] Configures the PIN of the plain authentication. Run the following commands in interface configuration mode to configure the MD5 authentication of the RIP: Command Purpose ip rip authentication message-digest Configures the interface to use the MD5 authentication.
Users Manual of CS-6306R 45.1.3.9 Configuring the Maximum Number of Routes By default, the local RIP routing table contains up to 1024 routes. When the route number exceeds the maximum number, you cannot add new routes to the routing table. At the same time, the system notifies you that the route number has already reached the maximum number set for the routing table.
Users Manual of CS-6306R show ip rip Display the current state of the RIP protocol. show ip rip database Displays all RIP routes. show ip rip protocol Displays all RIP-relative information. Run the following commands in management mode to track routing protocol information: Command debug ip rip database debug ip rip protocol Purpose Tracks information about adding RIP route to the routing table, deleting route from the routing table and changing route. Tracks RIP message. 45.1.
Users Manual of CS-6306R 45.2 Configuring BEIGRP 45.2.1 Overview Technologies used by BEIGRP are similar to the distance vector protocol: The router makes routing decision according to the information provided by the directly-connecting neighbor; The router provides its routing information to its directly-connecting neighbor.
Users Manual of CS-6306R 45.2.3 BEIGRP Configuration Task 45.2.3.1 Activating BEIGRP Perform the following operations to create a BEIGRP process: Command Purpose router beigrpas-number Adds a BEIGRP process in global configuration mode. networknetwork-number Adds network segment to the BEIGRP network-mask process in route configuration mode. After the above configuration is complete, BEIGRP starts to run on all interfaces of the network segment.
Users Manual of CS-6306R 45.2.3.5 Disabling Automatic Route summary The automatic collection of BEIGRP is different from that of other dynamic routing protocols. It complies with the following regulations: When multiple networks in a BEIGRP process are defined, a summary route of the defined network is generated if at least one subnet of the network is in the BEIGRP topology table. The created summary route is oriented to the Null0 interface has the minimum distance of all subnets.
Users Manual of CS-6306R 45.2.3.7 Configuring Forwarding Route When BEIGRP forwards other types of routes, BEIGRP complies with the following regulations: If the present route is static or directly-connected, the command default-metric need not be configured and other compound distance parameters (bandwidth, delay, reliability, effective load and MTU) are directly obtained from the current port.
Users Manual of CS-6306R The router sends the hello multiple-program broadcast packet on the interfaces where BEIGRP runs. Each BEIGRP-supporting router receives these multiple-program broadcast packets. Therefore, all neighbors can be found. The Hello protocol uses two timers to detect the disappearance of neighbors. The hello interval specifies the transmission frequency of the BEIGRP hello message on the interface of the router.
Users Manual of CS-6306R Run the following commands to display all BEIGRP statistics information: Command Purpose show ip beigrp interfaces [interface] Displays the information about BEIGRP [as-number] interface. show ip beigrp neighbors[as-number Displays the information about BEIGRP | interface] neighbors. show ip beigrp topology [as-number | Displays the information about BEIGRP all-link | summary | active] topology table. 45.2.
Users Manual of CS-6306R Routing interface The configurable interface parameters include the output parameters cost, resending interval, interface output delay, the priority of the switch, the interval to judge the shutdown of the switch, the interval of the hello packet and the authentication PIN. Virtual link The virtual link is supported. NSSA area See RFC 1587. OSPF in the See RFC 1793. on-demand circuit 45.3.
Users Manual of CS-6306R Command router ospfprocess-id networkaddressmaskareaarea-id Purpose Activates the OSPF routing protocol and enters the switch configuration mode. Configures the running interface of OSPF and the relevant interface domain ID. 45.3.3.2 Configuring Interface Parameters of OSPF You are allowed to modify OSPF parameters of the interface according to actual requirements. When you modify a parameter, make sure that the parameter on all switches of the interconnected network is same.
Users Manual of CS-6306R 45.3.3.3 Configuring OSPF in Different Physical Networks OSPF divides the physical media of the network into the following classes: Broadcast network (Ethernet, Token Ring, FDDI) Non-broadcast and multi-access network (SMDS, Frame Relay, X.25) Point-to-point network (HDLC, PPP) The X.25 and frame-relay network provides optional broadcast capability. You can configure the OSPF to run in the broadcast network through the map command.
Users Manual of CS-6306R 45.3.3.5 Configuring OSPF Area Parameters The configurable area parameters include authentication, stub area and the value of the default routing summary. The authentication is based on the password protection. Stub area is an area which exterior routes are not sent to. ABR generates a default exterior route to enter the stub area, enabling stub area to connect exterior networks out of the automatic area.
Users Manual of CS-6306R 45.3.3.8 Generating Default Route ASBR requires generating a default route to enter the OSPF route area. When you configure the switch to distribute the route to the OSPF area, the route automatically becomes ASBR. However, default ASBR does not generate the default route to enter the OSPF routing area. Run the following command in switch configuration mode to force ASBR to generate the default route.
Users Manual of CS-6306R 45.3.3.11 onfiguring Timer for Routing Calculation You can configure the delay between when OSPF receives the topology change information and when the calculation is started. You also can configure the interval of continuously calculating SPF. Run the following command in switch configuration mode. Command Purpose timersdelaydelaytime Sets the delay of routing calculation in an area. timersholdholdtime Sets the minimum interval of routing calculation in an area. 45.3.3.
Users Manual of CS-6306R of OSPF according to the interface. debug ip ospf adj Monitors the procedure of establishing OSPF adjacency. debug ip ospf events Monitors the OSPF interface and neighboring events. debug ip ospf flood Monitors the flooding of OSPF database. debug ip ospf lsa-generation Monitors the LSA generation of OSPF. debug ip ospf packet Monitors the OSPF message. debug ip ospf retransmission Monitors the message resending of OSPF.
Users Manual of CS-6306R 45.3.4.2 OSPF Route and Route Distribution Configuration Example OSPF demands to exchange information among internal switches, ABR and ASBR. In the minimum configuration, the OSPF-based switch can work with default parameter settings. There is no authentication demand. The following are three configuration examples: The first example shows basic OSPF commands. The second example shows how to configure internal routing switches, ABR and ASBR in an automatic system.
Users Manual of CS-6306R ip address 131.108.20.5 255.255.255.0 Interface vlan11 is in area 2: interface vlan 11 ip address 131.108.1.5 255.255.255.0 Interface vlan12 is in area 2: interface vlan 12 ip address 131.108.2.5 255.255.255.0 Interface vlan13 is in area 3: interface vlan 13 ip address 131.109.10.5 255.255.255.0 Interface vlan14 is in area 0: interface vlan 14 ip address 131.109.1.1 255.255.255.0 Interface vlan 100 is in area 0: interface vlan 100 ip address 10.1.0.1 255.255.0.
Users Manual of CS-6306R 45.3.4.2.3 Complex Configuration of Interior Switches, ABR and ASBR The following example shows how to configure multiple switches in a single OSPF automatic system. The following figure shows the network topology of the configuration example. Configure switches according to the previous figure. RTA: interface loopback 0 ip address 202.96.207.81 255.255.255.0 ! interface vlan 10 ip address 192.168.10.81 255.255.255.0 ! interface vlan 10 ip address 192.160.10.81 255.255.255.
Users Manual of CS-6306R ! interface vlan 11 ip address 192.160.20.82 255.255.255.0 ! router ospf 192 network 192.168.20.0 255.255.255.0 area 1 network 192.168.10.0 255.255.255.0 area 1 ! RTC: interface loopback 0 ip address 202.96.208.83 255.255.255.252 ! interface vlan 10 ip address 192.163.20.83 255.255.255.0 ! interface vlan 11 ip address 192.160.20.83 255.255.255.0 ! router ospf 192 network 192.168.20.0 255.255.255.0 area 1 network 192.163.20.0 255.255.255.0 area 0 ! 45.3.4.
Users Manual of CS-6306R The following are basic configuration tasks: (1) Configuring the address range for Ethernets 0 to 3 (2) Activating OSPF on every interface (3) Setting the authentication password for each area and network (4) Setting the link state value and other interface parameters Use one area command respectively to set authentication parameters and stub area. You can use one command to set these parameters. Set backbone area (Area 0).
Users Manual of CS-6306R router ospf 192 network 192.168.0.0 255.255.255.0 area 0 network 192.168.20.0 255.255.255.0 area 192.168.20.0 network 192.168.30.0 255.255.255.0 area 192.168.30.0 network 192.168.40.0 255.255.255.0 area 192.168.40.0 area 0 authentication simple area 192.168.20.0 stub area 192.168.20.0 authentication simple area 192.168.20.0 default-cost 20 area 192.168.20.0 authentication simple area 192.168.20.0 range 36.0.0.0 255.0.0.0 area 192.168.30.0 range 192.42.110.0 255.255.255.
Users Manual of CS-6306R EGP is different from IGP with its enhanced control capability. BGP provides multiple optional methods to control the routes. Use neighbor-based access-list, aspath-list and prefix-list to filter the route. Or use port-based access-list and prefix-list to filter the route or the Nexthop attribute of the route. Use route-map to modify BGP route's attributes such as MED, Local Preference and Weight.
Users Manual of CS-6306R 45.4.2 BGP Configuration Task 45.4.2.1 Configuring Basic BGP Characteristic BGP configuration tasks can be classified into two groups: basic tasks and advanced tasks. The first two items of basic tasks are mandatory for BGP configuration. Other items in basic tasks and advanced tasks are optional. 45.4.2.1.
Users Manual of CS-6306R 45.4.2.1.3 Configuring BGP Soft Reconfiguration In general, BGP neighbors exchange all routes only when the connection is created; they then exchange only the changed routes later. If the configured routing policy is changed, you must clear the BGP sessions before you apply the changed routing policy to the received routes. However, clearing the BGP session can disable the high-speed cache and seriously undermine network running.
Users Manual of CS-6306R 45.4.2.1.5 Configuring Synchronization Between BGP and IGPs If an AS sends information at the third AS through your AS, the internal routing state of your AS must be the same as the routing information that the AS broadcasts to other ASs. For example, before all routers in your AS learn the routes through IGP, your AS may receive routing information from your BGP that some routers cannot route.
Users Manual of CS-6306R 45.4.2.1.7 Configuring Neighbor-Based BGP Routing Filtration The router software provides the following methods to filter the BGP routes of the designated neighbor: (1) Use the Aspath list filter with the commands ip aspath-list and neighbor filter-list. Command Purpose ip aspath-listaspaths-list-name {permit | deny} Defines a BGP-related access table. as-regular-expression router bgpautonomous-system Enters the router configuration mode.
Users Manual of CS-6306R 45.4.2.1.9 Cancelling BGP-Updated Next Hop Processing You can cancel the next hop processing for the neighbor's BGP update. The configuration is useful in the non-broadcast networks such as frame relay or X.25. In frame relay or X.25, BGP neighbors cannot directly access all other neighbors in the same IP subnet. The following methods can cancel the next hop processing: The local IP address that uses the BGP connection replaces the next-hop address of the outgoing route.
Users Manual of CS-6306R Refer to the section “BGP Route Aggregation Example”. 45.4.2.2.3 Configuring BGP Community Attribute The routing policy that BGP supports is based one of the following three values for BGP routing information: Routing network number Value of the AS_PATH attribute Value of the COMMUNITY attribute Routes can be classified into the community through the COMMUNITY attribute and the community-based routing policy can be applied to routes.
Users Manual of CS-6306R Perform the following operations to configure the community-attribute–based routing information filtration: Command Purpose ip community-list standard | Defines the community list. expendedcommunity-list-name {permit | deny} communtiy-expression route-map map-name Configures the route map. sequence-number {deny | permit} match community-list-name Configures the matching regulations. router bgpautonomous-system Enters the router configuration mode.
Users Manual of CS-6306R client peers consists of a cluster. The non-client peers must be fully connected. The client peers need not be fully connected. The clients in the cluster do not communicate with the IBGP session sponsors in the different cluster. When the route reflector receives the routing infotmation, it will perform the following tasks: Broadcast the routes from the external BGP session sponsors to all clients and non-client peers.
Users Manual of CS-6306R neighbor {ip-address } ebgp-multihop Sets the BGP neighbor to the multihop ttl external peers. 45.4.2.2.8 Setting BGP route management distance The management distance is a unit to measure the priority of routing protocols. BGP uses three kinds of management distance: external distance, internal distance and local distance. The route learned from the external BGP shows the external distance. The route learned from the internal BGP shows the internal distance.
Users Manual of CS-6306R 45.4.3.1 Clearing BGP routing table and database Run the following command in management mode to perform relative tasks about clearing high-speed cache, table or BGP database. Command Purpose clear ip bgp * Resets all BGP connections. clear ip bgp as-number Resets the BGP connection of the designated autonomous system. clear ip bgp address Resets the BGP connection of the designated neighbor.
Users Manual of CS-6306R database. show ip bgp summary Displays the state of all BGP connections. 45.4.3.3 Tracking BGP information To locate the fault and resolve the problem, you need to observe the BGP connection establishment, route receiving and route forwarding by tracking the BGP information. Perform the following operations: Command Purpose debug ip bgp * Tracks common BGP information. debug ip bgp all Tracks all BGP information. debug ip bgp fsm Tracks the BGP state machine.
Users Manual of CS-6306R ! route-map freddy permit 10 match as-path abc set metric 127 ! route-map freddy permit 20 match as-path xyz The following example shows how to modify the routes that are generated in route forwarding through the route map: router bgp 100 redistribute rip route-map rip2bgp ! route-map rip2bgp match ip address rip set local-preference 25 set metric 127 set weight 30000 set next-hop 192.92.68.24 set origin igp ! ip access-list standard rip permit 131.108.0.0 255.255.0.0 permit 160.
Users Manual of CS-6306R accepted by neighbor 193.1.12.10: router bgp 200 neighbor 193.1.12.10 remote-as 100 neighbor 193.1.12.10 filter-list test1 weight 100 neighbor 193.1.12.10 filter-list test2 out neighbor 193.1.12.10 filter-list test3 in ip aspath-list test1 permit _109_ ip aspath-list test2 permit _200$ ip aspath-list test2 permit ^100$ ip aspath-list test3 deny _690$ ip aspath-list test3 permit .* 45.4.4.
Users Manual of CS-6306R router bgp 12 filter * in prefix-list max24 ip prefix-list max24 seq 5 permit 0.0.0.0/0 ge 8 le 24 The following example shows that route whose prefix length is no more than 24 is permitted in network 192/8: ip prefix-list abc permit 192.0.0.0/8 le 24 The following example shows that route whose prefix length exceeds 25 is permitted in network 192/8: ip prefix-list abc deny 192.0.0.
Users Manual of CS-6306R aggregate 193.0.0.0/8 summary-only 45.4.4.7 BGP route reflector configuration example The following is an example for the route reflector configuration. RTA, RTB, RTC and RTE belongs to the same autonomous system AS200. RTA functions as the route reflector, while RTB and RTC function as the clients of the route reflector. RTE is a common IBGP neighbor. RTD belongs to AS100 and establishes an EBGP connection with RTA.
Users Manual of CS-6306R RTB configuration: interface vlan110 ip address 3.0.0.2 255.0.0.0 ! router bgp 200 neighbor 3.0.0.1 remote-as 200 /*RTA IBGP*/ network 13.0.0.0/8 ! ip route 13.0.0.0 255.0.0.0 3.0.0.12 RTC configuration: interface vlan110 ip address 2.0.0.2 255.0.0.0 ! router bgp 200 neighbor 2.0.0.1 remote-as 200 /*RTA IBGP*/ network 12.0.0.0/8 ! ip route 12.0.0.0 255.0.0.0 2.0.0.12 RTD configuration: interface vlan110 ip address 4.0.0.2 255.0.0.0 ! router bgp 100 neighbor 4.0.0.
Users Manual of CS-6306R 45.4.4.8 BGP autonomous system alliance example The following figure shows an autonomous system alliance configuration. RTA, RTB and RTC create the IBGP connection. RTA, RTB and RTC belong to the private autonomous system 65010. RTE belongs to the private autonomous system 65020. RTE and RTA establish the EBGP connection in the autonomous system alliance. AS65010 and AS65020 make up of an autonomous system alliance. The number of the autonomous system alliance is AS200.
Users Manual of CS-6306R ip address 1.0.0.2 255.0.0.0 ! interface vlan111 ip address 3.0.0.1 255.0.0.0 ! router bgp 65010 bgp confederation identifier 200 bgp confederation peers 65020 neighbor 1.0.0.1 remote-as 65010 /*RTA IBGP*/ neighbor 3.0.0.2 remote-as 65010/*RTC IBGP*/ RTC configuration: interface vlan110 ip address 2.0.0.2 255.0.0.0 ! interface vlan111 ip address 3.0.0.2 255.0.0.0 ! router bgp 65010 bgp confederation identifier 200 bgp confederation peers 65020 neighbor 2.0.0.
Users Manual of CS-6306R RTE configuration: interface vlan110 ip address 5.0.0.2 255.0.0.0 ! router bgp 65020 bgp confederation identifier 200 bgp confederation peers 65010 neighbor 5.0.0.1 remote-as 65010 /*RTA EBGP*/ 45.4.4.9 Example for route map using BGP community attribute In the following example, the command route map set-community is used to update the outgoing routes of neighbor 171.69.232.50. The special community attribute value no-export can be set through the route of the access list aaa.
Users Manual of CS-6306R ip aspath-list test1 permit 70$ ip aspath-list test2 permit .* In the following example, Set the MED and the local priority of the route from neighbor 171.69.232.55 according to the community attribute value. Set MED of all routes that match the community list com1 to 8000. These routes may contain routes with community value “100 200 300” and “900 901”. These routes may have other attribute values. Set the local priority of the routes which send the community list com2 to 500.
Users Manual of CS-6306R Chapter 46. IP Hardware Subnet Routing Configuration 46.1 IP Hardware Subnet Configuration Task 46.1.1 Overview IP hardware subnet routing is similar to IP fast exchange. When the IP hardware subnet routing is not enabled, before forwarding message containing the IP address A at the next hop, the switch first checks whether the item of destination A exists in the IP cache of hardware. If the item exists, the message will be forwarded through hardware.
Users Manual of CS-6306R 46.2 Configuration Example Pay attention to the following content when you configure the routing items: As to the direct-connecting routing, the next hop is CPU. If the next hop is a routing interface not an IP address, do as in the direct-connecting routing. When the number of the routing items in the system is bigger than that of the IP hardware subnet routing items, the default routing cannot be the IP hardware subnet routing.
Users Manual of CS-6306R Chapter 47. IP-PBR Configuration 47.1 IP-PBR Configuration IP-PBR realizes software PBR functions through the hardware of switch chip. PBR stands for Policy Based Routing. PBR enables users to rely on a certain policy not on routing protocol for routing. Software based PBR supports multiple policies and rules and also load balance. You can designate the next hop’s IP address or port for those packets that are in line with policy.
Users Manual of CS-6306R 47.1.2 ISIS Configuration Task List To configure IP-PBR, do as follows: Create ACL; Create a route map; Apply the route map on a port; To create an ACL, run the following command globally: Command Remarks ip access-list standard net1 Enters the ACL configuration mode and defines ACL. To create a route map, run the following commands globally: Command Remarks route-map pbr Enters the route map configuration mode. match ip addressaccess-list Configures the match-up policy.
Users Manual of CS-6306R All data related about IP-PBR running are shown below: switch#show ip pbr IP policy based route state: enabled No equiv exf apply item VLAN3 use route-map ddd, and has 1 entry active. -----------------Entry sequence 10, permit Match ip access-list: ac1 Set Outgoing nexthop 90.0.0.3 The IP-PBR policy routing information is shown below: switch#show ip pbr policy IP policy based route state: enabled VLAN3 use route-map ddd, and has 1 entry active.
Users Manual of CS-6306R 47.1.4 IP-PBR Configuration Example Switch configuration: ! ip pbr ! interface vlan1 ip address 10.1.1.3 255.255.255.0 no ip directed-broadcast ip policy route-map pbr ! ip access-list standard ac1 permit 10.1.1.21 255.255.255.255 ! ip access-list standard ac2 permit 10.1.1.2 255.255.255.255 ! route-map pbr 10 permit match ip address ac1 set ip next-hop 13.1.1.99 ! route-map pbr 20 permit match ip address ac2 set ip next-hop 13.1.1.99 14.1.1.
Users Manual of CS-6306R Chapter 48. Multi-VRF CE Configuration 48.1 Multi-VRF CE Introduction 48.1.1 Overview The Virtual Private Network (VPN) provides a secure method for multiple client networks to share the ISP-supplied bandwidth. In general, one VPN comprises a team of client networks that share a public routing table on the ISP's routers. Each client network is connected to the interface of the network devices of ISP, while ISP's device will relate each interface to a VPN routing table.
Users Manual of CS-6306R 48.1.1.1 Establishing Routes with CE The Multi-VRF CE switch can establish routes with CE through multiple dynamic routing protocols. CE can be routers or the Ethernet switches. The routing protocols which are supported include OSPF, RIP and BEIGRP. The MCE switch also supports static routing configuration. The MCE switch generally needs different VLAN ports to connect CEs that belong to different VPNs.
Users Manual of CS-6306R 48.2.3 MCE Configuration 48.2.3.1 Configuring VRFRefer to the following steps to configure one or multiple VRFs. Command Purpose Switch# config Enters the switch configuration mode. Switch_config# ip vrf vrf-name Creates VRF and enters the VRF configuration mode. vrf-name: VRF name with up to 31 characters Switch_config_vrf# rd Sets the route distinguisher of VRF. route-distinguisher route-distinguisher: Stands for the distinguisher of the route.
Users Manual of CS-6306R Command Purpose Switch# config Enters the switch configuration mode. Switch_config# router ospf Starts the OSPF-VRF route and enters the configuration process-id vrf vrf-name mode. Switch_config_ospf# Defines the OSPF network, mask and area ID. networknetwork-number network-maskareaarea-id Switch_config_ospf# redistribute Forwards the designated BGP network to the OSPF network. bgp ASN Switch_config_ospf# exit Exits from the OSPF configuration mode.
Users Manual of CS-6306R 48.2.3.4 Testifying the VRF Connectivity Between PE and CE Use the PING command with the VRF option to testify the VRF connectivity of PE and CE. Command Purpose Switch# ping –vrfvrf-nameip-address Conducts the PING operation to the addresses in VRF. 48.3 MCE Configuration Example Figure 2.1 shows a simple VRF network. Both S1 and S2 are the Multi-VRF CE switches. S11, S12 and S13 belong to VPN1, S21 and S22 belong to VPN2, and all of them are customer devices.
Users Manual of CS-6306R Set the routing protocol between CE and customer's device: Switch_config# router ospf 101 Switch_config_ospf_101# network 11.0.0.0 255.0.0.0 area 0 Switch_config_ospf_101# exit 48.3.2 Configuring MCE-S1 Configures VRF on the Multi-VRF CE device.
Users Manual of CS-6306R Set the L3 VLAN port of a switch, bind the VRF to the VLAN port and set the IP address. S1 connects PE through two logical ports, VLAN21 and VLAN22. The two ports, VLAN11 and VLAN15, connect VPN1 and VPN2 respectively. Switch_config# interface VLAN11 Switch_config_v11# ip vrf forwarding vpn1 Switch_config_v11# ip address 11.0.0.1 255.0.0.0 Switch_config_v11# exit Switch_config# interface VLAN15 Switch_config_v15# ip vrf forwarding vpn2 Switch_config_v15# ip address 15.0.0.1 255.0.
Users Manual of CS-6306R Switch_config_bgp_vpn1# redistribute ospf 1 Switch_config_bgp_vpn1# neighbor 21.0.0.1 remote-as 200 Switch_config_bgp_vpn1# exit-address-family Switch_config_bgp# address-family ipv4 vrf vpn2 Switch_config_bgp_vpn2# no synchronization Switch_config_bgp_vpn2# redistribute ospf 2 Switch_config_bgp_vpn2# neighbor 22.0.0.1 remote-as 200 Switch_config_bgp_vpn2# exit-address-family Switch_config_bgp# exit Create VLAN.
Users Manual of CS-6306R Switch_config_g1/1# interface gigaEthernet 1/2 Switch_config_g1/2# switchport mode trunk Switch_config_g1/2# exit Set the L3 VLAN interface of PE, which connects S1: Switch_config# interface VLAN21 Switch_config_v21# ip vrf forwarding vpn1 Switch_config_v21# ip address 21.0.0.1 255.0.0.0 Switch_config_v21# exit Switch_config# interface VLAN22 Switch_config_v22# ip vrf forwarding vpn2 Switch_config_v22# ip address 22.0.0.1 255.0.0.
Users Manual of CS-6306R Switch_config_bgp# exit Set VLAN and enable the subnet routing forwarding. Switch_config# vlan 1,21-22,31-32 Switch_config# ip exf 48.3.
Users Manual of CS-6306R Set the L3 VLAN port of a switch, bind the VRF to the VLAN port and set the IP address. S2 connects PE through two logical ports, VLAN31 and VLAN32. The two ports, VLAN41 and VLAN46, connect VPN1 and VPN2 respectively. Switch_config# interface VLAN41 Switch_config_v41# ip vrf forwarding vpn1 Switch_config_v41# ip address 41.0.0.1 255.0.0.0 Switch_config_v41# exit Switch_config# interface VLAN46 Switch_config_v46# ip vrf forwarding vpn2 Switch_config_v46# ip address 46.0.0.1 255.0.
Users Manual of CS-6306R Switch_config_bgp_vpn1# redistribute ospf 1 Switch_config_bgp_vpn1# neighbor 31.0.0.1 remote-as 200 Switch_config_bgp_vpn1# exit-address-family Switch_config_bgp# address-family ipv4 vrf vpn2 Switch_config_bgp_vpn2# no synchronization Switch_config_bgp_vpn2# redistribute ospf 2 Switch_config_bgp_vpn2# neighbor 32.0.0.1 remote-as 200 Switch_config_bgp_vpn2# exit-address-family Switch_config_bgp# exit Create VLAN.
Users Manual of CS-6306R 48.3.6 TestifyingVRF Connectivity Run the PING command on S1 to testify the connectivity of VPN1 between S1 and S11: Switch# ping -vrf vpn1 11.0.0.2 !!!!! --- 11.0.0.2 ping statistics --5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max = 0/0/0 ms Testify the connectivity between S1 and PE: Switch# ping -vrf vpn1 21.0.0.1 !!!!! --- 21.0.0.
Users Manual of CS-6306R Chapter 49. Reliability Configuration 49.1 Configuring Port Backup This chapter discusses how to back up the interface, describes the backup functions on the asynchronism serial interface, synchronism serial interface or ISDN interface. For details about interface backup commands, refer to Interface Backup Command Reference. 49.1.1 Overview Interface backup functions can enabled Backup interface or disabled it according to statement or flux information of Primary interface .
Users Manual of CS-6306R 49.1.3.2 Enabling Backup Interface Rejection Set delaying of enabled and disabled backup interface .To realize time gap between primary interface state changing and the result of state of backup interface changing. 1. choose backup interface 2. enabled interface backup delaying in this interface . choose backup interface,You can use instructions as follows in interface configuration mode. Command Purpose Backup interfaceslot/port Choose backup interface of this port.
Users Manual of CS-6306R 49.1.4 Examples of Port Backup Configuration Enable the backup interface on serial interface 1/0,and choose serial interface 1/1 as his backup interface. The time of backup interface activation and deactivation is both 5 seconds. Flux equalization setting is when true flux of primary interface pass 60% of band width , activate backup interface, while flux through both interfaces is less than 30% of band width of primary interface, activate backup interface.
Users Manual of CS-6306R hosts on an IEEE 802 LAN configured with a default gateway IP address. HSRP routes IP traffic without relying on the availability of any single router. It enables a set of router interfaces to work together to present the appearance of a single virtual router or default gateway to the hosts on a LAN. When HSRP is configured on a network or segment, it provides a virtual Media Access Control (MAC) address and an IP address that is shared among a group of configured routers.
Users Manual of CS-6306R standby [group-number] preempt Configure hsrp preempt. If local router's [delaydelay] priority is larger than active router, local router should try to replace the active router. Configure hsrp preempt delay timer.Local router should replace active router after preempt delay timer. standby [group-number] tracktype Configure hsrp group tracking interface number [interface-priority] list.If the tracking interface is failed ,HSRP priority value decreased.
Users Manual of CS-6306R standby 1 ip 171.16.6.100 255.255.255.0 standby 1 trackl Serial0 standby 2 preempt standby 2 ip 171.16.6.200 255.255.255.0 standby 2 track Serial0 standby 2 priority 95 The following is the R2 configuration: Configure two HSRP groups on interface Ethernet 0. The virtual IP of group 1 is 171.16.6.100 and the privilege of group1 is 100, so R2 is the standby router of group1. The virtual IP of group 2 is 171.16.6.200 and the default privilege of group2 is 100.
Users Manual of CS-6306R out mechanism and the Preempt mechanism. You can configure multiple hot standby groups on an interface to fully use the router. Currently VRRP supports Ethernet/Fast Ethernet/VLAN protocols, but it does not support the token ring and the token bus. VRRP is designated by IETF VRRP working group which is defined in RFC2338. 49.3.1.1 VRRP Application Line backup You can back up a link through VRRP.
Users Manual of CS-6306R 49.3.2 VRRP Configuration Task List Enabling VRRP Configuring the time for vrrp Configuring the vrrp learning mode Configuring the description string for VRRP Configuring the privilege for VRRP hot backup Configuring the preemption mode Configuring the privilege for tracking other interfaces Configuring the authentication string Monitoring and maintaining VRRP 49.3.3 VRRP Configuration Tasks 49.3.3.
Users Manual of CS-6306R 49.3.3.6 Configuring the Preemption Mode Command Purpose [no] vrrp group-numberpreempt Sets the preemption mode. [delay<1-254>] 49.3.3.7 Configuring the Privilege for Tracking Other Ports Command Purpose [no] vrrpgroup-numbertrack typenumber [interface-priority] Configures the privilege for tracking other ports, enabling the VRRP privilege to vary with the state change of the tracked port.
Users Manual of CS-6306R The configuration is shown as follows: Router A: ----------------------------------interface Ethernet1/1.1 encapsulation dot1Q 2 ip address 100.1.1.5 255.255.255.0 vrrp 3 associate 100.1.1.30 255.255.255.0 vrrp 3 priority 120 vrrp 3 description line1-master vrrp 3 authentication line1pwd vrrp 3 preempt vrrp 3 timers advertise dsec 15 ----------------------------------interface Ethernet1/1.2 encapsulation dot1Q 3 ip address 200.1.1.5 255.255.255.0 vrrp 6 associate 200.1.1.30 255.
Users Manual of CS-6306R vrrp 6 associate 200.1.1.30 255.255.255.
Users Manual of CS-6306R Chapter 50. Multicast Configuration 50.1 Multicast Overview The chapter describes how to cofigure the multicast routing protocol. For the details of the multicast routing commands, refer to the part “Multicast Routing Commands”. The traditional IP transmission allows only one host to communicate with a single host (unicast communication) or to communicate with all hosts (broadcast communication). The multicast technology allows one host to send message to some hosts.
Users Manual of CS-6306R 50.1.2 Multicast Routing Configuration Task List 50.1.2.
Users Manual of CS-6306R 50.1.2.4 PIM-SM Configuration Task List Configuring static RP Configuring standby BSR Configuring standby RP Displaying PIM-SM multicast routing Clearing multicast routes learned by PIM-SM 50.2 Basic Multicast Routing Configuration 50.2.1 Starting up Multicast Routing To allow the router software to forward the multicast message, you must start up the multicast routing.
Users Manual of CS-6306R 50.2.3 Configuring TTL Threshold Run the command ip multicast ttl-threshold to configure the TTL threshold of the multicast message that is allowed to pass the port. Run the command no ip multicast ttl-threshold to use the default threshold value 1. Command ip multicast ttl-thresholdttl-value Purpose Configures the TTL threshold on the port.
Users Manual of CS-6306R After the static multicast routing is configured, the router can perform the RPF check according to the configuration information. The RPF check is not based on the unicast routing table any more. Therefore, the multicast message goes through the tunnel, while the unicast message does not go through the tunnel. The static multicast route only exists in the local place. It will not be announced or forwarded.
Users Manual of CS-6306R Run the following command to limit the output rate of a multicast flow to n kbps Command Purpose ip Configures the maximum output rate multicast rate-limit outgroup-listaccess-list1 source-list limitation of the multicast flow in a certain access-list2 kbps range. 50.2.8 Configuring IP Multicast Helper Run the command ip multicast helper-map to use the multicast route to connect two broadcast networks in the multicast network.
Users Manual of CS-6306R address 192.168.20.97/24 to the broadcast message with the destination address 172.10.255.255. In the first-hop router connecting the source broadcast network, perform the following operations: (the router is configured on the VLAN port) interface ethernet 0 ip directed-broadcast ip multicast helper-map broadcast 230.0.0.1 testacl ip pim-dm ! ip access-list extended testacl permit udp 192.168.20.97 255.255.255.
Users Manual of CS-6306R Example The configuration of router A and B is shown as follows: Stub Router A Configuration ip multicast-routing ip pim-dm ip igmp helper-address 10.0.0.2 Central Router B Configuration ip multicast-routing ip pim-dm ip pim-dm neighbor-filter stubfilter ip access-list stubfilter deny 10.0.0.1 50.2.10 Monitoring and Maintaining Multicast Route 50.2.10.
Users Manual of CS-6306R 50.3 IGMP Configuration 50.3.1 Overview 50.3.1.1 IGMP Internet Group Management Protocol (IGMP) is a protocol used to manage multicast group members. IGMP is an asymmetric protocol, containing the host side and the switch side. At the host side, the IGMP protocol regulates how the host, the multicast group member, reports the multicast group it belongs to and how the host responds to the query message from the switch.
Users Manual of CS-6306R You can configure the IGMP-Router function at different interfaces (the multicast routing protocol configured on different interfaces can start up the IGMP-Router function) and different versions of IGMP can be run on different interfaces. Note that a multicast switch can start up the IGMP-Router function on only one of the ports that connect the same network.
Users Manual of CS-6306R For IGMP-Router V1, the interval of other queriers is useless. For IGMP-Router V3, the interval cannot be configured because it is decided by the protocol itself. 50.3.2.4 Configuring Maximum IGMP Response Time For IGMP-Router V2 and IGMP-Router V3, special data field in the transmitted IGMP General Query message regulates the maximum response time of the IGMP host.
Users Manual of CS-6306R 50.3.2.6 Static IGMP Configuration Besides the functions regulated by the IGMP-Router protocol, BODCOM’s switches support the static multicast group configuration on the port. For the IGMP host, its multicast group member relationship may vary. Suppose the IGMP host only belongs to the multicast group group1, it receives the multicast message from and sends the multicast message to the multicast group group1.
Users Manual of CS-6306R Command Purpose Configures the access list that ip igmp immediate-leave realizes the function to immediately group-listlist-name leave the multicast group for the IGMP host. ip access-list standardlist-name Creates a standard IP access list named list-name. Configures the IP address for the permitsource-address IGMP host that will realize the immediate-leave function in standard access-list configuration mode.
Users Manual of CS-6306R 50.3.3.4 Maximum IGMP response time example The following example shows how to modify the maximum IGMP response time to 15 seconds on the interface ethernet 1/0: interface ethernet 1/0 ip igmp query-max-response-time 15 50.3.3.
Users Manual of CS-6306R In a multicast group, the multicast group information cannot be simultaneously configured both for a specific source address and for all source addresses. The command used in the later configuration will be omitted. For example, If you run the command ip igmp static-group 224.1.1.7 include 192.168.20.168 after the command ip igmp static-group 224.1.1.7 is executed, the command ip igmp static-group 224.1.1.7 include 192.168.20.168 will be omitted. 50.3.3.
Users Manual of CS-6306R As long as source S still sends information to group G, the first-hop switch will periodically send the refreshing information of the routing item (S,G) to the nether original broadcast tree to finish refreshing. The state refreshing mechanism of PIM-DM can refresh the state of the downstream, ensuring that the pruning of the broadcast tree does not time out.
Users Manual of CS-6306R 50.4.2.2 Configuring State-Refresh The state-refresh control information of the PIM-DM is forwarded in management mode by default. The configuration commands in interface configuration mode are effective only to the configurations at the upstream ports when the first-hop switch directly connecting the source sends the state-refresh message periodically. For the following switches, the interval is the period to receive and handle the state-refresh message.
Users Manual of CS-6306R 50.4.2.5 Clearing Item (S,G) Normally, item (S,G) in the local MRT or the statistics value of the multicast message number forwarded through item (S,G) need be cleared. Run the following commands in management mode. Command Purpose clear ip mroute pim-dm {* | group Clears the item (S,G) in the local MRT. [source]} The operation is to delete all or part items of the local multicast routing table. Multicast message forwarding may be affected.
Users Manual of CS-6306R Figure 5-1 Join-in mechanism of PIM-SM PIM-SM forwards the multicast packet by creating the multicast distribution tree. The multicast distribution tree can be classified into two groups: Shared Tree and Shortest Path Tree. Shared Tree takes the RP of group G as the root, while Shortest Path Tree takes the multicast source as the root. PIM-SM creates and maintains the multicast distribution tree through the displayed join/prune mode.
Users Manual of CS-6306R about a group member’s relationship from the directly-connected host, if the DR has no the routing item of the group, the DR will map the group address to a candidate RP through the Hash algorithm. The DR then multicasts the Join/prune message hop by hop towards the RP. Finally, the DR packages the multicast data in the registration message and unicasts it to the RP. 50.5.2 Configuring PIM-SM 50.5.2.
Users Manual of CS-6306R 50.5.2.4 Configuring Candidate RP Configure the candidate RP to enable it to be sent to the BSR periodically and then be diffused to all PIM-SM routers in the domain, ensuring the RP mapping is unique. Run the following command in global configuration mode: Command ip pim-sm rp-candidate [typenumber] [interval|group-list acl-name] no ip pim-sm rp-candidate [typenumber] Purpose Configures the local switch as the candidate RP.
Users Manual of CS-6306R interface Serial2/0 ip address 192.168.21.142 255.255.255.0 physical-layer speed 128000 ip pim-sm ! router rip network 192.168.21.0 network 192.166.1.0 network 192.166.100.0 version 2 ! ip pim-sm bsr-candidate Loopback0 30 201 ip pim-sm rp-candidate Loopback0 ! Device B: ! ip multicast-routing ! interface Ethernet0/1 ip address 192.168.200.144 255.255.255.0 ip pim-sm ip pim-sm dr-priority 200 ! interface Serial0/0 ip address 192.168.21.144 255.255.255.0 ip pim-sm ! 50.5.3.
Users Manual of CS-6306R ip pim-sm ! interface Serial2/0 ip address 192.168.21.142 255.255.255.0 physical-layer speed 128000 ip pim-sm ! router rip network 192.168.21.0 network 192.166.100.0 ! ip pim-sm bsr-candidate Loopback0 30 201 ! Device B: ! ip multicast-routing ! interface Loopback0 ip address 192.168.100.144 255.255.255.0 ip pim-sm ! interface Ethernet0/1 ip address 192.168.200.144 255.255.255.0 ip pim-sm ! interface Serial0/0 ip address 192.168.21.144 255.255.255.
Users Manual of CS-6306R Chapter 51. IPv6 Configuration 51.1 IPv6 Protocol’s Configuration The configuration of the IPv6 address of the router only takes effect on the VLAN interface, not on the physical interface. The IPv6 protocol is disabled in default state. If the IPv6 protocol need be used on a VLAN interface, this protocol should be first enabled in VLAN interface configuration mode. To enable the IPv6 protocol, users have to set the IPv6 address.
Users Manual of CS-6306R The link-local address must begin with fe80.The default length of the prefix is 64 bit.At manual settings only the values at the last 64 bits can be designated. On a VLAN interface can only one link-local address be set. After IPv6 is enabled through the configuration of the link-local address, IPv6 only takes effect on the local link. To set a global IPv6 address in VLAN interface configuration mode, run the following commands.
Users Manual of CS-6306R 1. Setting the transmission frequency of the ICMPv6 packet If you want to limit the transmission frequency of the ICMPv6 packet, run the command in the following table. If the ICMPv6 transmission frequency is larger than the set value, the transmission frequency will be limited. The default transmission frequency is 1000us. If you want to modify the transmission frequency, run the following command in global mode: 2.
Users Manual of CS-6306R To open IPv6 redirection, run the following command: 5. Command Purpose ipv6 redirects Allows IPv6 to transmit the redirection packets. Setting IPv6 destination unreachability In many cases, the system will automatically transmit the destination-unreachable packets. Users can close this function. If this function is closed, the system will not transmit the ICMP unreachable packets.
Users Manual of CS-6306R Chapter 52. ND Configuration 52.1 ND Overview A node (host and router) uses ND (Neighbor Discovery protocol) to determine the link-layer addresses of the connected neighbors and to delete invalid cache rapidly. The host also uses the neighbor to discover the packet-forwarding neighboring routers. Additionally, the node uses the ND mechanism to positively trace which neighbors are reachable or unreachable and to test the changed link-layer address.
Users Manual of CS-6306R 52.1.2 ND Configuration The ND protocol is used not only for address resolution but for other functions such as neighbor solicitation, neighbor advertisement, router solicitation, router advertisement and redirect.
Users Manual of CS-6306R Setting the prefix of the RA message The router releases address prefixes to the network host via RA message. The address prefix plus the host address is the entire unicast address. The prefix option is carried by the RA message, and the host obtains the IPv6 address prefix and related parameter from this option.
Users Manual of CS-6306R Setting the reachable-time field of the RA message reachable-time means the time to reach a neighbor, which is 0 by default. Command Purpose ipv6 nd reachable-time milliseconds Sets the reachable-time field in the RA message transmitted by the local port. Its default value is 0ms. Setting the value of the router preference in the RA message router-preference means the router’s priority, which accounts for two bits in the flags domain in the RA message.
Users Manual of CS-6306R Chapter 53. RIPNG Configuration 53.1 Configuring RIPNG 53.1.1 Overview Routing Information Protocol of next generation (RIPng) is the RIP of version 6. In the equipment RIPng and RIP are two completely independent modules that are in charge of the learning and management of the routing information in version 6 and version 4 respectively. RIPng is same to RIP in the internal working mechanism. RIPng switches the routing information through the UDP broadcast.
Users Manual of CS-6306R 53.1.3 RIPng Configuration Tasks 53.1.3.1 Allowing to Set the Unicast Routing Protocol To set the RIPng, you must first run the following command to allow setting the switch of a unicast route. Command Ipv6 unicast-routing Purpose Enables to set the unicast routing protocol on a device. 53.1.3.
Users Manual of CS-6306R Command Purpose neighboripv6-address Defines a neighboring router and switches the routing information with this neighboring router. 53.1.3.5 Applying the Offset on the Routing Weight The offset list is used to add an offset for an incoming or outgoing route which RIPng learns. In this case, a local mechanism is provided to add the routing weight. Additionally, you can also use the access list or an interface to limit the offset list.
Users Manual of CS-6306R 53.1.3.8 Adjusting the Timer The routing protocol needs several timers to judge the transmission frequency of routing updates and how long it takes for a route to become invalid. You can adjust these timers to make the performance of a routing protocol more suitable for the requirements of network interconnecting.
Users Manual of CS-6306R In normal cases, you are not recommended to change the default state unless you are sure that the routes can be correctly declared after the state of your application program is changed. If horizontal fragmentation is forbidden on a serial interface that connects a packet switching network, you have to disable horizontal fragmentation on routers of any related multicast group on a network. 53.1.3.
Users Manual of CS-6306R 53.1.
Users Manual of CS-6306R Chapter 54. OSPFv3 Configuration 54.1 Overview OSPFv3 is an IGP routing protocol developed by the OSPF working group of IETF for the IPv6 network. OSPFv3 supports the IPv6 subnet, the mark of the external routing information and the packet’s authentication. OSPFv3 and OSPFv2 have a lot in common: Both router ID and area ID are 32 bit. The following are the same type of packets: Hello packets, DD packets, LSR packets, LSU packets and LSAck packets.
Users Manual of CS-6306R simplify the settings, you can make related configuration to enable them to work under the default parameters without any authentication; if you want to change some parameters, you must guarantee that the parameters on all routers are identical. To set OSPFv3, you must perform the following tasks. Except that the task of activating OSPFv3 is mandatory, other settings are optional.
Users Manual of CS-6306R 54.3.2 Setting the Parameters of the OSPFv3 Interface During OSPFv3 realization, related OSPFv3 parameters on an interface are allowed to be modified according to actual requirements. Of cause you have no need to change every parameter, but you have to make sure that some parameters are consistent on all routers in the connected networks.
Users Manual of CS-6306R 54.3.5 Setting the Parameters of the OSPFv3 Domain The configurable domain parameters include: authentication, designating a stub area and specifying a weight for a default summary route. Its authentication is based on password protection. The stub area means that external routes cannot be distributed to this area. Instead, ABR generates a default external route that enters the stub area, enabling the stub area to communicate with external networks of an autonomous area.
Users Manual of CS-6306R Command Purpose areaarea-idrange ipv6-prefix Sets the address' range of the /prefix-length summary route. 54.3.7 Setting the Summary of the Forwarded Routes When routes are distributed from other routing areas to the OSPFv3 routing area, each route is singularly broadcasted as an external LSA. However, you can set a route on a router to make this route cover an address range. In this way, the size of the OSPFv3 link-state database can be reduced.
Users Manual of CS-6306R 54.3.10 Setting the Management Distance of OSPFv3 The management distance means the trust level of the routing information source. Generally speaking, the management distance is an integer between 0 and 255. The bigger its value is, the lower the trust level is. If the management distance is 255, the routing information source will be distrusted and omitted. OSPFv3 uses three different kinds of management distances: inter-domain, inner-domain and exterior.
Users Manual of CS-6306R [intra-prefix][adv-router router-id] show ipv6 ospf interface Displays the information about the OSPFv3 interface. show ipv6 ospf neighbor Displays the information about OSPFv3 neighbors. show ipv6 ospf route Displays the routing information about OSPFv3. show ipv6 ospf topology Displays the OSPFv3 topology. show ipv6 ospf virtual-links Displays the virtual links of OSPFv3. debug ipv6 ospf Monitors all OSPFv3 behaviors.
Users Manual of CS-6306R ! interface vlan 10 ipv6 address 2001: : 1/64 ipv6 enable ipv6 rip aaa enable ipv6 rip aaa split-horizon ipv6 ospf 90 area 0 ipv6 ospf cost 1 ! router ospfv3 90 router-id 1.1.1.1 redistribute rip ! router ripng aaa redistribute ospf 90 2. Configuring multiple OSPFv3 processes The following example shows that two OSPFv3 processes are created.
Users Manual of CS-6306R redistribute static ! router ospfv3 110 router-id 2.2.2.2 ! Each interface can belong to many OSPFv3 processes, but if an interface belongs to multiple OSPFv3 processes each OSPFv3 process must correspond to different instances. 3. Complicated configuration example The following example shows how to configure multiple routers in a single OSPFv3 autonomous system.
Users Manual of CS-6306R ipv6 ospf 1 area 1 ! ! router ospfv3 1 router-id 2.2.2.
Users Manual of CS-6306R redistribute static ! R2: interface vlan 0 ipv6 enable ipv6 ospf 1 area 1 ! ! router ospfv3 1 router-id 2.2.2.
Users Manual of CS-6306R Configure the router according to the above-mentioned figure: R1: interface vlan 0 ipv6 address 101: : 1/64 ipv6 enable ipv6 ospf 1 area 1 ! interface vlan 1 ipv6 address 6: : 1/64 ipv6 enable ipv6 ospf 1 area 0 ! ipv6 route 2001: : /64 6: : 2 ! router ospfv3 1 router-id 200.200.200.1 area 1 virtual-link 200.200.200.
Users Manual of CS-6306R ! router ospfv3 1 router-id 200.200.200.2 area 1 virtual-link 200.200.200.1 ! Browsing the state of the OSPFv3 neighbor: R1#show ipv6 ospf neighbor OSPFv3 Process (1) Neighbor ID Pri State Dead Time Interface 200.200.200.2 1 Full/DR 00: 00: 35 200.200.200.2 1 Full/ - 00: 00: 36 Instance ID VLAN0 0 VLINK1 0 R2#show ipv6 ospf neighbor OSPFv3 Process (1) OSPFv3 Process (1) Neighbor ID Pri State Dead Time Interface 200.200.200.1 1 Full/Backup 200.200.200.
Users Manual of CS-6306R C fe80: : 2e0: fff: fe26: 2d98/128[2] is directly connected, L, VLAN0 C fe80: : /64[1] is directly connected, C, VLAN1 C fe80: : 2e0: fff: fe26: 2d99/128[1] is directly connected, L, VLAN1 C ff00: : /8[2] is directly connected, L,Null0 R2#show ipv6 route O 6: : /64[1] [110,20] via fe80: C 101: : 4: : 2e0: fff: fe26: 2d98(on VLAN0) fff: fe26: 2d98(on VLAN0) /64[1] is directly connected, C, VLAN0 O 101: : 1/128[1] [110,10] via fe80: C 101: :
Users Manual of CS-6306R Chapter 55. BFD Configuration 55.1 Overview BFD (Bidirectional Forwarding Detection) is a set of all-net uniform detection mechanism used for rapid detection and monitoring of link or IP routing forwarding connectivity. To improve the performance of existing networks, communication troubles can be detected rapidly between neighboring protocols so that a standby communication channel can be quickly established.
Users Manual of CS-6306R If min_rx_interval on the local end is decreased, the local detection time cannot be modified until the packets reset by the peer’s F field are received, which ensures that the transmission interval of BFD control packets on the peer has been decreased before the decrease of local detection time.
Users Manual of CS-6306R 55.2.4 Enabling Port BFD Authentication Port BFD authentication is not activated by default. Authentication configuration takes immediate effect before BFD neighbor is up, and the two terminals of a link on which BFD detection is conducted can be up only when their BFD authentication configurations are same.
Users Manual of CS-6306R B: interface vlan1 ip address 1.1.1.2 255.255.255.0 bfd enable no ip directed-broadcast ! router bgp 200 no synchronization bgp log-neighbor-changes neighbor 1.1.1.1 remote-as 100 neighbor 1.1.1.
Users Manual of CS-6306R Chapter 56. SNTP Configuration 56.1 Overview 56.1.1 Stipulations 56.1.1.1 Format Stipulation in the Command Line Syntax Definition Stands for the keyword in the command line, which stays unchanged and must be entered without any Bold modification. It is presented as a bold in the command line. Stands for the parameter in the command line, which must be replaced by the actual value. It must be {italic} presented by the italic in the brace.
Users Manual of CS-6306R The local switch takes as the SNTP client: Setting the IP Address of the SNTP Server Setting the Interval of Browsing the SNTP Server Disabling the SNTP Server 56.2.3 SNTP Configuration 56.2.3.1 Setting the Grade of the SNTP Server Configuration mode: Global Command Purpose sntp master [Stratum] Sets the grade of the SNTP server. 56.2.3.2 Enabling the SNTP Server Configuration mode: Global Command Purpose sntp master The SNTP server is enabled by default. 56.2.3.
Users Manual of CS-6306R Chapter 57. Cluster Management Configuration 57.1 Overview The switch cluster is a group of switches which can be managed as a single entity. In the cluster, there must be a switch worked as the command switch, which allows up to 255 switches simultaneously to join the cluster as member switches. As the single access node in the cluster, the command switch is used to configure, manage and monitor member switches. One switch belongs to only one cluster at a certain moment. 57.
Users Manual of CS-6306R 57.3.2 Creating Cluster A. Activating command switch Run the following command in global configuration mode to set the current switch to the command switch: Command Description cluster mode Sets the current switch to the command commandercluster-name switch. B.
Users Manual of CS-6306R Command Description cluster holdtime<1-300> Configures the interval of sending handshake message between the command switch and the member switch. D. Configuring hop number of the discovery protocol The cluster uses the hop number to measure the distance of switches in the cluster. The hop number of the discovery protocol configured on the command switch equals the distance between the cluster verge and the candidate switch which is farthest to the cluster verge.
