Management Guide TigerAccess™ EE CLI Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for its use, nor for any infringements of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent or patent rights of SMC. SMC reserves the right to change specifications at any time without notice. Copyright (C) 2009 by SMC Networks, Inc.
CLI Management Guide TigerAccess™ EE Warranty and Product Registration To register SMC products and to review the detailed warranty statement, please refer to the Support Section of the SMC Website at http://www.smc.
Management Guide TigerAccess™ EE CLI Reason for Update Summary: Initial release Details: Chapter/Section Reason for Update All Initial release Issue History Issue Date of Issue Reason for Update 05/2009 Initial release (nos 5.
CLI Management Guide TigerAccess™ EE Contents 1 Introduction .......................................................................................19 1.1 1.2 1.3 1.4 1.5 1.6 Audience............................................................................................... 19 Document Structure.............................................................................. 19 Document Convention .......................................................................... 20 Document Notation............
Management Guide TigerAccess™ EE CLI 4.1.10.2 Auto System Rebooting .................................................................................46 4.2 System Authentication .......................................................................... 47 4.2.1 4.2.2 4.2.3 4.2.4 Authentication Method ................................................................................47 Authentication Interface ..............................................................................
CLI Management Guide TigerAccess™ EE 4.5.4 4.5.5 4.5.6 4.5.7 Restoring Default Value ............................................................................. 64 Displaying 802.1x Configuration ................................................................ 64 802.1x User Authentication Statistics......................................................... 64 Sample Configuration................................................................................. 65 5 Port Configuration ..................
Management Guide TigerAccess™ EE CLI 5.3.5.10 Displaying CPE Status .................................................................................108 5.4 Port Mirroring ...................................................................................... 110 6 System Environment ...................................................................... 112 6.1 Environment Configuration ................................................................. 112 6.1.1 6.1.2 6.1.3 6.1.4 6.1.5 6.1.6 6.1.7 6.1.
CLI Management Guide TigerAccess™ EE 7.1.2 7.1.3 7.1.4 7.1.5 7.1.6 7.1.7 7.1.8 Information of SNMP Agent...................................................................... 136 SNMP Com2sec....................................................................................... 137 SNMP Group ............................................................................................ 137 SNMP View Record..................................................................................
Management Guide TigerAccess™ EE CLI 7.4.2.4 7.4.2.5 7.4.2.6 7.4.2.7 7.4.2.8 7.4.2.9 7.4.3 RMON Event .............................................................................................161 7.4.3.1 7.4.3.2 7.4.3.3 7.4.3.4 7.4.3.5 7.4.3.6 7.5 Syslog Output Level..................................................................................163 Facility Code .............................................................................................165 Syslog Bind Address ..................
CLI Management Guide TigerAccess™ EE 7.6.7.2 7.6.7.3 7.6.7.4 7.6.8 7.6.9 Displaying Admin Rule ............................................................................. 197 Scheduling Algorithm ............................................................................... 198 7.6.9.1 7.6.9.2 7.6.9.3 7.6.9.4 7.6.9.5 7.6.9.6 7.6.9.7 7.7 7.8 7.9 Admin Policy Priority.................................................................................... 196 Admin Policy Action .........................
Management Guide TigerAccess™ EE CLI 7.16.1 7.16.2 7.16.3 7.16.4 7.16.5 7.16.6 7.16.7 sFlow Service............................................................................................230 Agent IP Address ......................................................................................230 Enabling sFlow on Port .............................................................................231 Maximum IP Header Size .........................................................................
CLI Management Guide TigerAccess™ EE 8.3 Spanning-Tree Protocol (STP)............................................................ 257 8.3.1 8.3.2 STP Operation ......................................................................................... 258 RSTP Operation ....................................................................................... 262 8.3.2.1 8.3.2.2 8.3.2.3 8.3.2.4 8.3.3 MSTP Operation ......................................................................................
Management Guide TigerAccess™ EE CLI 8.4.4.5 8.4.4.6 8.4.5 8.4.6 8.4.7 8.4.8 8.4.9 8.4.10 8.4.11 8.4.12 8.4.13 8.5 8.6 Selecting the Node....................................................................................296 Protected Activation ..................................................................................296 Manual Switch to Secondary ....................................................................296 Wait-to-Restore Time .......................................................
CLI Management Guide TigerAccess™ EE 8.6.5.4 8.6.6 8.6.6.1 8.6.6.2 8.6.6.3 8.6.6.4 8.6.7 Enabling DHCP Snooping............................................................................ 324 DHCP Trust State......................................................................................... 324 DHCP Rate Limit ......................................................................................... 325 DHCP Lease Limit .............................................................................
Management Guide TigerAccess™ EE CLI 8.11 Jumbo Frame Capacity....................................................................... 346 8.12 Bandwidth ........................................................................................... 347 8.13 Maximum Transmission Unit (MTU).................................................... 347 9 IP Multicast ...................................................................................... 348 9.1 Multicast Group Membership .............................
CLI Management Guide TigerAccess™ EE Illustrations Fig. 2.1 Fig. 3.1 Fig. 4.1 Fig. 4.2 Fig. 5.1 Fig. 5.2 Fig. 5.3 Fig. 5.4 Fig. 5.5 Fig. 6.1 Fig. 6.2 Fig. 7.1 Fig. 7.2 Fig. 7.3 Fig. 7.4 Fig. 7.5 Fig. 7.6 Fig. 7.7 Fig. 7.8 Fig. 7.9 Fig. 7.10 Fig. 7.11 Fig. 7.12 Fig. 7.13 Fig. 7.14 Fig. 7.15 Fig. 7.16 Fig. 7.17 Fig. 7.18 Fig. 8.1 Fig. 8.2 Fig. 8.3 Fig. 8.4 Fig. 8.5 Fig. 8.6 Fig. 8.7 Fig. 8.8 Fig. 8.9 Fig. 8.10 Fig. 8.11 Fig. 8.12 Fig. 8.13 Fig. 8.14 Fig. 8.15 Fig. 8.16 Fig. 8.17 Fig. 8.18 Fig. 8.19 Fig. 8.
Management Guide TigerAccess™ EE CLI Fig. 8.21 Fig. 8.22 Fig. 8.23 Fig. 8.24 Fig. 8.25 Fig. 8.26 Fig. 8.27 Fig. 8.28 Fig. 8.29 Fig. 8.30 Fig. 8.31 Fig. 8.32 Fig. 8.33 Fig. 8.34 Fig. 8.35 Fig. 8.36 Fig. 8.37 Fig. 8.38 Fig. 8.39 Fig. 9.1 Fig. 9.2 SMC7824M/VSW Compatibility with 802.1d (1)........................................................................266 Compatibility with 802.1d (2)........................................................................266 CST and IST of MSTP (1) ................
CLI Management Guide TigerAccess™ EE Tables Tab. 1.1 Tab. 1.2 Tab. 3.1 Tab. 3.2 Tab. 3.3 Tab. 3.4 Tab. 3.5 Tab. 3.6 Tab. 3.7 Tab. 3.8 Tab. 3.9 Tab. 3.10 Tab. 3.11 Tab. 5.1 Tab. 5.2 Tab. 5.3 Tab. 5.4 Tab. 5.5 Tab. 5.6 Tab. 5.7 Tab. 5.8 Tab. 5.9 Tab. 6.1 Tab. 6.2 Tab. 6.3 Tab. 6.4 Tab. 7.1 Tab. 7.2 Tab. 7.3 Tab. 8.1 Tab. 8.2 Tab. 8.3 18 Overview of Chapters.................................................................................... 19 Command Notation of Guide Book.................................
Management Guide TigerAccess™ EE CLI 1 Introduction 1.1 Audience This manual is intended for Ethernet/IP DSLAM operators and maintenance personnel for providers of Digital Subscriber Line(DSL) and Ethernet services. This manual assumes that you are familiar with the following: • Ethernet networking technology and standards • Internet topologies and protocols • DSL technology and standards • Usage and functions of graphical user interfaces. 1.2 Document Structure Tab. 1.
CLI Management Guide TigerAccess™ EE 1.3 Document Convention This guide uses the following conventions to convey instructions and information. Information i This information symbol provides useful information when using commands to configure and means reader take note. Notes contain helpful suggestions or references. Warning ! 1.4 This warning symbol means danger. You are in a situation that could cause bodily injury or broke the equipment.
Management Guide TigerAccess™ EE 1.5 ! CLI Virus Protection To prevent a virus infection you may not use any software other than that which is released for the Operating System (OS based on Basis Access Integrator), Local Craft Terminal (LCT) and transmission system. Even when exchanging data via network or external data media(e.g. floppy disks) there is a possibility of infecting your system with a virus. The occurrence of a virus in your system may lead to a loss of data and breakdown of functionality.
CLI Management Guide TigerAccess™ EE 2 System Overview The switch, which is IP VDSL, uses VDSL (Very high-data rate Digital Subscriber Line) technologies so that users can be served voice communication and data communication at the same time through existing telephone line. Since VDSL technology takes the telephone line, you do not need to install LAN line newly. Therefore, you can save the cost and provide advanced service for users in apartments, buildings, and hotels.
Management Guide TigerAccess™ EE 2.1 CLI System Features The following introduces the main features of the VDSL2 system which provides Layer 2 switching, Ethernet switching and related functions. Virtual Local Area Network (VLAN) Virtual local area network (VLAN) is made by dividing one network into several logical networks. Packet cannot be transmitted and received between different VLANs. Therefore, it can prevent needless packets accumulating and strengthen security. The switch recognizes 802.
CLI Management Guide TigerAccess™ EE VLAN in the network, traditional STP works. However in more than one VLAN network, STP cannot work per VLAN. To avoid this problem, the switch supports multiple spanning tree protocol (MSTP) IEEE 802.1s. Trunking & Link Aggregation Control Protocol (LACP) The switch aggregates several physical interfaces into one logical port (aggregate port). Port trunk aggregates interfaces with the standard of same speed, same duplex mode, and same VLAN ID.
Management Guide TigerAccess™ EE CLI 3 Command Line Interface (CLI) The switch enables system administrators to manage the switch by providing the command line interface (CLI). This user-friendly CLI provides you with a more convenient management environment. To manage the system with the CLI, a management network environment is required. The switch can connect to the management network either directly (outband) or through the access network (inband).
CLI Management Guide TigerAccess™ EE 3.1.1 Privileged EXEC View Mode When you log in to the switch, the CLI will start with Privileged EXEC View mode which is a read-only mode. In this mode, you can see a system configuration and information with several commands. Tab. 3.1 shows main command of Privileged EXEC View mode. Command enable Opens Privileged EXEC Enable mode. exit Logs out the switch. show Shows a system configuration and information. Tab. 3.1 3.1.
Management Guide TigerAccess™ EE 3.1.3 CLI Global Configuration Mode In Global Configuration mode, you can configure general functions of the system. You can also open another configuration mode from this mode. To open Global Configuration mode, enter the configure terminal command, and then the system prompt will be changed from SWITCH# to SWITCH(config)#. Command configure terminal Mode Enable Description Opens Global Configuration mode. Tab. 3.3 shows main commands of Global Configuration mode.
CLI Management Guide TigerAccess™ EE Tab. 3.4 shows main commands of Bridge Configuration mode. Command lacp Configures LACP. mac Configures a MAC table. mirror Configures a port mirroring. oam Configures EFM OAM. port Configures Ethernet port. spanning-tree Configures Spanning Tree Protocol (STP). trunk Configures a trunk port. vlan Configures VLAN. Tab. 3.4 3.1.
Management Guide TigerAccess™ EE CLI To open DHCP Option Configuration mode, use the command. Then the system prompt will be changed from SWITCH(config)# to SWITCH(dhcp-opt[NAME])#. Command ip dhcp option format NAME Mode Global Description Opens DHCP Option Configuration mode to configure DHCP options. Tab. 3.7 is the main commands of DHCP Option Configuration mode. Command attr Tab. 3.6 3.1.7 Description Configures the attribute for option field in the DHCP packet.
CLI Management Guide TigerAccess™ EE Tab. 3.8 shows main commands of Interface Configuration mode. Command description Specifies a description. ip address Assigns IP address. shutdown Deactivates an interface. mtu Sets MTU value. Tab. 3.8 3.1.9 Description Main Command of Interface Configuration Mode Rule Configuration Mode The switch modifies previous Rule Configuration mode to Flow, Policer and Policy Configuration modes.
Management Guide TigerAccess™ EE CLI Tab. 3.10 shows main commands of RMON Configuration mode. Command Description active Activates RMON. Shows the subject which configures each RMON and uses relevant owner Tab. 3.10 3.2 information. Main Command of RMON Configuration Mode Configuration Mode Overview Fig. 3.1 shows the overview of the configuration mode for the switch.
CLI Management Guide TigerAccess™ EE 3.3 Useful Tips This section describes useful tips for operating the switch with a CLI. • • • • • 3.3.1 Listing Available Command Calling Command History Using Abbreviation Using Command of Privileged EXEC Enable Mode Exit Current Command Mode Listing Available Command To list available commands, input question mark in the current mode.
Management Guide TigerAccess™ EE CLI The following is an example of displaying the list of available commands of Privileged EXEC Enable mode. SWITCH# show list clear arp clear arp IFNAME clear cpe stat-error (PORTS|) clear ip arp inspection statistics (vlan VLAN_NAME|) clear ip dhcp authorized-arp invalid clear ip dhcp leasedb A.B.C.
CLI Management Guide TigerAccess™ EE The switch also provides the simple instruction of calling the help string with the help command. You can see the instruction using the command regardless of the configuration mode. To display the instruction of calling the help string for using CLI, use the following command. Command help 3.3.2 Mode All Description Shows the instruction of calling the help string for using CLI.
Management Guide TigerAccess™ EE 3.3.3 CLI Using Abbreviation Several commands can be used in the abbreviated form. The following table shows some examples of abbreviated commands. Command clock cl exit ex show sh configure terminal con te Tab. 3.11 3.3.4 Abbreviation Command Abbreviation Using Command of Privileged EXEC Enable Mode You can execute the commands of Privileged EXEC Enable mode as show, ping, telnet, traceroute, and so on regardless of which mode you are located on.
CLI Management Guide TigerAccess™ EE 4 System Connection and IP Address 4.1 System Connection After installing the system, the switch is supposed to examine that each port is rightly connected to network and management PC. You can connect to the system to configure and manage the switch. This section provides instructions how to change password for system connection and how to connect to the system through telnet as the following order.
Management Guide TigerAccess™ EE CLI Step 2 When you enter a login ID at the login prompt, the password prompt will be displayed, and then enter the proper password to log in the system. By default setting, the login ID is configured as admin with no password. SWITCH login: admin Password: SWITCH> Step 3 In Privileged EXEC View mode, you can check only the configuration for the switch. To configure and manage the switch, you should begin Privileged EXEC Enable mode.
CLI Management Guide TigerAccess™ EE Password: SWITCH# To delete the configured password, use the following command. Command no passwd enable Mode Global Description Deletes the password. The created password can be displayed with the show running-config command. To encrypt the password not to be displayed, use the following command. Command service password-encryption Mode Global Description Encrypts the system password. To disable password encryption, use the following command. 4.1.
Management Guide TigerAccess™ EE 4.1.5 CLI Login Password Recovery Process To upgrade the system software in the boot mode, perform the following step-by-step instruction: Step 1 After the switch is manually restarted, “Start Address: shown up. 0x010000000” will be Step 2 Keep on pressing [Space Bar] key until “console=ttyS0,9600 root=/dev/ram rw” is shown up on the screen. Step 3 Enter “password” next to “console=ttyS0,9600 root=/dev/ram rw”. Step 4 Check “password restore to default...
CLI Management Guide TigerAccess™ EE 4.1.6 4.1.6.1 Management for System Account Creating System Account For the switch, the administrator can create a system account. And it is possible to set the security level from 0 to 15 to enhance the system security. To create a system account, use the following command. Command Mode Creates a system account. user add NAME DESCRIPTION user add NAME level <0-15> Global DESCRIPTION i Description NAME: user name Creates a system account with a security level.
Management Guide TigerAccess™ EE CLI To define the security level and its authority, use the following command. Command Mode Description privilege view level <0-15> Uses the specific command of Privileged EXEC View {COMMAND | all} mode in the level. privilege enable level <0-15> Uses the specific command of Privileged EXEC Enable {COMMAND | all} mode in the level. privilege configure level <0-15> Uses the specific command of Global Configuration {COMMAND | all} mode in the level.
CLI Management Guide TigerAccess™ EE The commands starting with the same character are applied by inputting only the starting commands. For example, if you input show, all the commands starting with show are applied. To delete a configured security level, use the following command. Command Mode Description Deletes all configured security lev- no privilege els.
Management Guide TigerAccess™ EE CLI Enter new password:(Enter) Bad password: too short. Warning: weak password (continuing). Re-enter new password: (Enter) Password changed. SWITCH(config)# user add test1 level 1 level1user Changing password for test1 Enter the new password (minimum of 5, maximum of 8 characters) Please use a combination of upper and lower case letters and numbers. Enter new password: (Enter) Bad password: too short. Warning: weak password (continuing).
CLI Management Guide TigerAccess™ EE To set the number of users accessing the switch, use the following command. Command login connect <1-8> Mode Sets the number of users accessing the switch. Global no login connect 4.1.8 Description Default: 8 Deletes a configured value. Auto Log-out For security reasons of the switch, if no command is entered within the configured inactivity time, the user is automatically logged out of the system. Administrator can configure the inactivity timer.
Management Guide TigerAccess™ EE CLI SWITCH# write memory [OK] SWITCH# The system administrator can disconnect users connected from remote place. To disconnect a user connected through telnet, use the following command. Command disconnect TTY-NUMBER Mode Enable Description Disconnects a user connected through telnet. The following is an example of disconnecting a user connected from a remote place. SWITCH# where admin at ttys0 from console for 4 days 22 hours 15 minutes 24.
CLI Management Guide TigerAccess™ EE 4.1.10.2 Auto System Rebooting The switch reboots the system according to user’s configuration. There are two basis for system rebooting. These are CPU and memory. CPU is rebooted in case CPU Load or Interrupt Load continues for the configured time. Memory is automatically rebooted in case memory low occurs as the configured times. To enable the auto system rebooting, use the following command.
Management Guide TigerAccess™ EE 4.2 CLI System Authentication For the enhanced system security, the switch provides two authentication methods to access the switch such as Remote Authentication Dial-In User Service (RADIUS) and Terminal Access Controller Access Control System Plus (TACACS+). 4.2.1 Authentication Method To set the system authentication method, use the following command. Command Mode Description Sets a system authentication method.
CLI Management Guide TigerAccess™ EE 4.2.4 4.2.4.1 RADIUS Server RADIUS Server for System Authentication To add/delete a RADIUS server for system authentication, use the following command. Command Mode Description Adds a RADIUS server with its information. login radius server A.B.C.D A.B.C.D: IP address KEY [auth_port PORT acct_port PORT] Global KEY: authentication key value auth_port: authentication port (optional) acct_port: accounting port (optional) no login radius server [A.B.C.D] i 4.2.4.
Management Guide TigerAccess™ EE 4.2.5 4.2.5.1 CLI TACACS+ Server TACACS+ Server for System Authentication To add/delete the TACACS+ server for system authentication, use the following command. Command Mode Description Adds a TACACS+ server with its information. login tacacs server A.B.C.D KEY Global no login tacacs server [A.B.C.D] i 4.2.5.2 A.B.C.D: IP address KEY: authentication key value Deletes an added TACACS+ server. You can add up to 5 TACACS+ servers.
CLI Management Guide TigerAccess™ EE Authentication Type To select the authentication type for TACACS+, use the following command. Command Mode Description Selects an authentication type for TACACS+. login tacacs auth-type {ascii | pap | chap} ascii: plain text Global pap: password authentication protocol chap: challenge handshake authentication protocol no login tacacs auth-type Deletes a specified authentication type.
Management Guide TigerAccess™ EE 4.3 CLI Configuring Interface The Layer 2 switches only see the MAC address in an incoming packet to determine where the packet needs to come from/to and which ports should receive the packet. The Layer 2 switches do not need IP addresses to transmit packets. However, if you want to access to the switch from a remote place with TCP/IP through SNMP or telnet, it requires an IP address.
CLI Management Guide TigerAccess™ EE i 4.3.2 To display if an interface is enabled, use the show running-config command. Assigning IP Address to Network Interface After enabling an interface, assign an IP address. To assign an IP address to a network interface, use the following command. Command Description ip address A.B.C.D/M Assigns an IP address to an interface. ip address A.B.C.D/M secondary Assigns a secondary IP address to an interface.
Management Guide TigerAccess™ EE CLI To delete a configured static route, use the following command. Command Mode Description no ip route A.B.C.D SUBNET-MASK {GATEWAY | null} [<1-255>] no ip route A.B.C.D/M {GATEWAY | null} [<1- Global Deletes a configured static route. 255>] To configure a default gateway, use the following command. Command Mode ip route default {GATEWAY | Global null} [<1-255>] Description Configures a default gateway.
CLI Management Guide TigerAccess™ EE inet 10.27.41.91/24 broadcast 10.27.41.255 input packets 3208070, bytes 198412141, dropped 203750, multicast packets 0 input errors 12, length 0, overrun 0, CRC 0, frame 0, fifo 12, missed 0 output packets 11444, bytes 4192789, dropped 0 output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0 collisions 0 SWITCH(config)# 4.3.5 Displaying Interface To display an interface status and configuration, use the following command.
Management Guide TigerAccess™ EE 4.4 CLI Secure Shell (SSH) Network security is getting more important because the access network has been generalized among numerous users. However, typical FTP and telnet service have big weakness for their security. Secure shell (SSH) is a network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and to allow the remote computer to authenticate the user. 4.4.
CLI Management Guide TigerAccess™ EE 4.4.1.4 Assigning Specific Authentication Key After enabling SSH server, each client will upload its own generated authentication key. The SSH server can assign the specific key among the uploaded keys from several clients. To verify an authentication key, use the following command. Command ssh key verify FILENAME i 4.4.1.5 Mode Global Description Verifies a generated authentication key.
Management Guide TigerAccess™ EE 4.4.2.3 CLI Authentication Key SSH client can access to server through authentication key after configuring authentication key and informing it to server. It is safer to use authentication key than inputting password every time for login, and it is also possible to connect to several SSH servers with using one authentication key. To configure an authentication key in the switch, use the following command.
CLI Management Guide TigerAccess™ EE 4.5 802.1x Authentication To enhance security and portability of network management, there are two ways of authentication based on MAC address and port-based authentication which restrict clients attempting to access to port. Port-based authentication (802.1x) is used to authenticate the port self to access without users’ count to access the network. 802.1x authentication adopts EAP (Extensible Authentication Protocol) structure.
Management Guide TigerAccess™ EE 4.5.1 4.5.1.1 CLI 802.1x Authentication Enabling 802.1x To configure 802.1x, the user should enable 802.1x daemon first. To enable 802.1x daemon, use the following command. Command Mode dot1x system-auth-control no dot1x system-auth-control 4.5.1.2 Global Description Enables 802.1x daemon. Disables 802.1x daemon. RADIUS Server As RADIUS server is registered in authenticator, authenticator also can be registered in RADIUS server.
CLI Management Guide TigerAccess™ EE After default server is designated, all requests start from the RADIUS server. If there’s no response from default server again, the authentication request is tried for RADIUS server designated as next one. To configure IP address of RADIUS server and key value, use the following command. Command dot1x Mode radius-server host Registers RADIUS server with key value and UDP port {A.B.C.D | NAME} auth-port <0- of radius server.
Management Guide TigerAccess™ EE 4.5.1.4 CLI Authentication Port After configuring 802.1x authentication mode, you should select the authentication port. Command Mode dot1x nas-port PORTS Global no dot1x nas-port PORTS 4.5.1.5 Description Designates 802.1x authentication port. Disables 802.1x authentication port. Force Authorization The switch can permit the users requesting the access regardless of the authentication from RADIUS server.
CLI Management Guide TigerAccess™ EE To configure times of authentication request in the switch, please use the command in Global mode. Command dot1x radius-server retries <110> 4.5.1.8 Mode Description Configure times of authentication request to RADIUS Global server. 1-10: retry number (default: 3) Interval of Request to RADIUS Server For the switch, it is possible to set the time for the retransmission of packets to check RADIUS server.
Management Guide TigerAccess™ EE 4.5.2.2 CLI Interval of Re-Authentication RAIDIUS server contains the database about the user who has access right. The database is real-time upgraded so it is possible for user to lose the access right by updated database even though he is once authenticated. In this case, even though the user is accessible to network, he should be authenticated once again so that the changed database is applied to. Besides, because of various reasons for managing RADIUS server and 802.
CLI Management Guide TigerAccess™ EE 4.5.3 Initializing Authentication Status The user can initialize the entire configuration on the port. Once the port is initialized, the supplicants accessing to the port should be re-authenticated. Command dot1x initialize PORTS 4.5.4 Mode Global Description Initializes the authentication status on the port. Restoring Default Value To restore the default value of the 802.1x configuration, use the following command. 4.5.
Management Guide TigerAccess™ EE 4.5.7 CLI Sample Configuration The following is the example of configuring the port 25 with the port-based authentication specifying the information of RADIUS server. SWTICH(config)# dot1x system-auth-control SWTICH(config)# dot1x nas-port 25 SWTICH(config)# dot1x port-control force-authorized 25 SWTICH(config)# dot1x radius-server host 10.1.1.1 auth-port 1812 key test SWTICH(config)# show dot1x 802.1x authentication is enabled.
CLI Management Guide TigerAccess™ EE The following is the example of configuring the port 25 with the MAC-based authentication. SWTICH(config)# dot1x auth-mode mac-base 25 SWTICH(config)# show dot1x 802.1x authentication is enabled. RADIUS Server TimeOut: 1(S) RADIUS Server Retries: 3 RADIUS Server : 10.1.1.1 (Auth key : test) ---------------------------------------------| 802.1x 1 2 3 |123456789012345678901234567890123 ---------------------------------------------PortEnable |........................
Management Guide TigerAccess™ EE CLI 5 Port Configuration The switch provides maximum 24 VDSL ports including integrated splitters. In this chapter, you can find the instructions for the basic port configuration such as auto-negotiation, flow control, transmit rate, etc. Please read the following instructions carefully before you configure a port in the switch. This chapter contains the following sections. • • • • 5.
CLI Management Guide TigerAccess™ EE riety of manufacturers. To enable/disable the auto-negotiation on an Ethernet port, use the following command. Command Mode port nego PORTS {on | off} ! Description Enables/disables the auto-negotiation on a specified Bridge port, enter a port number. (default: on) Auto-negotiation operates only on 10/100/1000Base-TX interface. You cannot enable this function on 1000Base-X optical interface.
Management Guide TigerAccess™ EE CLI The following is an example of setting transmit rate on the Ethernet port 25 to 10 Mbps.
CLI Management Guide TigerAccess™ EE 5.2.5 Flow Control In Ethernet networking, the flow control is the process of adjusting the flow of data from one network device to another to ensure that the receiving device can handle all of the incoming data. For this process, the receiving device normally sends a PAUSE frame to the sending device when its buffer is full. The sending device then stops sending data for a while.
Management Guide TigerAccess™ EE 5.2.7 5.2.7.1 CLI Traffic Statistics Packet Statistics To display the traffic statistics of an Ethernet port, use the following command. Command Mode Description show port statistics avg-pkt Shows the traffic statistics of the average packet for a [PORTS] specified Ethernet port. show port statistics avg-pps Shows the traffic statistics per packet type for a speci- [PORTS] fied Ethernet port.
CLI Management Guide TigerAccess™ EE 5.2.7.2 CPU Statistics To display the statistics of the traffic handled by CPU, use the following command. Command show cpu Mode statistics avg-pkt [PORTS] show cpu statistics Enable Global total Bridge [PORTS] Description Shows the statistics of the traffic handled by CPU per packet type. Shows the traffic statistics of the average packet handled by CPU. To delete the collected statistics of the traffic handled by CPU, use the following command.
Management Guide TigerAccess™ EE CLI To disable the switch to generate a syslog message according to the number of the packets handled by CPU, use the following command. Command Mode Disables the switch to generate a syslog message no cpu statistics-limit {unicast | according to the number of the packets handled by multicast | broadcast} {PORTS | all} Enable Global no cpu statistics-limit Description all CPU for each packet type.
CLI Management Guide TigerAccess™ EE 5.2.8 Port Information To display the port information, use the following command. Command Mode Description show port [PORTS] Shows a current port status, enter a port number. Enable show port description [PORTS] Global Bridge show port module-info [PORTS] ! Shows a specified port description, enter a port number. Shows optical module (SFP) information. The show port module-info command is only valid for Ethernet optical port.
Management Guide TigerAccess™ EE 5.3 5.3.1 CLI VDSL Port Configuration Modulation of VDSL Signal The switch provides both Internet and telephone communication through existing telephone line with using DSL technology. DSL communication system requires technique to convert digital signal into analog signal and return the analog signal into the digital signal. Fig. 5.1 shows process of signal transmission in DSL system. Fig. 5.
CLI Management Guide TigerAccess™ EE Fig. 5.2 DMT Modulation Meanwhile, DMT using multi carrier can control carrier about exterior noise differently came from each frequency in detail, whereas chip implementation is more complicated than QAM and power consumption is quite high. Also, it is possible to process many digital signals. Although its fundamental is complicated, processing speed is faster than QAM. 5.3.2 Configuring VDSL Port You can configure profile, interleave of VDSL port.
Management Guide TigerAccess™ EE 5.3.2.1 CLI Displaying Status of VDSL Port You can check status of VDSL port and user’s configuration. It is also possible to view information of VDSL port. To check status of VDSL port and information of DMT modulation, use the following command Command Mode Description show lre [PORTS] Shows VDSL port. show lre detail-info [PORTS] Shows detailed information of VDSL line.
CLI Management Guide TigerAccess™ EE i 5.3.2.3 This command is used not only to enable VDSL port but also to reset it when is on unstable status. Profile of VDSL Port It is possible to configure bandwidth of up/down stream of VDSL port. To configure the profile, use the following command.
Management Guide TigerAccess™ EE CLI i The default pofile of VDSL port is「30a」 ! Configuration for Profile of VDSL port is applied to all the ports. The following table shows the option band types of VDSL port.
CLI Management Guide TigerAccess™ EE To control supplied power according to VDSL line, use the following command. Command Mode lre PORTS upbo enable i Description Controls supplied power according to distance of VDSL Bridge line. You should control supplied power of VDSL port according to distance of VDSL line. To disable power control according to distance of VDSL line, use the following command.
Management Guide TigerAccess™ EE CLI To configure the power back-off length of each upstream band, use the following command. Command Mode Description lre PORTS band-pbo-length u0 LENGTH [u1 LENGTH] Configures the power back-off length per upstream lre PORTS band-pbo-length u0 LENGTH u1 LENGTH [u2 band.
CLI Management Guide TigerAccess™ EE The following is an example of configuring the power consumption per upstream band of port 1 as 100m to 400m.
Management Guide TigerAccess™ EE 5.3.2.5 CLI PSD Level Power Spectral Density (PSD) Level is configured according to the standard but PSDLevel can be configured as the frequency by the administrator. To configure PSD-Level, use the following command. Command Mode lre PORTS psd-level { 0ㅣ1 | 2 | 3 Configures PSD value and frequency vlaue in VDSL Bridge | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15} {PSD | default | off} Band Description line.
CLI Management Guide TigerAccess™ EE 5.3.2.6 11 8508 - 12000 default 12 12008 - 16700 default 13 16708 - 17600 default 14 17608 - 18100 default 15 18108 - 30000 SWITCH(bridge)# default PSD Mask Level To configure PSD-Level, use the following command. Command Mode lre PORTS psd-mask-level { 0ㅣ1 | 2 | 3 | 4 | 5 | 6 5.3.2.7 line. PSD Level is basically configured as Default.
Management Guide TigerAccess™ EE CLI To enable Interleave process, use the following command. Command Mode lre PORTS channel slow i Description Bridge Enables Interleave process. The default is Interleave enabled as “slow”. The following is an example of displaying Interleave.
CLI Management Guide TigerAccess™ EE To display configured interleave delay, use the following command Command Mode Description Enable show lre interleave [PORTS] Global Shows the configuration of interleave delay. Bridge The following is an example of configuring Interleave-delay of port 50 as 50ms.
Management Guide TigerAccess™ EE CLI To enable/disable TCM of VDSL line port, use the following command. . Command Mode Description lre PORTS tcm {enable | disable} Bridge Configures TCM (default: enable) To display configured TCM, use the following command. Command show lre tcm [PORTS] 5.3.2.10 Mode Description Enable/Global/Bridge Shows the configured TCM. Ham-band The bandwidth that VDSL port of switch includes Ham band. It causes interruption in VDSL line.
CLI Management Guide TigerAccess™ EE The following table shows bandwidth of Ham band frequency. Ham band Bandwidth of Frequency(Unit:MHz) Standard band1 1.800 ~ 1.810 RFI Notch band2 1.800 ~ 1.825 KOREA HAM-BAND band3 1.810 ~ 1.825 ANNEX F band4 1.810 ~ 2.000 ETSI, T1E1 band5 1.9075 ~ 1.9125 ANNEX F band6 3.500 ~ 3.550 KOREA HAM-BAND band7 3.500 ~ 3.575 ANNEX F band8 3.500 ~ 3.800 ETSI band9 3.500 ~ 4.000 T1E1 band10 3.747 ~ 3.754 ANNEX F band11 3.790 ~ 3.
Management Guide TigerAccess™ EE CLI with or less than the noise strength, stable communication cannot be done. Therefore, SNT must not be minus or “0”. And, if there is this situation, you have to increase signal strength or decrease noise strength. Transmit rate of VDSL line depends of SNR. But, environment of line cannot be always same. So you need to configure transmit rate of VDSL line can be decided according to changing line environment.
CLI Management Guide TigerAccess™ EE To display SNR margin, use the following command. Command Mode show lre snr [PORTS] Description Enable/Global/Bridge Shows the configuration of SNR margin. The following is an example of configuring SNR margin of port 3 as “10㏈”.
Management Guide TigerAccess™ EE CLI The following table lists the sub-commands in the Bitloading per tone command.
CLI Management Guide TigerAccess™ EE time from beginning of the 15 minutes and time of error (Prev. 15m) of previous 15 minutes. Also, you can check times of error (Today) at present time from starting Today, times of error (Yesterday) of yesterday, and total times of error from booting. The following image shows standard of error counting provided in switch. Fig. 5.4 Counting Times of Error To display the number of errors in VDSL port, use the following command.
Management Guide TigerAccess™ EE CLI To check CRC error, Frame losses, and Signal loss of specific port at a time, use the following command Command Mode Shows data of CRC error, Frame loss, and Signal loss show lre stat-count-all PORTS show cpe stat-count-all [PORTS] show lre total-error [PORTS] Description at a time about Upstream Enable Shows data of CRC error, Frame loss, and Signal loss Global at a time about Downstream Bridge Shows the collected data of all errors.
CLI Management Guide TigerAccess™ EE To display all errors that are counted during 15 minutes or one day, use the following command Command Mode show lre pre-15m-error [PORTS] show lre cur-15m-error [PORTS] show lre pre-day-error [PORTS] Description Shows the error status in previous 15 minutes. Enable Global Bridge show lre cur-day-error [PORTS] Shows the error status in current 15 minutes. Shows the error status in previous day.
Management Guide TigerAccess™ EE 5.3.4 CLI Config-Profile You can make a policy configured in service port a Profile to apply to port. There are two kinds of profiles; one applied to VDSL line and the other one configured for Alarm of SNMP trap in case error is happened. This chapter describes the following lists. • • 5.3.4.1 Line config profile Alarm config profile Line config profile Line config profile is a policy, which configures transmit rate of VDSL line, SNR margin, and Interleave-delay.
CLI Management Guide TigerAccess™ EE To configure the detail of Profile, Use the following command. Command Mode Configures Interleave-delay of Downstream. The unit is down-max-inter-delay <1-100> down-slow-max-datarate msec. <0- Configures transmit rate of Maximum Downstream. The 100000> down-slow-min-datarate unit is kbps. (1000=1Mbps) <0- Configures transmit rate of Minimum Downstream. The 100000> unit is kbps. (1000=1Mbps) Configures SNR margin of Downstream.
Management Guide TigerAccess™ EE CLI To display the configuration, use the following command. Command show lre Mode line-config-profile [PORTS] Description Enable/Global/Bridge Shows the configuration of all line config profiles. To enable configuration of this line-config profile, use the following command. Command Mode active Line-config no active Description Enables the profile.
CLI Management Guide TigerAccess™ EE To disable the application of profile in specified port, use the following command. Command line-config-profile NAME Mode del PORTS Bridge Description Disables profile in specified port. To delete configured profile, use the following command. Command no line-config-profile NAME 5.3.4.2 Mode Bridge Description Deletes Profile.
Management Guide TigerAccess™ EE CLI Command Mode Configures threshold of duration of LOS. The unit is thresh-15min-loss <0-900> second. thresh-15min-sess <0-900> Alarm- Configures threshold of duration of SES. The unit is Config second. Configures threshold of duration of UAS. The unit is thresh-15min-uass <0-900> i Description second. If the threshold is configured as “0”, it means no limit. and the default of threshold is no limit.
CLI Management Guide TigerAccess™ EE The following is an example of enabling configuration SWITCH(bridge-alarm-config-profile[TEST])# active SWITCH(bridge-alarm-config-profile[TEST])# show running-config (omitted) alarm-config-profile TEST thresh-15min-lofs 300 thresh-15min-loss 300 thresh-15min-lols 300 thresh-15min-ess 300 thresh-15min-sess 300 thresh-15min-uass 300 active (omitted) SWITCH(bridge-line-config-profile[TEST])# ! Unless you enable configured profiles, they will not be applied although you
Management Guide TigerAccess™ EE ! CLI With enabled stacking, Master’s configuration is same configured in Slave. However, Master can make application to port of Slave. You should configure it in Slave. Please save the configuration after applying to port. To disable the application of profile, use the following command. Command alarm-config-profile NAME del PORTS Mode Bridge Description Disables Profile applied to port. Step 6 save the configuration.
CLI Management Guide TigerAccess™ EE 5.3.5 Configuring CPE You can reset CPE used when switch and check state of CPE. i ! “PORTS” at CPE configuration command is VDSL port number connected specified CPE. The below description is only for this switch, in which module is installed in DMT modulation. This chapter describes the following lists. • • • • • • • • • • 5.3.5.
Management Guide TigerAccess™ EE CLI To connect to FTP, please use the following command. Command load ftp DESTINATION Mode Enable Description Connects to FTP to store system image file in the system flash memory. SWITCH# load ftp 172.16.232.1 Connected to 172.16.232.1. 220 FTP Server ready. Name (172.16.232.1:root): anonymous 331 Password required for anonymous. Password:anonymous@da-san.com 230 User qa logged in. Remote system type is UNIX. Using binary mode to transfer files.
CLI Management Guide TigerAccess™ EE The following is an example to change the name of CPE file into single file name after exiting from FTP. i Input the port number connected to CPE which is supposed to install system image. Step 4 Install the system image file to the CPE. Command cpe nos-download PORTS Mode Bridge Description Upgrades the system image file of CPE, which is connected through a port. Step 5 To set the active OS of the CPE system, use the following command.
Management Guide TigerAccess™ EE CLI Step 2 Connect to FTP of Master to bring new system image file of CPE stored in Master RAM. Command load ftp DESTINATION Mode Enable Description Connects to FTP of Master. The following is an example of connecting to FTP of Master, 127.1.0.1. SWITCH# config terminal SWITCH(config)# bridge SWITCH(bridge)# load ftp 127.1.0.1 Connected to 127.1.0.1. 220 FTP Server 1.2.4 (FTPD) Name (127.1.0.1:root): root 331 Password required for root.
CLI Management Guide TigerAccess™ EE Step 4 Exit from FTP server. ftp> bye 221 Goodbye. SWITCH# Step 5 After exiting from FTP, change the name of system image file of CPE stored in this switch into the single file name. To change into the single file name, please use the following command. Command store cpe-nos FILENAME Mode Enable Description Stores system image file in CPE. The following is and example to change the name of CPE files into single file name after exiting from FTP.
Management Guide TigerAccess™ EE CLI To designate AGC and configure it manually, you should designate the distance. To disable the configured AGC, use the following command. Command Mode Description cpe {agc-off-0ㅣagc-off-1ㅣagc-off-2ㅣagc-off-3ㅣ Disable AGC in CPE and configure the Bridge agc-off-4ㅣagc-off-5ㅣagc-off-6ㅣagc-off-7ㅣagc- distance manually. off-8ㅣagc-off-9ㅣagc-off-10} PORTS i 5.3.5.5 There can be some error in manually designated distance.
CLI Management Guide TigerAccess™ EE 5.3.5.9 Auto Upgrade of CPE Image To upgrade the CPE image automatically, use the following command. Command Mode Description Enables the auto upgrading of CPE image for specific cpe auto-upgrade enable {h310 | h320 | h330 | h335} VERSION target model. Bridge VERSION: source cpe version (ex: 0.0.0r0) cpe auto-upgrade disable 5.3.5.10 Disables the auto upgrading of CPE image. Displaying CPE Status You can check state of CPE connected to VDSL port.
Management Guide TigerAccess™ EE i CLI NOS Version means the current image. It will be updated after resetting when you install new image. In the above example, NOS Download is indicated as the below. Feature NO Yes Done Fail Tab. 5.9 SMC7824M/VSW Command NOS is not downloaded yet. NOS is being downloaded. NOS has been successfully downloaded. NOS downloading is failed.
CLI Management Guide TigerAccess™ EE 5.4 Port Mirroring Port mirroring is the function of monitoring a designated port. Here, one port to monitor is called monitor port and a port to be monitored is called mirrored port. Traffic transmitted from mirrored port are copied and sent to monitor port so that user can monitor network traffic. The following is a network structure to analyze the traffic by port mirroring.
Management Guide TigerAccess™ EE CLI Step 3 Designate the mirrored ports, use the following command. Command mirror add PORTS [ingress | egress] Mode Description Designates the mirrored ports. Bridge ingress: ingress traffic egress: egress traffic Step 4 To delete and modify the configuration, use the following command. Command Mode no mirror monitor mirror del PORTS [ingress | Description Deletes a designated monitor port. Bridge egress] Deletes a port from the mirrored port.
CLI Management Guide TigerAccess™ EE 6 System Environment 6.1 Environment Configuration You can configure a system environment of the this switch with the following items: • • • • • • • • • • • • • 6.1.
Management Guide TigerAccess™ EE 6.1.3 CLI Time Zone The switch provides three kinds of time zone, GMT, UCT and UTC. The time zone of the switch is predefined as GMT (Greenwich Mean Time). Also you can set the time zone where the network element belongs. To set the time zone, use the following command (refer to the below table). Command time-zone TIMEZONE clear time-zone Mode Global Description Sets the time zone.
CLI Management Guide TigerAccess™ EE To display a configured NTP, use the following command. Command Mode Description Enable show ntp Global Shows a configured NTP function. Bridge To synchronize the system clock, the system periodically sends the NTP message to the NTP server. You can configure the system to bind the IP address to the message which allows the NTP server to recognize your system. To bind the IP address to the NTP message, use the following command. Command ntp bind-address A.B.C.
Management Guide TigerAccess™ EE CLI You can configure up to 3 servers so that you use second and third servers as backup use in case the first server is down. To display SNTP configuration, use the following command. Command Mode Description Enable show sntp Global Show SNTP configuration. Bridge The following is to register SNTP server as 203.255.112.96 and enable it. SWITCH(config)# sntp 203.255.112.96 SWITCH(config)# show sntp ========================== sntpd is running.
CLI Management Guide TigerAccess™ EE To restore a default banner, use the following command. Command Mode Description no banner no banner login Global Restores a default banner. no banner login-fail To display a current login banner, use the following command. Command Mode Description Enable show banner Global Shows a current login banner. Bridge 6.1.8 DNS Server To set a DNS server, use the following command. Command dns server A.B.C.D no dns server A.B.C.
Management Guide TigerAccess™ EE 6.1.9 CLI Fan Operation For the switch, it is possible to control fan operation. To control fan operation, use the following command. Command Mode fan operation {on | off} i Description Global Configures fan operation. It is possible to configure to start and stop fan operation according to the system temperature. To configure this, see Section 6.1.13.3. To display fan status and the temperature for fan operation, use the following command.
CLI Management Guide TigerAccess™ EE configuration is unnecessary on sysem, user can disable the system as FTP server. To enable/disable the system of this switch as FTP server, use the following command. Command ftp server {enable | disable} ! 6.1.12 Mode Global Description Enables/disables the FTP server on the system. (default: enable) If the FTP server is disabled, the system software upgrade cannot be done via FTP server. FTP Client address You can specify several IP addresses to this switch.
Management Guide TigerAccess™ EE CLI To show the configured threshold of CPU load, use the following command. Command Mode show cpuload show cpu-trueload 6.1.13.2 Description Enable Shows the configured threshold of CPU load. Global Shows the CPU usage every 5 seconds during current Bridge 10 minutes. Port Traffic To set the threshold of port traffic, use the following command. Command threshold port Mode Sets the threshold of port traffic.
CLI Management Guide TigerAccess™ EE ! When you set the threshold of fan operation, START-TEMP must be higher than STOPTEMP. To show the configured threshold of fan operation, use the following command. Command show status fan 6.1.13.4 Mode Enable/Global/Bridge Description Shows the status and configured threshold of fan operation. System Temperature To set the threshold of system temperature, use the following command.
Management Guide TigerAccess™ EE 6.1.13.6 CLI SFP Module (optional uplink port) The system module will operate depending on monitoring type of temperaturem, RX/TX power, voltage or Txbias. To set the threshold of module, use the following command. Command Mode threshold module {rxpower | txpower} PORTS {alarm | START-VALUE Sets the Diagnostics threshold of SFP module by warning} RX/TX power and monitors the module STOP- The range of RX/TX power: 0-6.
CLI Management Guide TigerAccess™ EE i This module DMI command is enabled by default. Thus, if you don’t want to get DMI information, configure this setting as disable. ! If disabled, the switch does not show DMI information of the SFP ports when using the show port module-info command. To display the configuration of DMI module, use the following command. Command Mode Description Enable show module dmi Global Displays the configuration result of DMI module.
Management Guide TigerAccess™ EE 6.2 CLI Configuration Management You can verify if the system configurations are correct and save them in the system. This section contains the following functions. • • • • • 6.2.1 Displaying System Configuration Writing System Configuration Auto-Saving System Configuration File Restoring Default Configuration Displaying System Configuration To display the current running configuration of the system, use the following command.
CLI Management Guide TigerAccess™ EE 6.2.3 Auto-Saving The switch supports the auto-saving feature, allowing the system to save the system configuration automatically. This feature prevents unsaved system configuration lost by unexpected system failure. To allow the system to save the system configuration automatically, use the following command. Command write interval <10-1440> Mode Enables auto-saving with a given interval. Global no write interval 6.2.
Management Guide TigerAccess™ EE CLI To delete a system configuration file, use the following command. Command erase config FILENAME Mode Description Enable Deletes a specified configuration file. Global FILENAME: configuration file name To display a system configuration file, use the following command. Command show startup-config show config-list 6.2.5 Mode Enable Global Bridge Description Shows a current startup configuration. Shows a list of configuration files.
CLI Management Guide TigerAccess™ EE 6.3 System Management When there is any problem in the system, you must find what the problem is and its solution. Therefore you should not only be aware of a status of the system but also verify if the system is correctly configured. This section describes the following functions with CLI command: • • • • • • • • • • • • • • • 6.3.
Management Guide TigerAccess™ EE CLI Items Timeout in seconds [2] Extended commands [n] Tab. 6.2 Description It is considered as successful ping test if reply returns within the configured time interval. The default is 2 seconds. Shows the additional commands. The default is no. Options for Ping (Cont.) The following is an example of ping test 5 times to verify network status with IP address 172.16.1.254. SWITCH# ping Protocol [ip]: ip Target IP address: 172.16.1.
CLI Management Guide TigerAccess™ EE The following is to verify network status between 172.16.157.100 and 172.16.1.254 when IP address of the switch is configured as 172.16.157.100. SWITCH# ping Protocol [ip]: Target IP address: 172.16.1.254 Repeat count [5]: 5 Datagram size [100]: 100 Timeout in seconds [2]: 2 Extended commands [n]: y Source address or interface: 172.16.157.100 Type of service [0]: 0 Set DF bit in IP header? [no]: no Data pattern [0xABCD]: PATTERN: 0xabcd PING 172.16.1.254 (172.16.1.
Management Guide TigerAccess™ EE CLI In the above figure, if you perform ping test from PC to C, it goes through the route of 「A→B→C」. This is the general case. But, the switch can enable to perform ping test from PC as the route of「A→E→D→C」. C D Reply B Request E A Switch PING test to C PC Fig. 6.2 IP Source Routing To perform ping test as the route which the manager designated, use the following steps.
CLI Management Guide TigerAccess™ EE If the timer goes off before a response comes in, an asterisk (*) is printed on the screen. Command Mode Description traceroute [DESTINATION] traceroute ip DESTINATION Enable Traces packet routes through the network. DESTINATION: IP address or host name traceroute icmp DESTINATION The followings are the configurable options to trace the routes. Items Protocol [ip] Description Supports ping test. Default is IP.
Management Guide TigerAccess™ EE 6.3.5 CLI MAC Table To display MAC table recorded in specific port, use the following command. Command show mac BRIDGE [PORTS] show mac count [PORTS] Mode Description Enable Shows MAC table. Global BRIDGE: bridge name Bridge PORTS: port number The following is an example of displaying a current MAC table.
CLI Management Guide TigerAccess™ EE SysInfo(System Information) Model Name : SMC7824M/VSW Main Memory Size : 256 MB Flash Memory Size : 8 MB(SPANSION 29GL064N), 32 MB(SPANSION 29GL256N) S/W Compatibility : 7, 7 H/W Revision : DS-VD-23N-B0 NOS Version : 5.01 B/L Version : 5.43 H/W Address : 00:d0:cb:00:25:55 PLD Version : 0x02 Serial Number : RMK00981029384 Ikanos Firmware Ver : 1.0.5r39IK005010+FMC 6.3.
Management Guide TigerAccess™ EE CLI admin 103 2.6 2.0 20552 5100 ? S 20:12 0:53 /usr/sbin/swchd (Omitted) SWITCH# 6.3.10 Displaying System Image To display a current system image version, use the following command. Command show version Mode Description Enable/Global/Bridge Shows a version of system image. To display a size of the current system image, use the following command. Command show os-size 6.3.11 Mode Description Enable/Global/Bridge Shows size of system image.
CLI Management Guide TigerAccess™ EE 6.3.14 Tech Support Information For various reason, a system error may occur. Once the system error occurs, system engineers try to examine the internal system information such as a system configuration, log data, memory dump, and so on to solve the problem. To reduce the effort to acquire the detail informtation of the system for a technical suppport, the switch provides the function that generates all the system information reflecting the current state.
Management Guide TigerAccess™ EE CLI 7 Network Management 7.1 Simple Network Management Protocol (SNMP) The simple network management protocol (SNMP) is an application-layer protocol designed to facilitate the exchange of management information between network devices. SNMP consists of three parts: an SNMP manager, a managed device and an SNMP agent. SNMP provides a message format for sending information between SNMP manager and SNMP agent. The agent and MIB reside on the switch.
CLI Management Guide TigerAccess™ EE To display configured SNMP community, use the following command. Command Mode Description Enable show snmp community Global Shows created SNMP community. Bridge The following is an example of creating 2 SNMP communities.
Management Guide TigerAccess™ EE 7.1.3 CLI SNMP Com2sec SNMP v2 authorizes the host to access the agent according to the identity of the host and community name. The com2sec command specifies the mapping from the identity of the host and community name to security name. To configure an SNMP security name, use the following command. Command Mode Description Specifies the mapping from the identity of the host and snmp com2sec SECURITY community name to security name, enter security and {A.B.C.D | A.B.
CLI Management Guide TigerAccess™ EE 7.1.5 SNMP View Record You can create an SNMP view record to limit access to MIB objects with object identity (OID) by an SNMP manager. To configure an SNMP view record, use the following command. Command Mode Description Creates an SNMP view record. VIEW: view record name snmp view VIEW {included | excluded} OID [MASK] included: includes a sub-tree. Global excluded: excludes a sub-tree. OID: OID number Deletes a created SNMP view record.
Management Guide TigerAccess™ EE CLI To display a granted SNMP group to access to a specific SNMP view record, use the following command. Command Mode Enable show snmp access Global Bridge 7.1.7 Description Shows a granted SNMP group to access to a specific SNMP view record. SNMP Version 3 User In SNMP version 3, you can register an SNMP agent as user. If you register an SNMP version 3 user, you should configure it with the authentication key.
CLI Management Guide TigerAccess™ EE 7.1.8.2 SNMP Trap Host To set an SNMP trap host, use the following command. Command Mode snmp trap-host A.B.C.D [COMMUNITY] Description Specifies an SNMP trap v1 host. snmp trap2-host A.B.C.D [COMMUNITY] Global snmp inform-trap-host A.B.C.D [COMMUNITY] Specifies an SNMP trap v2 host. Specifies an SNMP inform trap host. To delete a specified SNMP trap host, use the following command. Command Mode no snmp trap-host A.B.C.D no snmp trap2-host A.B.C.
Management Guide TigerAccess™ EE CLI • • i figured by user. Also, when system temperature falls below the threshold, trap message will be shown. dhcp-lease is shown when no more IP address is left in the DHCP pool. Even if this occurs only in one DHCP pool of several pools, this trap message will be shown. fan/ module is shown when there is any status-change of fan and module. The system is configured to send all the SNMP traps by default. To enable the SNMP trap, use the following command.
CLI Management Guide TigerAccess™ EE Command Mode Description Global Disables each SNMP trap. no snmp trap mem-threshold no snmp trap cpu-threshold no snmp trap port-threshold no snmp trap temp-threshold no snmp trap dhcp-lease no snmp trap fan no snmp trap module no snmp trap pps-control 7.1.8.5 Displaying SNMP Trap To display the configuration of the SNMP trap, use the following command.
Management Guide TigerAccess™ EE 7.1.9 CLI SNMP Alarm The switch provides an alarm notification function. The alarm will be sent to a SNMP trap host whenever a specific event in the system occurs through CLI. You can also set the alarm severity on each alarm and make the alarm be shown only in case of selected severity or higher. This enhanced alarm notification allows system administrators to manage the system efficiently. 7.1.9.
CLI Management Guide TigerAccess™ EE 7.1.9.3 Default Alarm Severity To set default alarm severity, use the following command. Command snmp alarm-severity Mode default {critical | major | minor | warning Global | intermediate} 7.1.9.4 Description Sets default alarm severity. (default: minor) Generic Alarm Severity To set generic alarm severity, use the following command.
Management Guide TigerAccess™ EE CLI Command Mode Description snmp alarm-severity rmon-alarm-falling {criti- Sets severity of an alarm for RMON cal | major | minor | warning | intermediate} alarm falling. snmp alarm-severity system-restart {critical | Sets severity of an alarm for system major | minor | warning | intermediate} snmp alarm-severity module-remove {critical | Global restart. Sets severity of an alarm for module major | minor | warning | intermediate} removed.
CLI Management Guide TigerAccess™ EE 7.1.9.5 ADVA Alarm Severity To set ADVA alarm severity, use the following command. Command Mode Description snmp alarm-severity adva-fan-fail {critical | Sets ADVA severity of an alarm for sys- major | minor | warning | intermediate} tem temperature high. snmp alarm-severity adva-if-misconfig {critical Sets ADVA severity of an alarm for | major | minor | warning | intermediate} wrong configuration.
Management Guide TigerAccess™ EE 7.1.9.6 CLI ERP Alarm Severity To set severity of an alarm for ERP, use the following command. Command snmp alarm-severity Mode erp- Sets severity of an alarm for loss of test packet (LOTP) domain-lotp {critical | major | in ERP domain. minor | warning | intermediate} snmp alarm-severity erp- Sets severity of an alarm for multiple redundancy man- domain-multi-rm {critical | major agers (RM) created.
CLI Management Guide TigerAccess™ EE To delete configured severity of alarm for STP guard, use the following command. Command no snmp Description Global Deletes configured severity of an alarm for STP guard. alarm-severity stp- bpdu-guard no Mode snmp alarm-severity stp- root-guard 7.1.9.8 Displaying SNMP Alarm Severity To display configured severity of alarm, use the following command. Command Mode Description Enable show snmp alarm-severity Global Shows configured severity of alarm.
Management Guide TigerAccess™ EE 7.2 CLI Operation, Administration and Maintenance (OAM) In the enterprise, Ethernet links and networks have been managed via Simple Network Management Protocol (SNMP). Although SNMP provides a very flexible management solution, it is not always efficient and is sometimes inadequate to the task.
CLI Management Guide TigerAccess™ EE 7.2.2 Local OAM Mode To configure Local OAM, use the following command. Command oam local mode Mode {active | passive} PORTS i 7.2.3 Bridge Description Configures the mode of local OAM. Both request and loopback are possible for local OAM active. However, request or loopback is impossible for local OAM passive. OAM Unidirection When RX is impossible in local OAM, it is possible to send the information by using TX.
Management Guide TigerAccess™ EE CLI Command Mode Description oam remote general forwarding <3-4> {enable | disable} PORTS oam remote general speed <14> <0-4294967295>PORTS oam remote general user <1-4> STRING PORTS oam remote system interface Bridge {unforced | forceA | forceB} PORTS Shows the information of peer host using OAM function. oam remote system interval <0255> PORTS oam remote system mode {master | slave} PORTS oam remote system reset PORTS 7.2.
CLI Management Guide TigerAccess™ EE link event | loopback | UNSUPPORT SUPPORT(disable) uni-direction | UNSUPPORT(disable) ------------------------------------------SWITCH(bridge)# show oam remote 2 REMOTE PORT[2] ------------------------------------------item | value ------------------------------------------mode | ACTIVE MAC address | 00:d0:cb:27:00:94 variable | UNSUPPORT link event | UNSUPPORT loopback | SUPPORT(enable) uni-direction | UNSUPPORT ---------------------------
Management Guide TigerAccess™ EE 7.3.3 CLI LLDP Operation Type If you activated LLDP on a port, configure LLDP operation type. Each LLDP operation type works as one of the followings: • both sends and receive LLDP frame. • tx_only only sends LLDP frame. • rx_only only receives LLDP frame. • disable does not process any LLDP frame. To configure how to operate LLDP, use the following command. Command Mode lldp adminstatus PORTS [both | tx_only | rx_only | disable] 7.3.
CLI Management Guide TigerAccess™ EE 7.3.6 Reinitiating Delay To configure the interval time of enabling LLDP frame after configuring LLDP operation type, use the following command. Command Mode lldp reinitdelay <1-10> Bridge Description Configures the interval time of enabling LLDP frame from the time of configuring not to process LLDP frame. (default: 2) To configure delay time of transmitting LLDP frame, use the following command. 7.3.
Management Guide TigerAccess™ EE 7.4 CLI Remote Monitoring (RMON) Remote Monitoring (RMON) is a function to monitor communication status of devices connected to Ethernet at remote place. While SNMP can give information only about the device mounting an SNMP agent, RMON gives network status information about overall segments including devices. Thus, user can manage network more effectively.
CLI Management Guide TigerAccess™ EE Input a question mark at the system prompt in RMON Configuration mode if you want to list available commands. The following is an example of listing available commands in RMON Configuration mode.
Management Guide TigerAccess™ EE 7.4.1.4 CLI Interval of Sample Inquiry To configure the interval of sample inquiry in terms of second, use the following command. Command Mode interval <1-3600> i 7.4.1.5 RMON Description Defines the time interval for the history (in seconds), enter the value. (default: 1800) 1 sec is the minimum time which can be selected. But the minimum sampling interval currently is 30 sec, i.e., all intervals will be round up to a multiple of 30 seconds.
CLI Management Guide TigerAccess™ EE The following is an example of displaying RMON history. SWITCH(config-rmonhistory[5])# show running-config rmon-history ! rmon-history 5 owner test data-source ifindex.hdlc1 interval 60 requested-buckets 25 active ! SWITCH(config-rmonhistory[5])# 7.4.2 RMON Alarm You need to open RMON Alarm Configuration mode first to configure RMON alarm. Command rmon-alarm <1-65535> 7.4.2.1 Mode Global Description Opens RMON Alarm Configuration mode.
Management Guide TigerAccess™ EE CLI To compare object selected as sample with the threshold, use the following command. Command Mode sample-type absolute RMON Description Compares object with the threshold directly. To configure delta comparison, use the following command. Command sample-type delta 7.4.2.4 Mode RMON Description Compares difference between current data and the latest data with the threshold.
CLI Management Guide TigerAccess™ EE 7.4.2.6 Standard of the First Alarm It is possible for users to configure standard when alarm is first occurred. User can select the first point when object is more than threshold, or the first point when object is less than threshold, or the first point when object is more than threshold or less than threshold. To configure the first RMON alarm to occur when object is less than lower bound of threshold first, use the following command.
Management Guide TigerAccess™ EE 7.4.2.9 CLI Deleting Configuration of RMON Alarm When you need to change a configuration of RMON alarm, you should delete an existing RMON alarm. To delete RMON alarm, use the following command. Command no rmon-alarm <1-65535> 7.4.3 Mode Global Description Deletes RMON history of specified number, enter the value for deleting. RMON Event RMON event identifies all operations such as RMON alarm in the switch.
CLI Management Guide TigerAccess™ EE 7.4.3.3 Subject of RMON Event You need to configure event and identify subject using various data from event. To identify subject of RMON event, use the following command. Command Mode Description Identifies subject of event. You can use maximum 126 owner NAME RMON characters and this subject should be same with the subject of RMON event. 7.4.3.4 Event Type When RMON event is happened, you need to configure event type to arrange where to send event.
Management Guide TigerAccess™ EE 7.5 CLI Syslog The syslog is a function that allows the network element to generate the event notification and forward it to the event message collector like a syslog server. This function is enabled as default, so even though you disable this function manually, the syslog will be enabled again. This section contains the following contents. • • • • • • • 7.5.
CLI Management Guide TigerAccess™ EE Syslog Output Level with a Priority To set a user-defined syslog output level with a priority, use the following command. Command Mode Description syslog output priority {auth | authpriv | kern | local0 | local1 | local2 | local3 | local4 | local5 | Generates a user-defined syslog message with a prior- local6 | local7 | syslog | user} ity and forwards it to the console.
Management Guide TigerAccess™ EE i CLI The order of priority is emergency > alert > critical > error > warning > notice > info > debug. If you set a specific level of syslog output, you will receive only a syslog message for selected level or higher. If you want receive a syslog message for all the levels, you need to set the level to debug. The following is an example of configuring syslog message to send all logs higher than notice to remote host 10.1.1.1 and configuring local1.
CLI Management Guide TigerAccess™ EE 7.5.3 Syslog Bind Address You can specify an IP address to attach to the syslog message for its identity. To specify the IP address to bind to a syslog message, use the following command. Command syslog bind-address A.B.C.D no syslog bind-address 7.5.4 Mode Global Description Specifies the IP address to bind to a syslog message. Deletes a specified IP address.
Management Guide TigerAccess™ EE CLI The following is the sample output of displaying received syslog messages.
CLI Management Guide TigerAccess™ EE 7.6 Quality of Service(QoS) The switch provides a rule and QoS feature for traffic management. The rule classifies incoming traffic, and then processes the traffic according to user-defined policies. You can use the physical port, 802.1p priority (CoS), VLAN ID, DSCP, and so on to classify incoming packets. You can configure the policy in order to change some data fields within a packet or to relay packets to a mirror monitor by a rule.
Management Guide TigerAccess™ EE 7.6.1 CLI How to Operate QoS QoS operation is briefly described as below. Incoming packets are classified by configured conditions, and then processed by metering, packet counter and rate-limiting on specific policer. After marking and remarking action, the switch transmits those classified and processed packets via a given scheduling algorithm. Fig. 7.1 shows the simple procedure of QoS operation.
CLI Management Guide TigerAccess™ EE – – – – – – – • ! mirror transmits the classified traffic to the monitor port. redirect transmits the classified traffic to the specified port. permit allows traffic matching given characteristics. deny blocks traffic matching given characteristics. copy-to-cpu duplicates the profile of classified packets and sends a copy to CPU CoS marking marks the incoming frame on port with CoS values.
Management Guide TigerAccess™ EE 7.6.2 CLI Packet Classification Packet classification features allow traffic to be partitioned into multiple priority levels, or classes of service. In Flow Configuration mode, you can set packet classification criteria via flow, which is with unique name. If you specify the value of parameters, this switch classifies the packets corresponding to the parameters. 7.6.2.
CLI Management Guide TigerAccess™ EE To specify a packet-classifying pattern with source/destination IP address or MAC address, use the following command. Command Mode Description Classifies an IP address. ip {A.B.C.D | A.B.C.D/M | any} A.B.C.D: source/destination IP address {A.B.C.D | A.B.C.D/M | any} [<0- A.B.C.D/M: source/destination IP address with mask 255>] any: any source/destination IP address 0-255: IP protocol number Classifies an IP protocol (ICMP). ip {A.B.C.D | A.B.C.D/M | any} A.B.
Management Guide TigerAccess™ EE ! CLI When specifying a source and destination IP address as a packet-classifying pattern, the destination IP address must be after the source IP address. To specify a packet-classifying pattern with various parameters (DSCP, CoS, ToS, IP precedence, packet length, Ethernet type, IP header), use the following command. Command Mode Description Classifies a DSCP value. dscp {<0-63> | any} 0-63: DSCP value any: any DSCP (ignore) Classifies an 802.1p priority.
CLI Management Guide TigerAccess™ EE To delete a specified packet-classifying pattern, use the following command. Command Mode Description no cos no dscp no tos no length no ip-precedence no ethtype Flow no mac Deletes a specified packet-classifying pattern for each option. no mac da-found no mac da-not-found no ip no ip header-length no ip header-error 7.6.2.3 Applying and modifying Flow After configuring a flow using the above commands, apply it to the system with the following command.
Management Guide TigerAccess™ EE CLI To delete configured class or all classes, use the following command. Command Mode no class all no class NAME Deletes all classes. Global no class NAME flow FLOW1 Deletes specified class, enter the class name. Removes specified flows from class. [FLOW2] [FLOW3]··· 7.6.3 Description Packet Conditioning After defining traffic classification criteria in Flow Configuration mode, then configure how to process the packets.
CLI Management Guide TigerAccess™ EE 7.6.3.2 Packet Counter The packet counter function provides information on the total number of packets that the rule received and analyzed. This feature allows you to know the type of packets transmitted in the system according to rule configuration. To count the number of packets matching to corresponding policer, use the following command.
Management Guide TigerAccess™ EE CLI Command Mode Description Enables the system to display the statistics of packets average packet-counter octet Policer no average packet-counter octet measured in bps. Disables the system to display the statistics of packets measured in bps. To display average packet-counter configuration on policy, use the following command.
CLI Management Guide TigerAccess™ EE To display configured size of a token bucket, use the following command. Command Mode show qos max-bucketSize port show qos max-bucketSize portqueue 7.6.3.5 Description Shows the token bucket size of all ports Global PORTS Shows the token bucket size of each queue for port Applying and modifying Policer After configuring a policer using the above commands, apply it to the system with the following command.
Management Guide TigerAccess™ EE CLI • • • • The policy name cannot start with the alphabet “a” or “A”. The order in which the following configuration commands are entered is arbitrary. The configuration of a policy being configured can be changed as often as wanted until the apply command is entered. Use the show policy-profile command to display the configuration entered up to now.
CLI Management Guide TigerAccess™ EE A typical meter measures the rate at which traffic stream passes it. Its rate estimation depends upon the flow state kept by the meter. There is a time constraint during which if the flow state is transferred from the old switch to the new switch, then it is effective in estimating the rate at the new switch as if though no transfer of flow has happened. The switch provides Token Bucket (srTCM and trTCM) meters.
Management Guide TigerAccess™ EE CLI more tokens to transmit a packet remain in the bucket C, then the tokens in the bucket E are decremented by the size of that packet with the yellow color-marking. If both buckets are empty, a packet is marked red. The following figures show the behavior of the srTCM.
CLI Management Guide TigerAccess™ EE Tokens are regenerated based on CIR Tokens are regenerated based on CIR Bucket C Bucket E Empty CBS EBS Empty If both buckets are empty, a packet is marked red Packet Red Color-Marking Fig. 7.
Management Guide TigerAccess™ EE CLI The following figures show the behavior of the trTCM. Tokens are regenerated based on CIR Tokens are regenerated based on PIR faster than CIR Bucket P Bucket C Token PBS CBS Token Tokens in both buckets are decremented by the size of the packet Green Color-Marking Token Packet Fig. 7.
CLI Management Guide TigerAccess™ EE Tokens are regenerated based on PIR faster than CIR Tokens are regenerated based on CIR Bucket P Bucket C Empty PBS CBS Empty If the bucket P is empty, a packet is marked red Packet Red Color-Marking Fig. 7.9 Behavior of trTCM (3) To set the metering mode, use the following command. Command Mode Sets the metering mode.
Management Guide TigerAccess™ EE 7.6.4.3 CLI Policy Priority If rules that are more than two match the same packet then the rule having a higher priority will be processed first. To set a priority for a policy, use the following command. Command Mode priority {low | medium | high | highest} 7.6.4.4 Policy Description Sets a priority for a policy. (default: medium) Policy Action To specify the rule action for the packets matching configured classifying patterns, use the following command.
CLI Management Guide TigerAccess™ EE of service. Fig. 7.10 shows that 4 steps of operations can affect packet marking or remarking using the 802.1p Class of service (CoS) bits in the Ethernet header. Packet Ingress Bridge-based CoS Marking InLIF-based CoS Marking Ingress Processing Policy-based CoS Marking Traffic Policing-based CoS Remarking Fig. 7.
Management Guide TigerAccess™ EE i CLI Port-based user priority marking can be configured and applied to untagged packets only. To delete Bridge-based CoS Marking, use the following command. Command Mode no qos mark inbound port-cos Deletes CoS marking configuration of port. port PORTS no qos mark inbound port-dscp port PORTS Description Bridge no qos mark inbound port- Deletes DSCP marking configuration of port. Deletes Queue marking configuration of port.
CLI Management Guide TigerAccess™ EE • Traffic Policing-based CoS Remarking Traffic Policing-based CoS Remarking uses 2 types of table, DSCP-based L3 table and Queue-cos-based L2 table. To configure Traffic Policing-based CoS Remarking, you need to select one type of table and parameter. To select a table and enable the remarking configuration, use the following command. Command Mode remark by-dscp Description Uses a DSCP-based L3 table. remark by-queue Uses a Queue-based L2 table.
Management Guide TigerAccess™ EE CLI qos remark color {green | yellow | red } queue Remarks CoS parameters according <0-7> dscp <0-63> to queue number /CoS value and metering function configured on system. qos remark color {green | yellow | red } queue 0-7: CoS value or queue nunmber <0-7> queue <0-7> 0-2: drop precedence 0-63: DSCP field value To delete a configured Traffic Policing-based CoS Remarking, use the following command.
CLI Management Guide TigerAccess™ EE 7.6.4.6 Attaching a Policy to an interface After you configure a rule including the packet classification, policing and rule action, you should attach a policy to an interface and to specify port or vlan in which the policy should be applied. If you do not specify an interface for rule, rule does not work properly. To attach a policy to an interface, use the following command.
Management Guide TigerAccess™ EE CLI To dispaly a certain rule by its name or a specific rule of a certain type, use the following command. Command show { flow | class | policer | policy } [NAME] show { flow | class | policer | policy } detail [NAME] show running-config { flow | policer | policy } SMC7824M/VSW Mode Enable Global Bridge All Description Shows the information relating to each rule, enter a rule name.
CLI Management Guide TigerAccess™ EE 7.6.6 Admin Rule For the switch, it is possible to block a specific service connection like telnet, FTP, ICMP, etc with an admin rule function. 7.6.6.1 Creating Admin Flow for packet classification To classify packets by a specific admin flow for the switch, you need to open Admin-Flow Configuration mode first. To open Admin-Flow Configuration mode, use the following command.
Management Guide TigerAccess™ EE 7.6.6.2 CLI Configuring Admin Flow You can classify the packets according to IP address, ICMP, TCP, UDP and IP header length. To specify a packet-classifying pattern, use the following command. Command Mode Description Classifies an IP address: ip {A.B.C.D | A.B.C.D/M | any} A.B.C.D: source/destination IP address {A.B.C.D | A.B.C.D/M | any} [0- A.B.C.
CLI Management Guide TigerAccess™ EE To delete a specified packet-classifying pattern, use the following command. Command Mode no ip Admin-Flow no ip header-length 7.6.6.3 Description Deletes a specified packet-classifying pattern for each option. Applying and modifying Admin Flow After configuring an admin flow using the above commands, apply it to the system with the following command.
Management Guide TigerAccess™ EE 7.6.7 7.6.7.1 CLI Admin Rule Action Admin Policy Creation For the switch, you need to open Admin-Policy Configuration mode first. To open Policy Configuration mode, use the following command. Command Mode Description Creates an admin policy and opens Admin-Policy Con- policy admin NAME create Global figuration mode. NAME: admin-policy name. After opening Admin Policy Configuration mode, the SWITCH(config)# to SWITCH(config-admin-policy[NAME])#.
CLI Management Guide TigerAccess™ EE To remove flow or class from the policy, use the following command. Command 7.6.7.2 Mode Description no include-flow Admin- Removes the admin flow from this policy. no include-class Policy Removes the admin class from this policy. Admin Policy Priority If rules that are more than two match the same packet then the rule having a higher priority will be processed first. To set a priority for an admin access rule, use the following command. 7.6.7.
Management Guide TigerAccess™ EE 7.6.7.4 CLI Applying and Modifying Admin Policy After configuring an admin policy using the above commands, apply it to the system with the following command. If you do not apply this policy to the system, all specified configurations from Admin-Policy Configuration mode will be lost. To save and apply an admin policy, use the following command. Command Mode Admin- apply Policy Description Applies an admin policy to the system.
CLI Management Guide TigerAccess™ EE 7.6.9 Scheduling Algorithm For the switch, it is possible to use Strict Priority Queuing and Deficit Weighted Round Robin for a packet scheduling mode.
Management Guide TigerAccess™ EE CLI Deficit Weighted Round Robin (DWRR) Deficit Weighted Round Robin (DWRR) combines the advantages of DRR and WRR scheduling algorithms. Processing the packets that have higher priority is the same way as strict priority queuing. DWRR provides differentiated service because it processes packets as much as weight. The specific packet length is assigned to each queue by different weight as the unit of byte.
CLI Management Guide TigerAccess™ EE 7.6.9.1 Scheduling Mode To select a packet scheduling mode, use the following command. Command Mode Description Selects SP packet scheduling mode for ports or CPU. qos scheduling-mode sp sp: strict priority queuing PORTS: port numbers {PORTS | cpu} [<0-7>] 0-7: queue number Global qos scheduling-mode dwrr Selects DWRR packet scheduling mode for ports or CPU.
Management Guide TigerAccess™ EE CLI To set a minimum bandwidth, use the following command. Command Mode Description Sets a minimum bandwidth for each port and queue. qos min-bandwidth PORTS <07> {BANDWIDTH | unlimited} PORTS: port numbers Global 0-7: queue number BANDWIDTH: bandwidth in the unit of MB (default: 0) unlimited: unlimited bandwidth ! A minimum bandwidth can be set only in DWRR scheduling mode. By using above command, minimum bandwidth is implemented per each queue of port.
CLI Management Guide TigerAccess™ EE To configure the number of buffers per each port or queue, use the following command. Command Mode Description Sets the total number of buffers for a port. qos max-queue-length port PORTS: port number PORTS <16-4080> 16-4080: total buffer numbers in increments of 16 (deGlobal qos max-queue-length fault: 256) Sets the number of buffers for each queue of a port.
Management Guide TigerAccess™ EE 7.6.9.7 CLI Weighted Random Early Detection (WRED) The switch supports Weighted Random Early Detection (WRED) which can selectively discard lower priority traffic when the interface begins to get congested and provide differentiated performance characteristics for different classes of service. It minimizes the impact of dropping high priority traffic. WRED is based on the RED algorithm.
CLI Management Guide TigerAccess™ EE To create and configure a WRED profile, use the following command. Command Mode Description Creates and configures a WRED profile with default qos wred profile <0-3> default parameters. 0-3: WRED profile number Creates and configures a WRED profile with specific parameters’ values.
Management Guide TigerAccess™ EE 7.7 CLI NetBIOS Filtering NetBIOS (Network Basic Input/Output System) is a program that allows applications on different computers to communicate within a local area network (LAN). NetBIOS is used in Ethernet, included as part of NetBIOS Extended User Interface (NetBEUI). Resource and information in the same network can be shared with this protocol. But the more computers are used recently, the more strong security is required.
CLI Management Guide TigerAccess™ EE The following is an example of configuring NetBIOS filtering in port 1-2 and showing it. SWITCH(bridge)# netbios-filter 1-2 SWITCH(bridge)# show netbios-filter o:enable .:disable ---------------------------1 2 1234567890123456789012345678 ---------------------------oo.......................... ---------------------------SWITCH(bridge)# 7.8 Max New Hosts For the switch, you have to lock the port like MAC filtering before configuring max hosts.
Management Guide TigerAccess™ EE CLI If MAC that already counted disappears before passing 1 second and starts learning again, it is not counted. In case the same MAC is detected on the other port also, it is not counted again. For example, if MAC that was learned on port 1 is detected on port 2, it is supposed that MAC moved to the port 2. So, it is deleted from the port 1 and learned on the port 2 but it is not counted. 7.
CLI Management Guide TigerAccess™ EE Step 4 Enter a secure MAC address for the port. Command port security PORTS Mode mac- address MAC-ADDR vlan NAME Bridge Description Sets a secure MAC address for the port. To disable the configuration of port secure, use the following command. Command Mode no port security PORTS Description Disables port security on the port. no port security PORTS macaddress [MAC-ADDR] NAME] no port security PORTS maxi- 7.9.2 Deletes a secure MAC address for the port.
Management Guide TigerAccess™ EE 7.9.3 CLI Displaying Port Security To display the information of the port security, use the following command. Command Mode Description Enable show port security [PORTS] Global Shows the information of the port security. Bridge 7.10 MAC Table A dynamic MAC address is automatically registered in the MAC table, and it is removed if there is no access to/from the network element corresponding to the MAC address during the specified MAC aging time.
CLI Management Guide TigerAccess™ EE To remove the static MAC addresses manually registered by user from the MAC table, use the following command. Command Mode Description no mac Deletes static MAC addresses. no mac NAME Deletes static MAC addresses, enter the bridge name. Deletes static MAC addresses. no mac NAME PORT NAME: bridge name Bridge PORT: port number Deletes a specified static MAC address.
Management Guide TigerAccess™ EE CLI By default, basic filtering policy provided by system is configured to permit all packets in each port. Sample Configuration This is an example of blocking all packets in port 1 and port 3.
CLI Management Guide TigerAccess™ EE Sample Configuration The latest policy is recorded as number 1. The following is an example of permitting MAC address 00:02:a5:74:9b:17 and 00:01:a7:70:01:d2 and showing table of filter policy.
Management Guide TigerAccess™ EE 7.12 CLI Address Resolution Protocol (ARP) Devices connected to IP network have two addresses, LAN address and network address. LAN address is sometimes called as a data link address because it is used in Layer 2 level, but more commonly the address is known as a MAC address. A switch on Ethernet needs a 48-bit-MAC address to transmit packets. In this case, the process of finding a proper MAC address from the IP address is called an address resolution.
CLI Management Guide TigerAccess™ EE To delete a registered IP address and MAC address or delete all the contents of ARP table, use the following command. Command Mode no arp [A.B.C.D] no arp A.B.C.D INTERFACE clear arp clear arp INTERFACE 7.12.1.2 Description Negates a command or set sets its default Global Negates a command or set sets its default, enter the IP address and enter the interface name. Enable Deletes all the contents of ARP table.
Management Guide TigerAccess™ EE CLI To set the aging time of gateway address in ARP alias, use the following command. Command Mode Description Changes the aging time of registered gateway address arp alias aging-time <5- 2147483647> in ARP alias. Global 300 sec) Deleted the configured aging time and returns to the arp alias aging-time i 5-2147483647: ARP alias gateway aging time (default: default settings.
CLI Management Guide TigerAccess™ EE To create/delete ARP access list (ACL), use the following command. Command Mode Description Opens ARP ACL configuration mode and creates an arp access-list NAME Global no arp access-list NAME ARP access list. NAME: ARP access list name Deletes an ARP access list. After opening ARP Access List Configuration mode, the prompt changes from SWITCH(config)# to SWITCH(config-arp-acl[NAME])#.
Management Guide TigerAccess™ EE CLI To specify the range of IP address to forward ARP packets, use the following command. Command Mode Description Permits ARP packets of all IP addresses with all MAC addresses which have not learned before on ARP in- permit ip any mac {any | host spection table or a specific MAC address. MACADDR} any: ignores sender MAC address host: sender host MACADDR: sender MAC address permit ip host A.B.C.D mac {any ARP-ACL Permits ARP packets from a specific host.
CLI Management Guide TigerAccess™ EE To display the configured APR access lists, use the following command. Command show arp access-list [NAME] 7.12.3.2 Mode Global Description Displays existing ARP access list names. Enabling ARP Inspection Filtering To enable/disable the ARP inspection filtering of a certain range of IP addresses from the ARP access list, use the following command. Command Mode Enables ARP inspection filtering with a configured ARP ip arp inspection filter NAME vlan VLANS i 7.
Management Guide TigerAccess™ EE 7.12.3.4 CLI ARP Inspection on Trust Port The ARP inspection defines 2 trust states, trusted and untrusted. Incoming packets via trusted ports bypass the ARP inspection process, while those via untrusted ports go through the ARP inspection process. Normally, the ports connected to subscribers are configured as untrusted, while the ports connected to an upper network are configured as trusted.
CLI Management Guide TigerAccess™ EE To delete the configured options of log-buffer function, use the following command. Command no ip arp inspection log-buffer {entries | logs} Mode Global Description Deletes the configured options of log-buffer function. To display the configured log-buffer function and entries’ information, use the following command. Command Mode Description Enable show ip arp inspection log Global Displays the configured log-buffer function.
Management Guide TigerAccess™ EE CLI Gratuitous ARP is transmitted after some time from transmitting ARP reply. Command Mode Description Configures a gratuitous ARP. arp patrol TIME COUNT [TIME] Global no arp patrol TIME: transmit interval COUNT: transmit count Disables a gratuitous ARP. The following is an example of configuring the transmission interval as 10 sec and transmission times as 4 and showing it. SWITCH(config)# arp patrol 10 4 SWITCH(config)# show running-config Building configuration.
CLI Management Guide TigerAccess™ EE 7.12.5 Proxy-ARP The switch supports Proxy Address Resolution Protocol. Proxy ARP is the technique in which one host, usually a router, answers ARP requests intended for another machine. By “faking” its identity, the router accepts responsibility for routing packets to the “real” destination. Proxy ARP can help the switches on a subnet reach remote subnets without configuring routing or a default gateway. Host A 172.16.10.100/16 br1 172.16.10.99/24 Host B 172.16.10.
Management Guide TigerAccess™ EE CLI To enable or disable Proxy-ARP on Interface configuration mode, use the following command. Command Mode ip proxy-arp Interface no ip proxy-arp 7.13 Description Enables proxy-ARP at specified interface Disables the configured proxy-ARP from the interface. ICMP Message Control ICMP stands for Internet Control Message Protocol. When it is impossible to transmit data or configure route for data, ICMP sends error message about it to host.
CLI Management Guide TigerAccess™ EE 7.13.1 Blocking Echo Reply Message It is possible to configure block echo reply message to the partner who is doing ping test to switch. To block echo reply message, use the following command. Command Mode Description Blocks echo reply message to all partners who are ip icmp ignore echo all Global ip icmp ignore echo broadcast taking ping test to device. Blocks echo reply message to partner who is taking broadcast ping test to device.
Management Guide TigerAccess™ EE CLI Tab. 7.2 shows the result of mask calculation of default value. Type Status ICMP_ECHOREPLY (0) OFF ICMP_DEST_UNREACH (3) ON ICMP_SOURCE_QUENCH (4) ON ICMP_REDIRECT (5) OFF ICMP_ECHO (8) OFF ICMP_TIME_EXCEEDED (11) ON ICMP_PARAMETERPROB (12) ON ICMP_TIMESTAMP (13) OFF ICMP_TIMESTAMPREPLY (14) OFF ICMP_INFO_REQUEST (15) OFF ICMP_INFO_REPLY (16) OFF ICMP_ADDRESS (17) OFF ICMP_ADDRESSREPLY (18) OFF Tab. 7.
CLI Management Guide TigerAccess™ EE 7.14 TCP Flag Control TCP (Transmission Control Protocol) header includes six kinds of flags that are URG, ACK, PSH, RST, SYN, and FIN. For the switch, you can configure RST and SYN as the below. 7.14.1 RST Configuration RST sends a message when TCP connection cannot be done to a person who tries to make it. However, it is also possible to configure to block the message. This function will help prevent that hackers can find impossible connections.
Management Guide TigerAccess™ EE 7.15.1 CLI Packet Dump by Protocol You can see packets about BOOTPS, DHCP, ARP and ICMP using the following command. Command Mode Description debug packet {interface INTERFACE | port PORTS} protocol {bootps | dhcp | arp | icmp} Shows packet dump by protocol. {src-ip A.B.C.D | dest-ip A.B.C.D} debug packet {interface INTERFACE | port Shows host packet dump. PORTS} host {src-ip A.B.C.D | dest-ip A.B.C.
CLI Management Guide TigerAccess™ EE Option Description -w Save the captured packets in a file instead of output -x Display each packet as hex code -c NUMBER Close the debug after receive packets as many as the number Receive file as filter expression. All additional expressions on command line are ig- -F FILE nored. Designate the interface where the intended packets are transmitted.
Management Guide TigerAccess™ EE 7.16 CLI sFlow Monitoring sFlow is a kind of monitoring functions using sFlow packet sampling algorithm. It analyzes the traffic characteristics of network packet flow from end to end. It also monitors the router and switch by collecting MIB information of interface. Fig. 7.17 shows sFlow structure. sFlow Agent sFlow Collector Traffic Data sFlow Datagrams Analysis sFlow Agent Fig. 7.17 sFlow Structure sFlow consists of sFlow collector and sFlow agent.
CLI Management Guide TigerAccess™ EE The sFlow Agent maintains linked-lists of Samplers, Pollers, and Receivers. Internally, the agent extracts the interface data of the flow sample from sFlow device, creates new flow sampling data. You can get more specific information of flow samples including input/output interface of sampling ingress/egress packets, VLAN, priority, AS number and so on. sFlow sampler of agent is in charge of encoding the packet samples and sending them to the receiver.
Management Guide TigerAccess™ EE CLI To specify IP address of sFlow agent, use the following command. Command Mode Specifies IP address of sFlow agent sflow agent-ip A.B.C.D Global no sflow agent-ip 7.16.3 Description A.B.C.D: agent IP address (default: 127.0.0.1) Deletes specified IP address of sFlow agent. Enabling sFlow on Port To enable or disable sFlow function on a port, use the following command. Command Mode sflow port PORT enable Global sflow port PORT disable 7.16.
CLI Management Guide TigerAccess™ EE 7.16.7 7.16.7.1 Configuring Receiver Receiver ID mode To open sFlow receiver mode and configure this receiver in detail, use the following command. Command sflow-receiver <1-65535> no sflow-receiver <1-65535> 7.16.7.2 Mode Global Description Opens a specific sFlow receiver mode. Deletes specified sFlow receiver. Collect IP address and port To specify IP address of sFlow collector, use the following command. Command collect-ip A.B.C.
Management Guide TigerAccess™ EE CLI To give an owner name of receiver, use the following command. Command Mode owner NAME Receiver no owner 7.16.7.5 Description Gives an owner name of specific receiver. Deletes the owner name. Timeout To set a timeout of receiver, use the following command. Command Mode timeout <1-2147483647> Sets a timeout of receiver. Receiver no timeout 7.16.8 Description 1-2147483647: timeout value (default:0) Deletes configured timeout of receiver.
CLI Management Guide TigerAccess™ EE 8 System Main Functions 8.1 Virtual Local Area Network (VLAN) The first step in setting up your bridging network is to define VLAN on your switch. VLAN is a bridged network that is logically segmented by customer or function. Each VLAN contains a group of ports called VLAN members. On the VLAN network, packets received on a port are forwarded only to the ports that belong to the same VLAN as the receiving port.
Management Guide TigerAccess™ EE 8.1.1 CLI Port-based VLAN The simplest implicit mapping rule is known as port-based VLAN. A frame is assigned to a VLAN based solely on the switch port on which the frame arrives. In the example depicted in Fig. 8.1, frames arriving on ports 1 through 4 are assigned to VLAN 1, frame from ports 5 through 8 are assigned to VLAN 2, and frames from ports 9 through 12 are assigned to VLAN 3.
CLI Management Guide TigerAccess™ EE 8.1.1.1 Creating VLAN To configure VLAN on user’s network, use the following command. Command vlan create VLANS i 8.1.1.2 Mode Bridge Description Creates new VLAN by assigning VLAN ID: VLANS: VLAN ID (1-4094, multiple entries possible) The variable VLANS is a particular set of bridged interfaces. The frames are bridged only among interfaces in the same VLAN. Specifying PVID By default, PVID 1 is specified to all ports. You can also configure a PVID.
Management Guide TigerAccess™ EE 8.1.2 CLI Protocol-based VLAN User can use a VLAN mapping that associates a set of processes within stations to a VLAN rather than the stations themselves. Consider a network comprising devices supporting multiple protocol suites. Each device may have an IP protocol stack, an AppleTalk protocol stack, an IPX protocol stack and so on.
CLI Management Guide TigerAccess™ EE 8.1.4 Subnet-based VLAN An IP address contains two parts: a subnet identifier and a station identifier. The switch performs two operations to create IP subnet-based VLANs. • Parse the protocol type to determine if the frame encapsulates an IP datagram. • Examine and extract the IP subnet portion of the IP Source Address in the encapsulated datagram.
Management Guide TigerAccess™ EE CLI There are two methods for identifying the VLAN membership of a given frame: • Parse the frame and apply the membership rules (implicit tagging). • Provide an explicit VLAN identifier within the frame itself. VLAN Tag A VLAN tag is a predefined field in a frame that carries the VLAN identifier for that frame. VLAN tags are always applied by a VLAN –aware device. VLAN-tagging provides a number of benefits, but also carries some disadvantages.
CLI Management Guide TigerAccess™ EE To display a specified VLAN description, use the following command. Command Mode Description Enable show vlan description Global Shows a specified VLAN description. Bridge 8.1.7 VLAN Precedence To make precedence between MAC address and Subnet based VLAN, you can choose one of both with below command. Command vlan precedence {mac | subnet} 8.1.8 Mode Bridge Description Configure precedence between MAC based VLAN and Subnet based VLAN.
Management Guide TigerAccess™ EE 8.1.9 CLI QinQ QinQ or Double Tagging is one way for tunneling between several networks. Customer A Customer A VLAN 200 VLAN 641 T PVID 641 VLAN 200 U U Tunnel Port T T T Trunk Port Tunnel Port U U T VLAN 201 VLAN 201 T: Tagged U: Untagged Customer B Fig. 8.3 T Trunk Port Tunnel Port T T Tunnel Port Customer B Example of QinQ Configuration If QinQ is configured on the switch, it transmits packets adding another Tag to original Tag.
CLI Management Guide TigerAccess™ EE The different customer VLANs existing in the traffic to a tunnel port shall be preserved when the traffic is carried across the network Trunk Port By trunk port we mean a LAN port that is configured to operate as an inter-switch link/port, able of carrying double-tagged traffic. A trunk port is always connected to another trunk port on a different switch. Switching shall be performed between trunk ports and tunnels ports and between different trunk ports. 8.1.9.
Management Guide TigerAccess™ EE CLI To disable double tagging, use the following command Command vlan dot1q-tunnel disable PORTS i Bridge Description Configures a qinq port. PORTS: qinq port to be disabled When you configure Double tagging on the switch, consider the below attention list. • • • • • 8.1.9.3 Mode DT and HTLS cannot be configured at the same time. (If switch should operate as DT, HTSL has to be disabled.) TPID value of all ports on switch is same.
CLI Management Guide TigerAccess™ EE Community: Community ports communicate among themselves and with their promiscuous ports. These interfaces are separated at Layer 2 from all other interfaces in other communities or isolated ports within their PVLAN.
Management Guide TigerAccess™ EE CLI Outer Network Untagged packets comes from the uplink ports. The packets should be forwarded to br3, but the system cannot know which PVID added to the packet. Uplink Port default Fig. 8.6 br2 br3 br4 br5 Incoming Packets under Layer 2 Shared VLAN Environment (1) To transmit the untagged packet from uplink port to subscriber, a new VLAN should be created including all subscriber ports and uplink ports. This makes the uplink ports to recognize all other ports.
CLI Management Guide TigerAccess™ EE To configure FID, use the following command. Command vlan fid VLANS FID 8.1.11 Mode Bridge Description Configures FID. VLAN Translation VLAN Translation is simply an action of Rule. This function is to translate the value of specific VLAN ID which classified by Rule. The switch makes Tag adding PVID on Untagged packets, and use Tagged Packet as it is.
Management Guide TigerAccess™ EE CLI SWITCH(bridge)# vlan pvid 2 2 SWITCH(bridge)# vlan pvid 3 3 SWITCH(bridge)# vlan pvid 4 4 SWITCH(bridge)# show vlan u: untagged port, t: tagged port ---------------------------------------------------------| 1 2 3 Name( VID| FID) |123456789012345678901234567890123 ---------------------------------------------------------default( 1| 1) |u...uuuuuuuuuuuuuuuuuuuuuuuuuuuuu br2( 2| 2) |.u............................... br3( 3| 3) |..u.........................
CLI Management Guide TigerAccess™ EE 0x800 packet among the packets entering to Port 2 0x900 packet among the packets entering to Port 4 default br2 br3 br4 SWITCH(bridge)# vlan pvid 2 ethertype 0x800 5 SWITCH(bridge)# vlan pvid 4 ethertype 0x900 6 SWITCH(bridge)# show vlan protocol --------------------------------------------------------------| 1 2 3 Ethertype | VID |123456789012345678901234567890123 --------------------------------------------------------------0x0800 5 .p.......................
Management Guide TigerAccess™ EE CLI ---------------------------------------------------| 1 2 3 Port |123456789012345678901234567890123 ---------------------------------------------------dtag .........d........................
CLI Management Guide TigerAccess™ EE SWITCH(bridge)# vlan create br5 SWITCH(bridge)# vlan add br5 1-42 untagged SWITCH(bridge)# vlan fid 1-5 5 SWITCH(bridge)# show vlan u: untagged port, t: tagged port ----------------------------------------------------------------| 1 2 3 Name( VID| FID) |123456789012345678901234567890123 ----------------------------------------------------------------- 250 default( 1| 5) |uu......uuuuuuuuuuuuuuuuuuuuuuuuu br2( 2| 5) |..uu...................u..........
Management Guide TigerAccess™ EE 8.2 CLI Link Aggregation Link aggregation complying with IEEE 802.3ad bundles several physical ports together to one logical port so that you can get enlarged bandwidth. Bandwidth with 1 port Enlarged bandwidth with many ports A logical port that can be made by aggregating a number of the ports. Fig. 8.8 Link Aggregation The switch supports two kinds of link aggregation as port trunk and LACP. There’s a little difference in these two ways.
CLI Management Guide TigerAccess™ EE i It is possible to input 0 to 4 as the trunk group ID and the switch supports 5 logical aggregated ports in LACP. The group ID of port trunk and the aggregator ID of LACP cannot have same ID. i For the switch, a source destination MAC address is basically used to decide packet route.
Management Guide TigerAccess™ EE i CLI LACP can generate up to 5 aggregators whose number value could be 0 to 4. The group ID of trunk port and the aggregator number of LACP cannot be configured with the same value. The following explains how to configure LACP. • • • • • • • • 8.2.2.
CLI Management Guide TigerAccess™ EE 8.2.2.2 Operation Mode After configuring the member port, configure the LACP operation mode of the member port. This defines the operation way for starting LACP operation. You can select the operation mode between the active and passive mode. The active mode allows the system to start LACP operation regardless of other connected devices.
Management Guide TigerAccess™ EE CLI To configure member port to aggregate to LACP, use the following command. Command lacp port aggregation PORTS {aggregatable | individual} Mode Bridge Description Configures the property of a specified member port for LACP. (default: aggregatable) To clear aggregated to LACP of configured member port, use the following command. 8.2.2.
CLI Management Guide TigerAccess™ EE 8.2.2.7 Port Priority To configure priority of an LACP member port, use the following command. Command lacp port priority PORTS <165535> Mode Bridge Description Sets the LACP priority of a member port, select the port number. (default: 32768) To delete the configured port priority of the member port, use the following command. Command no lacp port priority PORTS 8.2.2.
Management Guide TigerAccess™ EE 8.3 CLI Spanning-Tree Protocol (STP) The local area network (LAN), which is composed of double paths like token ring, has the advantage that it is possible to access in case of disconnection with one path. However there is another problem called a loop when you always use the double paths.
CLI Management Guide TigerAccess™ EE PC-B VLAN 1 Switch A Switch D Switch B Path 1 Blocking Path 2 PC-A Fig. 8.10 Switch C Principle of Spanning Tree Protocol Meanwhile, the rapid spanning-tree protocol (RSTP) defined in IEEE 802.1w dramatically reduces the time of network convergence on the spanning-tree protocol (STP). It is easy and fast to configure new protocol. The IEEE 802.1w also supports backward compatibility with IEEE 802.1d. The switch provides STP, RSTP and MSTP.
Management Guide TigerAccess™ EE CLI It is named as BPDU (Bridge Protocol Data Unit). Switches decide port state based on the exchanged BPDU and automatically decide an optimized path to communicate with the root switch. Root Switch The critical information to decide a root switch is the bridge ID. Bridge ID is composed of two bytes-priority and six bytes-MAC address. The root switch is decided with the lowest bridge ID.
CLI Management Guide TigerAccess™ EE Switch A Priority : 8 Path-cost 50 Designated Switch Root Switch Path-cost 100 Switch C Priority : 10 Switch B Priority : 9 Path-cost 100 Path-cost 100 Path 1 Path 2 Switch D (PATH 1 = 50 + 100 = 150, PATH 2 = 100 + 100 = 200, PATH 1 < PATH 2, ∴ PATH 1 selected Fig. 8.
Management Guide TigerAccess™ EE CLI - Path-cost 100 - Port priority 7 - Port 1 Path 1 Root Path 2 - Path-cost 100 - Port priority 8 - Port 2 ( path-cost of PATH 1 = path-cost of PATH 2 = 100 ∴ unable to compare PATH 1 port priority = 7, PATH 2 port priority = 8, PATH 1< PATH 2, ∴ PATH 1 is chosen ) Fig. 8.13 Port Priority Port States Each port on a switch can be in one of five states.
CLI Management Guide TigerAccess™ EE 8.3.2 • Learning the port is preparing to forward data traffic. The port waits for a period of time to build its MAC address table before actually forwarding data traffic. This time is the forwarding delay. • Forwarding After some time learning address, it is allowed to forward data frame. This is the steady state for a switch port in the active spanning tree. • Disabled When disabled, a port will neither receive nor transmit data or BPDUs.
Management Guide TigerAccess™ EE CLI The difference of between alternate port and backup port is that an alternate port can alternate the path of packet when there is a problem between Root switch and SWITCH C but Backup port cannot provide stable connection in that case. 8.3.2.2 BPDU Policy In 802.1d, only root switch can generate BPDU every hello time and other swithches cannot. They can create BPDU when receiving BPDU from the root switch. However, in 802.
CLI Management Guide TigerAccess™ EE ROOT 1. New link created Switch A 2. Transmit BPDU at listening state Switch B Switch C 3. Block to prevent loop BPDU Flow Fig. 8.17 Switch D Network Convergence of 802.1d This is very epochal way of preventing a loop. The matter is that communication is disconnected during two times of BPDU Forward-delay till a port connected to switch D and SWITCH C is blocked.
Management Guide TigerAccess™ EE CLI SWITCH Band C. In this state, BPDU form root is transmitted to SWITCH B and C through SWITCH A. To configure forwarding state of SWITCH A, SWITCH A negotiates with SWITCH B and SWITCH C. ROOT 3. Forwarding Switch A 3. Negotiate between Switch A and Switch B (Traffic Blocking) 3. Negotiate between Switch A and Switch C (Traffic Blocking) Switch B Switch C Switch D Fig. 8.19 Network Convergence of 802.1w (2) SWITCH B has only edge-designated port.
CLI Management Guide TigerAccess™ EE It is same with 802.1d to block the connection of SWITCH D and SWITCH C. However, 802.1w does not need any configured time to negotiate between switches to make forwarding state of specific port. So it is very fast progressed. During progress to forwarding state of port, listening and learning are not needed. These negotiations use BPDU. 8.3.2.4 Compatibility with 802.1d RSTP internally includes STP, so it has compatibility with 802.1d.
Management Guide TigerAccess™ EE CLI Here explains how MSTP/PVSTP differently operates on the LAN. Suppose to configure 100 VLANs from SWITCH A to B and C. In case of STP, there is only one STP on all the VLANs and it does not provide multiple instances. While the existing STP is a protocol to prevent a loop in a LAN domain, MSTP establishes STP per VLAN in order to realize routing suitable to VLAN environment.
CLI Management Guide TigerAccess™ EE In CST, SWITCH A and B are operating with STP and SWITCH C, D and E are operating with MSTP. First, in CST, CIST is established to decide a CST root. After the CST root is decided, the closest switch to the CST root is decided as IST root of the region. Here, CST root in IST is an IST root. CST Legacy 802.
Management Guide TigerAccess™ EE 8.3.5 CLI Configuring MSTP/PVSTP Mode To select the spanning-tree mode, use the following command. Command Mode Description Configures a spanning-tree mode: spanning-tree mode { mst | Bridge rapid-pvst} mst: Multiple Spanning Tree Protocol (default) rapid-pvst: Per-vlan Rapid STP To delete the configured spanning-tree mode, use the following command. Command Mode Bridge no spanning-tree mode 8.3.6 Description Deleted a configured spanning-tree mode.
CLI Management Guide TigerAccess™ EE Transmit Rate (bps) Path-cost 4M 20000000 10M 2000000 100M 200000 1G 20000 10G 2000 Tab. 8.3 RSTP Path-cost (long) To decide the path-cost calculation method, use the following command. Command Mode Selects the method for calculating a RSTP path-cost: spanning-tree pathcost method long spanning-tree pathcost method Description Bridge long: 32 bits of RSTP path-cost (IEEE 802.1D-2004).
Management Guide TigerAccess™ EE CLI To configure all ports as edge ports globally, use the following command. Command Mode Configures all ports as edge ports: spanning-tree edgeport default no spanning-tree edgeport de- Description Bridge PORTS: port number. Deleted a configured edge ports for all ports. (default) fault To configure a specified port as edge port, use the following command. Command Mode Configures specified port as edge port.
CLI Management Guide TigerAccess™ EE 8.3.6.5 Link Type A port that operates in full-duplex is assumed to be point-to-point link type, while a halfduplex is considered as a shared port. . To configure the link type of port, use the following command.
Management Guide TigerAccess™ EE 8.3.7 CLI Configuring MSTP To configure MSTP, use the following steps. Step 1 Enable STP function using the spanning-tree command. Step 2 Select a MSTP mode using the spanning-tree mode mst command. Step 3 Configure detail options if specific commands are required. Step 4 Enable a MSTP daemon using the spanning-tree mst command. 8.3.7.1 Root Switch To establish MSTP function, a root switch should be chosen first. In MSTP, a root switch is called as IST root switch.
CLI Management Guide TigerAccess™ EE 8.3.7.3 Port Priority When all conditions of two routes of switch are same, the last standard to decide a route is port-priority. You can configure port priority and select a route manually. To configure a port priority for MSTP instance, use the following command. Command Mode Description Configures the port priority of MSTP instance.
Management Guide TigerAccess™ EE CLI You can create the MSTP regions without limit on the network. But the instance id numbers of each region should not be over 64. i To delete the configuration ID setting, use the following command.
CLI Management Guide TigerAccess™ EE 8.3.7.5 Enabling MSTP configuration To enable/disable a MSTP daemon by applying MSTP configurations to the system, use the following command. Command spanning-tree mst no spanning-tree mst 8.3.7.6 Mode Bridge Description Enables MSTP function on the system Disables MSTP function on the system. Displaying Configuration To display the configuration of MSTP, use the following command.
Management Guide TigerAccess™ EE 8.3.8 CLI Configuring PVSTP STP and RSPT are designed with one VLAN in the network. If a port becomes blocking state, the physical port itself is blocked. But PVSTP (Per VLAN Spanning Tree Protocol) and PVRSTP (Per VLAN Rapid Spanning Tree Protocol) maintains spanning tree instance for each VLAN in the network. Because PVSTP treats each VLAN as a separate network, it has the ability to load balance traffic by forwarding some VLANs on one trunk and other VLANs.
CLI Management Guide TigerAccess™ EE PVSTP is activated after selecting PVSTP mode using spanning-tree mode rapid-pvst command. In PVSTP, you can configure the current VLAN only. If you input VLAN that does not exist, error message is displayed. For the switches in LAN where dual path doesn’t exist, Loop does not generate even though STP function is not configured. To disable a configured PVSTP, use the following command. Command no spanning-tree vlan VLANS 8.3.8.
Management Guide TigerAccess™ EE 8.3.8.4 CLI Port Priority When all conditions of two routes of switch are same, the last standard to decide a route is port-priority. You can configure port priority and select a route manually. To configure a port priority for specified VLAN, use the following command. Command Mode Configures the port priority of specific VLAN. spanning-tree vlan VLANS port PORTS port-priority <0-240> 8.3.8.
CLI Management Guide TigerAccess™ EE 8.3.9 Root Guard The standard STP does not allow the administrator to enforce the position of the root bridge, as any bridge in the network with lower bridge ID will take the role of the root bridge. Root guard feature is designed to provide a way to enforce the root bridge placement in the network.
Management Guide TigerAccess™ EE 8.3.10 CLI Restarting Protocol Migration MSTP protocol has a backward compatibility. MSTP is compatible with STP and RSTP. If some other bridge runs on STP mode and sends the BPDU version of STP or RSTP, MSTP automatically changes to STP mode. But STP mode cannot be changed to MSTP mode automatically. If administrator wants to change network topology to MSTP mode, administrator has to clear the previously detected detected protocol manually.
CLI Management Guide TigerAccess™ EE To specify the time to recover from a specified error-disable cause, use the following command. Command Mode Sets the interval of error-disable recovery: errdisable recovery interval <30-86400> no errdisable recovery inter- Description Bridge 30-86400: the recovery interval (default: 300 sec) Deleted the con figured time for error-disable recovery and returns to the default setting.
Management Guide TigerAccess™ EE 8.3.12.1 CLI Hello Time Hello time decides an interval time when a switch transmits BPDU. To configure hello time, use the following command. Command Mode Description Configures hello time to transmit the message in spanning-tree mst hello-time <1- MSTP. 10> 1-10: the hello time. (default: 2 sec) Bridge Configures hello time to transmit the message in spanning-tree vlan VLANS hello- PVSTP per VLAN. time <1-10> 1-10: the hello time.
CLI Management Guide TigerAccess™ EE 8.3.12.3 Max Age Maximum aging time is the number of seconds a switch waits without receiving spanningtree configuration messages before attempting a reconfiguration. To configure the maximum aging time for deleting useless messages, use the following command. Command Mode Description Changes the maximum aging time of route message of spanning-tree mst max-age <6- MSTP.
Management Guide TigerAccess™ EE 8.3.12.5 CLI BPDU Filtering BPDU filtering allows you to avoid transmitting on the ports that are connected to an end system. If the BPDU Filter feature is enabled on the port, then incoming BPDUs will be filtered and BPDUs will not be sent out of the port. To enable or disable the BPDU filtering function on the port, use the following command. Command spanning-tree Mode port PORTS port PORTS Enables a BPDU filtering fuction on specific port.
CLI Management Guide TigerAccess™ EE Step 2 Enable BPDU guard function on edge port or specific port, use the following command. Command spanning-tree Mode edgeport bpduguard default spanning-tree port PORTS Description Enables BPDU Guard function on edge ports Bridge Enables BPDU Guard function on specified port bpduguard enable To disable BPDU guard function on edge port or specific port, use the following command.
Management Guide TigerAccess™ EE 8.3.13 CLI Sample Configuration Backup Route When you design layer 2 network, you must consider backup route for stable STP network. This is to prevent network corruption when just one additional path exits. Switch B Switch C Broken Aggregation Switch Switch A Switch D Switch E PC-A Fig. 8.27 Example of Layer 2 Network Design in RSTP Environment In ordinary case, data packets go to Root switch A through the blue path.
CLI Management Guide TigerAccess™ EE MSTP Configuration MST Region 2 Instance 1 VLAN 170 Instance 2 VLAN 180~190 Instance 3 VLAN 191~195 Region Name : test Revision :2 MST Region 1 Instance 1 VLAN 111~120 Instance 2 VLAN 121~130 Instance 3 VLAN 131~140 Region Name : test Revision :1 MST Region 3 Instance 4 VLAN 150~160 Instance 5 VLAN 161~165 Region Name : sample Revision :5 Router MST Region 4 Instance 6 VLAN 200 Region Name : test Revision :1 VLAN 101 ~ 200 Fig. 8.
Management Guide TigerAccess™ EE 8.4 CLI Ethernet Ring Protection (ERP) The ERP is a protection protocol for Ethernet ring topology to prevent Loop from a link failure or recovery. It is designed to minimize the time for removing Loop within 50 milliseconds while there is an enormous amount of traffic flow in Metro Ethernet network. It is a unique robustness functionality, which runs on every network element involved in the ring configurations.
CLI Management Guide TigerAccess™ EE ERP Messages There are five types of ERP messages of concern to the RM node-Normal node interaction in ERP ring as shown below: • Normal Node messages The following messages are sent by the normal nodes to inform RM node of their link changes. – Link Down: A normal node sends Link Down messages detecting its link failure. – Link Up: A normal node sends Link Up messages detecting its link recovery.
Management Guide TigerAccess™ EE CLI Fig. 8.29 shows an example of ERP operation when a link failure occurs. 3. Nodes detecting Link Failure send Link Down message Node B Node A 2. Link Failure Unused Link for Traffic Secondary Primary Node C RM Node 1. Secondary port of RM node is blocking in Normal state Fig. 8.
CLI Management Guide TigerAccess™ EE If Node A and Node B detect the link failure being recovered, they send Link Up message to RM node. But these nodes keep the blocking status of the link recovered ports. Fig. 8.31 shows an example of a Link Failure Recovery operation. 2. Nodes adjacent to old failure send Link Up message to RM node Node A Node B 1. Link Failure recovered S P RM Node Node C Fig. 8.31 Link Failure Recovery After RM node receives Link Up message, it blocks its own secondary port.
Management Guide TigerAccess™ EE 8.4.2 CLI Loss of Test Packet (LOTP) ERP recognizes the Link Failure using Loss of Test Packet (LOTP) mechanism. RM Node periodically sends periodic “RM Test Packet” message. The state of LOTP means that “RM Test Packet” message does not return three consecutive times to RM node through Ethernet Ring. If RM node receives its “RM Test Packet” message through Ethernet Ring, it continues to block its secondary port.
CLI Management Guide TigerAccess™ EE 8.4.4 Configuring ERP Domain To realize ERP, you should fist create domain for ERP. To create the domain, use the following command. Command Mode Description Creates ERP domain and opens ERP domain configuerp domain DOMAIN-ID Bridge DOMAIN-ID: <1-64> Deletes ERP domain. no erp domain DOMAIN-ID 8.4.4.1 ration mode. ERP Domain Name After ERP domain creation, you can specify its name, To specifiy ERP domain name, use the following command.
Management Guide TigerAccess™ EE 8.4.4.4 CLI Control VLAN RM Node periodically sends “RM Test Packet” message to detect the loop. RM Test packet message can be transmiited by control VLAN only. Each ERP domain should have one control VLAN. To configure a control VLAN of an ERP domain, use the following command. Command control-vlan VLAN no control-vlan 8.4.4.5 Mode ERP Domain Description Configures a control VLAN of ERP domain.
CLI Management Guide TigerAccess™ EE 8.4.5 Selecting the Node To configure an ERP domain as RM Node, use the following command. Command Mode erp domain DOMAIN-ID mode rm Bridge Description Configures ERP node mode as RM node. To configure an ERP domain as normal node, use the following command. Command erp domain DOMAIN-ID mode normal 8.4.6 Mode Bridge Description Configures ERP node mode as normal node.
Management Guide TigerAccess™ EE CLI To delete the configuration of primay/secondary port’s role change, use the following command. Command no erp domain DOMAIN-ID manual-switch 8.4.8 Mode Bridge Description Deletes the configured primary and secondary port state Wait-to-Restore Time If a port’s link failure is recovered on the normal node, the blocked port should be changed to the forwarding status.
CLI Management Guide TigerAccess™ EE To return the configured learning disable time as default, use the following command. Command no erp domain DOMAIN-ID learning-disable-time 8.4.10 Mode Description Bridge Configures ERP learning disable time as default value. Test Packet Interval RM Node periodically sends “RM Test Packet” message to detect the loop. To configure an interval to send Test Packet message of RM node, use the following command.
Management Guide TigerAccess™ EE 8.4.12 CLI ERP Trap To enable the system to generate ERP trap message, use the following command. Command Mode erp domain DOMAIN-ID trap {lotp | ulotp | multiple-rm | rmnode-reachability} Bridge Description Enables the system to send ERP Trap message in case of the event. To disable the system to generate ERP trap message, use the following command.
CLI Management Guide TigerAccess™ EE 8.5 Loop Detection The loop may occur when double paths are used for the link redundancy between switches and one sends unknown unicast or multicast packet that causes endless packet floating on the LAN like loop topology. That superfluous traffic eventually can result in network fault. It causes superfluous data transmission and network fault. To prevent this, the switch provides the loop detecting function.
Management Guide TigerAccess™ EE CLI You can also configure the source MAC address of the loop-detecting packet. Normally the system’s MAC address will be the source MAC address of the loop-detecting packet, but if needed, Locally Administered Address (LAA) can be the address as well. If the switch is configured to use LAA as the source MAC address of the loop-detecting packet, the second bit of first byte of the packet will be set to 1.
CLI Management Guide TigerAccess™ EE 8.6 Dynamic Host Configuration Protocol (DHCP) Dynamic Host Configuration Protocol (DHCP) is a TCP/IP standard for simplifying the administrative management of IP address configuration by automating address configuration for network clients. The DHCP standard provides for the use of DHCP servers as a way to manage dynamic allocation of IP addresses and other relevant configuration details to DHCP-enabled clients on the network.
Management Guide TigerAccess™ EE CLI The switch flexibly provides the functions as the DHCP server or DHCP relay agent according to your DHCP configuration. This chapter contains the following sections: • • • • • • • • • • 8.6.
CLI Management Guide TigerAccess™ EE 8.6.1.1 DHCP Pool Creation The DHCP pool is a group of IP addresses that will be assigned to DHCP clients by DHCP server. You can create various DHCP pools that can be configured with a different network, default gateway and range of IP addresses. This allows the network administrators to effectively handle multiple DHCP environments. To create a DHCP pool, use the following command.
Management Guide TigerAccess™ EE CLI The following is an example for specifying the range of IP addresses. SWITCH(config)# service dhcp SWITCH(config)# ip dhcp pool sample SWITCH(config-dhcp[sample])# network 100.1.1.0/24 SWITCH(config-dhcp[sample])# default-router 100.1.1.254 SWITCH(config-dhcp[sample])# range 100.1.1.1 100.1.1.100 SWITCH(config-dhcp[sample])# i You can also specify several inconsecutive ranges of IP addresses in a single DHCP pool, e.g. 100.1.1.1 to 100.1.1.62 and 100.1.1.129 to 100.
CLI Management Guide TigerAccess™ EE The following is an example of setting default and maximum IP lease time. SWITCH(config)# service dhcp SWITCH(config)# ip dhcp pool sample SWITCH(config-dhcp[sample])# network 100.1.1.0/24 SWITCH(config-dhcp[sample])# default-router 100.1.1.254 SWITCH(config-dhcp[sample])# range 100.1.1.1 100.1.1.100 SWITCH(config-dhcp[sample])# lease-time default 5000 SWITCH(config-dhcp[sample])# lease-time max 10000 SWITCH(config-dhcp[sample])# 8.6.1.
Management Guide TigerAccess™ EE 8.6.1.8 CLI Domain Name To set a domain name, use the following command. Command Mode domain-name DOMAIN DHCP Pool no domain-name 8.6.1.9 Description Sets a domain name. Deletes a specified domain name. DHCP Server Option The switch operating DHCP server can include DHCP option information in the DHCP communication. Before using this function, a global DHCP option format should be created. For details of setting the DHCP option format, refer to the 8.6.
CLI Management Guide TigerAccess™ EE i 8.6.1.11 For more information of the file naming of a DHCP lease database, see Section 8.6.3.1. Recognition of DHCP Client Normally, a DHCP server recognizes DHCP clients with a client ID. However, some DHCP clients may not have their own client ID. In this case, you can select the recognition method as a hardware address instead of a client ID. To select a recognition method of DHCP clients, use the following command.
Management Guide TigerAccess™ EE 8.6.1.13 CLI Authorized ARP The authorized ARP is to limit the lease of IP addresses to authorized users. This feature enables a DHCP server to add ARP entries only for the IP addresses currently in lease referring to a DHCP lease table, discarding ARP responses from unauthorized users (e.g. an illegal use of a static IP address).
CLI Management Guide TigerAccess™ EE To prohibit assigning plural IP addresses to a DHCP client, use the following command. Command Mode ip dhcp check client-hardwareaddress no ip dhcp check client- Prohibits assigning plural IP addresses. Global Permits assigning plural IP addresses. hardware-address 8.6.1.15 Description Ignoring BOOTP Request To allow a DHCP server to ignore received bootstrap protocol (BOOTP) request packets, use the following command.
Management Guide TigerAccess™ EE 8.6.1.17 CLI Setting DHCP Pool Size To limit a size of DHCP pool, use the following command. Command ip dhcp max-pool-size <1-8> 8.6.1.18 Mode Global Description Configures a maximum size of DHCP pool. Displaying DHCP Pool Configuration To display a DHCP pool configuration, use the following command. Command Mode Description show ip dhcp pool [POOL] Enable Shows a DHCP pool configuration.
CLI Management Guide TigerAccess™ EE 8.6.2.1 DHCP Class Capability To enable the DHCP server to use a DHCP class to assign IP addresses, use the following command. Command Mode Enables the DHCP server to use a DHCP class to ip dhcp use class Global assign IP addresses. Disables the DHCP server to use a DHCP class. no ip dhcp use class 8.6.2.2 Description DHCP Class Creation To create a DHCP class, use the following command.
Management Guide TigerAccess™ EE CLI To delete specified option 82 information for IP assignment, use the following command. Command Mode Deletes all specified option 82 informa- no relay-information remote-id all no relay-information all 8.6.2.4 Description DHCP tion that contains only a remote ID. Class Deletes all specified option 82 information. Associating DHCP Class To associate a DHCP class with a current DHCP pool, use the following command.
CLI Management Guide TigerAccess™ EE To specify a DHCP database agent and enable an automatic DHCP lease database backup, use the following command. Command Mode Description Specifies a DHCP database agent and back-up interval. ip dhcp database A.B.C.D INTERVAL Global A.B.C.D: DHCP database agent address INTERVAL: 120-2147483637 (unit: second) Deletes a specified DHCP database agent. no ip dhcp database i Upon entering the ip dhcp database command, the back-up interval will begin.
Management Guide TigerAccess™ EE 8.6.4 CLI DHCP Relay Agent A DHCP relay agent is any host that forwards DHCP packets between clients and servers. The DHCP relay agents are used to forward DHCP requests and replies between clients and servers when they are not on the same physical subnet. The DHCP relay agent forwarding is distinct from the normal forwarding of an IP router, where IP datagrams are switched between networks somewhat transparently.
CLI Management Guide TigerAccess™ EE To specify a DHCP helper address, use the following command. Command Mode Description Specifies a DHCP helper address. More than one adip dhcp helper-address A.B.C.D dress is possible. Interface no ip dhcp helper-address Deletes a specified packet forwarding address. {A.B.C.D | all} i A.B.C.D: DHCP server address If a packet forwarding address is specified on an interface, the switch will enable a DHCP relay agent.
Management Guide TigerAccess™ EE CLI message. The relay agent, however, will forward only one DHCP_OFFER message of the responses from the servers to the DHCP client. The DHCP client will try to respond to the server which sent the DHCP_OFFER with DHCP_REQUEST message, but the relay agent broadcasts it to all the DHCP servers again. To prevent the unnecessary broadcast like this, you can configure a DHCP relay agent to aware the server ID.
CLI Management Guide TigerAccess™ EE 8.6.5 DHCP Option This function enables administrators to define DHCP options that are carried in the DHCP communication between DHCP server and client or relay agent. The following indicates the format of the DHCP options field. DHCP Option Format Code Length Value 1 byte 1 byte or variable 64 bytes A code identifies each DHCP option. It can be expressed in value 0 to 255 by user configuration and some of them are predefined in the standards.
Management Guide TigerAccess™ EE 8.6.5.2 CLI Configuring DHCP Option Format To configure a DHCP option format, use the following command. Command Mode Description attr <1-32> type <0-255> length Sets the type, length, and value of an attribute for a {<1-64> | variable} value {hex | DHCP option. index | ip | string} VALUE attr: They can be made in a DHCP option and are applied in order of attribute value (1-32).
CLI Management Guide TigerAccess™ EE 8.6.6 DHCP Option 82 In some networks, it is necessary to use additional information to further determine which IP addresses to allocate. By using the DHCP option 82, a DHCP relay agent can include additional information about itself when forwarding client-originated DHCP packets to a DHCP server. The DHCP relay agent will automatically add the circuit ID and the remote ID to the option 82 field in the DHCP packets and forward them to the DHCP server.
Management Guide TigerAccess™ EE CLI Fig. 8.36 shows how the DHCP relay agent with the DHCP option 82 operates. DHCP Server 2. DHCP Request + Option82 3. DHCP Respond + Option82 DHCP Relay Agent (Option-82) 1. DHCP Request 4. DHCP Respond DHCP Client Fig. 8.36 8.6.6.1 DHCP Option 82 Operation Enabling DHCP Option 82 To enable/disable the DHCP option 82, use the following command. Command ip dhcp option82 no ip dhcp option82 8.6.6.
CLI Management Guide TigerAccess™ EE To specify a remote ID, use the following command. Command Mode Description system-remote-id hex HEXSTRING system-remote-id ip A.B.C.D Option 82 system-remote-id text STRING Specifies a remote ID. (default: system MAC address) system-remote-id option format NAME To specify a circuit ID, use the following command.
Management Guide TigerAccess™ EE 8.6.6.4 CLI Option 82 Trust Policy Default Trust Policy To specify the default trust policy for DHCP packets, use the following command. Command Mode trust default {deny | permit} i Option 82 Description Specifies the default trust policy for a DHCP packet. If you specify the default trust policy as deny, the DHCP packet that carries the information you specifies below will be permitted, and vice versa.
CLI Management Guide TigerAccess™ EE The DHCP snooping basically permits all the trusted messages received from within the network and filters untrusted messages. In case of untrusted messages, all the binding entries are recorded in a DHCP snooping binding table. This table contains a hardware address, IP address, lease time, VLAN ID, interface, etc.
Management Guide TigerAccess™ EE CLI To discard broadcast request packets of Egress traffic on specified trusted port, use the following command. Command Mode Blocks broadcast request packets of Egress traffic on ip dhcp snooping trust PORTS filter egress bcast-req no ip dhcp snooping trust Global specified trusted port. Unblocks broadcast request packets of Egress traffic on specified trusted port. PORTS filter egress bcast-req 8.6.7.
CLI Management Guide TigerAccess™ EE 8.6.7.5 Source MAC Address Verification The switch can verify that the source MAC address in a DHCP packet that is received on untrusted ports matches the client hardware address in the packet. To enable the source MAC address verification, use the following command. Command Mode Enables the source MAC address veri- ip dhcp snooping verify mac-address Global no ip dhcp snooping verify mac-address 8.6.7.6 Description fication.
Management Guide TigerAccess™ EE CLI To specify a DHCP database agent and enable an automatic DHCP snooping database back-up, use the following command. Command Mode Description Specifies a DHCP snooping database agent and backip dhcp snooping up interval. database A.B.C.D INTERVAL Global A.B.C.D: DHCP snooping database agent address INTERVAL: 120-2147483637 (unit: second) Deletes a specified DHCP snooping database agent.
CLI Management Guide TigerAccess™ EE To configure the automatic change from permit mode to filter mode right after the time exceeds configured time value, use the following command. Command Mode ip dhcp snooping filter-delay timer PORTS <1-2147483637> Description Configures an automatic change from bypass mode to Global filter mode after filter-delay time.
Management Guide TigerAccess™ EE 8.6.7.10 CLI DHCP Snooping with Option82 In case of L2 environment, when forwarding DHCP messages to a DHCP server, a DHCP switch can insert or remove DHCP option82 data on the DHCP messages from the clients. In case of a switch is enabled with DHCP snooping, it floods DHCP packets with DHCP option82 field when the DHCP option82 is enabled. This allows an enhanced security and efficient IP assignment in the Layer 2 environment with a DHCP option82 field.
CLI Management Guide TigerAccess™ EE In case there is not a DHCP snooping option for a specific port, DHCP snooping switch finds the snooping default option. If it exists, DHCP snooping switch sends a DHCP server DHCP messages (Discover/Request) by replacing their options with the snooping default option. To specify a DHCP server default option, use the following command. Command Mode Description ip dhcp snooping default-option Specifies a snooping default option format for a switch.
Management Guide TigerAccess™ EE CLI To configure the policy of DHCP option 77 on a specified port, use the following command. Command Mode Description Configures the policy of DHCP option 77 field for the DHCP Request packet (default: replace) ip dhcp snooping user-class-id port {replace | keep} Global replace: forwards DHCP packets with user class ID according to DHCP option 77 field format.
CLI Management Guide TigerAccess™ EE Source IP and MAC Address Filter IP traffic is filtered based on its source IP address as well as its MAC address; only IP traffic with source IP and MAC addresses matching the IP source binding entry are permitted. When IP source guard is enabled in IP and MAC filtering mode, the DHCP snooping option 82 must be enabled to ensure that the DHCP protocol works properly.
Management Guide TigerAccess™ EE CLI To specify a static IP source binding entry, use the following command. Command Mode Specifies a static IP source binding entry. ip dhcp verify source binding 1-4094: VLAN ID <1-4094> PORT A.B.C.D MACADDR Global no ip dhcp verify source binding A.B.C.D: IP address MAC-ADDR: MAC address Deletes a specified static IP source binding. {A.B.C.D | all} 8.6.8.
CLI Management Guide TigerAccess™ EE 8.6.9 DHCP Client An interface of the switch can be configured as a DHCP client, which can obtain an IP address from a DHCP server. The configurable DHCP client functionality allows a DHCP client to use a user-specified client ID, class ID or suggested lease time when requesting an IP address from a DHCP server. Once configured as a DHCP client, the switch cannot be configured as a DHCP server or relay agent. 8.6.9.
Management Guide TigerAccess™ EE 8.6.9.5 CLI IP Lease Time To specify IP lease time that is requested to a DHCP server, use the following command. Command Mode Specifies IP lease time in the unit of ip dhcp client lease-time <120-2147483637> Interface second (default: 3600). Deletes a specified IP lease time. no ip dhcp client lease-time 8.6.9.6 Description Requesting Option To configure a DHCP client to request an option from a DHCP server, use the following command.
CLI Management Guide TigerAccess™ EE 8.6.10 8.6.10.1 DHCP Filtering DHCP Packet Filtering For the switch, it is possible to block the specific client with MAC address. If the MAC address blocked by administrator requests an IP address, the server does not assign IP address. This function can provide the security of DHCP server. Not to assign IP address for specific client of a port, use the following command.
Management Guide TigerAccess™ EE CLI DHCP Server A 192.168.10.1~192.1 68.10.10 IP assigned Client 3 The equipment that can be a DHCP server Request from Client 1,2 is transmitted to Client 3 IP assigned by Client 3 not by DHCP sever A 10.1.1.1 ~ 10.1.1.10 IP assigned To prevent IP assignment from Client 3, DHCP filtering is needed for the port Client 1 Fig. 8.37 Client 2 DHCP Server Packet Filtering To enable the DHCP server packet filtering, use the following command.
CLI Management Guide TigerAccess™ EE 8.7 Single IP Management It is possible to manage several switches with one IP address by using stacking. If there is a limitation for using IP addresses and there are too many switches, which you must manage, you can manage a number of switches with one IP address using this stacking function. It is named One IP Management because you can easily manage various switches and subscribers connected to the switch with this stacking function.
Management Guide TigerAccess™ EE i 8.7.2 CLI For managing the stacking function, the port connecting Master switch and Slave switch must be in the same VLAN. Designating Master and Slave Switch Designate Master switch using the following command. Command Mode Global stack master Description Sets the switch as a master switch. After designating Master switch, register Slave switch for Master switch. To register Slave switch or delete the registered Slave switch, use the following command.
CLI Management Guide TigerAccess™ EE 8.7.5 Accessing to Slave Switch from Master Switch After configuring all stacking configurations, it is possible to configure and mange by accessing to Slave switch from Master switch. To access to Slave switch from Master switch, use the following command in Bridge Configuration mode. Command rcommand NODE Mode Enable Description Accesses to a slave switch. NODE: node number NODE means node ID from configuring stacking in Slave switch.
Management Guide TigerAccess™ EE CLI Step 2 Configure Switch A as Master switch. Configure VLAN to belong in the same switch group and after registering Slave switch, configure it as a Master switch. SWITCH_A(config)# stack master SWITCH_A(config)# stack device default SWITCH_A(config)# stack add 00:d0:cb:22:00:11 Step 3 Configure VLAN in order to belong to the same switch group in Switch B registered in Master switch as Slave switch and configure as a Slave switch.
CLI Management Guide TigerAccess™ EE To disconnect, input as the below. SWITCH# exit Connection closed by foreign host. SWITCH(bridge)# 8.8 Rate Limit User can customize port bandwidth according to user’s environment. By this configuration, you can prevent a certain port to monopolize whole bandwidth so that all ports can use bandwidth equally. Egress and ingress can be configured both to be same and to be different.
Management Guide TigerAccess™ EE 8.9 CLI Flood Guard Flood-guard limits number of packets, how many packets can be transmitted, in configured bandwidth, whereas Rate limit controls packets through configuring width of bandwidth, which packets pass through. This function prevents receiving packets more than configured amount without enlarging bandwidth.
CLI Management Guide TigerAccess™ EE 8.9.2 CPU Flood-Guard To specify the number of broadcast packets which are transmitted in CPU, use the following command. Command Mode Limits the number of broadcast packets which are cpu-flood-guard PORTS <1-6000> Description Bridge transmitted to CPU for 1 second. Disables a configured cpu flood guard. no cpu-flood-guard [PORTS] To set the timer of limiting packet numbers that are incoming to CPU, use the following command.
Management Guide TigerAccess™ EE 8.9.3 CLI Port Flood-Guard A packet storm occurs unexpectedly when a large number of broadcast, unicast, or multicast packets are received on a port. Forwarding these packets can cause the network to slow down or to time out. This switch provides pps-control function that controls traffic for a specified port by threshold value.
CLI Management Guide TigerAccess™ EE 8.10 Storm Control The switch provides a storm control feature for mass broadcast, multicast, and destination lookup failure (DLF). Generally, wrong network configuration, hardware malfunction, virus and so on cause these kinds of mass packets. Packet storm occupies most of the bandwidth of the network, and that causes the network very unstable. To enable/disable the storm control, use the following command.
Management Guide TigerAccess™ EE CLI The following is an example of enabling the jumbo frame capacity. SWITCH(bridge)#jumbo-frame enable SWITCH(bridge)# show jumbo-frame Name : Current/Default port01 : 9188/ 1518 port02 : 9188/ 1518 port03 : 9188/ 1518 port04 : 9188/ 1518 port05 : 9188/ 1518 port06 : 9188/ 1518 port07 : 9188/ 1518 port08 : 9188/ 1518 port09 : 9188/ 1518 port10 : 9188/ 1518 --more-SWITCH(bridge)# 8.
CLI Management Guide TigerAccess™ EE 9 IP Multicast IP communication provides three types of packet transmission: unicast, broadcast and multicast. Unicast is the communication for a single source host to a single destination host. This is still the most common transmission form in the IP network. Broadcast is the communication for a single source host to all destination hosts on a network segment.
Management Guide TigerAccess™ EE 9.1 CLI Multicast Group Membership The most important implementation of the multicast is the group membership management. The multicast group membership allows a router to know which host is interested in receiving the traffic from a certain multicast group and to forward the multicast traffic corresponding to the group to that host.
CLI Management Guide TigerAccess™ EE 9.1.1.1 Clearing IGMP Entry To clear IGMP entries, use the following command. Command Mode Deletes all IGMP entries. clear ip igmp Deletes the IGMP entries learned from a specified clear ip igmp interface INTERFACE interface. Enable INTERFACE: interface name Deletes IGMP entries in a specified IGMP group. clear ip igmp group {* | A.B.C.D *: all IGMP group [INTERFACE]} 9.1.1.2 Description A.B.C.
Management Guide TigerAccess™ EE 9.1.2 CLI IGMP Version 2 In IGMP version 2, the new extensions such as the leave process, election of an IGMP querier, and membership report suppression are added. New IGMP messages, the leave group and group-specific query can be used by hosts to explicitly leave groups, resulting in great reduction of the leave latency.
CLI Management Guide TigerAccess™ EE 9.1.2.1 IGMP Static Join When there are no more group members on a network segment or a host cannot report its group membership using IGMP, multicast traffic is no longer transmitted to the network segment. However, you may want to pull down multicast traffic to a network segment to reduce the time from when an IGMP join request is made to when the requested stream begins arriving at a host, which is called the zapping time.
Management Guide TigerAccess™ EE CLI To display the IGMP static join group list, use the following command. Command Mode Shows the IGMP static join group list. show ip igmp static-group show ip igmp static-group list {<1-99> | <1300-1999> | WORD} [vlan VLAN] i ! 9.1.
CLI Management Guide TigerAccess™ EE – Current-state: This indicates the current filter mode including/excluding the specified multicast address. – Filter-mode-change: This indicates a change from the current filter mode to the other mode. – Source-list-change: This indicates a change allowing/blocking a list of the multicast sources specified in the record. IGMPv3 Operation Basically, IGMPv3 has the same join/leave (allow/block in the IGMPv3 terminology) and query-response mechanism as IGMPv2’s.
Management Guide TigerAccess™ EE 9.2.1.1 CLI Blocking Unknown Multicast Traffic When certain multicast traffic comes to a port and the McFDB has no forwarding information for the traffic, the multicast traffic is flooded to all ports by default. You can configure the switch not to flood unknown multicast traffic. To configure the switch not to flood unknown multicast traffic, use the following command.
CLI Management Guide TigerAccess™ EE To clear multicast forwarding entries, use the following command. Command Mode Description Clears multicast forwarding entries. clear ip mcfdb [* | vlan VLAN] clear ip mcfdb vlan VLAN group A.B.C.D source A.B.C.D 9.2.2 *: all forwarding entries Enable VLAN: VLAN ID (1-4094) Global Clears a specified forwarding entry.
Management Guide TigerAccess™ EE 9.2.2.1 CLI Enabling IGMP Snooping The switch supports forwarding tables for IGMP snooping on a VLAN basis. You can enable IGMP snooping globally or on each VLAN respectively. By default, IGMP snooping is globally disabled. To enable IGMP snooping, use the following command. Command Mode Description Enables IGMP snooping globally. ip igmp snooping ip igmp snooping vlan VLANS Global Enables IGMP snooping on a VLAN.
CLI Management Guide TigerAccess™ EE 9.2.2.3 IGMP Snooping Robustness Value The robustness variable allows tuning for the expected packet loss on a network. If a network is expected to be lossy, the robustness variable may be increased. When receiving the query message that contains a certain robustness variable from an IGMP snooping querier, a host returns the report message as many as the specified robustness variable. To configure the robustness variable, use the following command.
Management Guide TigerAccess™ EE CLI To disable the IGMP snooping querier, use the following command. Command Mode Description no ip igmp snooping querier [address] no ip igmp snooping vlan Global Disables the IGMP snooping querier. address: source address of IGMP snooping query VLANS querier [address] i If you do not specify a source address of an IGMP snooping query, the IP address configured on the VLAN is used as the source address by default.
CLI Management Guide TigerAccess™ EE To specify a maximum query response time advertised in general query messages, use the following command. Command Mode Description Specifies a maximum query response time. ip igmp snooping querier maxresponse-time <1-25> 1-25: maximum response time (default: 10 seconds) ip igmp snooping vlan VLANS Global querier max-response-time <1- Specifies a maximum query response time.
Management Guide TigerAccess™ EE CLI To delete a specified an interval to send group-specific or group-source-specific query messages, use the following command. Command no ip igmp snooping Mode Description last- member-query-interval no ip VLANS igmp snooping vlan Global Deletes a specified last member query interval. last-member-query- interval 9.2.3.
CLI Management Guide TigerAccess™ EE 9.2.3.4 IGMP Snooping Report Suppression If an IGMP querier sends general query messages, and hosts are still interested in the multicast traffic, the hosts should return membership report messages. For a multicast router, however, it is sufficient to know that there is at least one interested member for a group on the network segment.
Management Guide TigerAccess™ EE CLI To disable IGMP snooping S-Query Report Agency, use the following command. Command Mode no ip igmp snooping s-queryreport-agency 9.2.3.6 Global Description Disables IGMP snooping s-query-report agency. Explicit Host Tracking Explicit host tracking is one of the important IGMP snooping features. It has the ability to build the explicit tracking database by collecting the host information via the membership reports sent by hosts.
CLI Management Guide TigerAccess™ EE To display the explicit tracking information, use the following command. Command Mode show ip igmp snooping explicit- Shows the explicit host tracking information globally. tracking show ip igmp snooping explicittracking vlan VLANS show ip igmp snooping explicittracking port PORTS i 9.2.3.7 Description Enable Global Bridge Shows the explicit host tracking information per VLAN. VLANS: VLAN ID (1-4094) Shows the explicit host tracking information per port.
Management Guide TigerAccess™ EE CLI Multicast Router Port Learning Multicast router ports are added to the forwarding table for every Layer 2 multicast entry. The switch dynamically learns those ports through snooping on PIM hello packets. To enable the switch to learn multicast router ports through PIM hello packets, use the following command. Command Mode Description ip igmp snooping mrouter learn Enables to learn multicast router ports through PIM pim hello packets globally.
CLI Management Guide TigerAccess™ EE 9.2.3.8 TCN Multicast Flooding When a network topology change occurs, the protocols for a link layer topology – such as spanning tree protocol (STP), Ethernet ring protection (ERP), etc – notify switches in the topology using a topology change notification (TCN).
Management Guide TigerAccess™ EE CLI To specify a query interval to stop multicast flooding, use the following command. Command Mode Description Specifies a query interval to stop multicast flooding in the unit of second. An actual stop-flooding interval is ip igmp snooping tcn flood query interval <1-1800> Global calculated by (query count) x (query interval).
CLI Management Guide TigerAccess™ EE To disable IGMPv3 immediate block, use the following command. Command Mode no ip igmp snooping immediateblock no ip igmp snooping vlan Disables immediate block globally. Global 9.2.5 Disables immediate block on a VLAN. VLANS: VLAN ID (1-4094) VLANS immediate-block i Description IGMPv3 immediate block is enabled by default. Displaying IGMP Snooping Information To display a current IGMP snooping configuration, use the following command.
Management Guide TigerAccess™ EE 9.2.6 CLI Multicast VLAN Registration (MVR) Multicast VLAN registration (MVR) is designed for applications using multicast traffic across an Ethernet network. MVR allows a multicast VLAN to be shared among subscribers remaining in separate VLANs on the network.
CLI Management Guide TigerAccess™ EE 9.2.6.3 Source/Receiver Port You need to specify the source and receiver ports for MVR. The followings are the definitions for the ports. • Source Port This is connected to multicast routers or sources as an uplink port, which receives and sends the multicast traffic. Subscribers cannot be directly connected to source ports. All source ports belong to the multicast VLAN as tagged.
Management Guide TigerAccess™ EE 9.2.7 CLI IGMP Filtering and Throttling IGMP filtering and throttling control the distribution of multicast services on each port. IGMP filtering controls which multicast groups a host on a port can join by associating an IGMP profile that contains one or more IGMP groups and specifies whether an access to the group is permitted or denied with a port. For this operation, configuring the IGMP profile is needed before configuring the IGMP filtering.
CLI Management Guide TigerAccess™ EE Enabling IGMP Filtering To enable IGMP filtering for a port, a configured IGMP profile needs to be applied to the port. To apply an IGMP profile to ports to enable IGMP filtering, use the following command. Command Mode Applies an IGMP profile to ports ip igmp filter port PORTS profile <1-2147483647> Description Global PORTS: port number 1-2147483647: IGMP profile number Releases an applied IGMP profile.
Management Guide TigerAccess™ EE 9.2.7.2 CLI IGMP Throttling You can configure the maximum number of multicast groups that a host on a port can join. To specify the maximum number of IGMP groups per port, use the following command. Command Mode Description Specifies the maximum number of IGMP groups that ip igmp max-groups port PORTS hosts on specific port can join.
CLI Management Guide TigerAccess™ EE tween general traffic receivers and multicast traffic receivers, and is a more efficient use of system resources because it sends the multicast traffic to specic hosts which want to receive the traffic. To configure a specified port as a multicast-source trust port, use the following command.
Management Guide TigerAccess™ EE CLI 10 System Software Upgrade 10.1 General Upgrade For the system enhancement and stability, new system software may be released. Using this software, the switch can be upgraded without any hardware change. You can simply upgrade your system software with the provided upgrade functionality via the CLI.
CLI Management Guide TigerAccess™ EE SWITCH# show flash Flash Information(Bytes) Area total used free -------------------------------------------------------------OS1(default)(running) 16777216 13661822 3115394 5.01 #3001 OS2 16777216 13661428 3115788 4.
Management Guide TigerAccess™ EE CLI To configure an IP address, use the following command. Command ip A.B.C.D Mode Boot ip Description Configures an IP address. Shows a currently configured IP address. To configure a subnet mask, use the following command. Command netmask A.B.C.D Mode Boot netmask Description Configures a subnet mask. (e.g. 255.255.255.0) Shows a currently configured subnet mask. To configure a default gateway, use the following command. Command gateway A.B.C.
CLI Management Guide TigerAccess™ EE Step 3 Download the new system software via TFTP using the following command. Command Mode Description Downloads the system software. load {os1 | os2} A.B.C.D FILE- Boot NAME os1 | os2: the area where the system software is stored A.B.C.D: TFTP server address FILENAME: system software file name To verify the system software in the system, use the following command. Command Mode Boot flashinfo ! Description Shows the system software in the system.
Management Guide TigerAccess™ EE CLI Step 4 Reboot the system with the new system software using the following command. Command reboot [os1 | os2] Mode Boot Description Reboots the system with specified system software. os1 | os2: the area where the system software is stored If the new system software is a current standby OS, just exit the boot mode, then the interrupted system boot will be continued again with the new system software. To exit the boot mode, use the following command.
CLI Management Guide TigerAccess™ EE Step 5 Exit the FTP client using the following command. Command Mode FTP bye ! Description Exits the FTP client. To reflect the downloaded system software, the system must restart using the reload command! For more information, see Section 4.1.10.1. The following is an example of upgrading the system software of the switch using the FTP provided by Microsoft Windows XP in the remote place. Microsoft Windows XP [Version 5.1.
Management Guide TigerAccess™ EE CLI 11 Abbreviations SMC7824M/VSW AES Advanced Encryption Standard ARP Address Resolution Protocol CE Communauté Européenne CIDR Classless Inter Domain Routing CLI Command Line Interface CoS Class of Service DA Destination Address DHCP Dynamic Host Configuration Protocol DSCP Differentiated Service Code Point DSL Digital Subscriber Line DSLAM Digital Subscriber Line Access Multiplexer EMC Electro-Magnetic Compatibility EN Europäische Norm (Europe
CLI 382 Management Guide TigerAccess™ EE IRL Input Rate Limiter ISP Internet Service Provider ITU International Telecommunication Union ITU-T International Telecommunication Union Telecommunications standardization sector IU Interface Unit L2 Layer 2 LACP Link Aggregation Control Protocol LAN Local Area Network LCT Local Craft Terminal LLDP Link Layer Discover Protocol LLID Logical Link ID MAC Medium Access Control McFDB Multicast Forwarding Database MFC Multicast Forwarding Ca
Management Guide TigerAccess™ EE SMC7824M/VSW CLI SNTP Simple Network Time Protocol SSH Secure Shell STP Spanning Tree Protocol SW Software TCN Topology Change Notification TCP Transmission Control Protocol TFTP Trivial FTP TIB Tree Information Base TOS Type of Service UDP User Datagram Protocol UMN User Manual VID VLAN ID VLAN Virtual Local Area Network VoD Video on Demand VPI Virtual Path Identifier VPN Virtual Private Network xDSL Any form of DSL 383
CLI Management Guide TigerAccess™ EE 384 SMC7824M/VSW
FOR TECHNICAL SUPPORT, CALL: From U.S.A. and Canada (24 hours a day, 7 days a week) (800) SMC-4-YOU; (949) 679-8000; Fax: (949) 679-1481 From Europe: Contact details can be found on www.smc.com INTERNET E-mail addresses: techsupport@smc.com Driver updates: http://www.smc.com/index.cfm?action=tech_support_drivers_downloads World Wide Web: http://www.smc.com FOR LITERATURE OR ADVERTISING RESPONSE, CALL: U.S.A.
