STCS GE Core Routing Switch Configuration Manual VER: G Core Routing Switch User Manual

Size: px

Start display at page:

Download "STCS GE Core Routing Switch Configuration Manual VER: G Core Routing Switch User Manual"

Hubert Wood
5 years ago
Views:

2 About This Manual Release Notes This manual applies to STCS GE Core Routing Switches. Related Manuals The related manuals are listed in the following table. STCS GE Core Routing Switch Installation Guide Manu STCS GE Core Routing Switch Configuration Guide Manu Intended Audience The manual is intended for the following readers: Network engineers Network administrators Customers who are familiar with network fundamentals Conventions The manual uses the following conventions: I. General conventions Convention Description Arial Normal paragraphs are in Cailbri Arial Narrow Warnings, Cautions, Notes and Tips are in Calibri Narrow. Boldface Headings are in Boldface. Courier New Terminal Display is in Courier New. II. Command conventions Conventio Boldface italic Description The keywords of a command line are in Boldface. Command arguments are in italic. [ ] Items (keywords or arguments) in square brackets [ ] are optional. { x y... } Alternative items are grouped in braces and separated by vertical bars. One is selected. [ x y... ] Optional alternative items are grouped in square brackets and separated by vertical bars. One or none is selected. III. GUI conventions Convention Description < > Button names are inside angle brackets. For example, click the <OK> button. 陈泽科技有限公司

3 [] Window names, menu items, data table and field names are inside square brackets. For example, pop up the [New User] window. / Multi-level menus are separated by forward slashes. For example, [File/Create/Folder]. IV. Keyboard operation Format <Key> <Key1+Key2> <Key1, Key2> V. Mouse operation Action Click Double Click Drag Description Press the key with the key name inside angle brackets. For example, <Enter>, <Tab>, <Backspace>, or <A>. Press the keys concurrently. For example, <Ctrl+Alt+A> means the three keys should be pressed concurrently. Press the keys in turn. For example, <Alt, A> means the two keys should be pressed in turn. Description Press the left button or right button quickly (left button bydefault). Press the left button twice continuously and quickly. Press and hold the left button and drag it to a certain position. VI. Symbols Eye-catching symbols are also used in the manual to highlight the points worthy of special attention during the operation. They are defined as follows: Caution: Means reader be extremely careful during the operation. Note: Means a complementary description. 陈泽科技有限公司

4 CONTENT 1 Product Overview Product Overview Function Features Logging in Switch Setting up Configuration Environment via the Console Port Setting up Configuration Environment through Telnet Connecting a PC to the Switch through Telnet Telneting a Switch through another Switch Command Line Interface Command Line Interface Command Line configure mode Features and Functions of Command Line Online Help of Command Line Displaying Characteristics of Command Line History Command of Command Line Common Command Line Error Messages Editing Characteristics of Command Line Chapter 4 Basic Configuration Console Connection Creating user and setting password Saving configuration file Restore system to default configuration Reboot system Configuring a System Name System service configuration Port Configuration Ethernet Port Overview Ethernet Port Configuration Entering interface configuration mode Enabling/Disabling an Ethernet Port Setting the Duplex Attribute and speed of the Ethernet Port Adding a Description for an Interface Enabling/Disabling Flow Control for the Ethernet Port Setting the Ethernet Port Broadcast Suppression Setting the Ethernet Port multicast Suppression Setting the Ethernet Port dlf Suppression Setting Port Mirroring VLAN Configuration VLAN Overview Configuring VLAN Creating/Deleting a VLAN Assigning Static-Access Ports to a VLAN Configuring VLAN Trunks 陈泽科技有限公司

5 6.1 Assigning IP Address for a VLAN IP Address Overview Assigning IP Address for a VLAN Troubleshooting IP Address Configuration Configuring IP Routing Introduction to IP Route and Routing Table IP Route and Route Segment Route Selection through the Routing Table Routing Management Policy Routing protocols and the preferences of the corresponding routes Supporting Load Sharing and Route Backup Routes Shared between Routing Protocols Static Route Configuration Introduction to Static Route Static Route Configuration Typical Static Route Configuration Example Static Route Fault Diagnosis and Troubleshooting RIP Configuration Brief Introduction to RIP RIP Configuration Typical RIP Configuration Example OSPF Configuration OSPF Overview OSPF Configuration Displaying and Debugging OSPF Typical OSPF Configuration Example OSPF Fault Diagnosis and Troubleshooting IP Multicast Protocol IP Multicast Overview Problems with Unicast/Broadcast Advantages of Multicast Application of Multicast Implementation of IP Multicast Multicast Addresses IP Multicast Protocols IP Multicast Packet Forwarding IGMP Snooping Configuration IGMP Snooping Overview IGMP Snooping Configuration IGMP Snooping Configuration Example Troubleshoot IGMP Snooping IGMP Configuration IGMP Overview IGMP Configuration PIM-SM Configuration PIM-SM Overview PIM-SM Configuration 陈泽科技有限公司

6 9 ACL Configuration ACL Overview configuring ACL Defining ACL Applying an ACL to an Interface SNMP Configuration SNMP Overview SNMP Versions and Supported MIB Configure SNMP Setting Community Name Setting the Destination Address of Trap and Trap Parameters SNMP Configuration Example File System Management Update the software image of MCU board Update the software image of LPU board 陈泽科技有限公司

7 1. Product Overview 1.1. Product Overview STCS GE Core Routing Switch is a type of large capacity, modularized L2/L3 switches. It is mainly designed for broadband MAN, backbone, switching core and convergence center of large-sized enterprise network and campus network. They provide diverse services and can be used in constructing stable and high-performance IP network. STCS GE Core Routing Switch uses integrated chassis, which can be subdivided into power supply area, board area, backplane and fan area. In the board area, there are ten slots: the middle two ( slot5, slot6) accommodate CPU boards, which are in 1+1 redundancy; the remaining eight accommodate LPU boards, which can be hybrid. STCS GE Core Routing Switch supports the following services: Internet broadband access MAN, enterprise/campus networking Providing multicast service and multicast routing and supporting multicast audio and video services Function Features Specification Protocol Backplane Bandwidth Switching Capacity Packet Forwarding Rate Module slots STCS6010 IEEE 802.1D, IEEE 802.3, IEEE 802.3u, IEEE 802.3x, IEEE 802.3z, IEEE 802.1Q, *IEEE 802.1p, *GMRP, *GVRP, PIM-SM, IGMP, *IEEE 802.1D/1w/1s, OSPF, RIP1/2 *Jumbo Frame(9Kbytes),*QinQ*ICMPV6 *OSPFV3(for IPV6) *RIPng *MLDV1/V2 *ISATAP *6 TO 4 Tunnels *configured Tunnels 768Gbps 512Gbps 285.7Mpps 10(Two are used for managed engine module) LPU slots 8 MAC Table VLAN Table *Port Aggregation *STP/RSTP 128K 4K Support 802.3ad,6 trunks, 8 ports in each trunk Support IEEE 802.3D/802.1w/802.1s 陈泽科技有限公司

8 Mirror *SUPER VLAN *DHCP *802.1x *Web Portal *VRRP Defeat DoS Attack Support Support Support DHCP Relay Support DHCP Server Support Support Support Support 10G Core Routing Switch User Manual *Management protocol SNMPv1/v2c/v3 Web(JAVA) CLI(Telnet /Console) RMON(1,2,3,9) cluster management SSH SNTP Syslog Working Environment Operation temperature Storage temperature Humidity Power supply -20~50 C -40~70 C 10% - 90% RH AC:100V~240V, 47~63Hz DC:-60V~-48V Dimension(mm)(L W H) Weight(Kg) <40Kg Power <240W 陈泽科技有限公司

9 2. Logging in Switch 10G Core Routing Switch User Manual 2.1. Setting up Configuration Environment via the Console Port Step 1: As shown in the figure below, to set up the local configuration environment, connect the serial port of a PC (or a terminal) to the Console port of the switch with the Console cable. Figure 2-1 Setting up the local configuration environment via the Console port Step 2: Run terminal emulator (such as Terminal on Windows 3X or the Hyper Terminal on Windows 9X) on the Computer. Set the terminal communication parameters as follows: Set the baud rate to 19200, databit to 8, parity check to none, stopbit to 1, flow control to none and select the terminal type as VT100. Figure 2-2 Setting up new connection 陈泽科技有限公司

10 Figure 2-3 Configuring the port for connection Figure 2-4 Setting communication parameters 陈泽科技有限公司

Step 3: The switch is powered on. Display self-test information of the switch and prompt you to press Enter to show the command line prompt such as switch>.

11 Step 3: The switch is powered on. Display self-test information of the switch and prompt you to press Enter to show the command line prompt such as switch>. Step 4: Input a command to configure the switch or view the operation state. Input a? for an immediate help. For details of specific commands, refer to the following chapters Setting up Configuration Environment through Telnet Connecting a PC to the Switch through Telnet After you have correctly configured IP address of a VLAN interface for an switch via Console port, and added the port to this VLAN (using port command in VLAN view), you can telnet this switch and configure it. Step 1: Authenticate the Telnet user via the Console port before the user logs in by Telnet. Step 2: To set up the configuration environment, connect the Ethernet port of the PC to that of the switch via the LAN. Figure 2-5 Setting up configuration environment through telnet Step 3: Run Telnet on the PC and input the IP address of the VLAN connected to the PC port. Figure 2-6 Running Telnet Step 4: The terminal displays Login: and prompts the user to input the logon user name and password. After you input the correct user name and password, it displays the command line prompt (such as switch#). 陈泽科技有限公司

Step 5: Use the corresponding commands to configure the switch or to monitor the running state. Enter? to get the immediate help. For details of specific commands, refer to the following chapters. 2.

12 Step 5: Use the corresponding commands to configure the switch or to monitor the running state. Enter? to get the immediate help. For details of specific commands, refer to the following chapters Telnet a Switch through another Switch After a user has logged into a switch, he or she can configure another switch through the switch via Telnet. The local switch serves as Telnet client and the peer switch serves as Telnet server. If the ports connecting these two switches are in a same local network, their IP addresses must be configured in the same network segment. Otherwise, the two switches must establish a route that can reach each other. As shown in the figure below, after you telnet to a switch, you can run telnet command to log in and configure another switch. Figure 2-7 Providing Telnet Client service Step 1: Authenticate the Telnet user via the Console port on the Telnet Server (switch) before login. Step 2: The user logs in the Telnet Client (switch). For the login process, refer to the section describing Connecting a PC to the Switch through Telnet. Step 3: Perform the following operations on the Telnet Client: Step 4: Enter the preset login password and you will see the prompt such switch#. Step 5: Use the corresponding commands to configure the switch or view it running state. Enter? to get the immediate help. For details of specific commands, refer to the following chapters. 3. Command Line Interface 3.1. Command Line Interface These series switches provide a series of configuration commands and command line interfaces for configuring and managing the switch. The command line interface has the following characteristics: Local configuration via the Console port and AUX port. Local or remote configuration via Telnet. Hierarchy command protection to avoid the unauthorized users accessing switch.enter a? to get immediate online help. Provide network testing commands, such as Ping, to fast troubleshoot the network. Log in and manage other switch directly, using the Telnet command. Provide FTP service for the users to upload and download files. Provide the function similar to Doskey to execute a history command. The command line interpreter searches for target not fully matching the keywords. It is ok for you to key in the whole keyword or part of it, as long as it is unique and not ambiguous. 陈泽科技有限公司

13 3.2. Command Line configure mode 10G Core Routing Switch User Manual The command line provides the following configure mode: Normal EXEC mode privileged EXEC mode Global configuration mode VLAN interface configuration mode OSPF configuration mode The following table describes the function features of different views and the ways to enter or quit. Table 3-1 Function feature of command configure mode. Command mode Function Prompt Command to enter Normal EXEC mode Switch> privileged EXEC mode Global configuration mode interface configure mode OSPF configuration mode RIP configuration mode Show the basic information about operation and statistics Show the basic information about operation and statistics Configure system parameters Configure interface parameters Configure OSPF parameters Configure RIP parameters Switch# Enter right user name and password Enter <enable> and right password Switch(config)# Key in config in user user configure mode Switch(config-if)# Key in Interface interface_type interface_id in system configure mode Switch(config-ospf)# Key in Router ospf in system configure mode Switch(config-rip)# Key in Router rip in system configure mode Command to exit exit Exit returns to normal EXEC mode Exit returns to user configure mode Exit returns to system configure mode Exit returns to system configure mode Exit returns to system configure mode 陈泽科技有限公司

14 3.3. Features and Functions of Command Line 10G Core Routing Switch User Manual Online Help of Command Line The command line interface provides the following online help modes. Full help Partial help You can get the help information through these online help commands, which are described as follows. Input? in any configure mode to get all the commands in it and corresponding descriptions. switch#? clear Clear the screen. config Config system's setting. debug Debugging functions download Download file for software upgrade or load user config. exit Exit current mode and shift to previous mode. help Description of the interactive help system. history Config history command. kill Kill some unexpected things. logout Disconnect from switch and quit. no Negate a command or set its defaults. ping Ping command to test if the net is correct. quit Disconnect from switch and quit. reboot Reboot the switch. remove Remove system configuration. sendmsg Send message to online user. show Show running system information. telnet Telnet to other host or switch. terminal Set terminal line parameters. upload Upload file for software upgrade or upload user config. who Display who is connected to the switch. write Save current running configuration to flash. 1) Input a command with a? separated by a space. If this position is for keywords, all the keywords and the corresponding brief descriptions will be listed. switch(config)# port? speed Set port speed. state Set port state. type Set port type. 3) Input a command with a? separated by a space. If this position is for parameters, all the parameters and their brief descriptions will be listed. switch(config)# router? 陈泽科技有限公司

15 hw-sync Dynamic route synchronize with hardware route table ospf OSPF specific commands rip Set Rip config parameters. 10G Core Routing Switch User Manual switch(config)# router ospf? <cr> Just Press <Enter> to Execute command! <cr> indicates no parameter in this position. The next command line repeats the command, you can press <Enter> to execute it directly. 4) Input a character string with a?, then all the commands with this character string as their initials will be listed. switch(config)# a? access-list Set access-list parameters. arp Config system's setting. authentication Config information of authentication. 5) Input a command with a character string and?, then all the key words with this character string as their initials in the command will be listed. switch# show ve? version Display SPROS version. 6) Input the first letters of a keyword of a command and press <Tab> key. If no other keywords are headed by this letters, then this unique keyword will be displayed automatically Displaying Characteristics of Command Line Command line interface provides the following display characteristics: For users convenience, the instruction and help information can be displayed in both English and Chinese. For the information to be displayed exceeding one screen, pausing function is provided. In this case, users can have three choices, as shown in the table below. Table 3-2 Functions of displaying Key or Command Press <Q> when the display pauses Press any key when the display pauses Press <Enter> when the display pauses Function Stop displaying and executing command. Continue to display the next screen of information. Continue to display the next line of information. 陈泽科技有限公司

16 History Command of Command Line 10G Core Routing Switch User Manual Command line interface provides the function similar to that of DosKey. The commands entered by users can be automatically saved by the command line interface and you can invoke and execute them at any time later. History command buffer is defaulted as 10. That is, the command line interface can store 10 history commands for each user.the operations are shown in the table below. Table 3-3 Retrieving history command Operation Key Result Display history command Retrieve the previous history command Retrieve the next history command Down history Up cursor key < > or <Ctrl+P> Down cursor key < > or <Ctrl+N> Display history command by user inputting command, if there is any. Retrieve the next history command, if there is any Common Command Line Error Messages All the input commands by users can be correctly executed, if they have passed the grammar check. Otherwise, error messages will be reported to users. The common error messages are listed in the following table. Table 3-4 Common command line error messages Error messages Unrecognized command Incomplete command Too many parameters Ambiguous command Causes Cannot find the command. Cannot find the keyword. Wrong parameter type. The value of the parameter exceeds the range. The input command is incomplete. Enter too many parameters. The parameters entered are not specific Editing Characteristics of Command Line Command line interface provides the basic command editing function and supports to edit multiple lines. A command cannot longer than 256 characters. See the table below. Table 3-5 Editing functions 陈泽科技有限公司

17 Key Common keys Backspace Leftwards cursor key < > or <Ctrl+B> Rightwards cursor key < > or <Ctrl+F> Up cursor key < > or <Ctrl+P> Down cursor key < > or <Ctrl+N> <Tab> Function 10G Core Routing Switch User Manual Insert from the cursor position and the cursor moves to the right, if the edition buffer still has free space. Move the cursor a character backward Move the cursor a character backward Move the cursor a character forward Retrieve the history command. Press <Tab> after typing the incomplete key word and the system will execute the partial help: If the key word matching the typed one is unique, the system will replace the typed one with the complete key word and display it in a new line; if there is not a matched key word or the matched key word is not unique, the system will do no modification but display the originally typed word in a new line. 陈泽科技有限公司

18 4. Basic Configuration 10G Core Routing Switch User Manual 4.1. Console Connection The CLI program provides two different command levels normal access level (Normal Exec) and privileged access level (Privileged Exec). The commands available at the Normal Exec level are a limited subset of those available at the Privileged Exec level and allow you to only display information and use basic utilities. To fully configure the switch parameters, you must access the CLI at the Privileged Exec level. Access to both CLI levels are controlled by user names and passwords. The switch has a default user name and password for each level. To log into the CLI at the Privileged Exec level using the default user name and password, perform these steps: 1. To initiate your console connection, press <Enter>. The User Access Verification procedure starts. 2. At the <Login:> prompt, enter admin. 3. At the Password prompt, direct press enter (The default password not set.) 4. The session is opened and the CLI displays the switch> prompt indicating you have access at the Normal Exec level. 5. At the switch> prompt,enter enable. 6. At the Password prompt, direct press enter (The default password not set.) 7. The session is opened and the CLI displays the switch# prompt indicating you have access at the Privileged Exec level Creating user and setting password When you create new user,the default user is deleted automatically. Beginning in privileged EXEC mode, follow these steps to create user and set password. Command Purpose Step 2 user add user-name login-password login-password Create user and set login password. User-name is less than 4 chars. Step 3 Step 4 user login-password user-name <CR> Input new login password for user abc please. New Password: Confirm Password: user enable-password user-name <CR> Input new enable password for user abc please. New Password: Confirm Password: Login-password is less than 6 chars. (optional) Change login password. (optional) Set or change enable password. 陈泽科技有限公司

19 Step 5 user role user-name {NORMA ADMIN enable-password enable-password} 10G Core Routing Switch User Manual (optional) Change user access level. Step 6 exit Return to privileged EXEC mode. Step 7 user list Verify your entries. Step 8 Copy running-config startup-config (Optional) Save your entries in the configuration file Saving configuration file Use the Copy running-configuration startup-configuration command to save the current-configuration in the Flash Memory, and the configurations will become the startup-configuration when the system is powered on for the next time. Beginning in privileged EXEC mode, follow these steps to save configuration to the FLASH Memory. Command Step 1 Copy running-configuration startup-configuration Purpose Save your entries in the configuration file Restore system to default configuration You can use earse command to resume the startup-configuration to default configuration, after that you must reboot the system. Beginning in privileged EXEC mode, follow these steps to restore system to default configuration. Command Purpose Step 1 Erase startup-config Save your entries in the configuration file. Step 2 reboot Reboot the system Reboot system Beginning in privileged EXEC mode, follow these steps to restart the system. Command Purpose Step 1 reboot Reboot the system Configuring a System Name You configure the system name on the switch to identify it. By default, the system name is Switch. The default switch system name and prompt is Switch. Beginning in privileged EXEC mode, follow these steps to manually configure a system name: 陈泽科技有限公司

20 Command Purpose 10G Core Routing Switch User Manual Step 2 hostname <hostname> Manually configure a system name. The default setting is switch. The name must follow the rules for ARPANET host names. They must start with a letter, end with a letter or digit, and have as interior characters only letters, digits, and hyphens. Names can be up to 63 characters. Step 3 exit Return to privileged EXEC mode. Step 4 show running-config Verify your entries. Step 5 Copy running-config startup-config (Optional) Save your entries in the configuration file System service configuration Beginning in privileged EXEC mode, follow these steps to enable/disable snmp and telnet system service: Command Purpose Step 2 service telnet {enable disable} Enabling/disabling telnet service. Step 3 show services Verify your entries. Step 4 Copy running-config startup-config (Optional) Save your entries in the configuration file Setting system Clock manually If you have an outside source on the network that provides time services, such as an NTP server, you do not need to manually set the system clock. Beginning in privileged EXEC mode, follow these steps to set system clock: Command Purpose Step 2 clock set year month day <HH:MM:SS> Step 3 show time Verify your entries. Manually set the system clock using one of these formats. For hh:mm:ss, specify the time in hours (24-hour format), minutes,and seconds. The time specified is relative to the configured time zone. For day, specify the day by date in the month. For month, specify the month. For year, specify the year (no abbreviation). Step 4 Copy running-config startup-config (Optional) Save your entries in the configuration file. 陈泽科技有限公司

21 This example shows how to set system clock: switch(config)# clock set :42:34 New time is: Fri Aug 11 09:42:34 CST Setting the screen length If a command displays more than one screen of information, you can use the following command to set how many lines to be displayed in a screen, so that the information can be separated in different screens and you can view it more conveniently. Beginning in privileged EXEC mode, follow these steps to set the screen length: Command Purpose Step 2 terminal length value By default, the terminal screen length is 24 lines. Terminal length 0 indicates to disable screen display separation function. Value range is 0 to 512. Step 3 Copy running-config (Optional) Save your entries in the configuration file. startup-config 5. Port Configuration 5.1. Ethernet Port Overview STCS6010 Series Core Routing Switches support these LPU boards: 24GTX 24GFX 2XP The Ethernet ports of STCS6010series switches have the following features: 2XP provides two 10GE optical ports and works in 10Gbps full duplex mode, which need not configuring. 24GTX provides 24 10/100/1000Mbpselectrical ports. The electrical ports support MDI/MDI-X auto-sensing and may work in 1000Mbps full duplex, 100Mbps half/full duplex, or 10Mbps half/full duplex mode. 24GFX provides 24 Gigabit SFP optical ports. The optical ports in Gigabit full duplex mode, which need not configuring Ethernet Port Configuration Ethernet port configuration includes: Entering interface configuration mode Enabling/disabling an Ethernet port 陈泽科技有限公司

22 Setting the duplex attribute for the Ethernet port Setting speed for the Ethernet port Setting the type of combo port Setting the Ethernet port broadcast suppression ratio Setting the Ethernet port multicast suppression ratio Setting the Ethernet port dlf suppression ratio Setting port mirror Setting rate Limits 10G Core Routing Switch User Manual Entering interface configuration mode The switch supports these interface types: Physical ports switch ports VLANs switch virtual interfaces Port-channels EtherChannel of interfaces To configure a physical interface (port), enter interface configuration mode, and specify the interface type, module number, and switch port number. Type Gigabit Ethernet(gigabitethernet or gi) for 10/100/1000 Mbps Ethernet ports, or 10-Gigabit Ethernet (tengigabitethernet or te) for 10,000 Mbps Module number The module or slot number on the switch. Port number The interface number on the switch. The port numbers always begin at 1, starting at the left when facing the front of the switch, for example, gigaethernet 1/1. Procedures for Configuring Interfaces These general instructions apply to all interface configuration processes. Step 1 Enter the configure terminal command at the privileged EXEC prompt: Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# Step 2 Enter the interface global configuration command. Identify the interface type, the module number, and the number of the connector. In this example, Gigabit Ethernet port 1 on module 1 is selected: Switch(config)# interface gigabitethernet 1/1 Switch(config-if)# Step 3 Follow each interface command with the interface configuration commands that the interface requires. The commands that you enter define the protocols and applications that will run on the interface. The commands are collected and applied to the interface when you enter another interface command or enter end to return to privileged EXEC mode. Step 4 After you configure an interface, verify its status by using the show privileged EXEC commands. Enter the show interfaces privileged EXEC command to see a list of all interfaces on or configured for the switch. A report is provided for each interface that the device supports or for the specified interface. 陈泽科技有限公司

23 Enabling/Disabling an Ethernet Port 10G Core Routing Switch User Manual The following command can be used for disabling or enabling the port. Beginning in privileged EXEC mode, follow these steps to enable an Ethernet port. Command Purpose Step 2 Interface interface_id Enter interface configuration mode for the physical interface to be configured. Step 3 shutdown Disabling an Ethernet interface. Step 4 exit Return to global configuration mode. Step 5 exit Return to privileged EXEC mode. Step 6 show Interface interface_id Verify your entries. Step 7 Copy running-config (Optional) Save your entries in the configuration file. startup-config By default, the port is enabled. To enabling an Ethernet interface,use the interface configuration command no shutdown Setting the Duplex Attribute and speed of the Ethernet Port Ethernet interfaces on the switch operate at 10, 100, or 1000 Mbps, or 10,000 Mbps and in either full or half-duplex mode. In full-duplex mode, two stations can send and receive traffic at the same time. Normally, 10-Mbps ports operate in half-duplex mode, which means that stations can either receive or send traffic. Switch models include combinations of Gigabit Ethernet (10/100/1000-Mbps) ports, 10-Gigabit module ports, and small form-factor pluggable (SFP) module slots supporting Gigabit SFP modules. You cannot configure speed or duplex mode on 10-Gigabit module ports; these ports operate only at 10,000 Mbps and in full duplex mode. You can configure interface speed on Gigabit Ethernet (10/100/1000-Mbps) ports. You can configure Gigabit Ethernet ports to full-duplex mode or to autonegotiate; you cannot configure half-duplex mode on Gigabit Ethernet ports. You cannot configure speed on SFP module ports, but you can configure speed to not negotiate (nonegotiate) if connected to a device that does not support autonegotiation. However, when a 1000BASE-T SFP module is in the SFP module port, you can configure speed as 10, 100, or 1000 Mbps, or auto. You cannot configure duplex mode on SFP module ports unless a 1000BASE-T SFP module is in the port. All other SFP modules operate only in full-duplex mode. When a 1000BASE-T SFP module is in the SFP module port, you can configure duplex mode to auto or full. To configure a port to send and receive data packets at the same time, set it to full-duplex. To configure a port to either send or receive data packets at a time, set it to half-duplex. If the port has been set to auto-negotiation mode, the local and peer ports will automatically negotiate about the duplex mode. You can use the following command to set the speed on the Ethernet port. If the speed is set to auto-negotiation mode, the local and peer ports will automatically negotiate about the port speed. Beginning in privileged EXEC mode, follow these steps to setting the duplex attribute and speed of the Ethernet port. 陈泽科技有限公司

24 Command Purpose Step 2 Interface interface_id Enter interface configuration mode for the physical interface to be configured. Step 3 speed { auto } Enter the appropriate speed parameter for the interface: Enter 10, 100, or 1000 to set a specific speed for the interface. The 1000 keyword is available only for 10/100/1000 Mbps ports Enter auto to enable the interface to autonegotiate speed with the device connected to the interface. This command is not available on a 10-Gigabit Ethernet interface. Step 4 duplex { auto full half } Enter the duplex parameter for the interface. Enable half-duplex mode (for interfaces operating only at 10 or 100 Mbps). You cannot configure half-duplex mode for interfaces operating at 1000 Mbps. This command is not available on a 10-Gigabit Ethernet interface. This command is not available on SFP module ports with these exceptions: If a 1000BASE-T SFP module is inserted, you can configure duplex to auto or full. Step 5 exit Return to global configuration mode. Step 6 exit Return to privileged EXEC mode. Step 7 show Interface interface_id Verify your entries. Step 8 Copy running-config (Optional) Save your entries in the configuration file. startup-config Use the no speed and no duplex interface configuration commands to return the interface to the default speed and duplex settings (autonegotiate). To return all interface settings to the defaults, use the default interface interface-id interface configuration command. This example shows how to set the interface speed to 1000 Mbps and the duplex mode to full on a 10/100/1000 Mbps port: Switch# configure terminal Switch(config)# interface gigabitethernet1/1 Switch(config-if)# speed 1000 Switch(config-if)# duplex full Note that, The Gigabit electrical Ethernet port can operate in full duplex or auto-negotiation mode. When the port operates at 1000Mbps, the duplex mode can be set to full (full duplex) or auto (auto-negotiation). The port defaults the auto (auto-negotiation) mode. By default, the speed of the port is in auto mode. 陈泽科技有限公司

25 Adding a Description for an Interface 10G Core Routing Switch User Manual You can add a description about an interface to help you remember its function. The description appears in the output of these privileged EXEC commands: show running-config, and show interfaces. Beginning in privileged EXEC mode, follow these steps to add a description for an interface: Command Purpose Step 2 Interface interface_id Enter interface configuration mode for the physical interface to be configured. Step 3 description string Add a description (up to 240 characters) for an interface. Step 4 exit Return to global configuration mode. Step 5 exit Return to privileged EXEC mode. Step 6 show Interface interface_id Verify your entries. Step 7 Copy running-config startup-config (Optional) Save your entries in the configuration file. Use the no description interface configuration command to delete the description. This example shows how to add a description on a port and how to verify the description: Switch# config terminal Switch(config)# interface gigabitethernet1/1 Switch(config-if)# description Connects to Marketing Enabling/Disabling Flow Control for the Ethernet Port Flow control enables connected Ethernet ports to control traffic rates during congestion by allowing congested nodes to pause link operation at the other end. If one port experiences congestion and cannot receive any more traffic, it notifies the other port to stop sending until the condition clears by sending a pause frame. Upon receipt of a pause frame, the sending device stops sending any data packets, which prevents any loss of data packets during the congestion period. Beginning in privileged EXEC mode, follow these steps to enable flow control for the Ethernet port. Command Purpose Step 2 Interface interface_id Enter interface configuration mode for the physical interface to be configured. Step 3 flowcontrol on Enable flow control for an interface. Step 4 exit Return to global configuration mode. Step 5 exit Return to privileged EXEC mode. Step 6 show Interface interface_id Verify your entries. Step 7 Copy running-config startup-config (Optional) Save your entries in the configuration file. 陈泽科技有限公司

26 To disable flow control, use the flowcontrol off interface configuration command. This example shows how to turn on flow control on a port: Switch# configure terminal Switch(config)# interface gigabitethernet1/1 Switch(config-if)# flowcontrol on Setting the Ethernet Port Broadcast Suppression 10G Core Routing Switch User Manual You can use the following commands to restrict the broadcast traffic. Once the broadcast traffic exceeds the value set by the user, the system will maintain an appropriate broadcast packet number by discarding the overflow traffic, so as to suppress broadcast storm, avoid suggestion and ensure the normal service. The parameter is taken the maximum wire speed ratio of the broadcast traffic allowed on the port. The smaller the packet number is, the smaller the broadcast traffic is allowed. Beginning in privileged EXEC mode, follow these steps to Set the Ethernet Port Broadcast Suppression Command Purpose Step 2 Interface interface_id Enter interface configuration mode for the physical interface to be configured. Step 3 storm-control broadcast value value Enable broadcast Suppression Packets indicate packet number per second. Step 4 exit Return to global configuration mode. Step 5 exit Return to privileged EXEC mode. Step 6 show Interface interface_id Verify your entries. Step 7 Copy running-config startup-config (Optional) Save your entries in the configuration file. To disable the Ethernet Port Broadcast Suppression, use the no storm-control broadcast interface configuration command Setting the Ethernet Port multicast Suppression You can use the following commands to restrict the multicast traffic. Once the multicast traffic exceeds the value set by the user, the system will maintain an appropriate multicast packet number by discarding the overflow traffic, so as to suppress multicast storm, avoid suggestion and ensure the normal service. The parameter is taken the maximum wire speed ratio of the multicast traffic allowed on the port. The smaller the packet number is, the smaller the multicast traffic is allowed. Beginning in privileged EXEC mode, follow these steps to Set the Ethernet Port multicast Suppression Command Purpose 陈泽科技有限公司

27 Step 2 Interface interface_id Enter interface configuration mode for the physical interface to be configured. Step 3 storm-control multicast value Enable multicast Suppression value Packets indicate packet number per second. Step 4 exit Return to global configuration mode. Step 5 exit Return to privileged EXEC mode. Step 6 show Interface interface_id Verify your entries. Step 7 Copy running-config startup-config (Optional) Save your entries in the configuration file. To disable the Ethernet Port Broadcast Suppression, use the no storm-control multicast interface configuration command Setting the Ethernet Port dlf Suppression You can use the following commands to restrict the dlf traffic. Once the dlf traffic exceeds the value set by the user, the system will maintain an appropriate dlf packet number by discarding the overflow traffic, so as to suppress dlf storm, avoid suggestion and ensure the normal service. The parameter is taken the maximum wire speed ratio of the dlf traffic allowed on the port. The smaller the packet number is, the smaller the dlf traffic is allowed. Beginning in privileged EXEC mode, follow these steps to Set the Ethernet Port dlf Suppression Command Purpose Step 2 Interface interface_id Enter interface configuration mode for the physical interface to be configured. Step 3 storm-control dlf multicast value value Enable multicast Suppression Packets indicate packet number per second. Step 4 exit Return to global configuration mode. Step 5 exit Return to privileged EXEC mode. Step 6 show Interface interface_id Verify your entries. Step 7 Copy running-config startup-config (Optional) Save your entries in the configuration file. To disable the Ethernet Port Broadcast Suppression, use the no storm-control multicast interface configuration command Setting Port Mirroring Port mirroring duplicates data on the monitored port to the designated monitoring port, for purpose of data analysis and supervision. The switch supports multiple-to-one mirroring, that is, you can duplicate packets from multiple ports to a monitoring port. Beginning in privileged EXEC mode, follow these steps to set port mirroring. Command Purpose 陈泽科技有限公司

28 Step 2 monitor session session_number source interface start_interface_id [ - end_interface_id] {both rx tx} 10G Core Routing Switch User Manual Specify the MIRROR session and the source port (monitored port). For session_number, the range is from 1 to 4. For interface-id, specify the source port to monitor. (Optional) [, -] Specify a series or range of interfaces. Enter a space before and after the comma; enter a space before and after the hyphen. (Optional) Specify the direction of traffic to monitor. If you do not specify a traffic direction, the MIRROR monitors both sent and received traffic. both Monitor both received and sent traffic. This is the default. rx Monitor received traffic. tx Monitor sent traffic. Note You can use the monitor session session_number source command multiple times Step 3 monitor session session_number destination interface interface_id to configure multiple source ports. Specify the SPAN session and the destination port (monitoring port). For session_number, specify the session number entered in step 2. Step 5 exit Return to privileged EXEC mode. Step 6 show mirror all Verify your entries. Step 7 Copy running-config startup-config (Optional) Save your entries in the configuration file. To delete a MIRROR SPAN session, use the no monitor session session_number global configuration command. To remove a source or destination port from the MIRROR session, use the no monitor session session_number source {interface interface-id } global configuration command or the no monitor session session_number destination interface interface-id global configuration command. This example shows how to set up MIRROR session 1 for monitoring source port traffic to a destination port. First, any existing MIRROR configuration for session 1 is deleted, and then bidirectional traffic is mirrored from source Gigabit Ethernet port 1/1 to destination Gigabit Ethernet port 1/2. Switch(config)# monitor session 1 source interface gigabitethernet 1/1 Switch(config)# monitor session 1 destination interface gigabitethernet 1/2 Caution: Monitor port speed should match or exceed source port speed, otherwise traffic may be dropped from the monitor port. When mirroring port traffic, the target port must be included in the same VLAN as the source port. 陈泽科技有限公司

29 6. VLAN Configuration 6.1. VLAN Overview Virtual Local Area Network (VLAN) groups the devices of a LAN logically but not physically into segments to implement the virtual workgroups. IEEE issued the IEEE 802.1Q in 1999, which was intended to standardize VLAN implementation solutions.through VLAN technology, network managers can logically divide the physical LAN into different broadcast domains. Every VLAN contains a group of workstations with the same demands. The workstations of a VLAN do not have to belong to the same physical LAN segment. With VLAN technology, the broadcast and unicast traffic within a VLAN will not be forwarded to other VLANs, therefore, it is very helpful in controlling network traffic,saving device investment, simplifying network management and improving security. VLAN Port Membership Modes You configure a port to belong to a VLAN by assigning a membership mode that specifies the kind of traffic the port carries and the number of VLANs to which it can belong. Static-access: A static-access port can belong to one VLAN and is manually assigned to that VLAN. Trunk (IEEE 802.1Q): A trunk port is a member of all VLANs by default, but membership can be limited by configuring the allowed-vlan list Configuring VLAN VLAN configuration includes: Creating/deleting a VLAN Specifying/removing a VLAN port To configure a VLAN, first create a VLAN according to the requirements Creating/Deleting a VLAN You can use the following command to create/delete a VLAN. Beginning in privileged EXEC mode, follow these steps to create a VLAN. Command Purpose Step 2 interface vlan vlan_id Create a VLAN. Vlan_id:2~4094 Step 3 exit Return to privileged EXEC mode. Step 4 show interface vlan vlan_id Verify your entries. Step 5 Copy running-config startup-config (Optional) Save your entries in the configuration file. To delete a Vlan, use no interface vlan vlan_id global command. 陈泽科技有限公司

30 Assigning Static-Access Ports to a VLAN 10G Core Routing Switch User Manual You can assign a static-access port to a VLAN. Beginning in privileged EXEC mode, follow these steps to assign a port to a VLAN Command Purpose Step 2 Interface interface_id Enter interface configuration mode for the physical interface to be configured. Step 3 switchport mode access Define the VLAN membership mode for the port (Layer 2 access port). Step 4 switchport access vlan vlan_id Assign the port to a VLAN. Valid VLAN IDs are 1 to Step 5 end Return to privileged EXEC mode. Step 6 show Interface vlan vlan_id Verify your entries. Step 7 Copy running-config startup-config (Optional) Save your entries in the configuration file. This example shows how to configure a port as an access port in VLAN 2: Switch# configure terminal Switch(config)# interface vlan 2 Switch(config)# interface gigabitethernet 1/1 Switch(config-if)# switchport mode access Switch(config-if)# switchport access vlan Configuring VLAN Trunks These sections describe how VLAN trunks function on the switch: Trunking Overview A trunk is a point-to-point link between one or more Ethernet switch interfaces and another networking device such as a router or a switch. Ethernet trunks carry the traffic of multiple VLANs over a single link, and you can extend the VLANs across an entire network. The trunking encapsulation 802.1Q is available on all Ethernet interfaces: Configuring an Ethernet Interface as a Trunk Port Because trunk ports send and receive VTP advertisements, to use VTP you must ensure that at least one trunk port is configured on the switch and that this trunk port is connected to the trunk port of a second switch. Otherwise, the switch cannot receive any VTP advertisements. This section includes these procedures for configuring an Ethernet interface as a trunk port on the switch: Beginning in privileged EXEC mode, follow these steps to configure a port as a 802.1Q trunk port: Command Purpose Step 2 Interface interface_id Enter interface configuration mode for the physical interface to be configured. 陈泽科技有限公司

31 Step 3 switchport mode trunk Configure the interface as a Layer 2 trunk (required only if the interface is a Layer 2 access port to specify the trunking mode). Step 4 switchport trunk vlan vlan_id Specify the VLAN for 802.1Q trunks. Valid VLAN IDs are 1 to Step 5 end Return to privileged EXEC mode. Step 6 show Interface vlan vlan_id Verify your entries. Step 7 Copy running-config startup-config (Optional) Save your entries in the configuration file. To reset all trunking characteristics of a trunking interface to the defaults, use the no switchport trunk interface configuration command. To disable trunking, use the switchport mode access interface configuration command to configure the port as a static-access port. This example shows how to configure a port as an 802.1Q trunk. The example assumes that the neighbor interface is configured to support 802.1Q trunking. Switch# configure terminal Switch(config)# interface gigabitethernet 1/2 Switch(config-if)# switchport mode trunk Switch(config-if)# switchport trunk vlan Assigning IP Address for a VLAN IP Address Overview IP Address Classification and Indications IP address is a 32-bit address allocated to the devices which access into the Internet. It consists of two fields: net-id field and host-id field. There are five types of IP address. See the following figure. Figure Five classes of IP address 陈泽科技有限公司

32 Where, Class A, Class B and Class C are unicast addresses, while Class D addresses are multicast ones and class E addresses are reserved for special applications in future. The first three types are commonly used. The IP address is in dotted decimal format. Each IP address contains 4 integers in dotted decimal notation. Each integer corresponds to one byte, e.g When using IP addresses, it should also be noted that some of them are reserved for special uses, and are seldom used. The IP addresses you can use are listed in the following table. Table IP address classes and ranges Network class Address range IP network range Note A B C D E to to to to to to to to None None Host ID with all the digits being 0 indicates that the IP address is the network address, and is used for network routing. Host ID with all the digits being 1 indicates the broadcast address, i.e.broadcast to all hosts on the network. IP address is used for the host that is not put into use after starting up. The IP address with network number as 0 indicates the current network and its network can be cited by the router without knowing its network number. Network ID with the format of 127.X.Y.Z is reserved for self-loop test and the packets sent to this address will not be output to the line. The packets are processed internally and regarded as input packets. Host ID with all the digits being 0 indicates that the IP address is the network address, and is used for network routing. Host ID with all the digits being 1 indicates the broadcast address, i.e.broadcast to all hosts on the network. Host ID with all the digits being 0 indicates that the IP address is the network address, and is used for network routing. Host ID with all the digits being 1 indicates the broadcast address, i.e.broadcast to all hosts on the network. Addresses of class D are multicast addresses. The addresses are reserved for futureuse. Other addresses is used as LAN broadcast address. 陈泽科技有限公司

Subnet and Mask Nowadays, with rapid development of the Internet, IP addresses are depleting very fast.the traditional IP address allocation method wastes IP addresses greatly.

33 Subnet and Mask Nowadays, with rapid development of the Internet, IP addresses are depleting very fast.the traditional IP address allocation method wastes IP addresses greatly. In order to make full use of the available IP addresses, the concept of mask and subnet is proposed. A mask is a 32-bit number corresponding to an IP address. The number consists of 1s and 0s. Principally, these 1s and 0s can be combined randomly. However, the first consecutive bits are set to 1s when designing the mask. The mask divides the IP address into two parts: subnet address and host address. The bits 1s in the address and the mask indicate the subnet address and the other bits indicate the host address.if there is no sub-net division, then its sub-net mask is the default value and the length of "1" indicates the net-id length. Therefore, for IP addresses of classes A, B and C, the default values of corresponding sub-net mask are , and respectively. The mask can be used to divide a Class A network containing more than 16,000,000 hosts or a Class B network containing more than 60,000 hosts into multiple small networks. Each small network is called a subnet. For example, for the Class B network address , the mask can be used to divide the network into 8 subnets: , , , , , , and (Refer to the following figure). Each subnet can contain more than 8000 hosts Assigning IP Address for a VLAN Figure Subnet division of IP address Beginning in privileged EXEC mode, follow these steps to configure the IP address of the VLAN interface. Command Purpose Step 2 Interface vlan vlan_id Enter interface configuration mode, and enter the interface to be configured as a Layer 3 interface. Step 3 ipaddress ip-address net-mask Configure the IP address and IP subnet. Step 4 end Return to privileged EXEC mode. Step 5 show Interface vlan vlan_id Verify your entries. Step 6 Copy running-config (Optional) Save your entries in the configuration file. startup-config 陈泽科技有限公司

34 To remove an IP address from an interface, use the no ipaddress interface configuration command. This example shows how to configure a port as a routed port and to assign it an IP address: Switch# configure terminal Switch(config)# interface vlan 2 Switch(config-if)# ipaddress Troubleshooting IP Address Configuration Fault 1: The switch cannot ping through a certain host in the LAN. Troubleshooting can be performed as follows: Check the configuration of the switch. Use show arp command to view the ARP entry table that the Switch maintains. Troubleshooting: First check which VLAN includes the port of the switch used to connect to the host. Check whether the VLAN has been configured with the VLAN interface. Then check whether the IP address of the VLAN interface and the host is on the same network segment. 7. Configuring IP Routing This chapter describes how to configure IP routing on the switch. A switch operates and appears as a single router to the rest of the routers in the network. Basic routing functions, including static routing,the Routing Information Protocol (RIP) and Open Shortest Path First protocol (OSPF) Introduction to IP Route and Routing Table IP Route and Route Segment Routers are implemented for route selection in the Internet. A router works in the following way: It selects an appropriate path (through a network) according to the destination address of its received packet and forwards the packet to the next router. It works in this way hop by hop and the last router in the path is responsible for submitting the packet to the destination host to complete the IP packet forwarding and the routing across network segments. In a network, the router regards a path for sending a packet as a logical route unit, and calls it a Hop. For example, in the figure below, a packet sent from Host A to Host C, a packet should go through 2 routers and the packet is transmitted through two hops and router segments. Therefore, when a node is connected to another node through a network, there is a hop between these two nodes and these two nodes are deemed as adjacent in the Internet. In the same principle, the adjacent routers refer to two routers connected to the same network. The number of route segments between a router and hosts in the same network counted as zero. In the following figure, the bold arrows represent the hops. A router can be connected to any physical link that constitutes a route segment for routing packets via the network. 陈泽科技有限公司

35 Figure About hops As the networks may have different sizes, the segment lengths connected between two different pairs of routers are also different. The number of route segments multiplies a weighted coefficient can serve as a weighted measurement for the actual length of the signal transmission path. If a router in a network is regarded as a node and a route segment in the Internet is regarded as a link, message routing in the Internet works in a similar way as the message routing in a conventional network. Message routed through the shortest route may not always be the optimal way route. For example, routing through 3 LAN route segments may be much faster than that through 2 WAN route segments Route Selection through the Routing Table The key for a router to forward packets is the routing table. Each router saves a routing table in its memory, and each entry of this table specifies the physical port of the router through which the packet is sent to a subnet or a host. Therefore, it can reach the next router in via a particular path or reach a destination host via directly connected network. A routing table has the following key entries: Destination address: It is used to identify the destination IP address or thedestination network of IP packet, which is 32 bits in length. Network mask: It is made up of several consecutive "1"s, which can be expressed either in the dotted decimal format or by the number of the consecutive "1" s in the mask. Combining with the destination address, it is used to identify the network address of the destination host or router. If the destination address is ANDed with the network mask, you will get the address of the network segment where the destination host or router is located. For example, if the destination address is , the address of the network where the host or the router with the mask is located will be Output interface: It indicates an interface through which an IP packet should be forwarded. Next hop address: Indicates the next router that an IP packet will pass through. Priority added to the IP routing table for a route: There may be different next hops to the same destination. These routes may be discovered by different routing protocols, or they can just be the static routes configured manually. The one with the highest priority (the smallest numerical value) will be selected as the current optimal route. According to different destinations, the routes can be divided into the following: Subnet route: The destination is a subnet. 陈泽科技有限公司

36 Host route: The destination is a host In addition, according to whether the network of the destination host is directly connected to the router, there are the following types of routes: Direct route: The router is directly connected to the network where the destination locates. Indirect route: The router is not directly connected to the network where the destination locates. In order to limit the size oft the routing table, an option is available to set a default route.all the packets that fail to find the suitable entry will be forwarded through this default route. In a complicated Internet as shown in the following figure, the number in each network is the network address. The router R8 is connected with three networks, so it has three IP addresses and three physical ports, and its routing table is shown in the diagram below: Figure 12-2 The routing table 7.2. Routing Management Policy This Series Routing Switches support the configuration of a series of dynamic routing protocols such as RIP, OSPF, as well as the static routes. The static routes configured by the user are managed together with the dynamic routes as detected by the routing protocol. The static routes and the routes learned or configured by different routing protocols can also be shared with each other Routing protocols and the preferences of the corresponding routes Different routing protocols (as well as the static configuration) may generate different routes to the same destination, but not all these routes are optimal. In fact, at a certain moment, only one routing protocol can determine a current route to a specific destination. Thus, each of these routing protocols (including the static configuration) is set a preference, and when there are multiple routing information sources, the route discovered by the routing protocol with the highest preference will become the current route. Routing protocols and the default preferences (the smaller the value, the higher the preference is) of the routes learned by them are shown in the following table. Table 12-1 Routing protocols and the default preferences for the routes learned by them 陈泽科技有限公司

37 Routing protocol or route type The preference of the corresponding route DIRECT 0 OSPF 10 STATIC 60 RIP 100 UNKNOWN 255 In the table, 0 indicates a direct route. 255 Indicates any route from unreliable source. Except for direct routing, the preferences of various dynamic routing protocols can be manually configured to meet the user requirements. In addition, the preferences for individual static routes can be different Supporting Load Sharing and Route Backup I. Load sharing Load sharing: Support multi-route mode, permitting to configure multiple routes that reach the same destination and use the same precedence. The same destination can be reached via multiple different paths, whose precedences are equal. When there is no route that can reach the same destination with a higher precedence, the multiple routes will be adopted by IP, which will forward the packets to the destination via these paths so as to implement load sharing. For the same destination, a specified routing protocol may find multiple different routes.if the routing protocol has the highest precedence among all active routing protocols,these multiple routes will be regarded as currently valid routes. Thus, load sharing of IP traffic is ensured in terms of routing protocols. II. Route backup Route backup: Support route backup. When main route is in failure, the system will automatically switch to a backup route to improve the network reliability.in order to achieve route backup, the user can configure multiple routes to the same destination according to actual situation. One of the routes has the highest precedence and is called as main route. The other routes have descending precedences and are called as backup routes. Normally, the router sends data via main route. When the line is in failure, the main route will hide itself and the router will choose one from the left routes as a backup route whose precedence is higher than others to send data. In this way, the switchover from the main route to the backup route is realized. When the main route recovers, the router will restore it and re-select route. As the main route has the highest precedence, the router will choose the main route to send data. This process is the automatic switchover from the backup route to the main route Routes Shared between Routing Protocols As the algorithms of various routing protocols are different, different protocols may generate different routes, thus bringing about the problem of how to resolve the differences when different routes are generated by different routing protocols. The SPEED series switches can import the information of another routing protocol.each protocol has its own route redistribution mechanism. 陈泽科技有限公司

38 7.3. Static Route Configuration 10G Core Routing Switch User Manual Introduction to Static Route Attributes and Functions of Static Route A static route is a special route. You can set up an interconnecting network with the static route configuration. The problem for such configuration is when a fault occurs to the network, the static route cannot change automatically to steer away from the node causing the fault, if without the help of an administrator. In a relatively simple network, you only need to configure the static routes to make the router work normally. The proper configuration and usage of the static route can improve the network performance and ensure the bandwidth of the important applications. Default Route A default route is a static route, too. A default route is a route used only when no suitable routing table entry is matched and when no proper route is found, the default route is used. In a routing table, the default route is in the form of the route to the network (with the mask ). You can see whether it has been set via the output of the command display ip routing-table. If the destination address of a packet fails in matching any entry of the routing table, the router will select the default route to forward this packet. If there is no default route and the destination address of the packet fails in matching any entry in the routing table, this packet will be discarded, and an Internet Control Message Protocol (ICMP) packet will be sent to the originating host to inform that the destination host or network is unreachable. Default route is very useful in the networks. Suppose that there is a typical network, which consists of hundreds of routers. In that network, far from less bandwidth would be consumed if you put all kinds of dynamic routing protocols into use without configuring a default route. Using the default route could provide an appropriate bandwidth, even not achieving a high bandwidth, for communications between large numbers of users. Static Route Configuration Static Route Configuration includes: Configuring a static route Configuring a default route Configuring a static route Perform the following configurations in global configuration mode. Beginning in privileged EXEC mode, follow these steps to configure a static route. Command Purpose Step 2 ip route ipaddress netmask Configuring a static route. nexthopaddr [metric] Step 3 exit Return to privileged EXEC mode. Step 4 show ip route Verify your entries. Step 5 Copy running-config startup-config (Optional) Save your entries in the configuration file. 陈泽科技有限公司

39 To delete a static route use no ip route ipaddress netmask nexthopaddr [metric] global configuration command. The parameters are explained as follows: ipaddress and netmask The ipaddress and netmask are in a dotted decimal format. As "1"s in the 32-bit mask is required to be consecutive, the dotted decimal mask can also be replaced by the mask-length (which refers to the digits of the consecutive "1"s in the mask). Nexthopaddr When configuring a static route, you can specify the gateway-address to decide the next hop address, depending on the actual conditions. In fact, for all the routing items, the next hop address must be specified. When IP layer transmits a packet, it will first search the matching route in the routing table according to the destination address of the packet. Only when the next hop address of the route is specified can the link layer find the corresponding link layer address, and then forward the packet according to this address. Configuring a default route Perform the following configurations in global configuration mode. Beginning in privileged EXEC mode, follow these steps to configure a default route. Command Purpose Step 2 ip route Configuring default route. nexthopaddr [metric] Step 3 exit Return to privileged EXEC mode. Step 4 show ip route Verify your entries. Step 5 Copy running-config startup-config (Optional) Save your entries in the configuration file. To delete a static route use no ip route nexthopaddr [metric] global configuration command. The meanings of parameters in the command are the same as those of the static route. Typical Static Route Configuration Example I. Networking requirements As shown in the figure below, the masks of all the IP addresses in the figure are It is required that all the hosts or Routing Switches can be interconnected in pairs by configuring static routes. II. Networking diagram 陈泽科技有限公司

40 III. Configuration procedure Figure 12-3 Networking diagram of the static route configuration example # Setting switch A VLAN and specifying IP address for VLAN switcha(config)#interface vlan 2 switcha(config-if)#ipaddress switcha(config)#exit switcha(config)#interface vlan 3 switcha(config-if)# ipaddress # Setting default route for switch A switcha(config)#ip route # Setting switch B VLAN and specifying IP address for VLAN switchb(config)#interface vlan 2 switchb(config-if)#ipaddress switchb(config)#exit switchb(config)#interface vlan 3 switchb(config-if)# ipaddress # Setting default route for switch B switchb(config)#ip route # Setting switch C VLAN and specifying IP address for VLAN switchc(config)# interface vlan 2 switchc(config-if)# ipaddress switchc(config-if)#exit switchc(config)# interface vlan 3 switchc(config-if)# ipaddress switchc(config-if)#exit switchc(config)# interface vlan 4 switchc(config-if)# ipaddress 陈泽科技有限公司

41 switchc(config-if)#exit 10G Core Routing Switch User Manual # Setting static route for switch C switchc(config)#ip route switchc(config)#ip route Static Route Fault Diagnosis and Troubleshooting By default the Switch is not configured with the dynamic routing protocol and both the physical status and the link layer protocol status of the interface is UP, but the IP packets cannot be forwarded normally. Troubleshooting: Use the show ip route command to view whether the corresponding static route is correctly configured. Use the show ip route command to view whether the corresponding route is valid. RIP Configuration Brief Introduction to RIP Routing Information Protocol (RIP) is a relatively simple dynamic routing protocol, but it has a wide application. RIP is a kind of Distance-Vector (D-V) algorithm-based protocol and exchanges routing information via UDP packets. It employs Hop Count to measure the distance to the destination host, which is called Routing Cost. In RIP, the hop count from a router to its directly connected network is 0, and that to a network which can be reached through another router is 1, and so on. To restrict the time to converge, RIP prescribes that the cost value is an integer ranging 0 and 15. The hop count equal to or exceeding 16 is defined as infinite, that is to say, the destination network or the host is unreachable. RIP sends routing refreshing message every 30 seconds. If no routing refreshing message is received from one network neighbor in 180 seconds, RIP will tag all routes of the network neighbor to be unreachable. If no routing refreshing message is received from one network neighbor in 300 seconds, RIP will finally remove the routes of the network neighbor from the routing table. To improve the performances and avoid route loop, RIP supports Split Horizon, Poison Reverse and allows importing the routes discovered by other routing protocols Each router running RIP manages a route database, which contains routing entries to all the reachable destinations in the network. These routing entries contain the following information: Destination address: IP address of a host or network. Next hop address: The address of the next router that an IP packet will pass through for reaching the destination. Output interface: The interface through which the IP packet should be forwarded. Cost: The cost for the router to reach the destination, which should be an integer in the range of 0 to 16. Timer: Duration from the last time that the routing entry is modified till now. The timer is reset to 0 whenever a routing entry is modified. Route tag: Discriminate whether the route is generated by an interior routing protocol or by an exterior routing protocol. The whole process of RIP startup and running can be described as follows: 1) If RIP is enabled on a router for the first time, the router will broadcast or multicast the request packet to the adjacent routers. Upon receiving the request packet, the adjacent routers (on which, RIP should have been enabled) respond to the request by returning the response packets containing information of their local routing tables. 2) After receiving the response packets, the router, which has sent the request, will modify its own routing table. 3) At the same time, RIP broadcasts its routing table to the adjacent routers every 30 seconds. The adjacent routers will maintain their own routing table after receiving the packets and will select an optimal route, and then 陈泽科技有限公司

42 advertise the modification information to their respective adjacent network so as to make the updated route globally known. Furthermore, RIP uses the timeout mechanism to handle the out-timed routes so as to ensure the real-timeliness and validity of the routes. With these mechanisms, RIP, an interior routing protocol, enables the router to learn the routing information of the whole network. RIP has become one of the actual standards of transmitting router and host routes by far. It can be used in most of the campus networks and the regional networks that are simple yet extensive. For larger and more complicated networks, RIP is not recommended. RIP Configuration The RIP configuration includes: Configuring basic rip parameters Specifying RIP Version of the Interface Setting RIP Packet Authentication Setting Additional Routing Cost Configuring Basic RIP Parameters To configure RIP, you enable RIP routing for a network and optionally configure other parameters. Beginning in privileged EXEC mode, follow these steps to enable and configure RIP: Command Purpose Step 2 router rip Enable a RIP routing process, and enter router configuration mode. Step 3 network <A.B.C.D/M> Associate a network with a RIP routing process. You can specify multiple network commands. RIP routing updates are sent and received through interfaces only on these networks. Step 4 neighbor ip-addrss (Optional) Define a neighboring router with which to exchange routing information. This step allows routing updates from RIP (normally a broadcast protocol) to reach nonbroadcast networks. Step 5 timers basic update invalid holddown (Optional) Adjust routing protocol timers. Valid ranges for all timers are 0 to seconds. update The time between sending routing updates. The default is 30 seconds. invalid The timer after which a route is declared invalid. The default is 180 seconds. holddown The time before a route is removed from the routing table. The default is 180 seconds. 陈泽科技有限公司

43 Step 6 version {1 2} (Optional) Configure the switch to receive and send only RIP Version 1 or RIP version 2 packets. By default, the switch receives Version 1 and 2 but sends only Version 1. You can also use the interface commands ip rip {send receive} version } to control what versions are used for sending and receiving on interfaces. Step 7 exit Return to global configuration mode. Step 8 exit Return to privileged EXEC mode. Step 9 show ip rip Verify your entries. Step 10 Copy running-config startup-config (Optional) Save your entries in the configuration file. To disable rip on the specified network, use router rip no network network-address/mask global configuration commanc. Specifying RIP Version of the Interface RIP has two versions, RIP-1 and RIP-2. You can specify the version of the RIP packet processed by the interface. RIP-1 broadcasts the packets. RIP-2 can transmit packets by both broadcast and multicast. By default, multicast is adopted for transmitting packets. In RIP-2, the multicast address is The advantage of transmitting packets in the multicast mode is that the hosts not operating RIP in the same network can avoid receiving RIP broadcast packets. In addition, this mode can also make the hosts running RIP-1 avoid incorrectly receiving and processing the routes with subnet mask in RIP-2. When an interface is running RIP-2 broadcast, the RIP-1 packets can also be received. Beginning in privileged EXEC mode, follow these steps to specify RIP version of the interface. Command Purpose Step 2 Interface vlan vlanid ip rip receive version [1 2] Specified receive message type of the interface. Step 3 Interface vlan vlanid ip rip send version [1 2] Specified send message type of the interface. Step 4 exit Return to privileged EXEC mode. Step 4 show ip rip protocol-version Verify your entries. Step 6 Copy running-configuration startup-configuration (Optional) Save your entries in the configuration file. Setting RIP-2 Packet Authentication RIP-1 does not support packet authentication. But when the interface operates RIP-2, the packet authentication can be configured. 陈泽科技有限公司

44 RIP-2 supports two authentication modes: Simple authentication and MD5 authentication. MD5 authentication uses two packet formats: One follows RFC2453 and another one follows the RFC2082. The simple authentication does not ensure security. The authentication key not encrypted is sent together with the packet, so the simple authentication cannot be applied to the case with high security requirements. Beginning in privileged EXEC mode, follow these steps to set rip-2 packet authentication. Command Purpose Step 2 Interface vlan ifname Enter interface configuration mode, and specify the interface to configure. ip rip authentication string Enable RIP authentication. sting ip rip authentication mode {md5 text} Configure the interface to use plain text authentication (the default) or MD5 digest authentication. Step 3 exit Return to global configuration mode. Step 4 exit Return to privileged EXEC mode. Step 4 show running-config Verify your entries. Step 6 Copy running-config startup-config (Optional) Save your entries in the configuration file. To restore clear text authentication, use the no ip rip authentication mode interface configuration command. To prevent authentication, use the no ip rip authentication string interface configuration command. Setting Additional Routing Metric Additional routing metric is the input or output routing metric added to an RIP route. It does not change the metric value of the route in the routing table, but adds a specified metric value when the interface receives or sends a route. Beginning in privileged EXEC mode, follow these steps to set additional routing metric. Command Purpose Step 2 Router rip Enable a RIP routing process, and enter router configuration mode. Step 3 default-metric vlaue Setting additional routing metric 1to 16. Step 4 exit Return to global configuration mode. Step 5 exit Return to privileged EXEC mode. Step 6 show running-config Verify your entries. Step 7 Copy running-config (Optional) Save your entries in the configuration file. startup-config By default, the additional routing metric added to the route when RIP sends the packet is 1. The additional routing metric when RIP receives the packet is 0 by default. 陈泽科技有限公司

45 Typical RIP Configuration Example 10G Core Routing Switch User Manual Networking requirements As shown in the following figure, the Routing Switches C connects to the subnet through the Ethernet port. The Ethernet ports of Routing Switches A and Switch B are respectively connected to the network and Switch C, Switch A and Switch B are connected via Ethernet Correctly configure RIP to ensure that Switch C, Switch A and Switch B can interconnect. Networking diagram Figure 12-4 RIP configuration networking Configuration procedure Note: The following configuration only shows the operations related to RIP. Before performing the following configuration, please make sure the Ethernet link layer can work normally. # Configure Switch A switcha(config)#router rip switcha(config-router)#network switcha(config-router)#network # Configure Switch B switchb(config)#router rip 陈泽科技有限公司

46 switchb(config-router)#network switchb(config-router)#network G Core Routing Switch User Manual # Configure Switch C switchc(config)#router rip switchc(config-router)#network switchc(config-router)#network OSPF Configuration OSPF Overview Introduction to OSPF Open Shortest Path First (OSPF) is an Interior Gateway Protocol based on the link state developed by IETF. At present, OSPF version 2 (RFC2328) is used, which is available with the following features: Applicable scope: It can support networks in various sizes and can support several hundred routers at maximum. Fast convergence: It can transmit the update packets instantly after the network topology changes so that the change is synchronized in the AS. Loop-free: Since the OSPF calculates routes with the shortest path tree algorithm according to the collected link states, it is guaranteed that no loop routes will be generated from the algorithm itself. Area partition: It allows the network of AS to be divided into different areas for the convenience of management so that the routing information transmitted between the areas is abstracted further, hence to reduce the network bandwidth consumption. Equal-cost multi-route: Support multiple equal-cost routes to a destination. Routing hierarchy: OSPF has a four-level routing hierarchy. It prioritizes the routes to be intra-area, inter-area, external type-1, and external type-2 routes. Authentication: It supports the interface-based packet authentication so as to guarantee the security of the route calculation. Multicast transmission: Support multicast address to receive and send packets. Process of OSPF Route Calculation The routing calculation process of the OSPF protocol is as follows: Each OSPF-capable router maintains a Link State Database (LSDB), which describes the topology of the whole AS. According to the network topology around itself, each router generates a Link State Advertisement (LSA). The routers on the network transmit the LSAs among them by transmitting the protocol packets to each others. Thus, each router receives the LSAs of other routers and all these LSAs compose its LSDB. LSA describes the network topology around a router, so the LSDB describes the network topology of the whole network. Routers can easily transform the LSDB to a weighted directed graph, which actually reflects the topology architecture of the whole network. Obviously, all the routers get a graph exactly the same. A router uses the SPF algorithm to calculate the shortest path tree with itself as the root, which shows the routes to the nodes in the autonomous system. The external routing information is leave node. A router, which advertises the routes, also tags them and records the additional information of the autonomous system. Obviously, the Routing tables obtained by different routers are different. 陈泽科技有限公司

47 Furthermore, suppose that the routers are directly connected without other in-between routing devices in a broadcast network. To enable the individual routers to broadcast the information of their local statuses to the whole AS, any two routers in the environment should establish adjacency between them. In this case, however, the changes that any router takes will result in multiple transmissions, which are not only unnecessary but also waste the precious bandwidth resources. To solve this problem, Designated Router (DR) is defined in the OSPF. Thus, all the routers only send information to the DR for broadcasting the network link states in the network. Thereby,the number of router adjacent relations on the multi-access network is reduced.ospf supports interface-based packet authentication to guarantee the security of route calculation. Also, it transmits and receives packets by IP multicast. OSPF Packets OSPF uses five types of packets: Hello Packet: It is the commonest packet, which is periodically sent by a router to its neighbor. It contains the values of some timers, DR, BDR and the known neighbor. Database Description (DD) Packet: When two routers synchronize their databases, they use the DD packets to describe their own LSDBs, including the digest of each LSA. The digest refers to the HEAD of an LSA, which can be used to uniquely identify the LSA. Such reduces the traffic size transmitted between the routers, since the HEAD of a LSA only occupies a small portion of the overall LSA traffic. With the HEAD, the peer router can judge whether it already has had the LSA. Link State Request (LSR) Packet: After exchanging the DD packets, the two routers know which LSAs of the peer routers are lacked in the local LSDBs. In this case, they will send LSR packets requesting for the needed LSAs to the peers. The packets contain the digests of the needed LSAs. Link State Update (LSU) Packet: The packet is used to transmit the needed LSAs to the peer router. It contains a collection of multiple LSAs (complete contents). Link State Acknowledgment (LSAck) Packet The packet is used for acknowledging the received LSU packets. It contains the HEAD(s) of LSA(s) requiring acknowledgement. Basic Concepts Related to OSPF I. Router ID To run OSPF, a router must have a router ID. If no ID is configured, the system will automatically select an IP address from the IP addresses of the current interface as the Router ID. Way to choose a router ID: if the LoopBack interface address exists, the system chooses the LoopBack address with the greatest IP address value as the router ID; if no LoopBack interface configured, then the address of the physical interface with the greatest IP address value will be the router ID. II. DR and BDR Designated Router (DR) In multi-access networks, if any two routers are neighbors, the same LSA will be transmitted repeatedly, wasting 陈泽科技有限公司

48 bandwidth resources. To solve this problem, the OSPF protocol regulates that a DR must be elected in a multi-access network and only the DR (and the BDR in the following content) can be the neighbor of other routers in this network. Two non-dr routers or BDR routers cannot be neighbors and exchange routing information. Which router can be the DR in its segment is not manually specified. Instead, DR is elected by all the routers in the segment. Backup Designated Router (BDR) If the DR fails for some faults, a new DR must be elected and synchronized with the other routers on the segment. This process will take a relatively long time, during which, the route calculation is incorrect. To shorten the process, BDR is brought forth in OSPF.In fact, BDR is a backup for DR. DR and BDR are elected in the meantime. The adjacencies are also established between the BDR and all the routers on the segment, and routing information is also exchanged between them. After the existing DR fails, the BDR will become a DR immediately. III. Area The network size grows increasingly larger. If all the routers on a huge network are running OSPF, the large number of routers will result in an enormous LSDB, which will consume an enormous storage space, complicate the SPF algorithm, and add the CPU load as well. Furthermore, as a network grows larger, the topology becomes more likely to take changes. Hence, the network will always in turbulence, and a great deal of OSPF packets will be generated and transmitted in the network. This will lower the network bandwidth utility. In addition, each change will cause all the routes on the network to recompute the route. OSPF solves the above problem by partition an AS into different areas. Areas logically group the routers. The borders of areas are formed by routers. Thus, some routers may belong to different areas. A router connects the backbone area and a non-backbone area is called Area Border Router (ABR). An ABR can connect to the backbone area physically or logically. IV. Backbone area and virtual link Backbone Area After the area division of OSPF, not all the areas are equal. In which, an area is different from all the other areas. Its area-id is 0 and it is usually called the backbone area. Virtual link Since all the areas should be connected to the backbone area, virtual link is adopted so that the physically separated areas can still maintain the logic connectivity to the backbone area. V. Route summary AS is divided into different areas that are interconnected via OSPF ABRs. The routing information between areas can be reduced through route summary. Thus, the size of routing table can be reduced and the calculation speed of the router can be improved.after calculating an intra-area route of an area, the ABR summarizes multiple OSPF routes into an LSA and sends it outside the area according to the configuration of summary. OSPF Configuration In various configurations, you must first enable OSPF, specify the interface and area ID before configuring other functions. But the configuration of the functions related to the interface is not restricted by whether the OSPF is enabled or not. It should be noted that after OSPF is disabled, the OSPF-related interface parameters also become invalid. 陈泽科技有限公司

49 OSPF configuration includes: Entering the OSPF configuration mode Enabling OSPF Process Specifying Interface Configuring the Cost for Sending Packets on an Interface Setting the Interface Priority for DR Election Setting the Interval of Hello Packet Transmission Setting a dead timer for the neighboring routers Configuring an Interval required for sending LSU packets Setting an Interval for LSA Retransmission between Neighboring Routers Setting a Shortest Path First (SPF) Calculation Interval for OSPF Configuring STUB Area of OSPF Configuring the Route Summarization of OSPF Area Configuring OSPF Virtual Link Configuring OSPF Packet Authentication Disabling the Interface to Send OSPF Packets Enter OSPF Configuration Mode Beginning in privileged EXEC mode, follow these steps to enter OSPF configuration mode. Command Purpose Step 2 router ospf Enable OSPF routing, and enter router configuration mode. To terminate an OSPF routing process, use the no router ospf global configuration command. Specifying interface OSPF further divides the AS into different areas. An area logically groups the routers.some routers belong to different areas (such routers are called ABRs), but one segment can only belong to an area. In other words, you must specify each OSPF interface to belong to a particular area identified by area ID. The areas transfer routing information between them via the ABRs. In addition, parameters of all the routers in the same area should be identical. Therefore, when configuring the routers in the same area, please note that most configurations should be based upon the area. Wrong configuration may disable the neighboring routers to transmit information between them, and even lead to congestion or self-loop of the routing information. Beginning in OSPF configuration mode, follow these steps to specify interface. Step 1 Command network ip-address wildcard-mask area area-id Purpose Define an interface on which OSPF runs and the area ID for that interface. You can use the wildcard-mask 陈泽科技有限公司

50 to use a single command to define one or more multiple interfaces to be associated with a specific OSPF area. Step 2 exit Return to global configuration mode. Step 3 exit Return to privileged EXEC mode. Step 4 show running-config Verify your entries. Step 5 Copy running-config startup-config (Optional) Save your entries in the configuration file. To delete specified network, use no network ip-address wildcard-mask net-mask area area-id OSPF configuration command. You must specify the segment to which the OSPF will be applied after enabling the OSPF. This example shows how to configure an OSPF routing process: Switch(config)# router ospf Switch(config-router)# network area 0 Configuring the Cost for Sending Packets on an Interface The user can control the network traffic by configuring different message sending costs for different interfaces. Otherwise, OSPF will automatically calculate the cost according to the baud rate on the current interface. Beginning in privileged EXEC mode, follow these steps to configure the cost for sending packets on an interface. Command Purpose Step 2 Interface ifname Enter interface configuration mode. Step3 ip ospf cost value Configure the cost for sending packets on Interface Step 4 exit Return to global configuration mode. Step 5 exit Return to privileged EXEC mode. Step 6 show ip ospf interface [vlan-id] Verify your entries. Step 7 Copy running-config startup-config (Optional) Save your entries in the configuration file. To restore the default cost for packet transmission on the Interface, use no ip ospf cost OSPF configuration command. By default, the interface automatically calculates the costs for running OSPF protocol according to the current Baud rate. The calculation formula is: 100 Mbps/ Interface current baud rate. Setting the Interface Priority for DR Election The priority of the router interface determines the qualification of the interface in DR election, and the router of higher priority will be considered first if there is a collision in the election. 陈泽科技有限公司

51 DR is not designated manually; instead, it is elected by all the routers on the segment. Routers with the priorities > 0 in the network are eligible candidates. Among all the routers self-declared to be the DR, the one with the highest priority will be elected. If two routers have the same priority, the one with the highest router ID will be elected as the DR. Votes are the hello packets. Each router writes the expected DR in the packet and sends it to all the other routers on the segment. If two routers attached to the same segment concurrently declare themselves to be the DR, choose the one with higher priority. If the priorities are the same, choose the one with greater router ID. If the priority of a router is 0, it will not be elected as DR or BDR.If DR fails due to some faults, the routers on the network must elect a new DR and synchronize with the new DR. The process will take a relatively long time, during which, the route calculation is incorrect. In order to speed up this process, OSPF puts forward the concept of BDR. In fact, BDR is a backup for DR. DR and BDR are elected in the meantime. The adjacencies are also established between the BDR and all the routers on the segment, and routing information is also exchanged between them. When the DR fails, the BDR will become the DR instantly. Since no re-election is needed and the adjacencies have already been established, the process is very short. But in this case,a new BDR should be elected. Although it will also take a quite long period of time, it will not exert any influence upon the route calculation. But please note: The DR on the network is not necessarily the router with the highest priority. Likewise, the BDR is not necessarily the router with the second highest priority. If a new router is added after DR and BDR election, it is impossible for the router to become the DR even if it has the highest priority. DR is based on the router interface in a certain segment. Maybe a router is a DR on one interface, but can be a BDR or DR Other on the other interface. Beginning in privileged EXEC mode, follow these steps to set the Interface Priority for DR Election. Command Purpose Step 2 Interface ifname Enter interface configuration mode. Step 3 ip ospf priority priority_num Configure the interface with a priority for DR election. By default, the priority of the Interface is 1 in the DR election. The value can be taken from 0 to 255. Step 4 exit Return to global configuration mode. Step 5 exit Return to privileged EXEC mode. Step 6 show ip ospf interface [vlan-id] Verify your entries. Step 7 Copy running-config startup-config (Optional) Save your entries in the configuration file. To restore the default interface priority, use no ip ospf priority interface configuration command. Setting the Interval of Hello Packet Transmission Hello packets are a kind of most frequently used packets, which are periodically sent to the adjacent router for discovering and maintaining the adjacency, and for electing DR and BDR. The user can set the hello timer. According to RFC2328, the consistency of hello intervals between network neighbors should be kept. The hello interval value is in inverse proportion to the route convergence rate and network load. 陈泽科技有限公司

52 Beginning in privileged EXEC mode, follow these steps to set the interval of hello packet transmission. Command Purpose Step 2 Interface ifname Enter interface configuration mode. Step 3 ip ospf hello-interval seconds Set the hello interval of the interface By default, send Hello packets every 10 seconds. Step 4 exit Return to global configuration mode. Step 5 exit Return to privileged EXEC mode. Step 6 show ip ospf interface [vlan-id] Verify your entries. Step 7 Copy running-config startup-config (Optional) Save your entries in the configuration file. To restore the default hello of the interface, use no ip ospf hello-interval interface configuration command. Setting a dead timer for the neighboring routers The dead timer of neighboring routers refers to the interval in which a router will regard the neighboring router as dead if no Hello packet is received from it. The user can set a dead timer for the neighboring routers. Beginning in privileged EXEC mode, follow these steps to set a dead timer for the neighboring routers. Command Purpose Step 2 Interface ifname Enter interface configuration mode. Step 3 ip ospf dead-interval seconds Configure a dead timer for the neighboring routers By default, the dead interval for the neighboring routers is 40 seconds. Step 4 exit Return to global configuration mode. Step 5 exit Return to privileged EXEC mode. Step 6 show ip ospf interface [vlan-id] Verify your entries. Step 7 Copy running-config startup-config (Optional) Save your entries in the configuration file. To restore the default dead interval of the neighboring routers, use no ip ospf hello-interval interface configuration command. configuring an Interval required for sending LSU packets Trans-delay seconds should be added to the aging time of the LSA in an LSU packet.setting the parameter like this mainly considers the time duration that the interface requires for transmitting the packet. The user can configure the interval of sending LSU message. Obviously, more attention should be paid on this item over low speed network. 陈泽科技有限公司

53 Beginning in privileged EXEC mode, follow these steps to configure an Interval required for sending LSU packets. Command Purpose Step 2 Interface ifname Enter interface configuration mode. Step 3 ip ospf transmit-delay seconds Configure an interval for sending LSU packets By default, the LSU packets are transmitted per second. Step 4 exit Return to global configuration mode. Step 5 exit Return to privileged EXEC mode. Step 6 show ip ospf interface [vlan-id] Verify your entries. Step 7 Copy running-config startup-config (Optional) Save your entries in the configuration file. To restore the default interval of sending LSU packets, use no ip ospf transmit-delay interface configuration command. Setting an Interval for LSA Retransmission between Neighboring Routers If a router transmits an LSA (Link State Advertisements) to the peer, it requires the acknowledgement packet from the peer. If it does not receive the acknowledgement packet within the retransmit, it will retransmit this LSA to the neighbor. The value of retransmit is user-configurable. Beginning in privileged EXEC mode, follow these steps to set an Interval for LSA Retransmission between Neighboring Routers. Command Purpose Step 2 Interface ifname Enter interface configuration mode. Step 3 ip ospf retransmit-interval seconds Configure the interval of LSA retransmission for the neighboring routers By default, the interval for neighboring routers to retransmit LSAs is five seconds. Step 4 exit Return to global configuration mode. Step 5 exit Return to privileged EXEC mode. Step 6 show ip ospf interface [vlan-id] Verify your entries. Step 7 Copy running-config startup-config (Optional) Save your entries in the configuration file. To restore the default LSA retransmission interval for the neighboring routers, use no ip ospf retransmit-interval interface configuration command. The value of interval should be bigger than the interval in which a packet can be transmitted and returned between two routers. Note that you should not set the LSA retransmission interval too small. Otherwise, unnecessary retransmission will be caused. 陈泽科技有限公司

54 Setting a Shortest Path First (SPF) Calculation Interval for OSPF Whenever the LSDB of OSPF takes changes, the shortest path requires recalculation. Calculating the shortest path upon change will consume enormous resources as well as affect the operation efficiency of the router. Adjusting the SPF calculation interval, however, can restrain the resource consumption due to frequent network changes. Beginning in OSPF configuration mode, follow these steps to set a Shortest Path First (SPF) Calculation Interval for OSPF. Step 1 Command timers spf delay-seconds hold-seconds Purpose Set the SPF calculation interval By default, the interval of SPF recalculation is 5 seconds. Step 2 exit Return to global configuration mode. Step 3 exit Return to privileged EXEC mode. Step 4 show ip ospf Verify your entries. Step 5 Copy running-config startup-config (Optional) Save your entries in the configuration file. To restore the SPF calculation interval, use no timers spf OSPF configuration command. Configuring STUB Area of OSPF STUB areas are some special LSA areas, in which the ABRs do not propagate the learned external routes of the AS. In these areas, the routing table sizes of routers and the routing traffic are significantly reduced. The STUB area is an optional configuration attribute, but not every area conforms to the configuration condition. Generally, STUB areas, located at the AS boundaries, are those non-backbone areas with only one ABR. Even if this area has multiple ABRs, no virtual links are established between these ABRs. To ensure that the routes to the destinations outside the AS are still reachable, the ABR in this area will generate a default route ( ) and advertise it to the non-abr routers in the area. Please pay attention to the following items when configuring a STUB area: The backbone area cannot be configured to be the STUB area and the virtual link cannot pass through the STUB area. If you want to configure an area to be the STUB area, then all the routers in this area should be configured with this attribute. No ASBR can exist in a STUB area. In other words, the external routes of the AS cannot be propagated in the STUB area. Beginning in OSPF configuration mode, follow these steps to configure STUB Area of OSPF. Step 1 Command area area-id stub [CR no-summary] Purpose Configure an area to be the STUB area 陈泽科技有限公司

55 Step 2 10G Core Routing Switch User Manual area area-id default-cost value Configure the cost of the default route transmitted by OSPF to the STUB area Step 3 exit Return to global configuration mode. Step 4 exit Return to privileged EXEC mode. Step 5 show ip ospf Verify your entries. Step 6 Copy running-config startup-config (Optional) Save your entries in the configuration file. To remove the configured STUB area, use no area area-id stub [CR no-summary] OSPF configuration command. To remove the cost of the default route to the STUB area, use no area area-id default-cost value OSPF configuration command. By default, the STUB area is not configured, and the cost of the default route to the STUB area is 1. Configuring the Route Summarization of OSPF Area Route summary means that ABR can aggregate information of the routes of the same prefix and advertise only one route to other areas. An area can be configured with multiple aggregate segments, thereby OSPF can summarize them. When the ABR transmits routing information to other areas, it will generate Sum_net_Lsa (type-3 LSA) per network. If some continuous networks exist in this area, you can use the abr-summary command to summarize these segments into one segment. Thus, the ABR only needs to send an aggregate LSA, and all the LSAs in the range of the aggregate segment specified by the command will not be transmitted separately. Once the aggregate segment of a certain network is added to the area, all the internal routes of the IP addresses in the range of the aggregate segment will no longer be separately advertised to other areas. Only the route summary of the whole aggregate network will be advertised. But if the range of the segment is restricted by the keyword "not-advertise", the route summary of this segment will not be advertised. This segment is represented by IP address and mask.route summarization can take effect only when it is configured on ABRs. Beginning in OSPF configuration mode, follow these steps to configure the Route Summarization of OSPF Area. Command Purpose Step 1 Area area_id range ip-address Configure the Route Summarization of OSPF Area mask [CR not-advertise advertise substitute] Step 2 exit Return to global configuration mode. Step 3 exit Return to privileged EXEC mode. Step 4 show ip ospf Verify your entries. Step 5 Copy running-config startup-config (Optional) Save your entries in the configuration file. To cancel route summarization of OSPF Area, use no summary-address ip-address mask OSPF configuration command. By default, the inter-area routes will not be summarized. 陈泽科技有限公司

56 Configuring OSPF Virtual Link 10G Core Routing Switch User Manual According to RFC2328, after the area division of OSPF, not all the areas are equal. In which, an area is different from all the other areas. Its area-id is and it is usually called the backbone Area. The OSPF routes between non-backbone areas are updated with the help of the backbone area. OSPF stipulates that all the non-backbone areas should maintain the connectivity with the backbone area. That is, at least one interface on the ABR should fall into the area If an area does not have a direct physical link with the backbone area , a virtual link must be created. If the physical connectivity cannot be ensured due to the network topology restriction, a virtual link can satisfy this requirement. The virtual link refers to a logic channel set up through the area of a non-backbone internal route between two ABRs. Both ends of the logic channel should be ABRs and the connection can take effect only when both ends are configured. The virtual link is identified by the ID of the remote router. The area, which provides the ends of the virtual link with a non-backbone area internal route, is called the transit area. The ID of the transit area should be specified when making configuration. The virtual link is activated after the route passing through the transit area is calculated,which is equivalent to a p2p connection between two ends. Therefore, similar to the physical interfaces, you can also configure various interface parameters on this link, such as hello timer. The "logic channel" means that the multiple routers running OSPF between two ABRs only take the role of packet forwarding (the destination addresses of the protocol packets are not these routers, so these packets are transparent for them and the routers forward them as common IP packets). The routing information is directly transmitted between the two ABRs. The routing information herein refers to the type-3 LSAs generated by the ABRs, for which the synchronization mode of the routers in the area will not be changed. Beginning in OSPF configuration mode, follow these steps to configure OSPF Virtual Link. Command Purpose Step 1 area area-id virtual-link Create and configure a virtual link router-id [authentication CR hello-interval seconds retransmit-interval seconds transmit-delay seconds dead-interval seconds authentication-key auth_key message-digest-key key_id md5 key ] Step 2 exit Return to global configuration mode. Step 3 exit Return to privileged EXEC mode. Step 4 show ip ospf Verify your entries. Step 5 Copy running-config startup-config (Optional) Save your entries in the configuration file. To remove the created virtual link, use no area area-id virtual-link router-id [ CR hello-interval seconds retransmit-interval seconds transmit-delay seconds dead-interval seconds authentication-key auth_key message-digest-key key_id md5 key ] OSPF configuration command. area-id and router-id have no default value. By default, hello timer is 10 seconds, retransmit 5 seconds, trans-delay 1 second, and the dead 40 seconds. 陈泽科技有限公司

57 Configuring OSPF Packet Authentication 10G Core Routing Switch User Manual OSPF supports simple authentication or MD5 authentication between neighboring routers. All the routers in one area must use the same authentication mode (no authentication,simple text authentication or MD5 cipher text authentication). If the mode of supporting authentication is configured, all routers on the same segment must use the same authentication key. To configure a simple text authentication key, use the ospf authentication-mode simple command. And, use the ospf authentication-mode md5 command to configure the MD5 cipher text authentication key if the area is configured to support MD5 cipher text authentication mode. Beginning in privileged EXEC mode, follow these steps to configure OSPF Packet Authentication. Command Purpose Step 2 Interface ifname Enter interface configuration mode. Step 3 ip ospf authentication-key (Optional) Specify a password for OSPF simple text auth_key authentication Step 4 Ip ospf authentication Activating simple text authentication Step 5 Step 6 ip ospf message-digest-key key_id md5 key Ip ospf authentication message-digest (Optional) Specify the key-id and key for OSPF MD5 authentication Activating simple text authentication Step 7 exit Return to global configuration mode. Step 8 exit Return to privileged EXEC mode. Step 9 show ip ospf interface [vlan-id] Verify your entries. Step 10 Copy running-config startup-config (Optional) Save your entries in the configuration file. To Cancel simple authentication on the interface, use no ip ospf authentication-key interface configuration command. To Cancel the interface to use MD5 authentication, use no ip ospf message-digest-key interface configuration command. To Cancel authentication on the interface, use no ip ospf authentication interface configuration command. By default, the interface is not configured with either simple authentication or MD5 authentication. Disabling the Interface to Send OSPF Packets To prevent OSPF routing information from being acquired by the routers on a certain network, use the passive command to disable the interface to transmit OSPF packets. Beginning in privileged EXEC mode, follow these steps to disable the Interface to Send OSPF Packets. Command Purpose 陈泽科技有限公司

58 Step 2 Router ospf Enter interface configuration mode. Step 3 passive-interface ifname Disable the interface to send OSPF packets Step 4 exit Return to global configuration mode. Step 5 exit Return to privileged EXEC mode. Step 6 show ip ospf interface [vlan-id] Verify your entries. Step 7 Copy running-config startup-config (Optional) Save your entries in the configuration file. To enable the interface to send OSPF packets, use no ip ospf passive-interface ifname interface configuration mode. By default, all the interfaces are allowed to transmit and receive OSPF packets. After an OSPF interface is set to be in silent status, the interface can still advertise its direct route. However, the OSPF hello packets of the interface will be blocked, and no neighboring relationship can be established on the interface. Thereby, the capability for OSPF to adapt to the networking can be enhanced, which will hence reduce the consumption of system resources. On a switch, this command can disable/enable the specified VLAN interface to send OSPF packets. Displaying and Debugging OSPF After the above configuration, execute show command in any view to display the running of the OSPF configuration, and to verify the effect of the configuration. Table Displaying and debugging OSPF Operation Display the brief information of the OSPF routing process Display OSPF neighbor information Display OSPF routing table Display OSPF virtual links Display OSPF statistics Display LSDB information of OSPF Display OSPF interface information Command show ip ospf show ip ospf neighbor show ip ospf routing show ip ospf virtual-links show ip ospf database show ip ospf lsa show ip ospf interface 陈泽科技有限公司

59 Typical OSPF Configuration Example 10G Core Routing Switch User Manual I. Networking requirements In the following figure, Area 2 and Area 0 are not directly connected. Area 1 is required to be taken as transit area for connecting Area 2 and Area 0.Enable OSPF service on switch and Correctly configure a virtual link between Switch B and Switch C in Area 1. II. Networking diagram III. Configuration procedure OSPF Fault Diagnosis and Troubleshooting Figure OSPF virtual link configuration networking Fault 1: OSPF has been configured in accordance with the above-mentioned steps, but OSPF on the router cannot run normally. Troubleshooting: Please check according to the following procedure. Troubleshooting locally: Check whether the protocol between two directly connected routers is in normal operation. The normal sign is the peer state machine between the two routers reaches the FULL state. (Note: On a broadcast or NBMA network, if the interfaces for two routers are in DROther state, the peer state machine for the two routers are in 2-way state, instead of FULL state. The peer state machine between DR/BDR and all the other routers is in FULL state. Execute the show ip ospf neighbour command to view neighbours. Execute the show ip ospf interface command to view OSPF information in the interface. Check whether the physical connections and the lower level protocol operate normally. You can execute the ping command to test. If the local router cannot ping the peer router, it indicates that faults have occurred to the physical link and the lower level protocol. 陈泽科技有限公司

60 If the physical link and the lower layer protocol are normal, please check the OSPF parameters configured on the interface. The parameters should be the same parameters configured on the router adjacent to the interface. The same area ID should be used, and the networks and the masks should also be consistent. (The p2p or virtually linked segment can have different segments and masks.) Ensure that the dead timer on the same interface is at least four times the value of the hello timer. If the network type is broadcast or NBMA, there must be at least one interface with a priority greater than zero. If an area is set as the STUB area, to which the routers are connected. The area on these routers must be also set as the STUB area. The same interface type should be adopted for the neighboring routers. If more than two areas are configured, at least one area should be configured as the backbone area (that is to say, the area ID is 0). Ensure the backbone area to connect with all the areas. The virtual links cannot pass through the STUB area. Troubleshooting globally: If OSPF cannot discover the remote routes yet in the case that the above steps are correctly performed, proceed to check the following configurations. If more than two areas are configured on a router, at least one area should be configured as the backbone area. As shown in the following figure: RTA and RTD are configured to belong to only one area, whereas RTB (area0 and area1) and RTC (area1 and area 2) are configured to belong to two areas. In which, RTB also belongs to area0, which is compliant with the requirement. However, none of the areas to which RTC belongs is area0. Therefore, a virtual link should be set up between RTC and RTB. Ensure that area2 and area0 (backbone area) is connected. Figure OSPF areas The backbone area (area 0) cannot be configured as the STUB area and the virtual link cannot pass through the STUB area. That is, if a virtual link has been set up between RTB and RTC, neither area1 nor area0 can be configured as a stub area. In the above figure, only area 2 can be configured as stub area. Routers in the STUB area cannot redistribute the external routes. Backbone area must guarantee the connectivity of all nodes. IP Multicast Protocol IP Multicast Overview Problems with Unicast/Broadcast The constant development of the Internet and increasing interaction of versatile data,voice and vedio information over the network, has promoted the emergence of new services like e-commerce, network conference, online auction, vedio on demand (VoD),and tele-education. These services require higher information security and greater rewards. I. Unicast 陈泽科技有限公司

61 In unicast mode, every user that needs the inforamtion receives a copy through the channels the system separately establishes for them. See Figure Figure Data transmission in unicast mode Suppose that Users B, D, and E need the information, the information source Server establishes transmision channels with every of them. Since the traffic in transmission increases with the number of users, excessive copies of the information would spread over the network if the there is a large number of users in need of this infomration. As the bandwidth would turn short, the unicast mode is incapable of massive transmission. II. Broadcast In broadcast mode, every user on the network receives the information regardless of their needs. See Figure 13-2 Data transmission in broadcast mode. Figure Data transmission in broadcast mode Suppose the Users B, D, and E need the information, the information source Server broadcasts the information through the router; User A and User C can also receive the information. In that case, information security and rewards to services are not guaranteed. Moreover, bandwidth is terribly wasted when only a few part of users are in need of the information. In short, the unicast mode is useful in networks with scattered users, and the multicast mode is suitable for networks with dense users. When the number of users is uncertain, the adoption of unicast or multicast mode results in low efficiency. 陈泽科技有限公司

62 Advantages of Multicast 10G Core Routing Switch User Manual I. Multicast IP multicast technology solves those problems. It allows the multicast source to send the information once only, and ensures that the information will not be duplicated or distributed unless it reaches a fork in the tree route established by the multicast routing protocol. See Figure 13-3 Data transmission in multicast mode. Figure Data transmission in multicast mode Suppose the Users B, D, and E need the information, they need to be organized into a receiver group to ensure that the information can reach them smoothly. The routers on the network duplicate and forward the information according to the distribution of these users in the group. In multicast mode, the information sender is called the "multicast source", the receiver is called the "multicast group", and the routers for multicast information transmission are called "multicast routers". Members of a multicast group can scatter around the network; the multicast group therefore has no geographical limitation. It should be noted that a multicast source does not necessarily belong to a multicast group. It sends data to multicast groups but is not necessarily a receiver. Multiple sources can send packets to a multicast group simultaneously. II. Advantages The main advantages of multicast are: Enhanced efficiency: It reduces network traffic and relieves server and CPU of loads. Optimized performance: It eliminates traffic redundancy. Distributed application: It enables multipoint application. Application of Multicast IP multicast technology effectively implements point to multi-point forwarding with high speed, as saves network bandwidth a lot and can relieve network loads. It facilitates also the development of new value-added services in the Internet information service area that include online live show, Web TV, tele-education, telemedicine, network radio station and real-time audio/video conferencing. It takes a positive role in: 陈泽科技有限公司

63 Multimedia and streaming media application Occasional communication for training and cooperation Data storage and finance (stock) operation Point-to-multipoint data distribution With the increasing popularity of multimedia services over IP network, multicast is gaining its marketplace. Implementation of IP Multicast Multicast Addresses In multicast mode, there are questions about where to send the information, how to locate the destination or know the receiver. All these questions can be narrowed down to multicast addressing. To guarantee the communication between a multicast source and a multicast group, the network layer multicast address (namely the IP multicast address) is required, along with the technique to correlate it with the link layer MAC multicast address. Following is the introduction to these two kinds of addresses. I. IP Multicast Addresses According to the definition in Internet Assigned Number Authority (IANA), IP addresses fall into four types: Class A, Class B, Class C and Class D. Unicast packets use IP addresses of Class A, Class B or Class C, depending on specific packet scales.multicast packets use IP addresses of Class D as their destination addresses, but Class D IP addresses cannot be contained in the source IP field of IP packets. During unicast data transmission, a packet is transmitted "hop-by-hop" from the source address to the destination address. However, in IP multicast environment, a packet has more than one destination address, or a group of addresses. All the information receivers are added to a group. Once a receiver joins the group, the data for this group of addresses start flowing to this receiver. All members in the group can receive the packets. Membership here is dynamic, and a host can join or leave the group at any time. A multicast group can be permanent or temporary. Some multicast group addresses are allocated by IANA, and the multicast group is called permanent multicast group. The IP addresses of a permanent multicast group are unchangeable, but its membership is changeable, and the number of members is arbitrary. It is quite possible for a permanent group to not a single member. Those not reserved for permanent multicast groups can be used by temporary multicast groups. Class D multicast addresses range from to More information is listed in Table 13-1 Ranges and meanings of Class D addresses. Table Ranges and meanings of Class D addresses Class D address range Description Reserved multicast addresses (addresses of permanent groups). All but can be allocated by routing protocols. Multicast addresses available for users (addresses of temporary groups). They are valid in the entire network. Multicast addresses for local management. They are valid only in the specified local range. 陈泽科技有限公司

64 Reserved multicast addresses that are commonly used are described in the following table. Table Reserved multicast address list Class D address range Description Base Address (Reserved) Addresses of all hosts Addresses of all multicast routers Not for allocation DVMRP routers OSPF routers OSPF DR ST routers ST hosts RIP-2 routers IGRP routers Active agents DHCP server/relay agent All PIM routers RSVP encapsulation All CBT routers Specified SBM All SBMS VRRP II. Ethernet Multicast MAC Addresses When a unicast IP packet is transmitted on the Ethernet, the destination MAC address is the MAC address of the receiver. However, for a multicast packet, the destination is no longer a specific receiver but a group with unspecific members. Therefore, the multicast MAC address should be used. 陈泽科技有限公司

As Internet Assigned Number Authority (IANA) provisions, the high 24 bits of a multicast MAC address are 0x01005e and the low 23 bits of a MAC address are the low 23 bits of a multicast IP address.

65 As Internet Assigned Number Authority (IANA) provisions, the high 24 bits of a multicast MAC address are 0x01005e and the low 23 bits of a MAC address are the low 23 bits of a multicast IP address. Figure Mapping between a multicast IP address and an Ethernet MAC address The first four bits of the multicast address are 1110, representing the multicast identifier. Among the rest 28 bits, only 23 bits are mapped to the MAC address, and the other five bits are lost. This may results in that 32 IP addresses are mapped to the same MAC address. IP Multicast Protocols Multicast involves multicast group management protocols and multicast routing protocols. Their application positions are shown in follow Figure Application positions of multicast-related protocols. I. Multicast group management protocol Figure Application positions of multicast-related protocols Multicast groups use Internet group management protocol (IGMP) as the management protocols. IGMP runs between the switch and multicast router and defines the membership establishment and maintenance mechanism between them. II. Multicast routing protocols 陈泽科技有限公司

66 A multicast routing protocol runs between multicast routers to create and maintain multicast routes for correct and efficient forwarding of multicast packet. The multicast routing creates a loop-free data transmission path from one source to multiple receivers.the task of multicast routing protocols is to build up the distribution tree architecture. A multicast router can use multiple methods to build up a path for data transmission, that is, a distribution tree. As in unicast routing, the multicast routing can also be intra-domain or inter-domain. Intra-domain multicast routing is rather mature and protocol independent multicast (PIM) is the most wildly used intra-domain protocol, which can work in collaboration with unicast routing protocols. The inter-domain routing first needs to solve how to transfer routing information between ASs. Since the ASs may belong to different telecom carriers, the inter-domain routing information must contain carriers policies, in addition to distance information. Currently, inter-domain routing protocols include multicast source discovery protocol (MSDP) and MBGP multicast extension. IP Multicast Packet Forwarding To ensure that multicast packets reach a router along the shortest path, the multicast router must check the receiving interface of multicast packets depending on the unicast routing table or a unicast routing table independently provided for multicast. This check mechanism is the basis for most multicast routing protocols to perform multicast forwarding, and is known as Reverse Path Forwarding (RPF) check. A multicast router uses the source address of a received multicast packet to query the unicast routing table or the independent multicast routing table to determine that the receiving interface is on the shortest path from the receiving station to the source. If a source tree is used, the source address is the address of the source host sending the multicast packet. If a shared tree is used, the source address is the RP address of the shared tree. A multicast packet arriving at the router will be forwarded according to the multicast forwarding entry if it passes the RPF check, or else, it will be discarded. IGMP Snooping Configuration IGMP Snooping Overview IGMP Snooping Principle IGMP Snooping (Internet Group Management Protocol Snooping) is a multicast control mechanism running on the Layer 2 Ethernet switch and it is used for multicast group management and control. IGMP Snooping runs on the link layer. When receiving the IGMP messages transmitted between the host and router, the Layer 2 Ethernet switch uses IGMP Snooping to analyze the information carried in the IGMP messages. If the switch hears IGMP host report message from an IGMP host, it will add the host to the corresponding multicast table. If the switch hears IGMP leave message from an IGMP host, it will remove the host from the corresponding multicast table. The switch continuously listens to the IGMP messages to create and maintain MAC multicast address table on Layer 2. And then it can forward the multicast packets transmitted from the upstream router according to the MAC multicast address table. When IGMP Snooping is disabled, the packets are multicast on Layer 2. See the following figure: 陈泽科技有限公司

67 Figure Multicast packet transmission without IGMP Snooping When IGMP Snooping runs, the packets are not broadcast on Layer 2. See the following figure: Figure Multicast packet transmission when IGMP Snooping runs Implement IGMP Snooping I. Related concepts of IGMP Snooping To facilitate the description, this section first introduces some related switch concepts of IGMP Snooping: Router Port: The port of the switch, directly connected to the multicast router. 陈泽科技有限公司

68 Multicast member port: The port connected to the multicast member.the multicast member refers to a host joined a multicast group. MAC multicast group: The multicast group is identified with MAC multicast address and maintained by the Ethernet switch. Router port aging time: Time set on the router port aging timer. If the switch has not received any IGMP general query message before the timer times out, it considers the port no longer as a router port. Multicast group member port aging time: When a port joins an IP multicast group,the aging timer of the port will begin timing. The multicast group member port aging time is set on this aging timer. If the switch has not received any IGMP report message before the timer times out, it transmits IGMP specific query message to the port. Maximum response time: When the switch transmits IGMP specific query message to the multicast member port, the Ethernet switch starts a response timer,which times before the response to the query. If the switch has not received any IGMP report message before the timer times out, it will remove the port from the multicast member ports II. Implement Layer 2 multicast with IGMP Snooping The Ethernet switch runs IGMP Snooping to listen to the IGMP messages and map the host and its ports to the corresponding multicast group address. To implement IGMP Snooping, the Layer 2 Ethernet switch processes different IGMP messages in the way illustrated in the figure below: Figure Implement IGMP Snooping 1) IGMP general query message: Transmitted by the multicast router to the multicast group members to query which multicast group contains member. When an IGMP general query message arrives at a router port, the Ethernet switch will reset the aging timer of the port. When a port other than a router port receives the IGMP general query message, the Ethernet switch will notify the multicast router that a port is ready to join a multicast group and starts the aging timer for the port. 2) IGMP specific query message: Transmitted from the multicast router to the multicast members and used for querying if a specific group contains any member. When received IGMP specific query message, the switch only transmits the specific query message to the IP multicast group which is queried. 陈泽科技有限公司

69 3) IGMP report message: Transmitted from the host to the multicast router and used for applying to a multicast group or responding to the IGMP query message. When received the IGMP report message, the switch checks if the MAC multicast group, corresponding to the IP multicast group the packet is ready to join exists. If the corresponding MAC multicast group does not exist, the switch only notifies the router that a member is ready to join a multicast group, creates a new MAC multicast group, adds the port received the message to the group, starts the port aging timer, and then adds all the router ports in the native VLAN of the port into the MAC multicast forwarding table, and meanwhile creates an IP multicast group and adds the port received the report message to it. If the corresponding MAC multicast group exists but does not contains the port received the report message, the switch adds the port into the multicast group and starts the port aging timer. And then the switch checks if the corresponding IP multicast group exists. If it does not exist, the switch creates a new IP multicast group and adds the port received the report message to it. If it exists, the switch adds the port to it. If the MAC multicast group corresponding to the message exists and contains the port received the message, the switch will only reset the aging timer of the port. 4) IGMP leave message: Transmitted from the multicast group member to the multicast router to notify that a router host left the multicast group. When received a leave message of an IP multicast group, the Ethernet switch transmits the specific query message concerning that group to the port received the message, in order to check if the host still has some other member of this group and meanwhile starts a maximum response timer. If the switch has not receive any report message from the multicast group, the port will be removed from the corresponding MAC multicast group. If the MAC multicast group does not have any member, the switch will notify the multicast router to remove it from the multicast tree. IGMP Snooping Configuration The main IGMP Snooping configuration includes: Enabling/disabling IGMP Snooping Configuring the aging time of multicast group member port Among the above configuration tasks, enabling IGMP Snooping is required, while others are optional for your requirements. Enabling/Disabling IGMP Snooping You can use the following commands to enable/disable IGMP Snooping to control whether MAC multicast forwarding table is created and maintained on Layer 2. Beginning in privileged EXEC mode, follow these steps to enable IGMP snooping. Command Purpose Step 2 igmp-snooping enable Enable IGMP Snooping Step 3 show igmp-snooping configuration Verify your entries. Step 4 Copy running-config startup-config (Optional) Save your entries in the configuration file. 陈泽科技有限公司

70 To disable IGMP snooping, use no igmp-snooping global configuration command. By default, IGMP Snooping is disabled. 10G Core Routing Switch User Manual Configuring Aging Time of Multicast Group Member This task is to manually set the aging time of the multicast group member port. If the switch receives no multicast group report message during the member port aging time, it will transmit the specific query message to that port and starts a maximum response timer. Beginning in privileged EXEC mode, follow these steps to configure Aging Time of Multicast Group Member. Command Purpose Step 2 igmp-snooping host-aging-time Configure aging time seconds Seconds range is 10 to Step 3 show igmp-snooping timeout Verify your entries. Step 4 Copy running-config startup-config By default, the aging time of the multicast member is 300 seconds. (Optional) Save your entries in the configuration file. Configuring a Multicast Router Port To add a multicast router port (add a static connection to a multicast router), use the igmp-snooping mrouter vlan global configuration command on the switch. Beginning in privileged EXEC mode, follow these steps to configure a multicast router port. Command Purpose Step 2 igmp-snooping mrouter vlan Specify the multicast router VLAN ID and specify the vlan-id interface interface-id interface to the multicast router. The VLAN ID range is 1 to The interface can be a physical interface or a port channel. The port channel range is 1 to 12. Step 3 show igmp-snooping mrouter Verify your entries. vlan all Step 4 Copy running-config (Optional) Save your entries in the configuration file. startup-config To remove a multicast router port from the VLAN, use the no igmp-snooping mrouter vlan vlan-id interface interface-id global configuration command. 陈泽科技有限公司

71 Configuring a Host Statically to Join a Group 10G Core Routing Switch User Manual Hosts or Layer 2 ports normally join multicast groups dynamically, but you can also statically configure a host on an interface. Beginning in privileged EXEC mode, follow these steps to add a Layer 2 port as a member of a multicast group: Command Purpose Step 2 igmp-snooping static vlan Statically configure a Layer 2 port as a member of a vlan-id ip-address interface multicast group: interface-id vlan-id is the multicast group VLAN ID. ip-address is the group IP address. interface-id is the member port. It can be a physical interface or port channel (1 to 12). Step 3 show igmp-snooping Verify your entries. configuration Step 4 Copy running-config startup-config (Optional) Save your entries in the configuration file. To remove the Layer 2 port from the multicast group, use the no igmp-snooping static vlan vlan-id ip-address interface interface-id global configuration command. Enabling IGMP Immediate Leave When you enable IGMP Immediate Leave, the switch immediately removes a port when it detects an IGMP Version 2 leave message on that port. You should only use the Immediate-Leave feature when there is a single receiver present. Beginning in privileged EXEC mode, follow these steps to enable IGMP Immediate Leave: Command Purpose Step 2 igmp-snooping immediate-leave enable Enable IGMP Immediate Leave Step 3 show igmp-snooping Verify your entries. configuration Step 4 Copy running-config (Optional) Save your entries in the configuration file. startup-config To disable IGMP Immediate Leave, use the no igmp-snooping immediate-leave global configuration command. This example shows how to enable IGMP Immediate Leave: Switch# configure terminal Switch(config)# igmp-snooping immediate-leave 陈泽科技有限公司

IGMP Snooping Configuration Example 10G Core Routing Switch User Manual Enable IGMP Snooping I. Networking requirements To implement IGMP Snooping on the switch, first enable it.

72 IGMP Snooping Configuration Example 10G Core Routing Switch User Manual Enable IGMP Snooping I. Networking requirements To implement IGMP Snooping on the switch, first enable it. The switch is connected with the router via the router port, and with user PC through the non-router ports. II. Networking diagram III. Configuration procedure # Enable IGMP snooping on switch switch(config)# igmp-snooping enable Figure IGMP Snooping configuration networking Troubleshoot IGMP Snooping Fault: Multicast function cannot be implemented on the switch. Troubleshooting: 1) IGMP Snooping is disabled. Input the display current-configuration command to display the status of IGMP Snooping. If the switch disabled IGMP Snooping, check whether the IGMP Snooping is not nabled globally or it is not enabled in the VLAN. If it is not enabled globally, first nput the igmp-snooping enable command in system view and then in VLAN iew. If it is not enabled in the VLAN, input the same command in VLAN view. 2) Multicast forwarding table set up by IGMP Snooping is wrong. Input the display igmp-snooping group command to display if the multicast roup is the expected one. If the multicast group created by IGMP Snooping is not correct, turn to rofessional maintenance personnel for 陈泽科技有限公司

73 help. Continue with diagnosis 3 if the second step is completed. 3) Multicast forwarding table set up on the bottom layer is wrong. Enable IGMP Snooping group in user view and then input the command display gmp-snooping group to check if MAC multicast forwarding table in the bottom ayer and that created by IGMP Snooping is consistent. You may also input the isplay mac vlan command in any view to check if MAC multicast forwarding able under vlanid in the bottom layer and that created by IGMP Snooping is onsistent. If they are not consistent,please contact the maintenance personnel for help. IGMP Configuration IGMP Overview Introduction to IGMP Internet Group Management Protocol (IGMP) is a protocol in the TCP/IP suite responsible for management of IP multicast members. It is used to establish and maintain multicast membership among IP hosts and their directly connected neighboring routers. IGMP excludes transmitting and maintenance of membership information among multicast routers, which are completed by multicast routing protocols. All hosts participating in multicast must implement IGMP. Hosts participating in IP multicast can join and leave a multicast group at any time. The number of members of a multicast group can be any integer and the location of them can be anywhere. A multicast router does not need and cannot keep the membership of all hosts. It only uses IGMP to learn whether receivers (i.e., group members) of a multicast group are present on the subnet connected to each interface. A host only needs to keep which multicast groups it has joined. IGMP is not symmetric on hosts and routers. Hosts need to respond to IGMP query messages from the multicast router, i.e., report the group membership to the router. The router needs to send membership query messages periodically to discover whether hosts join the specified group on its subnets according to the received response messages. When the router receives the report that hosts leave the group, the router will send a group-specific query packet (IGMP Version 2) to discover whether no member exists in the group. Up to now, IGMP has three versions, namely, IGMP Version 1 (defined by RFC1112), IGMP Version 2 (defined by RFC2236) and IGMP Version 3. At present, IGMP Version 2 is the most widely used version. IGMP Version 2 boasts the following improvements over IGMP Version 1: I. Election mechanism of multicast routers on the shared network segment A shared network segment means that there are multiple multicast routers on a network segment. In this case, all routers running IGMP on the network segment can receive the membership report from hosts. Therefore, only one router is necessary to send membership query messages. In this case, the router election mechanism is required to specify a router as the querier. In IGMP Version 1, selection of the querier is determined by the multicast routing protocol. While IGMP Version 2 specifies that the multicast router with the lowest IP address is elected as the querier when there are multiple multicast routers on the same network segment. 陈泽科技有限公司

74 II. Leaving group mechanism In IGMP Version 1, hosts leave the multicast group quietly without informing the multicast router. In this case, the multicast router can only depend on the timeout of the response time of the multicast group to confirm that hosts leave the group. In Version 2, when a host is intended to leave, it will send a leave group message if it is the host who responds to the latest membership query message. III. Specific group query In IGMP Version 1, a query of a multicast router is targeted at all the multicast groups on the network segment, which is known as General Query. In IGMP Version 2, Group-Specific Query is added besides general query. The destination IP address of the query packet is the IP address of the multicast group. The group address domain in the packet is also the IP address of the multicast group. This prevents the hosts of members of other multicast groups from sending response messages. IV. Max response time The Max Response Time is added in IGMP Version 2. It is used to dynamically adjust the allowed maximum time for a host to response to the membership query message. IGMP Configuration 1) IGMP basic configuration includes: Enabling multicast routing Enabling IGMP on an interface 2) IGMP advanced configuration includes: Configuring the IGMP version Configuring the interval of sending IGMP Group-Specific Query packet Configuring the times of sending IGMP Group-Specific Query packet Configuring the limit of IGMP groups on an interface Configuring a router to join specified multicast group Controlling the access to IP multicast groups Configuring the IGMP query message interval Configuring the IGMP querier present timer Configuring the maximum query response time Deleting IGMP Groups Joined on an Interface Enabling Multicast routing Enable multicast first before enabling IGMP and the multicast routing protocol. Beginning in privileged EXEC mode, follow these steps to enable IP multicast routing. Command Purpose 陈泽科技有限公司

75 Step 2 ip multicast-routing enable Enable IP multicast routing. Step 3 exit Return to privileged EXEC mode. Step 4 show ip mroute Verify your entries. Step 5 write (Optional) Save your entries in the configuration file. By default, multicast is disabled. To disable multicast routing, use the ip multicast-routing disable global configuration command. Enabling Igmp on a interface Only multicast function is enabled can the ip multicast-routing enable command be executed. After this, you can initiate IGMP feature configuration. Beginning in privileged EXEC mode, follow these steps to enable igmp on a interface. Command Purpose Step 2 ip pim interface interface-id Enable IP multicast routing. sparse-mode enable Step 3 exit Return to privileged EXEC mode. Step 4 show ip igmp interface Verify your entries. interface-id Step 5 write (Optional) Save your entries in the configuration file. By default, multicast is disabled. To disable multicast routing, use the ip pim interface interface-id sparse-mode disable global configuration command. Configuring the IGMP Version Beginning in privileged EXEC mode, follow these steps to configuring the igmp version. Command Purpose Step 2 ip igmp interface interface-id version { 1 2 } Specify the IGMP version that the switch uses. Note: If you change to Version 1, you cannot configure the ip igmp query-interval or the ip igmp query-max-response-time interface configuration commands. 陈泽科技有限公司

76 Step 3 exit Return to privileged EXEC mode. Step 4 show ip igmp interface interface-id Verify your entries. Step 5 write (Optional) Save your entries in the configuration file. By default, IGMP Version 2 is used. Note: All routers on a subnet must support the same version of IGMP. After detecting the presence of IGMP Version 1 system, a router cannot automatically switch to Version 1. Configuring the Interval to Send IGMP Query Message Multicast routers send IGMP query messages to discover which multicast groups are present on attached networks. Multicast routers send query messages periodically to refresh their knowledge of members present on their networks. Beginning in privileged EXEC mode, follow these steps to configuring the Interval to Send IGMP Query Message. Command Purpose Step 2 ip igmp query-interval seconds Configure the interval to send IGMP query message By default, the interval is 60 seconds. Seconds is range from 1 to Step 3 exit Return to privileged EXEC mode. Step 4 write (Optional) Save your entries in the configuration file. When there are multiple multicast routers on a network segment, the querier is responsible for sending IGMP query messages to all hosts on the LAN. Configuring the Interval of Querying IGMP Packets On the shared network, it is the query router (querier) that maintains IGMP membership on the interface. When an IGMP querier receives an IGMP Leave Group message from a host, the last member query interval can be specified for Group-Specific Queries. The host sends the IGMP Leave message. Upon receiving the message, IGMP querier sends the designated group IGMP query message for specified times (defined by the robust-value in igmp robust-count, with the default value as 1 second) and at a time interval (defined by the seconds in igmp lastmember-queryinterval, with the default value as 2). When other hosts reciver the message from the IGMP querier and are interested in this group, they return the IGMP Memberhsip Report message within the defined maximum response time. If IGMP querier receives the report messges from other hosts within the period equal to robust-value seconds, it 陈泽科技有限公司

77 continues memberhship maintenance for this group. If it receives no report message from any other host within this peroid, it reckons This as timeout and ends mebership maintenance for this group. This command can be used only when the querier runs IGMP version 2, since a host running IGMP Version 1 does not send IGMP Leave Group message when it leaves a group. Beginning in privileged EXEC mode, follow these steps to configuring the Interval of Querying IGMP Packets Command Purpose Step 2 ip igmp last-query-interval senconds Configure interval for querying IGMP packets By default, the interval is 1 seconds. Seconds is range from 1 to 65. Step 3 exit Return to privileged EXEC mode. Step 4 write (Optional) Save your entries in the configuration file. Changing the IGMP Query Timeout for IGMPv2 If you are using IGMPv2, you can specify the period of time before the switch takes over as the querier for the interface. By default, the switch waits twice the query interval controlled by the ip igmp query-interval interface configuration command. After that time, if the switch has received no queries,it becomes the querier. You can configure the query interval by entering the show ip igmp interface interface-id privileged EXEC command. Beginning in privileged EXEC mode, follow these steps to change the IGMP query timeout. This procedure is optional. Command Purpose Step 2 ip igmp querier-timeout senconds Specify the IGMP query timeout. The default is 60 seconds (twice the query interval). The range is 60 to 300. Step 3 exit Return to privileged EXEC mode. Step 4 write (Optional) Save your entries in the configuration file. Changing the Maximum Query Response Time for IGMPv2 If you are using IGMPv2, you can change the maximum query response time advertised in IGMP queries. The maximum query response time enables the switch to quickly detect that there are no more directly connected group members on a LAN. Decreasing the value enables the switch to prune groups faster. Beginning in privileged EXEC mode, follow these steps to change the maximum query response time.this procedure is optional. Command Purpose 陈泽科技有限公司

78 Step 2 ip igmp query-max-response seconds Change the maximum query response time advertised in IGMP queries. The default is 10 seconds. The range is 1 to 25. Step 3 exit Return to privileged EXEC mode. Step 4 write (Optional) Save your entries in the configuration file. Configuring a Router to Join Specified Multicast Group Usually, the host operating IGMP will respond to IGMP query packet of the multicast router. In case of response failure, the multicast router will consider that there is no multicast member on this network segment and will cancel the corresponding path. Configuring one interface of the router as multicast member can avoid such problem. When the interface receives IGMP query packet, the router will respond, thus ensuring that the network segment where the interface is connected can normally receive multicast packets. For an ethernet switch, you can configure a port in a VLAN interface to join a multicast group. Beginning in privileged EXEC mode, follow these steps to configure a router to join specified multicast group. Command Purpose Step 2 ip igmp interface interface-id Configure a router to join specified multicast group join-group group-address By default, a router joins no multicast group. Step 3 exit Return to privileged EXEC mode. Step 4 write (Optional) Save your entries in the configuration file. To leave a group, use ip igmp interface interface-id leave-group group-address global configuration command. Configuring the Switch as a Statically Connected Member Sometimes there is either no group member on a network segment or a host cannot report its group membership by using IGMP. However, you might want multicast traffic to go to that network segment. These are ways to pull multicast traffic down to a network segment: Use the ip igmp interface interface-id join-group Globle configuration command. With this method, the switch accepts the multicast packets in addition to forwarding them. Accepting the multicast packets prevents the switch from fast switching. Use the ip igmp interface interface-id static-group globle configuration command. With this method, the switch does not accept the packets itself, but only forwards them. This method enables fast switching. The outgoing interface appears in the IGMP cache, but the switch itself is not a member, as evidenced by lack of an L (local) flag in the multicast route entry. Beginning in privileged EXEC mode, follow these steps to configure the switch itself to be a statically connected 陈泽科技有限公司

79 member of a group (and enable fast switching). This procedure is optional. 10G Core Routing Switch User Manual Command Purpose Step 2 ip igmp interface interface-id static-group add group-address Configure the switch as a statically connected member of a group. By default, this feature is disabled. Step 3 exit Return to privileged EXEC mode. Step 4 write (Optional) Save your entries in the configuration file. To remove the switch as a member of the group, use ip igmp interface interface-id static-group delete group-address globle configuration command. PIM-SM Configuration PIM-SM Overview Introduction to PIM-SM PIM-SM (Protocol Independent Multicast, Sparse Mode) belongs to sparse mode multicast routing protocols. PIM-SM is mainly applicable to large-scale networks with broad scope in which group members are relatively sparse. Different from the flood & prune principle of the dense mode, PIM-SM assumes that all hosts do not need to receive multicast packets, unless there is an explicit request for the packets. PIM-SM uses the RP (Rendezvous Point) and the BSR (Bootstrap Router) to advertise multicast information to all PIM-SM routers and uses the join/prune information of the router to build the RP-rooted shared tree (RPT), thereby reducing the bandwidth occupied by data packets and control packets and reducing the process overhead of the router. Multicast data flows along the shared tree to the network segments the multicast group members are on. When the data traffic is sufficient, the multicast data flow can switch over to the SPT (Shortest Path Tree) rooted on the source to reduce network delay. PIM-SM does not depend on the specified unicast routing protocol but uses the present unicast routing table to perform the RPF check. Running PIM-SM needs to configure candidate RPs and BSRs. The BSR is responsible for collecting the information from the candidate RP and advertising the information. PIM-SM Working Principle The PIM-SM working process is as follows: neighbor discovery, building the RP-rooted shared tree (RPT), multicast source registration and SPT switchover etc. The neighbor discovery mechanism is the same as that of PIM-DM, which will not be described any more. I. Build the RP shared tree (RPT) When hosts join a multicast group G, the leaf routers that directly connect with the hosts send IGMP messages to learn the receivers of multicast group G. In this way, the leaf routers calculate the corresponding rendezvous point (RP) for multicast group G and then send join messages to the node of a higher level toward the rendezvous point (RP). Each router along the path between the leaf routers and the RP will generate (*, G) entries in the forwarding table, indicating that all packets sent to multicast group G are applicable to the entries no matter from which source they are 陈泽科技有限公司

80 sent. When the RP receives the packets sent to multicast group G, the packets will be sent to leaf routers along the path built and then reach the hosts. In this way, an RP-rooted tree (RPT) is built as shown in the following figure. II. Multicast source registration Figure RPT schematic diagram When multicast source S sends a multicast packet to the multicast group G, the PIM-SM multicast router directly connected to S will encapsulate the received packet into a registration packet and send it to the corresponding RP in unicast form. If there are multiple PIM-SM multicast routers on a network segment, the Designated Router (DR) will be responsible for sending the multicast packet. Preparations before Configuring PIM-SM I. Configuring candidate RPs In a PIM-SM network, multiple RPs (candidate-rps) can be configured. Each Candidate-RP (C-RP) is responsible for forwarding multicast packets with the destination addresses in a certain range. Configuring multiple C-RPs is to implement load balancing of the RP. These C-RPs are equal. All multicast routers calculate the RPs corresponding to multicast groups according to the same algorithm after receiving the C-RP messages that the BSR advertises. It should be noted that one RP can serve multiple multicast groups or all multicast groups. Each multicast group can only be uniquely correspondent to one RP at a time rather than multiple RPs. II. Configuring BSRs The BSR is the management core in a PIM-SM network. Candidate-RPs send announcement to the BSR, which is responsible for collecting and advertising the information about all candidate-rps. It should be noted that there can be only one BSR in a network but you can configure multiple candidate-bsrs. In this case, once a BSR fails, you can switch over to another BSR. A BSR is elected among the C-BSRs automatically. The C-BSR with the highest priority is elected as the BSR. If the priority is the same, the C-BSR with the largest IP address is elected as the BSR. III. Configuring static RP The router that serves as the RP is the core router of multicast routes. If the dynamic RP elected by BSR mechanism is invalid for some reason, the static RP can be configured to specify RP. As the backup of dynamic RP, static RP improves network robusticity and enhances the operation and management capability of multicast network. 陈泽科技有限公司

81 PIM-SM Configuration 10G Core Routing Switch User Manual 1) PIM-SM basic configuration includes: Enabling Multicast Enabling PIM-SM Configuring the PIM-SM domain border Configuring candidate-bsrs Configuring candidate-rps Configuring static RP 2) PIM-SM advanced configuration includes: Configuring the sending interval for the Hello packets of the interface Configuring the filtering of multicast source/group Configuring the filtering of PIM neighbor Configuring the maximum number of PIM neighbor on an interface Configuring RP to filter the register messages sent by DR Clearing multicast route entries from PIM routing table Clearing PIM neighbor It should be noted that at least one router in an entire PIM-SM domain should be configured with Candidate-RPs and Candidate-BSRs. Enabling Multicast Enabling PIM-SM This configuration can be effective only after multicast is enabled. Beginning in privileged EXEC mode, follow these steps to enable PIM-SM. Command Purpose Step 2 ip pim interface interface-id Enable IP multicast routing. sparse-mode enable Step 3 exit Return to privileged EXEC mode. Step 4 show ip igmp interface Verify your entries. interface-id Step 5 write (Optional) Save your entries in the configuration file. Repeat this configuration to enable PIM-SM on other interfaces. Only one multicast routing protocol can be enabled on an interface at a time. 陈泽科技有限公司

82 Configuring Candidate-BSRs 10G Core Routing Switch User Manual In a PIM domain, one or more candidate BSRs should be configured. A BSR (Bootstrap Router) is elected among candidate BSRs. The BSR takes charge of collecting and advertising RP information. The automatic election among candidate BSRs is described as follows: One interface which has started PIM-SM must be specified when configuring the router as the candidate BSR. At first, each candidate BSR considers itself as the BSR of the PIM-SM domain, and sends Bootstrap message by taking the IP address of the interface as the BSR address. When receiving Bootstrap messages from other routers, the candidate BSR will compare the BSR address of the newly received Bootstrap message with that of itself. Comparison standards include priority and IP address. The bigger IP address is considered better when the priority is the same. If the new BSR address is better, the candidate BSR will replace its BSR address and stop regarding itself as the BSR. Otherwise, the candidate BSR will keep its BSR address and continue to regard itself as the BSR. Beginning in privileged EXEC mode, follow these steps to configure Candidate-BSRs. Command Purpose Step 2 ip pim bsr-candidate interface-id Configure a candidate-bsr [ priority priority ] By default, no BSR is set. The default priority is 0. Priority range is 0 to 255. Step 3 exit Return to privileged EXEC mode. Step 4 show ip pim bsr-router Verify your entries. Step 5 write (Optional) Save your entries in the configuration file. Candidate-BSRs should be configured on the routers in the network backbone Caution: One router can only be configured with one candidate-bsr. When a candidate-bsr is configured on another interface, it will replace the previous configuration. Configuring Candidate-RPs In PIM-SM, the shared tree built by the multicast routing data is rooted at the RP. There is a mapping from a multicast group to an RP. A multicast group can be mapped to an RP. Different groups can be mapped to one RP. Beginning in privileged EXEC mode, follow these steps to configure Candidate-RPs. Command Purpose Step 2 ip pim rp-candidate interface-id Configure a candidate-rp [ priority priority ] The default priority is 0.Priority range is 0 to 255. Step 3 exit Return to privileged EXEC mode. Step 4 show ip pim rp Verify your entries. Step 5 write (Optional) Save your entries in the configuration file. 陈泽科技有限公司

83 When configuring RP, if the range of the served multicast group is not specified, the RP will serve all multicast groups. Otherwise, the range of the served multicast group is the multicast group in the specified range. It is suggested to configure Candidate RP on the backbone router. Configuring Static RP Static RP serves as the backup of dynamic RP, so as to improve network robusticity. Beginning in privileged EXEC mode, follow these steps to configure static RP. Command Purpose Step 2 ip pim rp-address set ip-address Configure static RP Step 3 exit Return to privileged EXEC mode. Step 4 show ip pim rp Verify your entries. Step 5 write (Optional) Save your entries in the configuration file. If static RP is in use, all routers in the PIM domain must adopt the same configuration. If the configured static RP address is the interface address of the local router whose state is UP, the router will function as the static RP. It is unnecessary to enable PIM on the interface that functions as static RP. When the RP elected from BSR mechanism is valid, static RP does not work. Modifying the PIM Router-Query Message Interval PIM routers and multilayer switches send PIM router-query messages to find which device will be the DR for each LAN segment (subnet). The DR is responsible for sending IGMP host-query messages to all hosts on the directly connected LAN. With PIM SM operation, the DR is the device that is directly connected to the multicast source. It sends PIM register messages to notify the RP that multicast traffic from a source needs to be forwarded down the shared tree. In this case, the DR is the device with the highest IP address. Beginning in privileged EXEC mode, follow these steps to modify the router-query message interval. This procedure is optional. Command Purpose Step 2 ip pim query-interval seconds Configure the frequency at which the switch sends PIM router-query messages. The default is 30 seconds. The range is 1 to Step 3 exit Return to privileged EXEC mode. Step 4 show ip igmp interface interface-id Verify your entries. Step 5 write (Optional) Save your entries in the configuration file. 陈泽科技有限公司

84 ACL Configuration 10G Core Routing Switch User Manual ACL Overview A series match rules must be configured to recognize the packets before they are filtered. Only when packets are identified, can the network take corresponding actions, allowing or prohibiting them to pass, according to the preset policies. Access control list (ACL) is targeted to achieve these functions. ACLs classify packets using a series of matching rules, which can be source addresses, destination addresses and port IDs. ACLs can be used globally on the switch or just at a port, through which the switch determines whether to forward or drop the packets. The matching rules defined in ACLs can also be imported to differentiate traffic in other situations, for example, defining traffic classification rules in QoS. An ACL rule can include many sub-rules, which may be defined for packets of different size. Matching order involves in matching an ACL. configuring ACL The ACL configuration tasks include: Define ACL Applying an ACL to an Interface You are recommended to run the configuration tasks in order, that is, first define ACL and last Applying an ACL to an Interface. Defining ACL The switch supports several types of ACLs, which are described in this section. Follow these steps to define an ACL. 1) Enter the corresponding ACL configuration mode. 2) Define ACL sub-rules. Note: The ACL will be effective at any time after being activated. You can define multiple rules for the ACL by using the rule command several times. The switch does not support the explicit deny any any rule for the egress IP ACL or the egress MAC ACLs. Creating a Numbered Standard ACL Beginning in privileged EXEC mode, follow these steps to create a numbered standard ACL: Command Purpose Step 2a access-list access-list-number Enter the standard ACL configuration mode. The access-list-number is a decimal number from 1 to 99. 陈泽科技有限公司

85 Step 2b rule rule_id [deny permit] sip Define a standard IP access list rule by using {ip-address [net-mask any] any} a source address and net-mask. The rule-id is a decimal number from 0 to 127. Enter deny or permit to specify whether to deny or permit access if conditions are matched. The sip is the source address of the network or host from which the packet is being sent specified as: The 32-bit quantity in dotted-decimal format. The keyword any as an abbreviation for ip-address and net-mask of You do not need to enter a net-mask. Step 4 show access-list access-list-number Verify your entries. Step 5 Copy running-config startup-config (Optional) Save your entries in the configuration file. To delete a ACL, use no access-list access-list-number global configuration command. To delete a standard ACL rule, use no rule rule_id standard ACL configuration command. Creating a Numbered Extended ACL Beginning in privileged EXEC mode, follow these steps to create a numbered extended ACL: Command Purpose Step 2 access-list access-list-number Enter the extended ACL configuration mode. The access-list-number is a decimal number from 100 to 199. 陈泽科技有限公司

86 Step 2a or rule rule_id {deny permit} protocol Sip ip-address net-mask dip ip-address net-mask [match [dscp priority precedence priority tos priority]] [set [dscp priority precedence priority tos priority]] rule rule_id {deny permit} protocol [match [dscp priority precedence priority tos priority]] [set [dscp priority precedence priority tos priority]] 10G Core Routing Switch User Manual Define an extended IP access list rule and the access conditions. The access-list-number is a decimal number from 100 to 199. Enter deny or permit to specify whether to deny or permit the packet if conditions are matched. For protocol, enter the name or number of an IP protocol: icmp, igmp, igrp, ip,, nos, ospf, pim, tcp, or udp, or an integer in the range 0 to 255 representing an IP protocol number. To match any Internet protocol (including ICMP, TCP, and UDP) use the keyword ip. Note This step includes options for most IP protocols. For additional specific parameters for TCP, UDP, ICMP, and IGMP, see steps 2b through 2c. The sip is the number of the network or host from which the packet is sent. The dip is the network or host number to which the packet is sent. Sip and dip can be specified as: The 32-bit quantity in dotted-decimal format. The keyword any for (any host). The other keywords are optional and have these meanings: precedence Enter to match packets with a precedence level specified as a number from 0 to 7 or by name: routine (0), priority (1), immediate (2), flash (3), flash-override (4), critical (5), internet (6), network (7). tos Enter to match by type of service level, specified by a number from 0 to 15 or a name: normal (0), max-reliability (2), max-throughput (4), min-delay (8). dscp Enter to match packets with the DSCP value specified by a numberfrom 0 to 63, or use the question mark (?) to see a list of available values. In access-list configuration mode, define an extended IP access list rule if you want to apply to all ip address, you can configure like this. 陈泽科技有限公司

87 Step 2b rule rule_id {deny permit} tcp sip ip-address net-mask dip ip-address net-mask [sport port] [dsport port] [established] [match [dscp priority precedence priority tos priority]] [set [dscp priority precedence priority tos priority]] 10G Core Routing Switch User Manual (Optional) Define an extended TCP access list rule and the access conditions. Enter tcp for Transmission Control Protocol. The parameters are the same as those described in Step 2a, with these exceptions: (Optional) Enter an sport and dport to compare source (if positioned after sip) or destination (if positioned after dip) port. Enter the port number as a decimal number (from 0 to 65535) or the name of a The other optional keywords have these meanings: established Enter to match an established connection. This has the same function as matching on the ack or rst flag. flag Enter one of these flags to match by the specified TCP header bits: ack (acknowledge), fin (finish), psh (push), rst (reset), syn (synchronize), or urg (urgent). Step 2c rule rule_id {deny permit} udp sip ip-address net-mask dip ip-address net-mask [sport port] [dsport port] [match [dscp priority precedence priority tos priority]] [set[dscp priority precedence priority tos priority]] Step 3 show access-list access-list-number Step 4 Copy running-config startup-config (Optional) Define an extended UDP access list rule and the access conditions. Enter udp for the User Datagram Protocol. The UDP parameters are the same as those described for TCP except that the [sport/dport] port number or name must be a UDP port number or name, and the flag and establish. Verify your entries. (Optional) Save your entries in the configuration file. To delete an ACL, use no access-list access-list-number global configuration command. To delete an extended ACL rule, use no rule rule_id standard ACL configuration command. Applying an ACL to an Interface Beginning in privileged EXEC mode, follow these steps to control access to an interface: Command Purpose Step 2 Interface interface_id Enter interface configuration mode for the physical interface to be configured. 陈泽科技有限公司

88 Step 3 ip access-list access-list-number Control access to the specified interface. in Step 4 exit Return to global configuration mode. Step 5 show access-list access-list-number Step 6 Copy running-config startup-config Verify your entries. (Optional) Save your entries in the configuration file. To remove the specified access group, use the no ip access-list access-list-number in interface configuration command. This example shows how to apply access list 2 to a port to filter packets entering the port: Switch(config)# interface gigabitethernet1/1 Switch(config-if)# ip access-list 2 in SNMP Configuration SNMP Overview By far, the Simple Network Management Protocol (SNMP) has gained the most extensive application in the computer networks. SNMP has been put into use and widely accepted as an industry standard in practice. It is used for ensuring the transmission of the management information between any two nodes. In this way,network administrators can easily search and modify the information on any node on the network. In the meantime, they can locate faults promptly and implement the fault diagnosis, capacity planning and report generating. SNMP adopts the polling mechanism and provides the most basic function set. It is most applicable to the small-sized, fast-speed and low-cost environment. It only requires the unverified transport layer protocol UDP; and is thus widely supported by many other products. In terms of structure, SNMP can be divided into two parts, namely, Network Management Station and Agent. Network Management Station is the workstation for running the client program. At present, the commonly used NM platforms include Sun NetManager and IBM NetView. Agent is the server software operated on network devices. Network Management Station can send GetRequest, GetNextRequest and SetRequest messages to the Agent. Upon receiving the requests from the Network Management Station, Agent will perform Read or Write operation according to the message types, generate and return the Response message to Network Management Station. On the other hand, Agent will send Trap message on its own initiative to the Network Management Station to report the events whenever the device encounters any abnormalities such as new device found and restart. SNMP Versions and Supported MIB To uniquely identify the management variables of a device in SNMP messages, SNMP adopts the hierarchical naming scheme to identify the managed objects. It is like a tree.a tree node represents a managed object, as shown in the figure below. Thus the object can be identified with the unique path starting from the root. 陈泽科技有限公司

89 Figure Architecture of the MIB tree The MIB (Management Information Base) is used to describe the hierarchical architecture of the tree and it is the set defined by the standard variables of the monitored network device. In the above figure, the managed object B can be uniquely specified by a string of numbers { }. The number string is the Object Identifier of the managed object. The current SNMP Agent of Ethernet switch supports SNMP V1, V2C and V3. The MIBs supported are listed in the following table. Table 19-1 MIBs supported by the Ethernet Switch MIB attribute MIB content References Public MIB Private MIB MIB II based on TCP/IP network device BRIDGE MIB RIP MIB RMON MIB Ethernet MIB OSPF MIB IF MIB VLAN MIB Device management RFC1213 RFC1493 RFC2675 RFC1724 RFC2819 RFC2665 RFC1253 RFC1573 陈泽科技有限公司

90 Configure SNMP 10G Core Routing Switch User Manual The main configuration of SNMP includes: Set community Name Set the Destination Address of Trap Set Trap parameters Setting Community Name SNMP V1 and SNMPV2C adopt the community name authentication scheme. The SNMP message incompliant with the community name accepted by the device will be discarded. SNMP Community is named with a character string, which is called Community Name. The various communities can have read-only or read-write access mode. The community with read-only authority can only query the device information, whereas the community with read-write authority can also configure the device. Beginning in privileged EXEC mode, follow these steps to set Community Name. Command Purpose Step 2 snmp community Set community string. [readonly readwrite ] string Step 3 exit Return to privileged EXEC mode. Step 4 show snmp community -string Verify your entries. Step 5 Copy running-config startup-config (Optional) Save your entries in the configuration file. Setting the Destination Address of Trap and Trap Parameters You can use the following commands to set or delete the destination address and parameters of the trap. Beginning in privileged EXEC mode, follow these steps to set the Destination Address of Trap. Command Purpose Step 2 snmp trapreceiver [add delete]host ip-address version [v1 v2c] [Community cr] string Set the destination address of trap. Step 3 exit Return to privileged EXEC mode. Step 4 show snmp trapreceiver Verify your entries. Step 5 Copy running-config startup-config (Optional) Save your entries in the configuration file. 陈泽科技有限公司

SNMP Configuration Example 10G Core Routing Switch User Manual I. Networking requirements Network Management Station and the Ethernet switch are connected via the Ethernet.

91 SNMP Configuration Example 10G Core Routing Switch User Manual I. Networking requirements Network Management Station and the Ethernet switch are connected via the Ethernet. The IP address of Network Management Station is and that of the VLAN interface on the switch is Perform the following configurations on the switch: setting the community name and set trap host address. II. Networking diagram III. Configuration procedure # Configure community string switch(config)#snmp community readwrite public # Configure trap host switch(config)#snmp trapreceiver add Figure SNMP configuration example File System Management This chapter describes how to update the software image of MCU Board and LPU board. This system software images include the software image of MCU board and LPU board. This system support FTP client, so you must prepare a FTP server for update the software image. Update the software image of MCU board Updating the software image of MCU board, please refer to follow steps: Step 1: Please prepare FTP server and connect the FTP srever s Ethernet port to the MCU board s aux port. Setting the ftp username password and image file path. Step 2: Connect the serial port of a PC (or a terminal) to the Console port of the switch with the Console cable. And run terminal emulator (such as Terminal on Windows 3X or the Hyper Terminal on Windows 9X) on the Computer. Set the terminal communication parameters as follows: Set the baud rate to 19200, databit to 8, parity check to none, stopbit to 1, flow control to none and select the terminal type as VT100. Step 3: Setting aux port ip address. After you login the system (by default the login username is admin, the login password is empty; enable password is empty all). 陈泽科技有限公司

STCS3526 Series Routing Switches Configuration Guide Manual

STCS3526 Series Routing Switches Configuration Guide Manual VER:1.0.1 STEPHEN TECHNOLOGIES CO.,LIMITED ALL RIGHTS RESERVED www.stephen-tele.com About This Manual Release Notes This manual applies to STCS3526