Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
&
T-Marc 3312SCH
Ethernet and MPLS Mobile Backhaul Demarcation Device
Release 5.0.R2.2
January 2016
MN100235 Rev F
The information in this document is subject to change without notice and describes only the product defined in
the introduction of this document. This document is intended for the use of customers of Telco Systems only
for the purposes of the agreement under which the document is submitted, and no part of it may be reproduced
or transmitted in any form or means without the prior written permission of Telco Systems. The document is
intended for use by professional and properly trained personnel, and the customer assumes full responsibility
when using it. Telco Systems welcomes customer comments as part of the process of continuous development
and improvement of the documentation.
If the Release Notes that are shipped with the device contain information that conflicts with the information in
the user guide or supplements it, the customer should follow the Release Notes.
The information or statements given in this document concerning the suitability, capacity, or performance of the
relevant hardware or software products are for general informational purposes only and are not considered
binding. Only those statements and/or representations defined in the agreement executed between Telco
Systems and the customer shall bind and obligate Telco Systems. Telco Systems however has made all reasonable
efforts to ensure that the instructions contained in this document are adequate and free of material errors and
omissions. Telco Systems will, if necessary, explain issues which may not be covered by the document.
Telco Systems sole and exclusive liability for any errors in the document is limited to the documentary
correction of errors. TELCO SYSTEMS IS NOT AND SHALL NOT BE RESPONSIBLE IN ANY EVENT
FOR ERRORS IN THIS DOCUMENT OR FOR ANY DAMAGES OR LOSS OF WHATSOEVER KIND,
WHETHER DIRECT, INCIDENTAL, OR CONSEQUENTIAL (INCLUDING MONETARY LOSSES),
that might arise from the use of this document or the information in it.
This document and the product it describes are the property of Telco Systems, which is the owner of all
intellectual property rights therein, and are protected by copyright according to the applicable laws.
Telco Systems logo is a registered trademark of Telco Systems, a BATM Company. CloudMetro,
TelcoOrchestrator, TelcoController, TelcoNFVController, ViNOX, TVE, BiNOX, BiNOS,
BiNOSCenter, TVE, T-Marc, T-Metro, EdgeGenie, EdgeLink, EdgeGate, Access60,
AccessIP, AccessMPLS, AccessTDM, AccessEthernet, NetBeacon, Metrobility, T5C-XG, T5
Compact, and OutBurst are trademarks of Telco Systems.
Other product and company names mentioned in this document reserve their copyrights, trademarks, and
registrations; they are mentioned for identification purposes only.
Copyright Telco Systems 2016. All rights reserved.
Introduction
Table of Contents
Table of Figures 1
Introduction 2
Key Features 2
Organization 4
Technical Support 6
International Headquarters 6
US: North America and Latin America 6
Asia Pacific (APAC) 7
Europe, Middle East and Africa (EMEA) 7
Table of Figures
Figure 1: T-Marc 3312SC View ............................................................................................................ 2
Figure 2: T-Marc 3312SCH View......................................................................................................... 2
T-Marc3312SCH
Introduction
T-Marc 3312SCH device is an Ethernet and MPLS mobile backhaul demarcation device. It
supports IEEE802.1q, Q-in-Q and MPLS transport technologies, providing high flexibility in
network design and future proofing the network with no additional software licenses. It provides
access to advanced data services such as virtual private wire services (VPWS), VPLS and HVPLS,
simplifying the network and making it easier to manage, while gaining MPLS added value.
The T-Marc 3312SCH device enables service providers to carry native TDM traffic transparently
across packet-switched networks (PSN) using various circuit emulation techniques required when
converging and migrating 2G and 3G to 4G and newer IP-based mobile technologies.
The T-Marc 3312SCH device supports a broad set of hardware-based OAM tools to help providers
reduce their OPEX and to assure their customers they are meeting the agreed SLA.
Key Features
The device offers the following features:
Advanced Carrier Ethernet and full-MPLS demarcation for multiple types of services (voice,
video and data)
Multi-layer control, monitoring, line testing and, loopback for failsafe operations
Variety of resiliency technologies for a high level of protection and fast switchover (Resilient-
link, LAG with LACP, network-wide mechanisms-MSTP, Fast Ring, FRR).
Embedded QoS capabilities for flexible control of traffic and services (hierarchical queuing,
rate limiters, shaping, advance scheduling schemes, and intuitive service-oriented SLA
configuration)
Multiple traffic engineering technologies for data path management based on several attributes
(LDP and RSVP-TE)
Broad set of hardware-based OAM tools for optimized OPEX (IEEE 802.1ag, ITU-T
Y.1731, EEE 802.3ah, RFC 2544)
Intended Audience
This user guide is intended for network administrators responsible for installing and configuring
network equipment. To use this guide, you must already be familiar with Ethernet and local area
networking (LAN) concepts and terminology.
Documentation Suite
This document is just one part of the full documentation suite provided with this product.
You are: Document Function Function
Conventions Used
The conventions listed below may appear in the user guide. Pay special attention as each one
contains important information:
NOTE
Indicates information requiring special attention.
CAUTION
Indicates special instructions needed to avoid possible damage to the product.
WARNING
Indicates special instructions necessary to avoid possible injury or death.
The table below defines additional conventions used to show commands, variable and parameters
within the document:
Conventions Description
Organization
The device User Guide includes the following chapters, each focusing on a different feature or set
of features. Each chapter begins with a brief overview of the feature/s, followed by the
configuration flow, and concluding with the configuration details for the corresponding commands.
Physical Ports and Logical Understanding and configuring device interface types The
Interfaces chapter also offers information on static Link Aggregation
Groups (LAGs), establishing resilience across the network
segments.
Virtual LANs (VLANs) and Understanding and configuring VLANs and Super VLANs
Super VLANs
Configuring Layer 2 Services Understanding and configuring LAN services
Layer 2 Protocol Tunneling Understanding and configuring Layer 2 protocol tunneling
(L2PT)
Spanning Tree Protocols Understanding and configuring Spanning Tree protocols.
MPLS Protocols and Services Understanding and configuring Multiprotocol Label Switching
(MPLS) and Virtual Private LAN Services (VPLS)
Configuring Circuit Emulation Understanding and configuring CES over Ethernet
Services (CES)
Troubleshooting Troubleshooting and monitoring tools used to detect and solve
system related problems
Appendix A: SNMP Reference MIBs and objects for controlling, monitoring, and managing the
Guide device
Appendix B: Specifications An abbreviated version of the specifications for the device
Appendix C: Acronym The list of acronyms used in this user guide and their meaning
Glossary
Technical Support
Telco Systems provides technical assistance for customers and partners. Contact the Professional
Services team at our international headquarters, or the technical support center for your region.
Contact information is provided below:
Web Access: http://www.telco.com
Email: support@telco.com
International Headquarters
Telco Systems, A BATM Company
Professional Services
13 HaYetzira St., New Industrial Park
Yokneam Ilit, 20692, Israel
Tel: +972-4-993-5630
Fax: +972-4-993-7926
Email: support@telco.com
List of Tables 2
Using CLI 3
Accessing the CLI 3
CLI Modes 3
Debug Commands 24
Banner Commands 32
Table of Figures
Figure 1: CLI Modes Hierarchy............................................................................................................ 4
List of Tables
Table 1: CLI Syntax Conventions in the User Guide ....................................................................... 6
Table 2: CLI Help Options ................................................................................................................... 7
Table 3: CLI Keyboard Sequences..................................................................................................... 11
Table 4: CLI Messages ......................................................................................................................... 12
Table 5: Common Regular Expressions ............................................................................................ 13
Table 6: General Operational Mode Commands............................................................................. 13
Table 7: General Configuration Mode Commands ......................................................................... 15
Table 8: Show Command Filter Options .......................................................................................... 17
Table 9: Debug Commands ................................................................................................................ 26
Table 10: Banner Commands ............................................................................................................. 32
T-Marc3312SC/T-Marc3312SCH
Using CLI
The CLI is a network management application operated through an ASCII terminal.
Using the CLI commands, users can configure the device parameters and maintain them, receiving
text output on the terminal monitor. These system parameters are stored in a non-volatile memory
and users have to set them up only once.
The device CLI is password protected.
CLI Modes
The CLI is structured from hierarchical modes, each mode grouping relevant CLI commands.
Its two top level modes are:
Operational mode
Configuration mode
Operational Mode
This is the initial mode that the CLI enters after a successful login to the CLI.
device-name#
Configuration Mode
The Configuration mode is the mode in which users can change the device configuration.
To enter this mode from Operational mode, use the config terminal command.
device-name#config terminal
Entering configuration mode terminal
device-name(config)#
The Configuration mode has various sub-modes for configuring the different device features, as
shown in the figure below.
In this case:
type yes to save the configuration changes and exit the configuration session
type no to exit the configuration session without committing the configuration changes
type cancel to remain in the current configuration session without exiting or committing the
configuration changes
When committing commands, the CLI validates the configuration changes and prompts for
missing configuration:
Example:
device-name#config
Entering configuration mode terminal
device-name(config)#vlan vl10 10
device-name(config-vlan-10)#routing-interface sw10
device-name(config-vlan-10)#com
Aborted: Error: Vlan instance is using the current routing-
interface or you are trying assign a non-existing
routing-interface to vlan!
device-name(config-vlan-10)#
In this format
device-name[(config ...)]# represents the prompt displayed by the device. This prompt includes:
the user-defined device-name
the current CLI mode
the command keywords and arguments typed by the user
Example:
In the command below:
device-name(config-port-1/1/10)#default-vlan 100
A.B.C.D An IP address:
10.4.0.4
Symbol/Format Description
Getting Help
To get specific help on a command mode, keyword, or argument, use one of the following
commands or characters:
Table 2: CLI Help Options
Command Purpose
help Provides a brief description of the help system in any command mode.
Example:
device-name(config)# help ethernet
Help for command: ethernet
Configures Ethernet services and protocols
command? (Leave no space between the command and ?) Provides a list and description
or of commands that begin with a particular string:
abbreviated- Example:
command?
device-name#s?
Possible completions:
send Send message to terminal of one or all users
service Configure services
show Show information about the system
ssh ssh to network hosts
system Configure system's diagnostics, management and
troubleshooting
capabilities
Command Purpose
command ? (Leave a space between command and ?) Lists the available keywords or
or arguments that can follow the specified command
abbreviated- Example:
command ?
device-name(config)#validate ?
Possible completions:
| <cr>
! The CLI ignores all the characters following ! up to the next new line.
Example:
device-name(config)#vlan 10 10 ! create vlan with name '10'
and tag '10'
device-name(config-vlan-10)#commit ! apply configuration
NOTE
To use ! as an argument, prefix it with \ or inside
double quotes ().
Command Purpose
Example 1:
The below example displays only lines that do not contain
Regular expression sw*.
device-name#show router interface | exclude sw*
========================================================================
--------+------+---------------+---------------+---------------+--------
lo up 127.0.0.1 255.0.0.0 127.255.255.255 1500 |
outBand0 up 10.3.155.5 255.255.0.0 10.3.255.255 1500 |
========================================================================
Example 2:
It is also possible to display the output starting at the
first match of a regular expression, using the begin
keyword.
device-name#show router interface | begin .*sw30
39 sw30 up 100.1.3.1 255.255.255.0 100.1.3.255 1544 |
40 sw40 up 100.1.4.1 255.255.255.0 100.1.4.255 1544 |
============================================================================
|
Svc20 |4098| | |
Minimum Abbreviation
The CLI accepts a minimum number of characters that uniquely identify a command. Therefore
you can abbreviate commands and parameters as long as they contain enough letters to differentiate
them from any other available commands or parameters on the specific CLI mode.
Example:
In case of an ambiguous entry (when the CLI mode includes more than one command matching
the characters typed), the system prompts for further input.
Example:
device-name#co
-------------^
syntax error:
Possible alternatives starting with co:
commit - Confirm a pending commit
compare - Compare running configuration to another configuration or
a file
complete-on-space -
config - Manipulate software configuration information
Negating Commands
The no prefix negates the command or resets the commands configuration to its default value. For
example, the log command logs system messages. To disable logging, use the no log command.
CLI Messages
The CLI displays relevant messages in response to executed commands:
Syntax error: Displayed when the user types a valid command but fails to type the
incomplete path commands required arguments:
device-name(config)#port
------------------------^
Error: incomplete path: 'port'
syntax error: Displayed when the user types too few characters. In these cases, the
Possible CLI detects an ambiguity and displays the possible matches:
alternatives
starting with device-name(config)#re
-----------------------^
syntax error:
Possible alternatives starting with re:
resolved - Conflicts have been resolved
revert - Copy configuration from running
Regular Expressions
Regular expressions are a subset of EGREP and AWK programming-language regular expressions.
Command Description
- resolved
- revert [no-confirm]
- rollback configuration [<number>]
- show {configuration COMMAND | full-configuration COMMAND |
history <number of items to show> | parser dump [COMMAND]}
-
- top COMMAND
- validate
Command Description
Command Description
show command | append file-name Redirects the command output into an existing
file, located on NVRAM, FTP, or TFTP.
show command | begin regular- Begins unfiltered command output with the first
expression line that contains the regular expression.
show command | count Counts the number of lines in the output.
Command Description
show command | until regular- Ends with the line that matches the regular
expression expression.
Examples:
To display the interface starting with ethernet0, execute the following command:
device-nameH#show router interface | begin outBand0
outBand0 up 10.3.155.5 255.255.0.0 10.3.255.255 1500 |
========================================================================
To display only the route statements from the running-config, execute the following command:
device-name#show running-config | include route
router
router-id 2.2.2.2
To display only lines that start with 127, execute the following command:
device-name#show Routes | include ^127
127.0.0.0/8 0.0.0.0 connect 0 selected ifindex active,fib
0 0s lo
127.0.0.1/32 0.0.0.0 connect 0 selected,self_ip ifindex active,fib
0 0s lo
To display the whole configuration except for the access-lists, execute the following command:
device-name#show running-config | exclude access-list
NOTE
The range expression can be applied only on integer values.
The range expression can be omitted.
The range expression cannot be used for creating a new range of values.
Example 1:
device-name#config terminal
Entering configuration mode terminal
device-name(config)#router
device-name(config-router)#rsvp-te
device-name(config-rsvp-te)#lsp
Possible completions:
<lsp-id:int> range
device-name(config-rsvp-te)#lsp range 53-57, 1000
device-name(config-lsp-53-57,1000)#show full-configuration
router
rsvp-te
lsp 53
far-end 3.3.3.3
name 53
fast-reroute-mode facility
admin-group exclude-any 11
!
cspf
no shutdown
!
lsp 54
far-end 4.4.4.4
name 54
fast-reroute-mode facility
cspf
no shutdown
!
lsp 56
far-end 6.6.6.6
name 56
fast-reroute-mode facility
admin-group exclude-any 11
!
cspf
no shutdown
!
lsp 57
far-end 7.7.7.7
name 57
fast-reroute-mode facility
cspf
no shutdown
!
lsp 1000
far-end 6.6.6.6
name manual_bypass
guarded-destination 67.0.0.6
cspf
no shutdown
!
!
!
Example 2:
device-name#config terminal
Entering configuration mode terminal
device-name(config)#router
device-name(config-router)#rsvp-te
device-name(config-rsvp-te)#lsp
Possible completions:
<lsp-id:int> range
device-name(config-rsvp-te)#lsp range 5*
device-name(config-lsp-5*)#show full-configuration
router
rsvp-te
lsp 53
far-end 3.3.3.3
name 53
fast-reroute-mode facility
admin-group exclude-any 11
!
cspf
no shutdown
!
lsp 54
far-end 4.4.4.4
name 54
fast-reroute-mode facility
cspf
no shutdown
!
lsp 56
far-end 6.6.6.6
name 56
fast-reroute-mode facility
admin-group exclude-any 11
!
cspf
no shutdown
!
lsp 57
far-end 7.7.7.7
name 57
fast-reroute-mode facility
cspf
no shutdown
!
lsp 58
far-end 8.8.8.8
name 58
fast-reroute-mode facility
cspf
no shutdown
!
!
!
Example 3:
device-name#config terminal
Entering configuration mode terminal
device-name(config)#service
device-name(config-service)#vpls 101-200
device-name(config-vpls-101-200)#shutdown
device-name(config-vpls-101-200)#commit
Commit complete.
Example 4:
device-name#config terminal
Entering configuration mode terminal
device-name(config)#service
device-name(config-service)#no vpls * spoke 3
device-name(config-service)#show configuration
service
vpls 101
no spoke-sdp 3
!
vpls 102
no spoke-sdp 3
!
vpls 103
no spoke-sdp 3
!
vpls 104
no spoke-sdp 3
!
vpls 105
no spoke-sdp 3
!
vpls 106
no spoke-sdp 3
!
vpls 107
no spoke-sdp 3
!
vpls 108
no spoke-sdp 3
!
vpls 109
no spoke-sdp 3
Debug Commands
Caution
It is recommended to use the debug commands only under the direction of Technical
Support team when troubleshooting specific problems. Enabling debugging can disrupt
operation of the device when internetworks are experiencing high load conditions.
Command Hierarchy
device-name#
+ config terminal
+ [no] debug
- [no] bm api
- [no] bm api_time
- [no] bm api_call
- [no] bm async_io
- [no] bm drv
- [no] bm fdb
- [no] bm fdb_detailed
- [no] bm init
- [no] bm if_state
- [no] bm notify
- [no] bm oam
- [no] bm proto_1to1
- [no] bm proto_ces_circ
- [no] bm proto_ip
- [no] bm proto_reslink
- [no] bm proto_service
- [no] bm proto_trunk
- [no] bm rx
- [no] bm sfp
- [no] bm stp
- [no] bm tx
- [no] bm vlan
- [no] cfm <value>
- [no] mpls ldp
- [no] mpls prefix-fec
- [no] mpls rsvp
- [no] mpls te
Command Descriptions
To turn off a debug command, enter the no form of the command at the command line.
Table 9: Debug Commands
Command Description
Command Description
Command Description
Command Description
Command Description
Command Description
Banner Commands
Commands Hierarchy
+ config terminal
+ system
- [no] banner-ssh STRING
- [no] banner-telnet STRING
Commands Descriptions
Table 10: Banner Commands
Command Description
List of Tables 3
Device Management 6
Managing the Device via CLI 6
Managing the Device via SNMP 6
Managing the Device via NETCONF 7
NETCONF Commands 9
DHCP Client 15
DHCP Client Commands 15
Zero-Touch Provisioning 18
DHCP Server Options and Sub-options 18
Zero-Touch Provisioning Commands 19
Example21
Files System 37
File System Configuration Commands 37
Software Upgrade Example 44
License Configuration 54
Session Limiting 55
Sessions Limiting Commands 55
Remote Monitoring 57
RMON Ethernet Statistics Group 57
RMON Commands 59
Reload Commands 80
Table of Figures
Figure 1: Obtaining an IP Address from a DHCP Server.............................................................. 15
Figure 2: ZTP Process with Option 43 ............................................................................................. 18
List of Tables
Table 1: NETCONF Standard Capabilities ........................................................................................ 7
Table 2: NETCONF Commands ........................................................................................................ 9
Table 3: DHCP Client Commands ................................................................................................... 16
Table 4: ZTP Commands .................................................................................................................... 20
Table 5: MAC Address Table Commands ........................................................................................ 25
Table 6: MAC Learning Security Profile Commands...................................................................... 33
Table 7: File System Commands ........................................................................................................ 38
Table 8: System Time and Date Commands .................................................................................... 48
Table 9: DNS Client Commands ....................................................................................................... 52
Table 10: VTY Session Commands ................................................................................................... 53
Table 11: License Commands ............................................................................................................. 54
Table 12: Sessions Limiting Commands ........................................................................................... 55
Table 13: RMON Commands ............................................................................................................ 60
Table 14: Counters Displayed by the show rmon statistics Command ..................... 62
Table 15: Service Statistics Commands ............................................................................................. 65
Table 16: System Message Fields........................................................................................................ 70
Table 17: Severity Levels ..................................................................................................................... 71
Table 18: Syslog Message Facilities .................................................................................................... 72
Table 19: System Log Commands...................................................................................................... 73
Table 20: DoS Commands .................................................................................................................. 78
Table 21: The reload Command ................................................................................................... 80
Table 22: CoPP Commands ................................................................................................................ 82
T-Marc3312SC/T-Marc3312SCH
Device Management
Managing the Device via CLI
You can establish a CLI connection with the device by either:
Connecting the devices console port to your PC. For information about connecting to the
console port, see the devices Installation guide.
Using any Telnet TCP/IP or encrypted Secure Shell (SSH) package from a remote PC. For
information see the Device Authentication chapter of this User Guide.
NETCONF Sessions
A NETCONF session is the logical connection between a network administrator or network
configuration-application and a network device.
NETCONF Capabilities
NETCONF capabilities are a set of functionalities that supplement the base NETCONF
specification.
NETCONF allows the client to discover the capabilities supported by the server. These capabilities
are sent to the management PC.
Table 1: NETCONF Standard Capabilities
Command Description
Command Description
NETCONF Commands
Commands Hierarchy
+ config terminal
+ system
+ [no] netconf-server
- [no] access source-ip A.B.C.D/M
- [no] source-address A.B.C.D
- [no] port <value>
- [no] shutdown
Commands Descriptions
Table 2: NETCONF Commands
Command Description
access source-ip A.B.C.D/M Limits the access to the NETCONF server only
from the specific sources IP address(es):
A.B.C.D/M: IP address and subnet
mask (in a dotted-decimal format)
that identify a network or hosts.
A.B.C.D/32 specifies a specific IP
address.
no access source-ip Removes the trusted IP address(es)
Command Description
7. The agent and the manager both send a hello message and a set of capabilities are displayed:
<?xml version="1.0" encoding="UTF-8"?>
<hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<capabilities>
<capability>urn:ietf:params:netconf:base:1.0</capability>
</capabilities>
</hello>]]>]]>
<ifType>ethernetCsmacd</ifType>
<ifPhysAddress>00:50:43:40:bf:bf</ifPhysAddress>
<ifOperStatus>down</ifOperStatus>
<ifLastChange>0</ifLastChange>
<ifMedia>not-installed</ifMedia>
<ifOperSpeed>unknown</ifOperSpeed>
<ifOperDuplex>unknown</ifOperDuplex>
<ifInterfaceDual>single</ifInterfaceDual>
<ifInterfaceActive>not-relevant</ifInterfaceActive>
<ifFlowCtrl>disabled</ifFlowCtrl>
<ifIp>0.0.0.0</ifIp>
<ifMask>0.0.0.0</ifMask>
<ifBcast>0.0.0.0</ifBcast>
<ifMediaTxType>Unknown</ifMediaTxType>
<ifMediaConType>Unknown</ifMediaConType>
<ifMediaSonetComp>42</ifMediaSonetComp>
<ifMediaEthComp>42</ifMediaEthComp>
<ifMediaLengthSMF>0</ifMediaLengthSMF>
<ifMediaLength50UM>0</ifMediaLength50UM>
<ifMediaLength62UM>0</ifMediaLength62UM>
<ifMediaLengthCu>0</ifMediaLengthCu>
<ifMediaLengthOM3>0</ifMediaLengthOM3>
<ifMediaTxTech>42</ifMediaTxTech>
<ifMediaMode>42</ifMediaMode>
<ifMediaSpeed>42</ifMediaSpeed>
<ifMediaEncoding>42</ifMediaEncoding>
<ifMediaBitrate>42</ifMediaBitrate>
<ifMediaVendorID>N/A</ifMediaVendorID>
<ifMediaVendorName>N/A</ifMediaVendorName>
<ifMediaVendorSN>N/A</ifMediaVendorSN>
<ifMediaVendorPN>N/A</ifMediaVendorPN>
<ifMediaVendorRev>N/A</ifMediaVendorRev>
<ifMediaVendorManufacturingDate>N/A</ifMediaVendorManufactur
ingDate>
<ifMediaCalibMode>42</ifMediaCalibMode>
</InterfaceReadOnlyData>
<Counters>
<ifInOctets>0</ifInOctets>
<ifInUcastPkts>0</ifInUcastPkts>
<ifInNUcastPkts>0</ifInNUcastPkts>
<ifInDiscards>0</ifInDiscards>
<ifInErrors>0</ifInErrors>
<ifInUnknownProtos>0</ifInUnknownProtos>
<ifOutOctets>0</ifOutOctets>
<ifOutUcastPkts>0</ifOutUcastPkts>
<ifOutNUcastPkts>0</ifOutNUcastPkts>
<ifOutDiscards>0</ifOutDiscards>
<ifOutErrors>0</ifOutErrors>
<ifOutQLen>0</ifOutQLen>
<ifSpecific>1.2.3</ifSpecific>
<ifInMulticastPkts>0</ifInMulticastPkts>
<ifInBroadcastPkts>0</ifInBroadcastPkts>
<ifOutMulticastPkts>0</ifOutMulticastPkts>
<ifOutBroadcastPkts>0</ifOutBroadcastPkts>
<ifHCInOctets>0</ifHCInOctets>
<ifHCInUcastPkts>0</ifHCInUcastPkts>
<ifHCInMulticastPkts>0</ifHCInMulticastPkts>
<ifHCInBroadcastPkts>0</ifHCInBroadcastPkts>
<ifHCOutOctets>0</ifHCOutOctets>
<ifHCOutUcastPkts>0</ifHCOutUcastPkts>
<ifHCOutMulticastPkts>0</ifHCOutMulticastPkts>
<ifHCOutBroadcastPkts>0</ifHCOutBroadcastPkts>
<ifHighSpeed>0</ifHighSpeed>
<ifConnectorPresent>true</ifConnectorPresent>
<ifCounterDiscontinuityTime>0</ifCounterDiscontinuityTime>
<ifUndersizePkts>0</ifUndersizePkts>
<ifOversizePkts>0</ifOversizePkts>
<ifFragmentsPkts>0</ifFragmentsPkts>
<ifJabberPkts>0</ifJabberPkts>
<ifCRCAligneErrorPkts>0</ifCRCAligneErrorPkts>
<ifCollisionsPkts>0</ifCollisionsPkts>
<ifFra64Pkts>0</ifFra64Pkts>
<ifFra65to127Pkts>0</ifFra65to127Pkts>
<ifFra128to255Pkts>0</ifFra128to255Pkts>
<ifFra256to511Pkts>0</ifFra256to511Pkts>
<ifFra512to1023Pkts>0</ifFra512to1023Pkts>
<ifFra1024to1518Pkts>0</ifFra1024to1518Pkts>
<ifTotalOctets>0</ifTotalOctets>
<ifTotalInPkts>0</ifTotalInPkts>
<ifTotalPkts>0</ifTotalPkts>
<ifTotalBcastPkts>0</ifTotalBcastPkts>
<ifTotalMcastPkts>0</ifTotalMcastPkts>
<ifTotalOutPkts>0</ifTotalOutPkts>
<ifAlignErr>0</ifAlignErr>
<ifFCSErr>0</ifFCSErr>
<ifSQETestErr>0</ifSQETestErr>
<ifCSEErr>0</ifCSEErr>
<ifSymbolErr>0</ifSymbolErr>
<ifMacTxErr>0</ifMacTxErr>
<ifMacRxErr>0</ifMacRxErr>
<ifTooLongFra>0</ifTooLongFra>
<ifSnglCollision>0</ifSnglCollision>
<ifMultCollision>0</ifMultCollision>
<ifLateCollision>0</ifLateCollision>
<ifExcessCollision>0</ifExcessCollision>
<ifInUnknownOpcode>0</ifInUnknownOpcode>
<ifDefferedTx>0</ifDefferedTx>
</Counters>
<efm-oam xmlns="http://batm.com/ns/efm/1.0">
<oper-status>linkFault</oper-status>
<maximum-pdu-size>0</maximum-pdu-size>
<config-revision>0</config-revision>
<functions-supported>eventSupport
variableSupport</functions
-supported>
<packets-sent>0</packets-sent>
<packets-received>0</packets-received>
<loopback-status>noLoopback</loopback-status>
<get-forward-status>None</get-forward-status>
<get-forward-shutdown>None</get-forward-shutdown>
</efm-oam>
</interface>
</interfaces>
</data>
</rpc-reply>
<clock>adaptive</clock>
<clock-controller>
<number>primary</number>
<circuit>2</circuit>
</clock-controller>
</interface>
</e1-interfaces>
</interface>
<circuit>
<number>2</number>
<interface>e1-2.0.0.0</interface>
<timeslots>1-15,17-31</timeslots>
<vlan-id>10</vlan-id>
<destination>
<ip-address>1.2.3.4</ip-address>
</destination>
</circuit>
<circuit>
<number>3</number>
<interface>e1-3.0.0.0</interface>
</circuit>
</module>
. . .
DHCP Client
Once the device is configured as a DHCP Client, it is possible to obtain configuration parameters
such as an IP address and a lease for the IP address, using DHCProtocol.
The figure below shows the basic steps that occur when a DHCP client requests an IP address
from a DHCP server. A DHCP client may receive offers from multiple DHCP servers and can
accept any one of the offers; however, the client usually accepts the first offer it receives.
Additionally, the offer from the DHCP server is not a guarantee that the IP address will be
allocated to the client; however, the server usually reserves the address until the client has had a
chance to formally request the address.
The negotiation starts with a DHCPDISCOVER broadcast message from the client seeking a
DHCP server. The DHCP Server responds with a DHCPOFFER unicast message offering
configuration parameters to the client. The client returns a DHCPREQUEST broadcast message
requesting the offered IP address from the DHCP Server. The DHCP Server responds with a
DHCPACK unicast message confirming that the IP address has been allocated to the client.
The client may suggest values for the IP address and lease time in the DHCPDISCOVER message.
The client may include the requested IP address option to suggest that a particular IP address can be
assigned, and may include the IP address lease time option to suggest the lease time it would like to
have it. The requested IP address option is filled in a DHCPREQUEST message only when the client
is verifying network parameters obtained previously.
If a server receives a DHCPREQUEST message with an invalid requested IP address, the server
should respond to the client with a DHCPNAK message and may choose to report the problem to
the system administrator. The server may include an error message in the message option.
+ [no] router
+ [no] interface swN
- [no] address dynamic
+ [no] dhcp-client
- [no] client-identifier ID
- [no] lease-time <value>
- [no] retransmission-attempt <value>
- [no] retransmission-interval <value>
- [no] vendor-id ID
- show router interface dynamic [name swN]
Commands Descriptions
Table 3: DHCP Client Commands
Command Description
show router interface dynamic [name swN] Displays general dynamic DHCP information or
for a specific IP interface:
name swN: an IP interface number
in the range of <09999>
Examples:
device#show router interface dynamic
===============================================================================
Name |Status|IP Address |Network Mask |Server | Lease Time (min) | Expire Time
--------+------+---------------+---------------+---------------+---------------
sw0 |up |10.10.10.123 |255.255.0.0 |10.10.10.122 |10 |4 2009/01/01 01:48
===============================================================================
Zero-Touch Provisioning
Zero Touch Provisioning (ZTP) allows you to automate configuration of the T-Marc 3312SC/T-
Marc 3312SCH device, without manual intervention. When ZTP process is activated and the device
is physically connected to the network, after its booting with a default factory configuration, the
Dynamic Host Configuration Protocol (DHCP) server provides IP address, necessary software
image and configuration files. The device attempts to upgrade the BINOX OS software
automatically and/or install the provided configuration file.
6. DHCP option 43, sub-option 06 defines the way for applying the configuration file (merge,
replace (causes devices reload), or reload to default (causes device reload)).
By default, merge action is used.
7. DHCP option 43, sub-option 26 defines the protocol type (FTP/TFTP) used to download
image file.
By default, TFTP transfer mode is used.
8. DHCP option 43, sub-option 27 defines the name or IP address of the FTP/TFTP server
containing the image file
9. IDHCP option 43, sub-option 28 defines the exact path where the image file is stored on the
FTP/TFTP server
10. DHCP option 43, sub-option 29 defines the image file name
11. DHCP option 43, sub-option 30 defines the version of the software image. The device
compares the version of the provided software image to the version of the software installed
on the device.
If the BINOX OS versions are different, the device downloads the software image from
the FTP/TFTP server, installs it, and reboots. Then, if requested, ZTP is again activated
to provide configuration file.
If the software versions are the same, the switch does not upgrade the software.
If both DHCP option 43 sub-option 05 and sub-option 30 are specified, sub-option
30 is processed before sub-option 05. The BINOX OS is upgraded, and then the
configuration file is applied.
Sub-option 30 is mandatory, if sub-options 26, 27, and 29 are present.
Sub-options 26, 27, 28, 29 and 30 are optional.
If the sub-options 03 and 28 are not present, then the file is in the root directory.
12. DHCP option 150 or option 66 - defines the IP address of the FTP or TFTP server. You
must configure either option 150 or option 66. If you configure both option 150 and option
66, option 150 takes precedence, and option 66 is ignored.
13. DHCP option 67 - defines the boot file name.
If options 66/150 and 67 are considered, the provided boot file will replace the
existing configuration; the device is reloaded.
If options 43, 66, 67 and 150 are specified, the option 43 is processed.
Command Hierarchy
device-name#
+ config terminal
+ [no] zero-touch
- [no] dhcp-ip-version {v4 | v6}
- [no] interface swN
- [no] retry <value>
- [no] shutdown
Command Descriptions
Table 4: ZTP Commands
Command Description
interface swN
Enables ZTP
timeout <value> Specifies the time, ZTP waits for an reply from
DHCP server before considering it
unreachable:
value: in the range of <10-100>
seconds
20 seconds
no timeout Restores to default
show zero-touch Displays zero-touch configuration details.
Example
The following demonstrates how to configure ISC DHCP server using Ubuntu Linux.
1. Define valid and correct values for all the following operational directives:
option space BATM_ZT;option BATM_ZT.config-file-protocol code 01 = text;
option BATM_ZT.config-server code 02 = text;
option BATM_ZT.config-file-path code 03 = text;
option BATM_ZT.configuration-file code 04 = text;
option BATM_ZT.configuration-file-version code 05 = text;
option BATM_ZT.configuration-file-apply-config code 06 = text;
option BATM_ZT.image-file-protocol code 26 = text;
option BATM_ZT.image-file-server code 27 = text;
option BATM_ZT.image-file-path code 28 = text;
option BATM_ZT.image-file code 29 = text;
option BATM_ZT.image-file-version code 30 = text;
option tftp-server-name code 66 = text ;
option bootfile-name code 67 = text;
option tftp-servers code 150 = array of ip-address;
2. Update also the configuration file with your subnet on which addresses will be assigned
dynamically, as follows:
subnet 123.0.0.0 netmask 255.255.255.0 {
option routers 123.0.0.206;
option subnet-mask 255.255.255.0;
range 123.0.0.10 123.0.0.50;
}
2. Configure ZTP:
device-name(config)#zero-touch
device-name(config-zero-touch)#interface sw10
device-name(config-zero-touch)#no shutdown
device-name(config-zero-touch)#commit
Commit complete.
device-name#show zero-touch
===========================================================================
Zero Touch Provisioning
===========================================================================
Interface Timeout (sec) Retry Admin State
---------------------------------------------------------------------------
----
sw10 20 1 Enabled
===========================================================================
---------------------------------------------------------------------------
DHCP
---------------------------------------------------------------------------
Server :123.0.0.206
IP Address :123.0.0.10
Lease Time :10
---------------------------------------------------------------------------
Configuration File Options
---------------------------------------------------------------------------
Server :123.0.0.206
Protocol :tftp
Path :test.cfg
Version :3
Action :merge
---------------------------------------------------------------------------
Configuration Image Options
---------------------------------------------------------------------------
Server :123.0.0.206
Protocol :tftp
Path :5.0.R2.binoxpkg
Version :7
===========================================================================
Command Hierarchy
device-name#
+ config terminal
+ port UU/SS/PP
- [no] learn-new-mac-addresses
+ [no] service
+ [no] vpls <vpls-id>
+ [no] sap {{UU/SS/PP | agN}[:[igmp] | :[<vlan-id>]:[igmp]
| UU1/SS1/PP1:<ces-circuit>:{ces | ces-oos}}
- [no] learn-new-mac-addresses
+ [no] spoke-sdp [<sdp-id>]
- [no] learn-new-mac-addresses
+ [no] mesh-sdp [<sdp-id> | <sdp-range>]
- [no] learn-new-mac-addresses
- [no] fdb aging-time <time>
+ [no] fdb static <vlan-id> <mac:hexList>
- port UU/SS/PP
- [no] priority <priority>
- type {filtered | secure | self | static}
- clear fdb [interface UU/SS/PP | mac HH:HH:HH:HH:HH:HH | vlan <vlan-id>
| type {dynamic | filtered | secure} | service <id> | sap {{UU/SS/PP
| agN}[:[igmp] | :[<vlan-id>]:[igmp] | UU1/SS1/PP1:<ces-circuit>:{ces
| ces-oos}}
- show fdb [detailed [vlan <vlan-id> | type {dynamic | filtered |
secure | self | static}] | service [<id> | tls id <id> | vpls-mtu id
<id> | vpls-pe id <id> | dot1q id <id> ]]
- show system self-mac
- show fdb count
Command Descriptions
Table 5: MAC Address Table Commands
Command Description
Command Description
1/2/8
service Enters the Services Configuration mode
no service Removes the defined services
Command Description
fdb static <vlan-id> <mac:hexList> Adds a static MAC address to the MAC
Address Table:
Command Description
Command Description
port) defined as SAP.(can be
obtained from the show port
command)
agN: LAG ID. N is in the range
of <1-14>
vlan-id: (optional) in the range
of <1-4094>
igmp: (optional) indicates the
traffic type for the SAP port
UU1/SS1/PP1: CES WAN port,
facing the packet processor. The
valid values are: 1/3/9.
ces-circuit: circuit ID in the
range of <1-64>
ces: for circuits carrying data
packets
ces-oos: for circuits carrying
control packets
For more details refer to Configuring Circuit
Emulation Services (CES) of this User Guide
show fdb [detailed [vlan <vlan-id> | Displays the content of the MAC address
type {dynamic | filtered | secure | table, filtered by the commands arguments:
self | static}] | service [<id> | tls
id <id> | vpls-mtu id <id> | vpls-pe detailed: displays detailed
id <id> | dot1q id <id>]] information
vlan-id: (optional) all MAC
addresses for the specified
VLAN in the range of <14094>
type: MAC type (dynamic,
filtered, secure, self, static)
service: displays MAC table
related information on a
service. The user can obtain
this information on different
services by specifying the
service id, in the range of <1-
4294967294>
show system self-mac Displays the MAC address of the device
show fdb count Lists the number of entries in the FDB.
device-name#show fdb
System FDB
=============================================================================
VlanID | MAC | Port | Status | Priority |
-------+-------------------+--------------------------+----------+-----------
1 | 00:00:C8:00:00:02 | 1/1/3 | dynamic | 0 |
1 | 00:0A:01:02:03:04 | 1/1/2 | static | 6 |
1 | 00:A0:12:64:07:01 | | self | 0 |
=============================================================================
Port Security
MAC addresses are entered in the MAC address table with a secure status. Secure MAC Addresses
are retained permanently and are excluded automatically when the switch floods all ports on receipt
of an unknown address.
When a secured port receives a packet, it compares the packets source MAC address to the secured
MAC address list.
If the packets source MAC address is in the list, the incoming packet is forwarded.
If the packets source MAC address is not in the secured list, the port does not forward the
packet. In this case, the port either shuts down permanently or drops incoming packets from
the unauthorized device, generating an SNMP trap.
You can configure two types of secured MAC addresses:
Static secured MAC addresses created manually by the fdb static <vlan-id>
<mac:hexList> and type {filtered |secure | self | static | unknown} command.
These addresses are stored in the address table.
Dynamic secured MAC addresses that are dynamically learned. These addresses are stored in
the address table but are removed when the device restarts.
NOTE
The allocated MAC addresses on a port are permanently secured.
Port Limit
The Port Limit feature limits the number of MAC addresses learned by a port. When enabling this
feature:
MAC addresses within the limit are learned as dynamic.
MAC addresses that exceed the limit are learned as filtered MAC addresses.
packets with unknown MAC addresses are not forwarded. The mac-limited port behaves as
secured.
On the device, you can define one or more MAC Learning Profiles and add to each profile either
Port Security or Port Limit. Once defined, you can apply those profiles to the physical port.
To define the maximum number of addresses that can be learned, both Port Security and Port
Limit work in conjunction with the max-mac-count command. If a limit is not set through this
command, the device will continue to learn until the maximum number of addresses for the device
is reached.
Beyond the limit, additional MAC addresses are entered into the MAC address table with a filtered
status. Exceeding the defined limit for a port is considered to be a security violation. The device can
take action. Through configuration options, the device can either shut down the port or generate an
SNMP trap and log message. Filtered addresses, which are not learned by the device, remain in the
table for later security analysis by the system administrator.
Command Hierarchy
device-name#
+ config terminal
+ ethernet
+ [no] mac-learning learning-profile NAME
- [no] action {operational-shutdown | trap}
- [no] ignore-filtered-addresses
- max-mac-count <number-of-addresses>
- policy {port-limit | port-security}
- [no] watermark count <number-of-addresses>
- [no] watermark action {log | trap}
+ port UU/SS/PP
- [no] mac-learning-profile NAME
+ [no] service
+ [no] vpls <vpls-id>
- [no] fdb-rapid-flush
+ [no] sap {{UU/SS/PP | agN}[:[igmp] | :[<vlan-id>]:[igmp]
| UU1/SS1/PP1:<ces-circuit>:{ces | ces-oos}}
- [no] mac-learning-profile profile-name NAME
+ [no] tls <service-id>
+ [no] fdb-rapid-flush
+ [no] sap {UU/SS/PP | agN}
+ [no] c-vlan {<cvlan-id> | all | untagged}
- [no] mac-learning-profile profile-name NAME
+ [no] dot1q <service-id>
+ [no] sap {UU/SS/PP | agN}
+ [no] c-vlan {<cvlan-id> | all | untagged}
- [no] mac-learning-profile profile-name NAME
- show ethernet mac-security [port UU/SS/PP | sap {{UU/SS/PP |
agN}[:[igmp] | :[<vlan-id>]:[igmp] | UU1/SS1/PP1:<ces-circuit>:{ces |
ces-oos}}
Command Descriptions
Table 6: MAC Learning Security Profile Commands
Command Description
Command Description
tls <service-id>
Command Description
Command Description
show ethernet mac-security [port Displays information about the MAC security
UU/SS/PP | sap {{UU/SS/PP | profiles applied, filtered by the command
agN}[:[igmp] | :[<vlan-id>]:[igmp] | arguments
UU1/SS1/PP1:<ces-circuit>:{ces |
ces-oos}}
Files System
The file system can define, download, and delete software images and/or configuration files stored
in Flash memory.
Command Hierarchy
device-name#
+ config terminal
+ system
- file periodic-backup schedule hour HOUR minute MINUTE
- file activate-os-image FILE-NAME
- file backup binary-running-config flash [FILE-NAME]
- file backup binary-running-config
PROTOCOL[USER[:PASSWORD]@]IPv4[:PORT]/FILE-NAME
- file cp os-image PROTOCOL[USER[:PASSWORD]@]IPv4[:PORT]/FILE-NAME
- file cp from FILE-NAME1 PROTOCOL[USER[:PASSWORD]@]IPv4[:PORT]/FILE-NAME2
- file cp from PROTOCOL[USER[:PASSWORD]@]IPv4[:PORT]/FILE-NAME1 FILE-NAME2
- file cp from FILE-NAME1 FILE-NAME2
- file cp technical-support PROTOCOL[USER[:PASSWORD]@]IPv4[:PORT]/FILE-
NAME
- file cp technical-support FILE-NAME
- file cp technical-support use-external-file FILE-NAME USE-EXTERNAL-
FILE-NAME
- file cp technical-support use-external-file FILE-NAME
PROTOCOL[USER[:PASSWORD]@]IPv4[:PORT]/FILE-NAME USE-EXTERNAL-FILE-NAME-
file cp running-configuration
PROTOCOL[USER[:PASSWORD]@]IPv4[:PORT]/FILE-NAME
- file cp running-configuration FILE-NAME
- file cp startup-configuration from
PROTOCOL[USER[:PASSWORD]@]IPv4[:PORT]/FILE-NAME
- file cp startup-configuration from FILE-NAME
- file ls
- file ls os-image
- file rm from FILE-NAME
- file rm os-image FILE-NAME
- file more FILE-NAME
Command Descriptions
Table 7: File System Commands
Command Description
file activate-os-image FILE-NAME Specifies the name of the software image file
to be loaded during the next restart:
FILE-NAME: name of the software
image file
Command Description
Command Description
Command Description
Command Description
Command Description
Command Description
file diff FILE-NAME1 FILE-NAME2 Compares the content of two files and returns
matches without regard to
uppercase/lowercase:
FILE-NAME1, FILE-NAME2: names of
the files to be compared
file restore binary-running-config flash Restores the binary running configuration
FILE-NAME from a backup file located on the local file
system:
FILE-NAME: name of the restored
file
The name of the backup file is
backup.tar.gz
NOTE
If you do not specify flash, the
device restores backup.tar.gz. If the
file does not exist, you will get
warning message.
file restore binary-running-config Restores the running configuration from a
PROTOCOL[USER[:PASSWORD]@]IPv4[:POR backup file located on a TFTP/FRP server:
T]/FILE-NAME
PROTOCOL type: tftp://A.B.C.D or
ftp://user:pass@A.B.C.D. For
TFTP servers, user, password,
and port are not required. For
FTP servers, port number is not
required.
USER: FTP user name
PASSWORD: FTP user password. The
password must be immediately
followed by the at sign (@).
IPv4: IP address of the TFTP/FTP
server (in dotted-decimal
format)
PORT: port number for the TFTP
transfer
FILE-NAME: name of the file to
be restored
file vi FILE-NAME Opens the selected file for editing in a
standard VI editor:
FILE-NAME: name of the file
In the following example, the new_image. T-Marc 3312SC.binoxpkg application package file is
downloaded from an FTP server (IP address is 10.3.71.17).
1. Download the desired file from the FTP server to the local file system:
device-name#file cp os-image ftp://user:pass123@10.3.71.17/new_image. T-
Marc 3312S.binoxpkg
Extracting the required components from the package file( This may take
several minutes )... OK
-> Installing the safe mode image file 'T-Marc 3312SC-safemode.img' version
2.1.TP-dev55:
Erasing 128 Kibyte @ e0000 -- 87 % complete.
Flashing the 'T-Marc 3312SC-safemode.img' image on the /dev/mtd4
partition... OK
NOTE
If insufficient free space is available, the new software image is not saved on the
local file system. The following error message appears:
Installing the image file... Failed! (cp: write error: No space left on
device)
Command Hierarchy
NOTE
System time for the device resets after reload. System time must be defined manually
when NTP is not configured.
device-name#
+ config terminal
+ system
+ [no] time
- [no] date CCYY-MM-DDTHH:MM:SS
+ [no] summer-time
- [no] recurring [start-at {day-of-the-week DAY |
month MONTH | week-of-the-month <week> | time
HH:MM:SS} | end-at {day-of-the-week DAY | month
Command Descriptions
Table 8: System Time and Date Commands
Command Description
Command Description
recurring {start-at {day-of- Specifies a yearly starting and ending date for
the-week DAY | month MONTH summer time DST:
| time HH:MM:SS | week-of-
the-month <week>} | end-at start-at: start settings
{day-of-the-week DAY |
month MONTH | time
end-at: end settings
HH:MM:SS | week-of-the- DAY: the start/end day of the week
month <week>}} (Sunday, Monday)
MONTH: the start/end month
(January, February)
HH:MM:SS: the start/end time (24-
hour format)
week: the week of the month, in
which the specified day appears
for the first time (first, second,
third, forth week)
The summer time is disabled
recurring offset <offset> Specifies the number of minutes added during
summer time DST:
offset: in the range of <1-1440>
recurring shutdown Disables the recurring summer time
no recurring shutdown Enables the recurring summer time
ntp Configures synchronization of the system time
for the device by an NTP server
Enabled
NOTE
After changing any of the NTP
configuration parameters, restart
the NTP server using
shutdown/no shutdown
commands.
no ntp Disables NTP
Command Description
Example
The following example configures the following summer time recurring:
start on 27 March 2011 at 03:00am - move forward one hour
end on 30 October 2011 at 04:00am - move backward one hour
device-name#configure terminal
device-name(config)#system
device-name(config-system)#time
device-name(config-time)#date 2011-01-01T01:00:00
device-name(config-time)#summer-time recurring
device-name(config-recurring)#start-at week-of-the-month fourth
device-name(config-recurring)#start-at day-of-the-week Sunday
device-name(config-recurring)#start-at month March
device-name(config-recurring)#start-at time 03:00:00
device-name(config-recurring)#end-at week-of-the-month last
device-name(config-recurring)#end-at day-of-the-week Sunday
device-name(config-recurring)#end-at month October
device-name(config-recurring)#end-at time 04:00:00
device-name(config-recurring)#offset 60
device-name(config-recurring)#no shutdown
device-name(config-time)#commit
Command Hierarchy
device-name#
+ config terminal
+ system
- [no] dns-resolver A.B.C.D [shutdown]
Command Descriptions
Table 9: DNS Client Commands
Command Description
Command Hierarchy
device-name#
- idle-timeout <timeout>
Command Descriptions
Table 10: VTY Session Commands
Command Description
idle-timeout <timeout> Specifies the timeout value for the VTY connection:
timeout: in the range of <0-8192>
seconds. Specify value of 0 for
unlimited VTY connection.
License Configuration
Each device is delivered to the customer with a full software license support.
License Configuration Commands
The following section defines the command hierarchy for License Configuration and provides a list
of available command descriptions.
Command Hierarchy
device-name#
+ config terminal
+ system
- license id <value>
- show system license
Command Descriptions
Table 11: License Commands
Command Description
Session Limiting
The Session Limiting feature allows you to configure a limit on the number of CLI, SNMP, or
Netconf concurrent sessions.
Commands Descriptions
Table 12: Sessions Limiting Commands
Command Description
Example:
When you reach the limit of allowed sessions, you can terminate any of the current sessions and log
into the device:
device-name#config terminal
Remote Monitoring
Remote Monitoring (RMON) is an Internet Engineering Task Force (IETF) monitoring
specification that defines a set of statistics and functions that can be exchanged between RMON-
compliant console systems and network probes.
RMON provides you with comprehensive network-fault diagnosis, planning, and performance-
tuning information.
You can use the RMON feature with the Simple Network Management Protocol (SNMP) agent to
monitor all the traffic flowing among devices on all connected LAN segments.
Statistics History
A statistics monitoring provides historical view of the interface statistics based on user-defined
interval. A statistic monitoring profile defines which specific statistic-counter will be monitored.
Profile can be bound to specific interface instance in the control table
A table of build-in counters includes:
Counter Description
RMON Commands
Commands Hierarchy
device-name#
+ config terminal
+ system
+ [no] statistics-history
- [no] control <value> [profile-name NAME | xpath-key
<value>]
- [no] get-interval <value>
- [no] profile NAME [xpath-template <value>]
- [no] shutdown
- [no] type {absolute | delta}
- show system statistics-history [control | displaylevel <value>]
- show [port UU/SS/PP] rmon statistics [etherStatsBroadcastPkts |
etherStatsCollisions | etherStatsCRCAlignErrors |
etherStatsDropEvents | etherStatsFragments | etherStatsJabbers |
etherStatsMulticastPkts | etherStatsOctets | etherStatsOversizePkt |
etherStatsPkts | etherStatsPkts1024to1518Octets |
etherStatsPkts128to255Octets | etherStatsPkts256to511Octets |
etherStatsPkts512to1023Octets | etherStatsPkts64Octets |
etherStatsPkts65to127Octets | etherStatsUndersizePkts]
Commands Descriptions
Table 13: RMON Commands
Command Description
Command Description
Example 1
device-name#show port 1/1/1 rmon statistics
===============================================================================
RMON Statistics
===============================================================================
Port 1/1/1
Counter Name Counter Value
-------------------------------------------------------------------------------
etherStatsDropEvents 117
etherStatsOctets 11298
etherStatsPkts 133
etherStatsBroadcastPkts 0
etherStatsMulticastPkts 133
etherStatsCRCAlignErrors 0
etherStatsUndersizePkts 0
etherStatsOversizePkts 0
etherStatsFragments 0
etherStatsJabbers 0
etherStatsCollisions 0
etherStatsPkts64Octets 4
etherStatsPkts65to127Octets 130
etherStatsPkts128to255Octets 0
etherStatsPkts256to511Octets 0
etherStatsPkts512to1023Octets 0
etherStatsPkts1024to1518Octets 0
===============================================================================
Counter Description
Example
The following example displays how to create a profile Test_1/1/1, apply it on port 1/1/1, and
collect statistics for 10 seconds:
device-name(config)#system
device-name(config-system)#statistics-history
device-name(config-statistics-history)#profile Test_1/1/1
device-name(config-statistics-history)#profile Test_1/1/1 xpath-template
"/interfaces/interface{%s}/Counters/ifInOctets"
device-name(config-statistics-history)#/1
device-name(config-statistics-history)#control 1 xpath-key 1/1/1
device-name(config-control-1)#commit
Commit complete.
device-name(config-control-1)#exit
device-name(config-statistics-history)#get-interval 10
device-name(config-statistics-history)#no shutdown
device-name(config-statistics-history)#commit
Commit complete.
Receive Statistics
Total number of packets and bytes Amount of packtes and bytes received on the selected
port.
Unicast Packets Amount of Unicast packets received on the selected port.
Multicast Packets Amount of Multicast packets received on the selected port.
Broadcast Packets Amount of Broadcast packets received on the selected port.
Packets with FC/color Amount of packets with configured color/FC received on the
selected port.
- [no] da-type
- [no] da-bw-measurement {packets | bytes | all}
+ [no] dot1q <service-id>
+ [no] sap {UU/SS/PP | agN}
+ [no] c-vlan {<cvlan-id> | all}
- [no] ingress-statistics-policy NAME
- [no] egress-statistics-policy NAME
+ [no] sdp vlan <vlan-id>
+ [no] port {UU/SS/PP | agN}
- [no] ingress-statistics-policy NAME
- [no] egress-statistics-policy NAME
- show statistics ingress-statistics-policy NAME
- show statistics egress-statistics-policy NAME
- show service dot1q <service-id> {sap {UU/SS/PP | agN} c-vlan <vlan-id>
statistics | sdp <vlan-id> port UU/SS/PP statistics | statistics}
Command Descriptions
Table 15: Service Statistics Commands
Command Description
Command Description
| bytes | all} all
no fc-bw-measurement Restores to default
da-type Only for Egress Statistics.
Specifies unicast and broadcast packets to be
counted in egress statistics
no da-type Removes the configuration
da-bw-measurement {packets Only for Egress Statistics.
| bytes | all}
Specifies packets, bytes or both to be counted
all
no da-bw-measurement Restores to default
packet-type Only for Ingress Statistics.
Specifies the type of packets to be counted and
enters the Packet Configuration mode
no packet-type Removes the configuration
broadcast Enables counting of broadcast packets
no broadcast Disables the broadcast packets counting
broadcast-bw- Specifies broadcast packets, bytes or both to be
measurement {packets counted
| bytes | all}
all
no broadcast-bw- Restores to default
measurement
Command Description
of <1-4294967294>
sap {UU/SS/PP | agN}
NOTE
You cannot use the same
physical port as MPLS and TLS
SAP.
You cannot use the MPLS
uplink for L2 SAP, and vice
versa.
The default VLAN of the TLS
SAP port must not be changed.
no sap [UU/SS/PP | agN] Removes the defined SAP:
UU/SS/PP: (optional) SAP port, in
the range of 1/1/1-1/1/4 and 1/2/1-
1/2/8
agN: SAP LAG ID. N is in the range
of <1-14>
c-vlan {<cvlan-id> | all}
Command Description
and 1/2/1-1/2/8
agN: (optional) SDP LAG ID. N is in
the range of <1-14>
ingress-statistics-policy Applies the previously configured Ingress
NAME Statistics policy:
NAME: string of up to 32 characters
no ingress-statistics- Removes the configured profile
policy
show service dot1q <service-id> {sap Displays statistics for specific 802.1Q services or,
{UU/SS/PP | agN} c-vlan <vlan-id> when used with parameters, displays statistics for
statistics | sdp <vlan-id> port SAPs or SDPs, filtered by command arguments
UU/SS/PP statistics | statistics}
Example 1
The following example demonstrates how to configure FC and fc-bw-measurement policy profile
and apply it on dot1q SAP port:
Device-name(config-statistics)#service
Device-name(config-service)#statistics
Device-name(config-statistics)#egress-statistics-policy A1
Device-name(config-egress-statistics-policy-A1)#da-type
Device-name(config-egress-statistics-policy-A1)#exit
Device-name(config-statistics)#ingress-statistics-policy B1
Device-name(config-ingress-statistics-policy-B1)#fc
Device-name(config-ingress-statistics-policy-B1)#fc-bw-measurement bytes
Device-name(config-ingress-statistics-policy-B1)#exit
Device-name(config-statistics)#exit
Device-name(config-service)#dot1q 1
Device-name(config-dot1q-1)#sap 1/1/1 c-vlan 5
Device-name(config-c-vlan-5)#ingress-statistics-policy B1
Device-name(config-c-vlan-5)#egress-statistics-policy A1
Device-name(config-c-vlan-5)#exit
Device-name(config-sap-1/1/1)#exit
Device-name(config-dot1q-1)#sdp vlan 10 port 1/1/2
Device-name(config-port-1/1/2)#ingress-statistics-policy B1
Device-name(config-port-1/1/2)#egress-statistics-policy A1
Device-name(config-port-1/1/2)#commmit
Commit complete.
Device-name(config-port-1/1/2)#
Device-name#show running-config service
service
dot1q 1
sdp vlan 10
port 1/1/2
ingress-statistics-policy B1
egress-statistics-policy A1
!
!
sap 1/1/1
c-vlan 5
ingress-statistics-policy B1
egress-statistics-policy A1
!
!
!
statistics
ingress-statistics-policy B1
fc
fc-bw-measurement bytes
!
egress-statistics-policy A1
da-type
!
Exit
!
Device-name#show service dot1q 1 sap 1/1/1 c-vlan 5 statistics
statistics ingress policy:B1
packets bytes
In stat 0 0
fc be 1000 100000
fc l2 0 0
fc af 0 0
fc l1 0 0
fc h2 0 0
fc ef 0 0
fc h1 0 0
fc nc 0 0
statistics egress policy
packets bytes
Eg stat 0 0
Example
Jan 1 01:02:48 info OSPF interface 192.168.1.1 join AllSPFRouters
Multicast group.
Severity Levels
Trap level for logging should be configured per receiver (buffer, CLI console, SSH console, and
Syslog server) and per severity.
By default, the buffer is disabled and it does not store any LOG messages.
To configure the level of the trap message logging filter, use the log buffer severity
command.
Table 17: Severity Levels
Severity Level Keyword Description
Zero (0) is the highest severity, and 7 is the lowest severity. When you specify a severity level,
logging output of the specified level and all lower levels (higher severities) are enabled.
Syslog Facility
A Syslog facility is a setting for the remote Syslog server.
Table 18: Syslog Message Facilities
Keyword Description
NOTE
Some operating systems use facilities alert, audit, and auth for
security/authorization and audit/alert messages.
Commands Hierarchy
device-name#
+ config terminal
+ [no] log
- [no] cli-console {severity <level> | process-name NAME}
- [no] ssh-console {severity <level> | process-name NAME}
- [no] buffer {severity <level> | process-name NAME}
- [no] telnet-console {severity <level> | process-name NAME}
+ [no] syslog-server A.B.C.D
- [no] facility <level>
- severity <level>
- [no] process-name NAME
- [no] source-address A.B.C.D
- [no] dscp-mapping <value>
- show syslog
- show syslog message [level <level> | process NAME | text NAME |
timestamp NAME]
Commands Descriptions
Table 19: System Log Commands
Command Description
Command Description
process-name NAME}
severity level: specifies a
severity level to limit logs on
the SSH console. Refer to
Keyword column of Table 17
process-name NAME: specifies a
process, related logs are
displayed (AAA, BFD, MPLS LDB
forwarding, MPLS LDB HW, MPLS
Management, MPLS Stack, BIST,
and etc)
no ssh-console {severity | process- Removes configured options
name}
buffer {severity <level> | process- Specifies severity level to limit logs to buffer:
name NAME}
severity level: specifies
severity level to limit logs to
buffer. Refer to Keyword column
of Table 17
process-name NAME: specifies a
process, logs of which are
buffered (AAA, BFD, MPLS LDB
forwarding, MPLS LDB HW, MPLS
Management, MPLS Stack, BIST,
and etc)
Syslog buffer size is 2000 messages
no buffer {severity | process-name} Restores to default
Command Description
of Table 17
process-name NAME Specifies a process, logs of which are sent to
the Syslog server:
NAME: process name (AAA, BFD,
MPLS LDB forwarding, MPLS LDB
HW, MPLS Management, MPLS Stack,
BIST, and etc)
no process-name Removes the configured process
Configuration Example
The following example shows how to enable system log messages for different severity levels that
are displayed by the console port, on SSH session or Syslog buffer.
1. Enable logging on the console port with severity level critical:
device-name#configure terminal
device-name(config)#log cli-console severity critical
device-name(config)#commit
Commit complete.
Command Hierarchy
device-name#
+ config terminal
+ ethernet
+ [no] attack-prevent
- [no] first-tcp-fragment-without-full-tcp-header
- [no] fragmented-icmp
- [no] icmp-payload-greater-than-icmp-max-size
- [no] matching-source-destination-ip
- [no] tcp-fin-urg-psh-sequence-zero
- [no] tcp-header-fragment-offset-1
- [no] tcp-src-equals-tcp-dst
- [no] tcp-syn-fin
- [no] udp-src-equals-udp-dst
- [no] tcp-flag-and-sequence-zero
Command Descriptions
Table 20: DoS Commands
Command Description
Command Description
Configuration Example
device-name(config-attack-prevent)#first-tcp-fragment-without-full-tcp-header
device-name(config-attack-prevent)#fragmented-icmp
device-name(config-attack-prevent)#commit
Commit complete.
device-name(config-attack-prevent)#end
device-name#show running-config ethernet attack-prevent
ethernet
attack-prevent
first-tcp-fragment-without-full-tcp-header
fragmented-icmp
!
!
Reload Commands
device-name#
+ config terminal
+ system
- reload [manufacturing-defaults] [downgrade]
- reload at MONTH DAY hour minute
- reload in hour minute
- show system reload
Example 1:
device-name#config terminal
Entering configuration mode terminal
device-name(config)#system
device-name(config-system)#relaod
Connection to 10.3.133.6 closed by remote host.
Connection to 10.3.133.6 closed.
Example 2:
device-name(config)#system reload at 9 26 11 35
Where values are months, day, hour and minutes.
Command Hierarchy
device-name#
+ config terminal
+ system
+ security
+ [no] protection-profile NAME
[no] ipv4-reserved-multicast {discard | pass | peer
| peer-and-pass}
+ port UU/SS/PP
- [no] protection-profile NAME
protection-profile NAME
Command Description
port UU/SS/PP
List of Tables 2
Overview 3
SNMP Entity 3
SNMP Agent 4
Structure of Management Information (SMI) 4
SNMP Manager 4
Management Information Base (MIB) 4
SNMP Engine ID 4
SNMP View Records 5
SNMP Notifications 5
The Discovery Mechanism 7
Versions of SNMP 9
SNMP Commands 11
Command Hierarchy 11
Command Descriptions 12
Table of Figures
Figure 1: SNMP Agent and Manager Communication ..................................................................... 3
Figure 2: Trap Sent to SNMP Manager Successfully ........................................................................ 5
List of Tables
Table 1: SNMP Versions ....................................................................................................................... 9
Table 2: Security Levels Available in the SNMPv3 Security Models ............................................ 10
Table 3: SNMP Configuration Commands ...................................................................................... 12
Table 4: Notification Types................................................................................................................. 18
T-Marc3312SC/T-Marc3312SCH
Overview
SNMP is an application layer protocol that facilitates the exchange of management information
between network devices. An SNMP-managed network consists of three key components:
Managed Device: A network node that contains an SNMP Agent and resides on a managed
network
Agent: A network-management software module that resides in a managed device. An agent
has local knowledge of management information and translates that information into a form
compatible with SNMP
Network-Management System: Responsible for execution of applications that monitor and
control managed devices.
Using SNMP, a network administrator can manage network performance, find and solve network
problems, and extend the network.
Table 1 displays communication between an SNMP Agent and a Manager.
SNMP Entity
An SNMP Entity, an implementation of the SNMP architecture, consists of an SNMP Engine and
one or more associated applications.
An SNMP Engine provides services for sending and receiving messages, authenticating and
encrypting messages, and controlling access to managed objects. The SNMP Engine is
identified by the SNMP Engine ID.
Applications use the services of an SNMP Engine to accomplish specific tasks. They
coordinate the processing of management information operations, and may use SNMP
messages to communicate with other SNMP Entities.
SNMP Agent
An Agent is a network-management software module that resides in a managed device and is
responsible for maintaining local management information and delivering that information to a
Manager via SNMP. A management information exchange can be initiated by the Manager or by the
Agent.
The SNMP Agent contains MIB variables and these values can be requested or changed by the
SNMP Manager. The Agent and MIB reside on the device. The Agent gathers data from the MIB
and responds to a Managers request to get or set data.
SNMP Manager
An SNMP Manager is a software module in a management network responsible for managing
either part of or the entire configuration on behalf of network management applications and users.
The SNMP Manager sends requests to the SNMP Agent to get and set MIB values.
Communication among protocol entities is accomplished by the exchange of messages; each of
them is entirely and independently represented within a single UDP datagram. A message consists
of a version identifier, an SNMP community name, and a protocol data unit (PDU). PDUs are the
packets that are exchanged in the SNMP communication.
SNMP Engine ID
The SNMP Engine ID is a 5 to 32 bytes long, administratively unique identifier of a participant in
SNMP communication within a single management domain. The SNMP Manager and SNMP
Agent must be configured by an administrator to have unique SNMP Engine IDs.
SNMP Notifications
The SNMP notification messages allow devices to send asynchronous messages to the SNMP
Managers. Devices can send notifications to SNMP Managers when particular events occur. For
example, an Agent might send a message to a Manager when the Agent experiences an error
condition.
NOTE
All traps, except the ones sent with SNMPv1, have a request ID as part of the PDU.
SNMP notifications can be sent as traps or Inform requests. Traps are unreliable because the
receiver does not send an acknowledgment upon receipt of a trap. However, an SNMP Manager
that receives an Inform request acknowledges the message with an SNMP response PDU. If the
sender does not receive a response after a particular time interval, the Inform request is sent again.
Informs consume more resources in the device and in the network but are more reliable. Unlike a
trap, which is discarded after being sent, an Inform request must be held in memory until a
response is received or the request times out. Also, traps are sent only once, while an Inform may
be sent several times.
Figure 2 through Figure 5 illustrate the differences between traps and Inform requests.
In Figure 2, the Agent successfully sends a trap to the SNMP Manager. The Manager receives the
trap but does not send an acknowledgment to the Agent. The Agent has no way of knowing
whether the trap reached its destination.
In Figure 3, the Agent successfully sends an Inform request to the Manager. Upon receipt of the
Inform request, the Manager sends a response back to the Agent. As a result, the Agent knows that
the Inform request successfully reached its destination. In this example, while traffic is generated
twice, as in Figure 2; the Agent is sure that the Manager received the notification.
In Figure 4, the Agent sends a trap to the Manager, but the trap does not reach the Manager. Since
the Agent has no way of knowing whether the trap reached its destination, the trap is not sent
again. The Manager never receives the trap.
In Figure 5, the Agent sends an Inform request to the Manager, but the Inform request does not
reach the Manager. The Manager does not send a response. After a period of time, the Agent
resends the Inform request. This time, the Manager receives the Inform request and replies with a
response. In this example, there is more traffic than in Figure 4; however, the notification reaches
the SNMP Manager.
The Agent sends an Inform PDU with a valid Engine ID (the Engine ID that is received as shown
in Figure 6), but with incorrect snmpEngineBoots and snmpEngineTime. These parameters are still
unknown to the Agent. The discovery process ends when no authentication/encryption exists for
the target address. If authentication/encryption exists, the packet is with the corresponding
authentication/encryptionMD5, SHA or DES.
In Figure 7, the Manager returns an authenticated REPORT PDU (notInTimeWindow) that
consists of valid snmpEngineBoots and snmpEngineTime parameters.
Finally, when the discovery process is completed, the Agent and the Manager are synchronized and
subsequent packets do not discover the Engine ID of the Manager.
Versions of SNMP
The application software supports the following versions of SNMP:
Table 1: SNMP Versions
Variable Description
SNMPv1 In the SNMP version 1, user can get and set MIB objects, traverse the
MIB tree using the getNext operation, and enable the management
device to receive asynchronous messages from the Agent using the trap
mechanism. SNMPv1 bases its security on community strings.
SNMPv2c SNMP version 2c (the c stands for community) is the community-string
based Administrative Framework. SNMPv2c includes the following
improvements over SNMPv1:
Improved performance for getting data using getBulk. The bulk
retrieval mechanism supports the retrieval of tables and large
quantities of information in one PDU, thus minimizing the number of
round-trips required.
Improved error handling. SNMPv2 adds many error codes to the
five originally defined in SNMPv1. Management devices are
provided with more detailed information about the cause of the
error. Also, three exceptions are reported with SNMPv2c:
no such object, no such instance, and end of MIB view
exceptions.
Extended asynchronous reporting. SNMPv2 allows the Agent to
send SNMP notifications by inform request, as well as by trap
messages that are available in SNMPv1. Whereas traps do not
provide the Agent with an indication that the message is received,
the inform request requires the Manager to confirm reception and
is therefore more reliable. As for the trap message, its format is
changed to match the PDU format of a regular get/set PDU, in order
to simplify the protocol. The SNMPv2 protocol requires adding more
details to every trap in order to supply the Manager with more
information.
Generally, MIBs written for Agents that use SNMPv2c or higher versions
use SMIv2 instead of version 1 of the SMI. This version adds some new
variables types.
Both SNMPv1 and SNMPv2c use a community-based form of security.
SNMPv3 SNMP version 3, an interoperable standards-based protocol, provides
secure communication using the USM (User-based Security Model) and
access control using the VACM (View-based Access Control). The USM
model provides an answer to the following threats:
Replay, interception and retransmission of messages prevented by
using time-stamp.
Masquerading prevented by authenticating the message sender.
Integrity, interception, changing data, and retransmission of
messages prevented by authenticating the message sender and
encryption of the message data.
Disclosure prevented by encryption of the message data.
The SNMPv3 USM allows three levels of security (see
Table 2):
No Authentication and No Privacy (noAuthNoPriv)
Variable Description
You must configure the SNMP Agent to use the version of SNMP supported by the management
device. An Agent can communicate with multiple users. For this reason, you can configure the
application software to support communications with many users: some users can use the SNMPv1
protocol, some can use the SNMPv2c protocol, and the rest can use SMNPv3.
NOTE
You can participate in different groups, with a different security model in each
group. You cannot participate in more than one group with the same security model.
SNMP Commands
The following section presents the SNMP Command Hierarchy together with command
descriptions and an example.
Command Hierarchy
device-name#
+ configure terminal
+ system
+ [no] snmp
- [no] access source-ip A.B.C.D/M
- [no] engine-id <engineID>
- [no] max-packet-size <size>
- [no] general-port <port-number>
- [no] shutdown
- [no] authentication-failure-trap
- [no] system-name .LINE-TEXT
- [no] system-location .LINE-TEXT
- [no] system-contact .LINE-TEXT
- [no] system-description .LINE-TEXT
- [no] notification-change-trap
- [no] source-address A.B.C.D
- [no] dscp-mapping <value>
- [no] view VIEWNAME OID-TREE [MASK | included | excluded]
- [no] group GROUPNAME {authNoPriv | authPriv |
noAuthNoPriv} read READ-VIEW write WRITE-VIEW notify
NOTIFY-VIEW
- [no] user USERNAME GROUPNAME {v1 | v2c | v3} [md5 | sha
| remote ENGINE-ID] [AUTHENTICATION-PASSWORD]
[ENCRYPTION-PASSWORD]
+ [no] target-address ADDR-NAME
- [no] message-model {v1 | v2c | v3}
- [no] security-level {noAuthNoPriv | authNoPriv |
authPriv}
- [no] address TARGET-ADDRESS
- [no] security-name USERNAME
- [no] dst-port <port-number>
- [no] timeout <value>
- [no] retry-count <value>
Command Descriptions
Table 3: SNMP Configuration Commands
Command Description
access source-ip A.B.C.D/M Limits the access to the SNMP server (device/SNMP
agent) only from the specific sources IP address(es):
A.B.C.D/M: IP address and subnet mask
(in a dotted-decimal format) that
identify a network or hosts.
A.B.C.D/32 specifies a specific IP
address.
no access source-ip Removes the configured IP address
engine-id <engineID> Defines a new value for the SNMP Engine ID of the
Agent:
engineID: a string of 10 to 64
characters (represented internally by
5 to 32 bytes), in the format of
XX:XX:XX:XX:XX:XX
80 00 02 E2 03 [MAC ADDR]
no engine-id Restores the default
max-packet-size <size> Defines a new value for the maximum packet size:
size: in the range of <484-
2147483647>
9216
no max-packet-size Restores the default
general-port <port-number> Defines a new value for the IP SNMP port number:
port-number: in the range of <161,
1025-65535>
161
no general-port Restores the default
Command Description
Command Description
Command Description
no group GROUPNAME Removes the SNMP group data:
{authNoPriv | authPriv |
noAuthNoPriv} If you specify only the group name, all groups
with that name are removed, regardless of
security model and level.
If you specify the security model, only the group
matching all conditions is removed.
user USERNAME GROUPNAME {v1
| v2c | v3} [md5 | sha |
remote ENGINE-ID] Creates an SNMP local or remote user:
[AUTHENTICATION-
PASSWORD] [ENCRYPTION- USERNAME: the name of the user on the
PASSWORD] host that connects to the Agent.
SNMP user is not configured
GROUPNAME: the name of the group is
limited to 32 characters
v1, v2c, v3: the security model. For
more information, refer to Table 1
md5: enables HMAC-MD5 (Message Digest
5) authentication
sha: enables HMAC-SHA (Secure Hash
Algorithm) authentication
(only for v3 users)remote ENGINE-ID:
creates a remote user by its engine
ID, in hexadecimal format FF:FF:FF:FF
ENCRYPTION-PASSWORD: the PDUs sent to
or received by this user should be
encrypted, with the key generated
from the encryption password; up to
32 characters
AUTHENTICATION-PASSWORD: the
authentication password string up to
32 characters
no user USERNAME GROUPNAME Removes the specified user definition
{v1 | v2c | v3}
message-model {v1 | v2c | Defines the security model specifying the version of
v3} the protocol in which the traps are sent (for more
information, refer to Table 1):
v1, with TRAP-V1 PDU type
v2c with TRAP-V2 PDU type
v3, with TRAP-V2 PDU type)
v2c
Command Description
security-name USERNAME Defines the security name that identifies how SNMP
messages will be generated using this entry:
USERNAME: the security user name
no security-name Removes the security name
Command Description
prvtSaaY1731DelayFarEndThreshold The SAA Y1731 Far End delay threshold crossed the
preconfigured threshold in any direction, raising or
falling.
prvtSaaY1731DelayNearEndThreshold The SAA Y1731 Near End delay threshold crossed
the preconfigured threshold in any direction, raising
or falling.
prvtSaaY1731FrLossFEThreshold The SAA Y1731 Far End frame-loss threshold
crossed the preconfigured threshold in any direction,
raising or falling.
prvtSaaY1731FrLossNearEndThreshold The SAA Y1731 Near End frame-loss threshold
crossed the preconfigured threshold in any direction,
raising or falling.
prvtSaaY1731JitterFarEndThreshold The SAA Y1731 Far End jitter threshold crossed the
preconfigured threshold in any direction, raising or
falling.
prvtSaaY1731JitterNearEndThreshold The SAA Y1731 Near End jitter threshold crossed
the preconfigured threshold in any direction, raising
or falling.
prvtSysMonRamUsage This notification indicates that the sending Agent
sensed that the internal amount of free RAMs is
lower than a program threshold.
sapCreated This notification is sent when a new row is created in
the sapTable.
2. Create a view that includes the entire MIB tree from root:
device-name(config-snmp)#view internet 1.3 included
3. Create a user named tester that uses SNMPv3 and attach it to a group named public without
authentication and privacy:
device-name(config-snmp)#group public noAuthNoPriv read internet write
internet notify internet
device-name(config-snmp)#user tester public v3
SNMP Views
===========================================================================
====
MIB View name : internet
MIB Subtree : 1.3
MIB Subtree Mask :
MIB Subtree View type : included
===========================================================================
====
Number of entries: 1
===========================================================================
====
SNMP group name : public
Security-model : noAuthNoPriv
Read-only MIB view : internet
Read-write MIB view : internet
Accessible-for-notify MIB view : internet
===========================================================================
====
Number of entries: 1
1. Enable SNMP:
device-name#config terminal
device-name(config)#system
device-name(config-system))#snmp
2. Create a view that includes the entire MIB tree from root:
device-name(config-snmp)#view internet 1.3 included
4. Create a user named tester that uses SNMPv3, and attach it to the already created group named
public:
device-name(config-snmp)#end
List of Tables 2
Telnet 27
Telnet Commands 27
Table of Figures
Figure 1: User Privilege Profiles Configuration Flow ....................................................................... 5
Figure 2: A RADIUS Communication Example ............................................................................. 11
Figure 3: RADIUS Configuration Flow ............................................................................................ 14
Figure 4: TACACS+ Configuration Flow ........................................................................................ 21
List of Tables
Table 1: Privilege Profile Types ............................................................................................................ 4
Table 2: Default Device Username and Password ............................................................................ 4
Table 3: User and Privilege Profile Commands ................................................................................. 6
Table 4: RADIUS Commands ............................................................................................................ 15
Table 5: TACACS+ Server Responses .............................................................................................. 19
Table 6: TACACS+ Commands ........................................................................................................ 22
Table 7: A comparison between TACACS+ and RADIUS ........................................................... 26
Table 8: Telnet Commands ................................................................................................................. 27
Table 9: SSH Commands .................................................................................................................... 29
Table 10: ARP Prioritization Commands ......................................................................................... 32
T-Marc3312SC/T-Marc3312SCH
During logon, the device checks the user name and password either against a table that is stored
locally or in a remote database:
Locally: Authentication occurs through a database of user names and passwords located on
the local file system. If a remote database exists but the device is unable to make contact after
repeated attempts, the local database is queried instead. If there is no response or the local
database does not exist, the user is not permitted access.
RADIUS/TACACS+: Authentication occurs through contact with a remote database lookup
that can be used for other authentication tasks. Information contained in the remote database
is not shared with the local database.
admin admin
Command Hierarchy
device-name#
+ config terminal
+ system
+ security
- [no] authentication-failure-trap
+ [no] password preferred-authentication {local | radius
| tacacs}
+ [no] privilege-profile PRIVILEGE-PROFILE-NAME
+ [no] netconf-access-rule <number>
- action {permit | permit_log | deny}
- match COMMAND-STRING
- namespace NAME
- operation {r | rw | rwx | rx | w | wx | x}
+ [no] command-access-rule <number>
Configuration Commands
Table 3: User and Privilege Profile Commands
Command Description
Command Description
Command Description
Configuration Example
1. Define a privilege profile telco which denies access to the device via CLI:
Device-name#config
Device-name(config)#system
Device-name(config-system)#security
Device-name(config-security)#privilege-profile telco
Device-name(config-privilege-profile-telco)#command-access-rule 2
Device-name(config-command-access-rule-2)#action deny
Device-name(config-command-access-rule-2)#agent cli
Device-name(config-command-access-rule-2)#match "file ls"
Device-name(config-command-access-rule-2)#operation rx
Device-name(config-command-access-rule-2)#exit
Device-name(config-privilege-profile-telco)#command-access-rule 3
Device-name(config-command-access-rule-3)#action deny
Device-name(config-command-access-rule-3)#agent cli
Device-name(config-command-access-rule-3)#match "config terminal"
Device-name(config-command-access-rule-3)#operation r
Device-name(config-command-access-rule-3)#exit
Device-name(config-privilege-profile-telco)#command-access-rule 4
Device-name(config-command-access-rule-4)#action deny
Device-name(config-command-access-rule-4)#agent cli
Device-name(config-command-access-rule-4)#match "config no-confirm"
Device-name(config-command-access-rule-4)#operation x
Device-name(config-command-access-rule-4)#exit
Device-name(config-privilege-profile-telco)#command-access-rule 5
Device-name(config-command-access-rule-5)#action deny
Device-name(config-command-access-rule-5)#agent cli
Device-name(config-command-access-rule-5)#match "show port"
Device-name(config-command-access-rule-5)#operation rx
Device-name(config-command-access-rule-5)#commit
Device-name(config-command-access-rule-5)#exit
Device-name(config-privilege-profile-telco)#exit
Device-name(config-security)#user telco
Device-name(config-user-telco)#member telco
Device-name(config-user-telco)#password telco
Device-name(config-user-telco)#commit
action deny
agent cli
match "config terminal"
operation r
!
command-access-rule 4
action deny
agent cli
match "config no-confirm"
operation x
!
command-access-rule 5
action deny
agent cli
match "show port"
operation rx
!
!
privilege-profile users
!
user telco
password $1$zrynUo$D7sdDdi0ps/BdQnrksXvH0
member telco
!
!
The RADIUS server first validates NAS (based on the shared secret-key) then validates the
user request against a local database by matching the password (and in some cases, other
parameters such as the port number). The RADIUS server then:
sends an acceptance message if the user information is validated. The acceptance message
includes a list of attributes that should be used in the session. An important parameter is
the privilege profile of the authenticated user.
sends a rejection message if the user is not found in the database or the information does
not match. The message may or may not include the reason for the rejection.
Based on this response, NAS accepts or rejects the request.
3. Assign a privilege profile to all other users in the users configuration file, as shown in the
following example. Every user have to be defined in this file.
admin Cleartext-Password := "admin"
Reply-Message = "Hello, admin",
Idle-Timeout = 30,
Session-Timeout = 60,
BATM-privilege-profile = admin,
BATM-privilege-group = Administrators
4. Add the subnetwork address from which NAS is connected to the clients.conf file. By default,
only the localhost is defined, you need to add your access points:
client localhost {
ipaddr = 127.0.0.1
secret = testing123}
client 10.3.0.0/16 {
secret = secretkey}
RADIUS Commands
This section describes the command hierarchy for RADIUS configuration and provides a list of
available commands as well as a configuration example.
Command Hierarchy
device-name#
+ config terminal
+ system
+ security
- [no] radius-server
- [no] host A.B.C.D
- [no] port <number>
- [no] deadtime <minutes>
- [no] key KEY
- [no] key-storage-type {local | file}
- [no] retransmit <count>
- [no] timeout <seconds>
- [no] source-address A.B.C.D
- [no] dscp-mapping <value>
- show radius-statistics
- clear-radius-statistics statistics
Command Descriptions
Table 4: RADIUS Commands
Command Description
host A.B.C.D
key KEY
Command Description
Configuration Example
1. Select the RADIUS server and define the shared secret key:
device-name#config terminal
device-name(config)#system
device-name(config-system)#security
device-name(config-security)#radius-server host 10.2.42.137
device-name(config-host-10.2.42.137)#exit
device-name(config-security)#radius-server key batm
access-accept | 2
access-reject | 1
invalid-responces | 0
packets-droped | 0
responces-from-unknown-address | 0
===========================================================================
===
Configuration Results
When accessing the device using the username localuser, the RADIUS server sends a
REJECT reply:
Username: localuser
Password:
Username:
When accessing the device using the username admin and the password adminpass, the
RADIUS server sends an ACCEPT reply, authenticating the user:
Username:admin
Password:adminpass
device-name#
TACACS+ Negotiation
When a user attempts to connect to the device, the following actions occur:
7. NAS mediates between the user and the TACACS+ server. NAS prompts for a username.
8. When the user types a username at the prompt, NAS prompts for a password.
9. When the user types a password, NAS sends the username and password to the TACACS+
server.
The TACACS+ server may request additional identifying information, other than the user
name and password, for user authentication.
10. When the user enters the required information, the TACACS+ server returns one of the
following responses:
Table 5: TACACS+ Server Responses
Response Description
key = testkey
TACACS+ Commands
Commands Hierarchy
device-name#
+ config terminal
+ system
+ security
- [no] accounting commands tacacs
- [no] authorization commands tacacs
- [no] tacplus
- [no] host A.B.C.D
- [no] description DESCRIPTION
- [no] key KEY
- [no] timeout <seconds>
- [no] source-address A.B.C.D
- [no] dscp-mapping <value>
Commands Descriptions
Table 6: TACACS+ Commands
Command Description
Command Description
host A.B.C.D
key KEY
Command Description
Configuration Example
Device Configuration:
1. Select the TACACS+ server and define the shared encryption key:
device-name#config terminal
device-name(config)#system
device-name(config-system)#security
device-name(config-security)#tacplus
device-name(config-tacplus)#host 10.2.42.137
device-name (config-host-10.2.42.137)#description test
device-name (config-host-10.2.42.137)#exit
device-name(config-tacplus)#key testkey
privilege-profile users
!
accounting commands tacacs
authorization commands tacacs
protection-profile default
!
Configuration Results
When accessing the device using username richy, the TACACS+ server sends a REJECT
reply:
Username:richy
Password:
Username:
When accessing the device using username admin and password adminpass, the TACACS+
server sends an ACCEPT reply, authenticating the user:
Username:admin
Password:adminpass
device-name#
When accessing the device using username testuser and password tester, the TACACS+
server sends a ACCEPT reply, authenticating the user:
Username: testuser
Password: tester
When this user try to execute command with deny rule, the TACACS+ server
sends an authorization reply with status FAIL:
device-name#who
Aborted: permission denied
When this user try to execute command with permit rule, the TACACS+ server
sends an authorization reply with status PASS and command is accepted:
device-name(config)#ethernet
device-name(config-ethernet)#
When the TACACS+ server is unreachable/down for authentication, local authentication is used.
Telnet
Telnet is a network protocol used to provide a bidirectional communications facility using a virtual
terminal connection. User data is transmitted over the Transmission Control Protocol (TCP).
Telnet Commands
Commands Hierarchy
device-name#
- telnet {A.B.C.D | HOSTNAME} [<port-number>]
+ config terminal
+ system
+ telnet-server
- [no] access source-ip A.B.C.D/M
- [no] port <number>
- [no] source-address A.B.C.D
- [no] dscp-mapping <value>
- [no] shutdown
Commands Descriptions
Table 8: Telnet Commands
Command Description
Command Description
access source-ip A.B.C.D/M Limits the access to the Telnet server only from
the specific IP address:
A.B.C.D/M: IP address and subnet
mask (in a dotted-decimal format)
that identify a network or hosts.
A.B.C.D/32 defines a specific IP
address.
no access source-ip Removes the configured IP address
port <value> Specifies the port through which the Telnet
connection is established:
number: the port number, in the
range of <165535>
port 23
no port <value> Restores to default
SSH Commands
Commands Hierarchy
device-name#
- ssh USERNAME@{A.B.C.D | SSHNAME}
+ config terminal
+ system
- [no] ssh-server
- [no] access source-ip A.B.C.D/M
- [no] source-address A.B.C.D
- [no] port <value>
- [no] dscp-mapping <value>
- [no] shutdown
Commands Descriptions
Table 9: SSH Commands
Command Description
Command Description
access source-ip A.B.C.D/M Limits the access to the SSH server only from
the specific sources IP address(es):
A.B.C.D/M: IP address and subnet
mask (in a dotted-decimal format)
that identify a network or hosts.
A.B.C.D/32 defines a specific IP
address.
no access source-ip Removes the trusted IP address
Command Description
Configuration Commands
Table 10: ARP Prioritization Commands
Command Description
Command Description
List of Tables 2
Resilient Links 26
Resilient Links Configuration Notes 26
Resilient Link Commands26
Configuration Example 27
Traffic Storm-Control 28
Storm-Control Commands 28
Table of Figures
Figure 1: Four Ports Combined into a Link Aggregation Group ................................................. 11
List of Tables
Table 1: Ports Configuration Commands ........................................................................................... 5
Table 2: IP Interface Configuration Commands ............................................................................... 6
Table 3: Commands Used to Display and Clear Port Settings and Statistics ................................ 8
Table 4: LAGs Commands ................................................................................................................. 14
Table 5: Resilient Links Commands .................................................................................................. 27
Table 6: Descriptions of the Storm-Control Commands ............................................................... 28
T-Marc3312SC/T-Marc3312SCH
Command Hierarchy
device-name#
+ config terminal
+ port UU/SS/PP
- [no] ethertype <value>
- [no] description DESCRIPTION
- [no] speed {10 | 100 | 1000 | auto}
- [no] duplex {auto | full | half}
- [no] default-vlan <vlan-id>
- [no] flow-control
- [no] mtu <value>
- [no] self-egress-filter
- [no] shutdown
+ [no] router
+ [no] interface {outBand0 | loN | swN}
- [no] group-id <value>
Command Descriptions
Table 1: Ports Configuration Commands
Command Description
Command Description
default-vlan <vlan-id> Specifies the default VLAN for the port (only one
default VLAN allowed per port):
vlan-id: in the range of <14094>
1
no default-vlan Restores to default
flow-control Controls the amount of data sent from the
transmitting port to the receiving port (also called
Flow Control Mode).
Disabled
no flow-control Restores to default
NOTE
The command is applied only on
port selected to be a SAP port in
VPLS services.
Disabled
no self-egress-filter Restores to default
shutdown Disables the port (the port no longer receives,
forwards, or learns)
no shutdown Enables the port
Command Description
Command Description
Table 3: Commands Used to Display and Clear Port Settings and Statistics
Command Description
show port [UU/SS/PP] [statistics | Displays the status and configuration of all ports
detailed] or a specific port:
UU/SS/PP: (optional) 1/1/1-1/1/4
and 1/2/1-1/2/8
statistics: (optional) displays
port statistics and packet counters
detailed: (optional) displays
detailed configuration information
for the port
Unicast, multicast and broadcast statistics
count packets with size less than or equal to
1518 bytes.
Oversize counter counts packets with size
bigger than 1518 bytes.
show router interface name { outBand0 | Displays the status and configuration of the
loN | swN} selected interface:
outBand0: an Ethernet network
interface
loN: an internal logical loopback
IP-interface. N: in the range of
<09>
swN: an IP interface number in the
range of <09999>
show router interface statistics Displays interface statistics and packet counters
Command Description
-------------------------------------------------------------------------------
Default VLAN : 1 MTU[Bytes] : 12000
MAC Learning : enabled Self egress filter : enabled
LAG ID : N/A
===============================================================================
LAG Configuration
You can configure both static and dynamic LAGs simultaneously, assuming the following
restrictions:
Both static and dynamic LAGs receive unique identifiers from the same LAG ID pool. Each
LAG, whether static or dynamic, must have its own LAG ID number.
Each port can only belong to a single LAG but that LAG can be either static or dynamic.
LACP Modes
LACP has two operational modes:
Active: When active, the port can start LACP negotiation and as a result form a link with
another device. The other device can be either active or passive.
Passive: The port does not start LACP negotiation.
LACP Parameters
The following factors define the ability of a port to aggregate with other ports:
Physical characteristics such as, data transfer rate, duplex capability, and medium type
User-defined configuration constraints
To use LACP, define the following parameters:
1. Enter the System ID. The System ID identifies the LACP system negotiating with other
LACP systems. The System ID is always the MAC address for the device.
2. Define System Priority. System priority, along with port priority, provides the means for
connected LACP ports to determine dynamically an exchange policy.
3. Enter the Administrative key to define the ability of the port to aggregate with other ports.
4. Define port priority. Port and system priority work together so that connected LACP ports
can dynamically determine an exchange policy.
5. Enable the LACP.
NOTE
When enabled, LACP attempts to group the maximum of eight compatible ports in a
LAG. However, if LACP is unable to aggregate compatible ports (for example, due
to remote device limitations), these ports remain in a hot standby state to be used
when one of the channeled ports fail.
Multi-System/Multi-Server LAG
Multi-System/Multi-Server link aggregation (MS-LAG) enables a device to form a logical LAG
with two or more other devices. MS-LAG is an extension of the regular LAG functionality that
provides additional benefits over traditional LAG:
provide redundancy level that including two sub-LAGs (see the below diagram)
more bandwidth available to the client in Active-Active configurations
fast failure detection using physical link failure detection or OAM over L2, where OAM over
VPLS/MPLS is not available
loop-free Layer 2 network without running Spanning Tree Protocol (STP).
On one end of MS-LAG is a MS-LAG client device that has one or more physical links in a link
aggregation group (Sub-LAG). This client device does not need to be aware of MC-LAG. On the
other side of MS-LAG are two MS-LAG server devices. Each of these server devices has one or
more physical links connected to a single client device. The server devices need to have specific
identical configuration to ensure that data traffic is forwarded properly. This configuration includes
LACP ID, port priority, and LACP administrative key.
Sub-LAGs work in Dynamic Active-Standby Sub-LAG mode. If only one Sub-LAG is defined, it is
always considered as Active Sub-LAG. If two Sub-LAGs are defined, then during the LAG
operation, based on Sub-LAG weight (total priority of ports members of the Sub-LAG) or the
number of ports, a Sub-LAG contains, one Sub-LAG is considered Active and the other is
considered Standby.
LAG Commands
In this section, the command hierarchy used by LAGs is defined. Also presented is a list of useable
commands and configuration examples.
Command Hierarchy
device-name#
+ config terminal
+ ethernet
+ [no] lag
- [no] distribution-type {L2 | L3 | L4 | mpls }
+ [no] lag-id agN
- [no] description DESCRIPTION
- [no] lacp enable
- lacp mode {active | passive}
- [no] lacp administrative-key <number>
- [no] lacp id <number>
- [no] lacp marker {disable | enable}
- [no] lacp priority <number>
- [no] lacp fast-rate
+ [no] port UU/SS/PP
- [no] priority <number>
- [no] sub-lag {1 | 2}
- [no] lacp selection-criteria {highest-count |
highest-weight}
- [no] lacp tx-on-standby
- [no] lacp force-active {1 | 2}
- show ethernet lag
- show ethernet lag lag-id agN [details | statistics]
- clear lag [lag-id agN] statistics
Command Descriptions
Table 4: LAGs Commands
Command Description
Command Description
lag-id agN
Command Description
port UU/SS/PP
Command Description
Example:
Device-name(config)#ethernet
Device-name(config-ethernet)#lag lag-id ag1
Device-name(config-lag-id-ag1)#port 1/1/1
Device-name(config-port-1/1/1)#port 1/1/2
Device-name(config-port-1/1/2)#port 1/1/3
Device-name(config-port-1/1/3)#exit
Device-name(config-lag-id-ag1)#lacp enable
Device-name(config-lag-id-ag1)#lacp fast-rate
Device-name(config-lag-id-ag1)#lacp administrative-key 5
Device-name(config-lag-id-ag1)#exit
Device-name(config-lag)#distribution-type L4
Device-name(config-lag)#commit
Commit complete.
Device-name(config-lag)#end
Device-name#show running-config ethernet lag
ethernet
lag
distribution-type L4
lag-id ag1
lacp enable
lacp administrative-key 5
lacp fast-rate
port 1/1/1
!
port 1/1/2
!
port 1/1/3
!
!
!
!
Configuring Device 1:
In the following example ports 1/1/1, 1/1/2, 1/1/3, and 1/1/4 are added respectively to LAG
ag1 and ag2 on which LACP is enabled.
1. Define LAGs ag1 and ag2. Add relevant ports to both LAGs:
device-name(config)#ethernet
device-name(config-ethernet)#lag lag-id ag1
device-name(config-lag-id-ag1)#port 1/1/1
device-name(config-port-1/1/1)#port 1/1/2
device-name(config-port-1/1/2)#exit
device-name(config)#ethernet
device-name(config-ethernet)#lag lag-id ag2
device-name(config-lag-id-ag2)#port 1/1/3
device-name(config-port-1/1/3)#port 1/1/4
device-name(config-port-1/1/4)#exit
Operational Status: up
System ID: 00a012c204a1
System Priority: 32768
Administrative Key: 1
LACP: enabled
LACP Mode: active
LACP interval: fast
LACP transmit on stdby: disabled
Selection criteria: highest-weight
Forced active sublag: -
Time since last failover: 1h-12m-19s
Marker protocol: disabled
----------------------------------------------------------------------
Port Admin Oper Priority Sublag Aggregation Active/
Id Status Status Status Standby
----------------------------------------------------------------------
1/1/1 up up 32768 1 active active
1/1/2 up up 32768 1 active active
----------------------------------------------------------------------
----------------------------------------------------------------------
Port Admin Oper Priority Sublag Aggregation Active/
Id Status Status Status Standby
----------------------------------------------------------------------
1/1/3 up up 32768 1 active active
1/1/4 up up 32768 1 active active
----------------------------------------------------------------------
Configuring Device 2:
In the following example ports 1/1/1 and 1/1/2 are added to LAG ag1 on which LACP is enabled.
1. Define LAG ag1. Add relevant ports to the LAG:
device-name(config)#ethernet
device-name(config-ethernet)#lag lag-id ag1
device-name(config-lag-id-ag1)#port 1/1/1
device-name(config-port-1/1/1)#port 1/1/2
device-name(config-port-1/1/2)#exit
----------------------------------------------------------------------
Port Admin Oper Priority Sublag Aggregation Active/
Id Status Status Status Standby
----------------------------------------------------------------------
1/1/1 up up 32768 1 active active
1/1/2 up up 32768 1 active active
----------------------------------------------------------------------
Configuring Device 3:
In the following example ports 1/1/3 and 1/1/4 are added to LAG ag2 on which LACP is
enabled.
1. Define LAG ag2. Add relevant ports to the LAG:
device-name(config)#ethernet
device-name(config-ethernet)#lag lag-id ag2
device-name(config-lag-id-ag2)#port 1/1/3
device-name(config-port-1/1/3)#port 1/1/4
device-name(config-port-1/1/4)#exit
Commit complete.
----------------------------------------------------------------------
Port Admin Oper Priority Sublag Aggregation Active/
Id Status Status Status Standby
----------------------------------------------------------------------
1/1/3 up up 32768 1 active active
1/1/4 up up 32768 1 active active
----------------------------------------------------------------------
LACP: enabled
LACP Mode: active
LACP interval: slow
LACP transmit on stdby: enabled
Selection criteria: highest-weight
Forced active sublag: -
Time since last failover: 55m-28s
Marker protocol: disabled
----------------------------------------------------------------------
Port Admin Oper Priority Sublag Aggregation Active/
Id Status Status Status Standby
----------------------------------------------------------------------
1/2/1 up up 16384 1 active active
1/2/2 up up 16384 1 active active
----------------------------------------------------------------------
Server_device_2(config-ethernet)#lag
Server_device_2(config-lag)#lag-id ag1
Server_device_2(config-lag-id-ag1)#lacp enable
Server_device_2(config-lag-id-ag1)#lacp administrative-key 5
Server_device_2(config-lag-id-ag1)#lacp id 00:11:22:33:44:55
Server_device_2(config-lag-id-ag1)#port 1/2/1
Server_device_2(config-port-1/2/1)#priority 16384
Server_device_2(config-port-1/2/1)#port 1/2/2
Server_device_2(config-port-1/2/2)#priority 16384
Server_device_2(config-port-1/2/2)#commit
Server_device_2(config-port-1/2/2)#end
LACP: enabled
LACP Mode: active
LACP interval: slow
LACP transmit on stdby: enabled
Selection criteria: highest-weight
Forced active sublag: -
Time since last failover: 55m-28s
Marker protocol: disabled
----------------------------------------------------------------------
Port Admin Oper Priority Sublag Aggregation Active/
Id Status Status Status Standby
----------------------------------------------------------------------
1/2/1 up up 16384 1 failed failed
1/2/2 up up 16384 1 failed failed
----------------------------------------------------------------------
Client_device(config-port-1/2/4)#commit
LACP: enabled
LACP Mode: active
LACP interval: slow
LACP transmit on stdby: enabled
Selection criteria: highest-weight
Forced active sublag: -
Time since last failover: 35m-39s
Marker protocol: disabled
----------------------------------------------------------------------
Port Admin Oper Priority Sublag Aggregation Active/
Id Status Status Status Standby
----------------------------------------------------------------------
1/2/1 up up 32768 1 active active
1/2/2 up up 32768 1 active active
1/2/3 up up 32768 2 stdby-selected standby
1/2/4 up up 32768 2 stdby-selected standby
Resilient Links
Resilient links protect critical links and prevent network downtime. A resilient link consists of a
main link and a standby (backup) link that together form a resilient-link pair. Under normal
network conditions, the main link carries network traffic. In case of signal loss, the device
immediately switches to the standby link. There is no session timeout since switchover to the
standby link occurs in less than one second.
If the main link has a higher bandwidth than its standby or if the main link is configured as a
preferred link, the device switches traffic back to the main link as soon as the connection recovers.
Otherwise, you must manually switch traffic back to the main link.
Command Hierarchy
device-name#
+ config terminal
+ ethernet
+ [no] resilient-link resN
- backup-mode {standby | shutdown}
- backup-port UU/SS/PP
- primary-port UU/SS/PP
Command Descriptions
Table 5: Resilient Links Commands
Command Description
Configuration Example
In the following example ports 1/1/1 and 1/1/2 define a resilient-link pair res1.
1. Enter the Configuration mode of resilient link res1:
device-name(config-ethernet)#resilient-link res1
Traffic Storm-Control
The traffic storm-control feature prevents LAN ports from being disrupted by a broadcast,
multicast, and/or unicast traffic storm. This mechanism regulates the rate at which devices forward
the traffic. Traffic storm-control monitors incoming traffic rates over a 1-second storm-control
interval and, compares this traffic rate with the traffic storm-control rate that you configure. When
the port threshold is met, all incoming traffic on the port is dropped.
Storm-Control Commands
Commands Hierarchy
device-name#
+ config terminal
+ ethernet
+ [no] storm-control
+ [no] port UU/SS/PP
- [no] traffic-type broadcast [rate-threshold
<rate>]
- [no] traffic-type multicast [rate-threshold
<rate>]
- [no] traffic-type unknown [rate-threshold <rate>]
- [no] traffic-type all [rate-threshold <rate>]
- [no] shutdown
- show ethernet storm-control {in-use | port}
Commands Descriptions
Table 6: Descriptions of the Storm-Control Commands
Command Description
Command Description
Command Description
Ethernet Port IEEE 802.3 Ethernet Public MIBs: RFC 2863 The
IEEE 802.3u Fast RFC 1213, Interfaces Group MIB
Ethernet Management (configL2IfaceTable
Information Base for and interface table)
IEEE 802.3x Flow
Control Network Management
of TCP/IP-based
IEEE 802.3z Gigabit
internets: MIB-II
Ethernet
(interface table and
configL2IfaceTable)
RMON MIB
Private MIB, PRVT-
SWITCH-MIB.mib
Link Aggregation IEEE 802.3ad Private MIB, Not supported
Groups (LAGs) PRVT-PORTS-
AGGREGATION-
MIB.mib
Resilience Links Not supported Private MIB, Not supported
PRVT-RESILIENT-
LINK-MIB.mib
List of Tables 1
Super VLANs 11
Super VLAN Types11
Super-VLAN Commands 13
Table of Figures
Figure 1: IEEE 802.1Q Frame Tag Structure .................................................................................... 4
Figure 2: VLANs in Ingress Traffic ..................................................................................................... 5
Figure 3: VLANs in Egress Traffic ...................................................................................................... 5
Figure 4: VLAN Configuration Flow .................................................................................................. 7
Figure 5: Switching Decisions without the Super VLAN Agent ................................................... 11
Figure 6: Switching Decisions with the Super VLAN Agent......................................................... 11
Figure 7: Super VLAN Ring Mode Configuration Example ......................................................... 12
List of Tables
Table 1: VLAN Commands .................................................................................................................. 8
T-Marc3312SC/T-Marc3312SCH
VLAN Tagging
The VLAN Tagging Standard, IEEE 802.1Q, requires packets to be tagged at the port with a
unique VLAN ID. An Ethernet Frame, tagged with a VLAN ID inserted into the header,
associates that frame with a specific VLAN. Tagged packets cannot be shared between VLANs
with different VLAN IDs.
VLAN tagging makes it possible for a port that interconnects devices to carry traffic for multiple
VLANs over the same physical connection.
A port can belong to one or more VLANs. However, only one VLAN can be defined as the
default for that port. Initially, all device ports are defined as members of a VLAN named Default
with a default VLAN value of one (1).
Ingress Traffic
The following flow diagram shows how the combination of VLAN membership and default
VLAN definition for the port has a direct effect on incoming (ingress) traffic. When the port
receives tagged packets and the port is a member of the VLAN, the packets are redirected to
ports that are members of the same VLAN. If not a member of the VLAN, the port drops the
tagged packets. For untagged packets, the port adds a VLAN tag according to its default
VLAN ID and then processes as usual.
Egress Traffic
For each VLAN, a member port is further defined as being either a tagged or untagged member
which has a direct effect on outgoing (egress) traffic:
If the port is an untagged member of a VLAN, the port removes the VLAN ID before
forwarding frames for that VLAN.
If the port is a tagged member of a VLAN, the port forwards frames with the VLAN ID as is.
Management VLAN
The Management VLAN controls device management. By connecting to any port assigned to the
Management VLAN, the device administrator can:
Enter Command Line Interface (CLI) commands to the device using SSH or Telnet (Telnet is
disabled by default)
Monitor and manage the device using the SNMP protocol
Use device pinging to troubleshooting connections
Upload/download files, such as software images, using TFTP and FTP file transfer protocols
Direct log messages to a Syslog Server in the same VLAN
The Management VLAN also isolates the management IP address of the device from data traffic
passing through the device to prevent unauthorized access and malicious attacks.
VLAN Commands
This section describes the command hierarchy for a Virtual Local Area Network (VLAN) as well as
command descriptions and a configuration example.
Command Hierarchy
NOTE
For more information on the range option, refer to chapter Using CLI of this User
Guide.
device-name#
+ config terminal
+ [no] vlan [VLAN-NAME] <vlan-id>
- [no] cpu
- [no] tagged {UU/SS/PP | PORT-RANGE}
- [no] name VLAN-NAME
- [no] untagged {UU/SS/PP | PORT-RANGE}
- [no] management
- [no] routing-interface swN
- show vlan [[detailed] id <vlan-id>
Command Descriptions
Table 1: VLAN Commands
Command Description
Command Description
Super VLANs
A Super Virtual Local Area Network (VLAN) further divides members of one VLAN into
multiple, virtual broadcast domains known as sub-VLANs. In a Super VLAN, the system
administrator uses the same IPv4 subnet and default gateway IP address for all users in the same,
switched infrastructure resulting in decreased IPv4 address consumption and eliminating the need
for a dedicated IP subnet for each VLAN.
Each sub-VLAN is a broadcast domain isolated at Layer 2. Communication between members of
different VLANs uses the IP address of the Super VLAN virtual interface as the IP address of the
gateway. Because multiple VLANs share the same virtual interface IP address, IP address usage is
minimized.
The following example illustrates traffic through the device without a Super VLAN. Traffic
entering the user device port is not restricted to the uplink port, therefore, all broadcast, unknown,
and multicast packets are spread across all VLANs on the device.
With Super VLAN configuration, the Super VLAN agent overrides switching/routing decisions
and instead directs traffic to the Super VLAN uplink port.
Super VLAN layer 2: Suitable for a Layer-2 switching environment, where the sub-VLANs and
Super VLAN share the same IP subnet mask. The Super VLAN provides enhanced security
between customers by disallowing communication between sub-VLANs regardless of whether
the sub-VLANs are on the same LAN.
Super VLAN ring topology: Suitable for ring topology networks using the Multiple Spanning
Tree Protocol (MSTP). Traffic flows either clockwise or counterclockwise. Both ports
connected to the ring are uplink ports, while the rest of the ports are referred to as user ports.
The Super VLAN uplink must be one of the two ports connected to the rest of the ring.
Use this topology when the Super VLAN port has to be the root port of the bridge. The
Super VLAN uplink-port is selected dynamically by the bridge between the two, uplink
ports. If a topology change occurs, the Super VLAN uplink changes automatically and the
new Root port is selected as a Super VLAN uplink port.
In the figure below, one of the clients connected to device D sends broadcast traffic. The
traffic travels counterclockwise only since the Super VLAN active uplink-port is the root
port. If the link between device B and A is disconnected, a topology change occurs and
Device D selects a new Super VLAN uplink-port. As a result, traffic flows clockwise only.
Dynamic Super VLAN takes effect on all the bridges, except for the root bridge since it
does not have a root port (only designated ports).
Super-VLAN Commands
This section describes the Super Virtual Local Area Network (VLAN) and provides both command
descriptions and a configuration example.
Command Hierarchy
device-name#
+ config terminal
+ [no] super-vlan {UU/SS/PP | agN}
+ [no] ring-ports {UU1/SS1/PP1 | agN1} {UU2/SS2/PP2 | agN2}
- [no] preferred-port {UU/SS/PP | agN}
- [no] vlan <vlan-id>
- [no] target-port {UU/SS/PP | agN}
- show super-vlan [ring-ports {UU1/SS1/PP1 | agN1} {UU2/SS2/PP2 | agN2}
active-port]
- show super-vlan
Command Descriptions
Table 2: Super-VLAN Commands
Command Description
Command Description
preferred-port {UU/SS/PP | agN} Selects a preferred uplink port for the Super-
VLAN ring-topology mechanism:
UU/SS/PP: 1/1/1-1/1/4 and 1/2/1-
1/2/8
agN: LAG ID. N is in the range of
<1-14>
no preferred-port Removes the selected uplink port
Command Description
Example
The below example demonstrates how to configure Super-VLAN mechanism for a network with a
ring topology:
1. Define an user port used by the Super-VLAN mechanism:
device-name(config)#super-vlan 1/1/1
device-name(config-super-vlan-1/1/1)#
-----------------------
1/1/2 1/1/3 1/1/2
Virtual LANs IEEE 802.1Q-1998 Public MIBs: No RFCs are supported by this
IEEE 802.1Q-2003 IEEE 802.1Q feature.
IEEE 802.1P Q-BRIDGE-
IEEE 802.1u-2001 MIB.mib
Super VLANs No standards are Private MIB, RFC 3069, VLAN Aggregation
supported by this PRVT-SUPER- for Efficient IP Address
feature. VLAN-MIB.mib Allocation
List of Tables 1
Table of Figures
Figure 1: TLS Service Configuration ....................................................................................................2
List of Tables
Table 1: Layer 2 Services Commands...................................................................................................5
Table 2: Mapping table between Dot1q working mode and possible C-VLAN (inner)
manipulations ........................................................................................................................................ 12
Table 3: Mapping table between Dot1q working mode, the management/management
c-vlan command, and ping packet tagging. ................................................................................. 13
T-Marc3312SC/T-Marc3312SCH
The new frame contains the original C-VLAN tag and the new S-VLAN tag.
A port configured to support TLS tunneling is known as a tunnel port. When you configure
tunneling, you assign a tunnel port to a VLAN that you dedicate to tunneling.
Three types of ports are defined on the network devices that are deployed by the service provider:
Residential port: a port that is connected to a user and does not participate in TLS. Packets that
are transmitted through this port have no tag added.
Access (SAP) port: a port that is connected to a user and participates in TLS. Packets that are
transmitted through this port have no tag added.
Core (SDP) port: a port that is connected to the service providers network. All packets that are
transmitted through this port are either control packets or packets with an additional tag. If the
packets arrive from an access (user) port the additional tag header will be added. If the packets
arrive from a residential port the additional tag header is not added.
An access port (SAP) receives tagged customer traffic from a port on the customer device. The
access port (SAP) leaves the C-VLAN tag intact and forwards the traffic to a SDP port. The SDP
port adds a second 2-byte EtherType field (0x8100) followed by a 2-byte field containing the
priority (CoS) and the VLAN.
After the traffic exits the provider network, the core port (SDP) now strips the 2-byte EtherType
field (0x8100) and the 2-byte length field and transmits the traffic with the C-VLAN tag still intact
to the customer device. The port on the customer device strips the S-VLAN tag and puts the traffic
into the appropriate customer VLAN.
Dot1q Services
Using the Dot1q Services, providers can tag two or more customers data streams with different S-
VLAN tags, when all the customer traffic is received on a single uplink port.
Any combinations of the above. The resulting VLAN scheme must allow the network to
distinguish between the various services and to perform the forwarding task correctly.
Refer to Mapping table between Dot1q working mode and possible C-VLAN (inner)
manipulations
tls <service-id>
Command Description
NOTE
Once you specify the C-VLAN, the C-
VLAN will be automatically created.
description <value> Specifies the TLS service description:
DESCRIPTION: a string of <1-29>
characters
no description Removes the TLS service description
Command Description
NOTE
Once you specify the S-VLAN, the S-
VLAN will be automatically created.
ethertype <value> Specifies the packet ethertype value of forwarded
packets:
value: valid values:
0x88A8 - Provider Bridging (IEEE 802.1ad)
0x8100 - VLAN-Tagged Frame
0x9100 - Q-in-Q
0x8100
no ethertype Restores to default
Command Description
of <1-4294967294>
description <value> Specifies the Dot1q service description:
DESCRIPTION: a string of <1-29>
characters
no description Removes the Dot1q service description
cpu Adds the CPU port to the specified Dot1q service
instance
no cpu Removes the CPU port from the Dot1q service
instance
sap {UU/SS/PP | agN}
Command Description
VLAN tag of the mentioned packets.
value: the valid values are 0 and
1. Frames with the DEI set to 1 are
more likely to be dropped than
frames with a DEI of 0.
no dei Preserves the original DEI value of the incoming,
to SAP, packets
priority <value> Specifies the VLAN Priority Tag (VPT) for
forwarded packets:
value: in the range of <0-7>
The new priority value affects the whole traffic
going out of the SDP port.
no priority Removes the selected VPT
sdp vlan <vlan-id> Specify the S-VLAN ID and enters the S-VLAN
Configuration mode:
vlan-id: in the range of <1-4094>
port {UU/SS/PP | agN}
Command Description
0x9100 - Q-in-Q
0x8100
no ethertype Restores to default
Command Description
SDP, packets
vpt <value> Specifies the VPT value of the outgoing, from
SDP, packets:
value: in the range of <0-7>
no vpt Preserves the original VPT value of incoming, to
SDP, packets
vlan-action {add | replace} Specifies the Do1q Tunneling working mode:
add: enters in add working mode
replace: enters in replace working
mode
NOTE
The vlan-action add command is
not applicable in case of untagged
SDP.
Replace
no vlan-action Restores to default
Command Description
show service tls [details [services Displays information about all currently configured
<service-id>]] TLS services:
details: (optional) displays
detailed information
services <service-id>: (optional)
displays detailed information about
specific services
Table 2: Mapping table between Dot1q working mode and possible C-VLAN (inner)
manipulations
Dot1q service works in Add working mode:
Format of packets, going out of SDP port with:
SAP type
inner-vlan-action add inner-vlan-action inner-vlan-action
replace delete
Qualified (tagged packets remain packets are tagged with packets are tagged
packets expected) unchanged S-VLAN and Inner- with S-VLAN tag only
VLAN tags
Unqualified
(tagged packets remain packets are tagged with packets are tagged
packets unchanged S-VLAN and Inner- with S-VLAN tag only
expected) VLAN tags
(untagged packets are tagged packets are tagged with packets are tagged
packets with S-VLAN and S-VLAN tag only with S-VLAN tag only
expected) Inner-VLAN tags
Untagged (untagged packets are tagged packets are tagged with packets are tagged
packets expected) with S-VLAN and S-VLAN tag only with S-VLAN tag only
Inner-VLAN tags
Qualified (tagged packets are tagged packets are tagged with packets are tagged
packets expected) with S-VLAN and S-VLAN tag only with S-VLAN tag only
Inner-VLAN tags
Unqualified
(tagged packets remain packets are tagged with packets are tagged
packets unchanged S-VLAN and Inner- with S-VLAN tag only
expected) VLAN tags
(untagged packets are tagged packets are tagged with packets are tagged
packets with S-VLAN and S-VLAN tag only with S-VLAN tag only
expected) Inner-VLAN tags
Untagged (untagged packets are tagged packets are tagged with packets are tagged
packets expected) with S-VLAN and S-VLAN tag only with S-VLAN tag only
Inner-VLAN tags
Qualified (tagged packets Ping packets are tagged Ping packets are tagged
expected) with C-VLAN tag with C-VLAN tag
Unqualified
(tagged packets Ping packets are untagged Ping packets are tagged
expected) with C-VLAN tag
(untagged packets Ping packets are untagged Ping packets are tagged
expected) with C-VLAN tag
In Replace working mode, the ping process cannot be performed on SAP when the
management c-vlan command is specified.
Qualified (tagged packets Ping packets are tagged with C-VLAN tag
expected)
Unqualified
Example 1
The following example demonstrates how to configure TLS service 1 on two devices.
======================================================
TLS Service details
======================================================
Service Id : 1
State : Up
Description : N/A
S-VLAN : 10
S-VLAN ethertype : 0x8100
SAPs Count : 5
SDPs Count : 1
------------------------------------------------------
|Service Id|SAP |SDP |
------------------------------------------------------
|1 |1/1/1:2: Up |1/1/2:10 Up |
|1 |1/1/1:3: Up | |
|1 |1/1/1:4: Up | |
|1 |1/1/1:5: Up | |
|1 |1/1/1:6: Up | |
======================================================
Example 2
The following example demonstrates how to configure dot1q service 1 on a device.
1. Configure Dot1q service 1:
Device-name(config)#service dot1q 1
Device-name(config-dot1q-1)#sap 1/1/1 c-vlan 6
Device-name(config-c-vlan-6)#exit
Device-name(config-sap-1/1/1)#exit
Device-name(config-dot1q-1)#sdp vlan 60 port 1/1/2
Device-name(config-port-1/1/2)#exit
Device-name(config-vlan-60)#exit
Device-name(config-dot1q-1)#no shutdown
Device-name(config-dot1q-1)#end
The following example demonstrates how to replace an outer tag (S-VLAN) of traffic encapsulated
in a dot1q service:
1. Configure Dot1q service with ID 1:
device-name(config)#
device-name(config)#service
device-name(config-service)#dot1q 1
2. Specify SAP port and customer VLAN ID, expected on port 1/1/1:
device-name(config-dot1q-1)#sap 1/1/1 c-vlan 10
device-name(config-c-vlan-10)#exit
device-name(config-sap-1/1/1)#exit
3. Specify SDP port and Service VLAN ID, used to replace the most outer VLAN tag (in case of
double tagging traffic.) In case of single tagging-will replace the only available tag:
device-name(config-dot1q-1)#sdp vlan 20
device-name(config-vlan-20)#port 1/1/2
device-name(config-port-1/1/2)#exit
device-name(config-vlan-20)#vlan-action replace
device-name(config-vlan-20)#exit
Example 4
The following example demonstrates how packets C-VLAN tag behaves when the packets go out
through SDP port. The Dot1q service works in Replace mode. The SAP port is defined as
Qualified (the expected traffic must be tagged with C-VLAN tag). On the SDP port, the expected
traffic will be double tagged with outer tag=S-VLAN tag and inner tag=configured inner VLAN 4
with VPT 4 and CFI bit 1.
1. Configure Dot1q service with ID 1:
device-name(config)#
device-name(config)#service
device-name(config-service)#dot1q 1
2. Configure S-VLAN and an action to be applied on the outgoing, from SDP, packets:
device-name(config-dot1q-1)#sdp vlan 10
device-name(config-vlan-10)#inner-vlan-action add
device-name(config-inner-vlan-action-add)#vlan-id 4
device-name(config-inner-vlan-action-add)#vpt 4
device-name(config-inner-vlan-action-add)#dei 1
device-name(config-inner-vlan-action-add)#port 1/1/2
device-name(config-port-1/1/2)#no shutdown
3. Specify SAP port and customer VLAN ID, expected on port 1/1/1:
device-name(config-port-1/1/2)#sap 1/1/1
device-name(config-sap-1/1/1)#c-vlan 5
device-name(config-c-vlan-5)#no shutdown
device-name(config-c-vlan-5)#commit
Example 5
The following example demonstrates how to perform device management using SDP port of
Dot1q service, working in add working mode with different priority on SDP port:
List of Tables 1
L2PT Commands 3
L2PT Commands Hierarchy 3
L2PT Commands Descriptions 5
Configuration Example 14
Table of Figures
Figure 1: Layer 2 Protocol Tunneling Configuration Flow .............................................................. 3
List of Tables
Table 1: L2PT Commands .................................................................................................................... 5
Table 2: Predefined Protocols ............................................................................................................ 11
Table 3: Default Multicast MAC Addresses (Tunnel MAC address)............................................ 12
T-Marc3312SC/T-Marc3312SCH
L2PT Commands
L2PT Commands Hierarchy
device-name#
+ config terminal
+ l2-tunneling
- global-tunnel-mac HH:HH:HH:HH:HH:HH
+ [no] profile {PROFILE-NAME | discard-all | tunnel-all |
tunnel-bpdu}
- [no] protocol PROTOCOL-NAME action {discard | tunnel}
+ [no] protocol PROTOCOL-NAME
- [no] ethertype <value>
- standard-mac HH:HH:HH:HH:HH:HH
- tunnel-mac HH:HH:HH:HH:HH:HH
- [no] use-global-tunnel-mac
- [no] shutdown
+ [no] service
+ [no] vpls <vpls-id>
+ [no] sap {{UU/SS/PP | agN}[:[igmp] | :[<vlan-id>]:[igmp]
| UU1/SS1/PP1:<ces-circuit>:{ces | ces-oos}}
- [no] tunnel-profile {PROFILE-NAME | discard-all |
tunnel-all | tunnel-bpdu}
+ [no] tls <service-id>
+ [no] sap {UU/SS/PP | agN}
+ [no] c-vlan {<cvlan-id> | all | untagged}
- [no] tunnel-profile {PROFILE-NAME | discard-
all | tunnel-all | tunnel-bpdu}
+ [no] sdp s-vlan <svlan-id>
+ [no] port {UU/SS/PP | agN}
- [no] tunnel-profile {PROFILE-NAME | discard-
all | tunnel-all | tunnel-bpdu}
+ [no] dot1q <service-id>
+ [no] sap {UU/SS/PP | agN}
+ [no] c-vlan {<cvlan-id> | all | untagged}
- [no] tunnel-profile {PROFILE-NAME | discard-
all | tunnel-all | tunnel-bpdu}
+ [no] sdp s-vlan <svlan-id>
+ [no] port {UU/SS/PP | agN}
- [no] tunnel-profile {PROFILE-NAME | discard-
all | tunnel-all | tunnel-bpdu}
- show l2-tunneling profiles
- show l2-tunneling protocols
- show l2-tunneling statistics
- clear l2-tunneling statistics
Command Description
Command Description
sap {{UU/SS/PP | agN}[:[igmp] Adds a client port to a specific VPLS instance and
| :[<vlan-id>]:[igmp] | specifies the SAP attributes:
UU1/SS1/PP1:<ces-
circuit>:{ces | ces-oos}} UU/SS/PP: the corresponding
physical port (unit, slot and port)
defined as SAP.(can be obtained
from the show port command)
The valid port range is:
UU/SS/PP: 1/1/1-1/1/4, 1/2/1-1/2/8
NOTE
CLI accepts multiple
definitions of unqualified
SAP, i.e: UU/SS/PP, UU/SS/PP:
or UU/SS/PP::. All definitions
result in UU/SS/PP::.
CLI accepts multiple
definitions of qualified SAP,
i.e: UU/SS/PP:vlan-id or
UU/SS/PP:vlan-id:. All
definitions result in
UU/SS/PP:vlan-id:.
agN: LAG ID. N is in the range of
<1-14>
vlan-id: (optional) in the range of
<1-4094>
igmp: (optional) indicates the
traffic type for the SAP port
UU1/SS1/PP1: CES WAN port, facing
the packet processor. The valid
values are: 1/3/9.
ces-circuit: circuit ID in the
range of <1-64>
ces: for circuits carrying data
packets
ces-oos: for circuits carrying
control packets
For more details refer to Configuring Circuit
Emulation Services (CES) of this User Guide
Command Description
Command Description
NOTE
Once you specify the C-VLAN, the C-
VLAN will be automatically created.
no c-vlan {<cvlan-id> | all Removes the defined C-VLAN:
| untagged}
cvlan-id: in the range of <1-4094>
all: tunnels all the traffic
untagged: tunnels the untagged
traffic only
Command Description
all-brs Specifies that PDUs intended for the reserved MAC address
used exclusively by All Bridges are tunneled/discarded
NOTE
The global-tunnel-mac command is not
applicable for All-brs protocols.
other Specifies that PDUs intended for MAC addresses from the
bridge block that are not related to specific protocols are
tunneled/discarded.
NOTE
The global-tunnel-mac command is not
applicable for other protocols.
dot1x IEEE 802.1x standard
efm-oam Ethernet in the First Mile-Operations, Administration and
Maintenance standard
e-lmi Enhanced Local Management Interface
garp Generic Attribute Registration Protocol
NOTE
The global-tunnel-mac command is not
applicable for GARP protocol.
lacp Link Aggregation Protocol
lldp Link Layer Discovery Protocol
pvst Per-VLAN Spanning Tree (PVST) maintains a spanning tree
instance for each VLAN configured in the network. Since
PVST treats each VLAN as a separate network, it has the
ability to load balance traffic (at Layer 2) by forwarding some
VLANs on one link and other VLANs on another link without
causing a spanning tree loop.
pb-stp Provider Bridge Spanning Tree Protocol.
NOTE
The global-tunnel-mac command is not
applicable for PB-STP protocol.
stp Spanning Tree Protocol
cdp The Cisco Discovery Protocol (CDP) is a proprietary Data
Link Layer protocol developed by Cisco Systems. It is used to
share information about other directly connected Cisco
equipment.
dtp The Dynamic Trunking Protocol (DTP) is a proprietary
networking protocol developed by Cisco Systems for the
purpose of negotiating trunking on a link between two VLAN-
aware switches, and for negotiating the type of trunking
encapsulation to be used.
Protocol Description
xSTP 01-A0-12-FF-FF-00
LACP/LAMP 01-A0-12-FF-FF-02
Link OAM (802.3ah) 01-A0-12-FF-FF-02
Port Authentication (802.1x) 01-A0-12-FF-FF-03
E-LMI 01-A0-12-FF-FF-07
LLDP (802.1AB) 01-A0-12-FF-FF-0E
Bridge block of protocols 01-A0-12-FF-FF-0X
NOTE
X denotes a random digit from 0 to F. If found
in the original MAC, the digit is preserved in
the replacement MAC.
All Bridges 01-A0-12-FF-FF-10
GARP Block of protocols 01-A0-12-FF-FF-2X
NOTE
X denotes a random digit from 0 to F. If found
in the original MAC, the digit preserved in the
replacement MAC.
Provider bridge STP 01-A0-12-FF-FF-08
PVST 01-A0-12-CC-CC-CD
CDP 01:A0:12:CC:CC:CC
DTP 01:A0:12:CC:CC:CC
PAGP 01:A0:12:CC:CC:CC
UDLD 01:A0:12:CC:CC:CC
VTP 01:A0:12:CC:CC:CC
When you configure the destination MAC address for encapsulated PDUs, you must leave the last
byte of the MAC address for protocols Bridge block of protocols and GARP Block of protocols as default
values:
00for Bridge block of protocols
20for GARP Block of protocols
Example:
device-name#show running-config l2-tunneling
l2-tunneling
shutdown
global-tunnel-mac 01:00:0c:cd:cd:d0
protocol cdp
standard-mac 01:00:0c:cc:cc:cc
tunnel-mac 01:a0:12:cc:cc:cc
!
protocol dtp
standard-mac 01:00:0c:cc:cc:cc
tunnel-mac 01:a0:12:cc:cc:cc
!
protocol stp
standard-mac 01:80:c2:00:00:00
tunnel-mac 01:a0:12:ff:ff:00
!
protocol vtp
standard-mac 01:00:0c:cc:cc:cc
tunnel-mac 01:a0:12:cc:cc:cc
!
protocol garp
standard-mac 01:80:c2:00:00:20
tunnel-mac 01:a0:12:ff:ff:20
!
protocol lacp
standard-mac 01:80:c2:00:00:02
tunnel-mac 01:a0:12:ff:ff:02
ethertype 0x8809
!
!
protocol lldp
standard-mac 01:80:c2:00:00:0e
tunnel-mac 01:a0:12:ff:ff:0e
ethertype 0x88cc
!
protocol pagp
standard-mac 01:00:0c:cc:cc:cc
tunnel-mac 01:a0:12:cc:cc:cc
!
protocol pvst
standard-mac 01:00:0c:cc:cc:cd
tunnel-mac 01:a0:12:cc:cc:cd
!
protocol udld
standard-mac 01:00:0c:cc:cc:cc
tunnel-mac 01:a0:12:cc:cc:cc
!
protocol dot1x
standard-mac 01:80:c2:00:00:03
tunnel-mac 01:a0:12:ff:ff:03
ethertype 0x888e
!
protocol e-lmi
standard-mac 01:80:c2:00:00:07
tunnel-mac 01:a0:12:ff:ff:07
ethertype 0x88ee
!
protocol other
standard-mac 01:80:c2:00:00:00
tunnel-mac 01:a0:12:ff:ff:00
!
protocol pb-stp
standard-mac 01:80:c2:00:00:08
tunnel-mac 01:a0:12:ff:ff:08
!
protocol all-brs
standard-mac 01:80:c2:00:00:10
tunnel-mac 01:a0:12:ff:ff:10
!
protocol efm-oam
standard-mac 01:80:c2:00:00:02
tunnel-mac 01:a0:12:ff:ff:02
ethertype 0x8809
!
Configuration Example
1. Enable Layer 2 protocol tunneling (L2PT):
device-name(config)#l2-tunneling
device-name(config-l2-tunneling)#no shutdown
device-name(config-l2-tunneling)#commit
4. Define SAP on ports 1/1/1. Apply tunnel profile tunnel-all on the SAP:
device-name(config-tls-5)#sap 1/1/1
device-name(config-sap-1/1/1)#c-vlan all
device-name(config-c-vlan-all)#tunnel-profile tunnel-all
5. Define SDP on a port 1/1/2. Apply tunnel profile STP on the SDP:
device-name(config-c-vlan-all)#sdp s-vlan 10
device-name(config-s-vlan-10)#port 1/1/2
device-name(config-interface-1/1/2)#tunnel-profile stp
device-name(config-interface-1/1/2)#commit
Commit complete.
List of Tables 2
Overview 3
Cisco Compliance 21
IEEE 802.1s-Compliant vs. Cisco-Compliant BPDUs 21
xSTP Commands 26
Commands Hierarchy26
Commands Descriptions 27
Configuration Examples 35
Example 1 35
Example 2 43
Fast Ring Configuration Example 46
Fast Ring with Border Bridge Configuration Example 50
Table of Figures
Figure 1: The Spanning Tree Port States ............................................................................................ 6
Figure 2: Topology Change ................................................................................................................... 7
Figure 3: Topology Change with TC Message ................................................................................... 8
Figure 4: BPDU Message Age Parameter ........................................................................................... 8
Figure 5: Calculating the Diameter ...................................................................................................... 9
Figure 1: Proposal and Agreement Handshaking for Rapid Convergence .................................. 13
Figure 2: Sequence of Events during Rapid Convergence ............................................................. 14
Figure 3: RSTP BPDU Flags .............................................................................................................. 15
Figure 6: MSTP within a Region ........................................................................................................ 16
Figure 7: MSTP in Ring Topology in a Link-Down Event ............................................................ 19
Figure 8: MSTP in Ring Topology with a Device in Link-Down Event ..................................... 20
Figure 9: Schematic MSTI Configuration ......................................................................................... 35
Figure 10: Link Failure between Two Devices................................................................................. 43
Figure 11: Fast Ring Topology ........................................................................................................... 46
Figure 12: Fast Ring Topology ........................................................................................................... 50
List of Tables
Table 1: STP States ................................................................................................................................. 5
Table 2: STP Timers............................................................................................................................... 8
Table 3: MSTI Parameters................................................................................................................... 16
Table 4: BiNOX BPDU Parsed According to IEEE 802.1s ......................................................... 22
Table 5: Cisco BPDU Parsed by a Telco Systems Device.............................................................. 23
Table 6: Configuration Commands.................................................................................................... 27
Table 7: MSTP Link-types................................................................................................................... 34
Table 8: Default Path Cost Configuration (IEEE802.1s)............................................................... 34
T-Marc3312SC/T-Marc3312SCH
Overview
The following standards are employed in Telco Systems ring topology management:
Spanning Tree Protocol Description
Rapid Spanning Tree Protocol (RSTP) Rapid Spanning Tree Protocol reduces the time
based on IEE Std. 802.1w needed to update and reconfigure network
topology routes by proactive monitoring of port link
status. RSTP performs the roles assigned to the
STP protocol considerably faster by utilizing point
topoint wiring to provide rapid convergence of the
spanning tree.
The RSTP algorithm creates a dynamic tree that
efficiently directs packets to their destinations and
reduces a bridged network to a single, spanning
tree topology. With RSTP, the tree can be
reconfigured in less than one second. Redundant
connections can be reactivated in the event of link
or device failure.
Multiple Spanning Tree Protocol (MSTP) The Multiple Spanning Tree Protocol (MSTP)
based on IEE Std. 802.1s improves upon RSTP by giving users the ability to
group and associate VLANs to forwarding paths
known as Multiple Spanning Tree Instances
(MSTI). In a VLAN environment, MSTP ensures
load balancing as well as rapid convergence.
Each MSTI is an RSTP instance with its own,
independent topology that is applied on a
predefined set of VLANs.
MSTP includes all of its spanning tree information
in a single BPDU format to reduce the number of
BPDUs required on a LAN to communicate
spanning tree information for each instance.
In the following sections, specific information is provided on each of the spanning tree protocols.
Select a Root Bridge In order to elect active paths within a network, STP first determines a
Root bridge. Each bridge within STP has a unique ID consisting of
the user-defined priority and MAC address for the bridge. The
protocol selects the bridge with the lowest ID as the Root.
The Root is the device used to calculate path cost by all other
devices. STP selects the path with the lowest cost between each
device to the Root as the active path and blocks all other redundant
paths.
Note: System administrators can alter the Bridge ID by configuring
the bridge priority and, as a result, control the probability of a bridge
becoming the Root.
Select a Designated After selecting the Root bridge, STP selects one Designated Bridge
Bridge per Network for each network segment. The Designated Bridge is closest to the
Segment Root and has a Designated port used to forward packets from the
segment to the Root Bridge.
Select the Root and As the final step, STP selects a Root Port (per bridge) that sends data
Alternate Ports towards the Root Bridge. In order to avoid loops, all other ports that
provide redundant paths to the Root Bridge are set as Alternate Ports.
These ports do not forward traffic unless the Root Port goes down.
Each bridge has only one Root Port, a single path toward the Root
bridge.
Blocking The port does not forward frames. The port moves to this state after the
initialization phase when a different device/port was elected as Root.
If there is only one device in the network, no exchange occurs, the forward-
delay timer expires, and the ports move to Listening state.
A port in the Blocking state:
Discards frames
Discards frames switched from another port for forwarding
Does not learn MAC addresses
Receives BPDUs
A Blocking port can enter the Listening or Disabled states.
Listening This is the first state a Blocking port transitions to when STP determines that
the port should participate in frame forwarding. The device processes
BPDUs and waits for possible new information that might cause the port to
return to the Blocking state.
A port in Listening state performs the same steps as Blocking state:
Discards frames
Discards frames switched from another port for forwarding
Does not learn MAC addresses
Receives BPDUs
From this state the port can enter Learning or Disabled states.
Learning The second state the port enters when preparing to participate in frame-
forwarding. The port does not yet forward frames. However the port learns
source addresses from received frames and adds those addresses to the
filtering database.
A port in Learning the state:
Discards frames
Discards frames switched from another port for forwarding
Learns MAC addresses
Receives BPDUs
From this state the port can enter Forwarding or Disabled states.
Forwarding The port forwards frames. The device processes BPDUs and waits for
possible new information that might cause the port to return to the Blocking
state to prevent a loop. A port in Forwarding state:
Receives and forwards frames
Forwards frames switched from other ports
Learns MAC addresses
Receives BPDUs
From this state the port can enter Disabled state.
Disabled A port in this state does not participate in frame forwarding and spanning
tree. The port performs the same steps as Blocking state but does not
receive BPDUs.
The following figure illustrates how a port moves through the states described in the previous table.
Note that during the topology change, Devices C and D are not aware of the change. Frames sent
from Computer 1 are forwarded to Device B and there is no connection between Computers 1 and
2 until the address table ages out.
To avoid connection loss caused by a topology change, STP implements a mechanism called
Topology Change Notification (TCN) to flush out device MAC addresses.
Hello timer The interval between two consecutive BPDUs a device sends to other
devices.
Forward-delay timer The time a port is in Listening and Learning states before the port begins
forwarding.
Maximum-age timer The time the device stores protocol information received on a port.
(MaxAge)
Message Age How far a device is from the Root when it receives a BPDU
The Message Age value of all BPDUs sent by the Root is zero. Each subsequent device increments
the Message Age value by one as illustrated in the following figure:
After receiving a new BPDU equal to or greater than the recorded information on the port, all
BPDU information is stored, and the age timer begins to run, starting at the message age. If this age
timer reaches MaxAge before receiving another BPDU, the information ages out for that port.
For example, in the above figure:
Device B and C receive a BPDU from Device A with message age value zero. On the port
going to Device A, it takes MaxAge seconds before the information ages out.
Device D and E receive a BPDU from Device B with message age value one. On the port
going to Device A, it takes MaxAge-1 seconds before the information ages out.
Device F receives a BPDU from Device E with message age value two. On the port going to
Device E, it takes MaxAge-2 seconds before the information ages out.
Based on these formulas, lowering the Hello timer value will decrease other STP parameter values.
However, the decrease will also double the number of BPDUs sent/received by each Brdige,
causing additional load on the CPU.
In order to create a loop-free environment and to provide rapid convergence, RSTP selects the
device with the highest priority as the root bridge, assigns port roles, and determines the active
topology. RSTP assigns a role to each bridge port throughout the bridged LAN:
Table 2: RSTP Port Role Assignments
Port Role Description
Root port Provides the best path (lowest cost) for packets forwarded from a device
to the root device.
A Root port is in Forwarding state.
Designated port Connects to the designated device that provides the best path for packets
forwarded from that LAN to the root device.
A Designated port is in Forwarding state.
Alternate port Offers an alternative path to the one provided by the current Root port.
Alternate ports are in Discarding state.
This role is equivalent to the STP Blocking state.
Backup port Acts as a backup for the path provided by a Designated port in the
direction of the spanning tree leaves (end nodes).
A Backup port exists only when two ports are connected together in a
loopback by a point-to-point link or when a device has two or more
connections to a shared LAN segment.
Backup ports are in Discarding state.
This role is equivalent to the STP Blocking state.
Disabled port Disabled ports do not participate in frame forwarding and are not
operational. These ports:
discard frames
discard frames switched from another port for forwarding
do not learn MAC addresses
do not receive BPDUs
Edge ports Edge ports are configured by users on RSTP enables devices. Once
configured, these ports immediately transit to Forwarding state.
NOTE
You should configure Edge ports only on ports
connected to end devices (such as hosts and printers).
Root ports When RSTP selects a new Root port, it blocks the old Root port and
immediately transitions the new Root port to Forwarding state.
Point-to-point links Point-to-point links are links directly connecting two devices.
When you connect two devices using a point-to-point link the Designated
port negotiates rapid transition with the remote port by using the
proposal-agreement handshake to ensure a loop-free topology.
The following figure shows a rapid convergence example. In this example, Devices A and B are
connected through a point-to-point link and all the ports are in blocking state. Assume that Device
As priority is higher than Device Bs. The proposal-agreement handshaking proceeds as follows:
Device A proposes itself as the designated device by sending a proposal message (a
configuration BPDU with the proposal flag set).
Device B reactions to the proposal message from Device A as follows:
Assigning the port on which the proposal message was received as its new Root port.
Forcing all non-edge ports to Discarding state to avoid loops.
Sending an agreement message to Device A (a BPDU with the agreement flag set)
through its new Root port.
Device A immediately transitions its designated port to the Forwarding state.
The same handshaking process is repeated for each device that joins the active topology,
progressing from the root toward the leaves of the spanning tree as the network converges.0.
If a Designated port is in Forwarding state and is not configured as an edge port, it transitions to
Discarding state when RSTP forces it to synchronize with new root information. When RSTP
forces a port to synchronize with root information and the port does not satisfy any of the above
conditions, it transitions to Discarding state.
After synchronizing all ports, the device sends an agreement message to the designated device
corresponding to its Root port. At this point RSTP immediately transitions the port states to
Forwarding.
The sequence of events is displayed in the following figure:
MSTP Region A collection of interconnected bridges that share the same MSTP
configuration. Devices in the same MST Region share the following
attributes:
Region name
Revision number of the region
MST InstancetoVLAN assignment map (each VLAN can be
mapped only to one instance)
MST Instances Each bridge in the MSTP region contains up to 16 MSTIs which act like
(MSTI) separate RSTP bridges for a specific set of configured VLANs. All MSTIs
within the same region share the same protocol timers, but each instance
has its own topology parameters, such as root-device ID, root path-cost,
and active topology. By manipulating these parameters, systems
administrator can modify the spanning tree topology (defining forwarding
and blocked ports) for the MSTI VLANs to achieve traffic load-balancing
within the region.
MSTIs are identified by their instance ID:
Instance 0: The Common Internal Spanning Tree (CIST) to which
all VLANs are mapped by default. This instance is obligatory and
cannot be removed.
Instances 115: User-configurable, optional instances, to which the
system administrator maps sets of VLANs.
Load balancing is supported only with the MST Region. The following figure illustrates load
balancing between two instances.
MSTI 1 Device C is the MST Root
The port on Device B connected to Device A is blocked
Traffic for VLANs 101200 flows between Device C and Device A
MSTI 2 Device B is the MST Root
The port on Device C connected to Device A is blocked
Traffic for VLANs 201300 flows between Device B and Device A
Outside the region, spanning tree information is carried by MST instance 0. The MST region can
participate in Common Spanning Tree (CST ) of legacy xSTP bridges and other MSTP regions
connected to the MST region.
This region is responsible for combining and forwarding all Internal Spanning Tree (IST)
information to the CST, handling CST information and setting roles for regional boundary ports.
As a consequence, each MSTP region acts as a single RSTP bridge within the CST topology.
In each region:
One boundary port, which can be the root port for the region, connects the region to the CST
Root bridge (the CIST Root). This port is called the Master port.
Boundary ports that provide alternative paths from the region to the CIST Root are blocked
(set to Alternative).
Boundary ports that provide connectivy to Designated LANs can be set as Designated ports.
Boundary Ports Connect the designated bridge (an SST bridge or a bridge with a
different MST configuration) to a LAN.
A designated port identifies itself as a boundary port (the boundary flag
is set) if it detects an STP bridge or receives an agreement message
from an RST or MST bridge with a different configuration.
The role of the MST ports at the boundary is not important since the
MST port is forced to take the same state as the IST port. The IST port
at the boundary can take any port role except backup.
Parameter Description
IST Master The IST master of an MST region is the bridge with the lowest bridge
identifier and the lowest path cost to the CST root.
If an MST bridge is the root bridge of the CIST in a region, then it is
the IST master of that MST region.
If the CST root is outside the MST region, then one of the MST
bridges at the boundary is selected as the IST master. Other
bridges on the boundary that belong to the same region eventually
block the boundary ports that lead to the root.
If two or more bridges have an identical path to the root, you can
set a lower bridge priority value to make a specific bridge the IST
master.
The root path-cost and message age inside a region stay constant.
However the IST path cost is incremented and the IST remaining hops
are decremented at each hop.
Regional Root The MSTI Regional root is the root bridge of each MSTI within a region.
In case of IST, it is the CIST Regional root. Therefore, the terms IST
Master and CIST Regional root are interchangeable.
Edge Ports An Edge Port is a port connected to a non-bridging device (for example,
a host or a device). A port that connects to a hub is also an edge port if
the hub or any LAN that is connected to it does not have a bridge.
An edge port can start forwarding as soon as its link is up.
Link-Type Rapid connectivity is established only on point-to-point links.
When connecting a port to another port through a point-to-point link, if
the local port becomes a designated port, RSTP negotiates a rapid
transition with the other port, using the proposal-agreement handshake
to ensure a loop-free topology.
By default, the link-type is automatically determined by the duplex state
of the port. However, when a half-duplex link is physically connected
point-to-point to a single port on a remote device running RSTP, you can
override the link-type default setting and enable rapid transitions to
Forwarding state.
Message Age and IST and MSTIs use a hop count mechanism similar to the IP time-to live
Hop Count (TTL) mechanism. Users can configure the maximum MST bridge hop
count.
The MSTI root bridge sends a BPDU (or M-record) with the remaining
hop count. The bridge receiving the BPDU (or M-record) decrements the
remaining hop count by one.
If after decrementing, the hop count reaches zero, the bridge discards
the BPDU and ages out the port information. Non-root bridges propagate
the decremented count as the remaining hop count in the BPDUs they
generate.
Port Priority The port priority determines the ports Forwarding state in case of a loop.
MSTP selects the port with the highest priority (lower priority value) first.
In case all ports have the same priority, MSTP selects the port with the
lowest number and blocks all other ports.
Parameter Description
Path Cost MSTP uses the path cost when selecting the forwarding port in case of a
loop.
The default path-cost for the port derives from its link speed. However,
you can define lower cost values to ports you want selected first and
higher cost values to ports you want selected last.
In case all ports have the same path cost value, MSTP selects the port
with the lowest number and blocks all other ports.
Fast Ring
Use this solution when all the devices in the ring are Telco Systems devices.
1. Select one bridge to be the root bridge: set the priority for this bridge to the lowest value (0).
To avoid instability, do not enable the Fast Ring feature on this bridge.
2. Configure all user ports as MSTP edge ports.
3. To optimize network performance, increment the priority value for the bridge as you draw
away from the root bridge.
Cisco Compliance
The device can be placed into Cisco-Compliant Mode, which changes the BPDU format to
conform to the standard adopted for Cisco devices. When the device is not in Cisco-Compliant
Mode, the root port is synchronized only if the port receives an agreement together with the
proposal flag from the designated port.
Cisco-Compliant Dump
01 80 c2 00 00 00 00 08 a3 37 f1 c1 00 84 42 42
03 00 00 03 02 68 60 00 00 07 eb d5 a2 00 00 00
00 00 60 00 00 07 eb d5 a2 00 80 01 00 00 14 00
02 00 0f 00 00 00 00 5a 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 64 b1 f4 bb 1f 3c
6d 4d a3 00 94 c1 11 b7 c0 92 60 00 00 07 eb d5
a2 00 00 00 00 00 14 00 01 69 60 01 00 07 eb d5
a2 00 00 00 00 00 60 01 00 07 eb d5 a2 00 80 01
14 00
ETH Dest. 01 80 c2 00 00 00
ETH Src 00 a0 12 11 29 92
ETH Len 00 89
LLC 42 42 03
Protocol Identifier 00 00
Protocol version Identifier 03
BPDU type 02
CIST Flags 4e
CIST Root Identifier 80 00 00 a0 12 11 29 92
CIST Ext. Path Cost 00 00 00 00
CIST Regional Root Identifier 80 00 00 a0 12 11 29 92
CIST Port Identifier 80 0b
Message age 00 00
MaxAge 14 00
Hello-time 02 00
Forward-delay 0f 00
Version 1 length (must be 0) 00
Version 3 length (Mrecords total length) 00 60
MSTI configuration Identifier (Key, 00 00 00 00 00 00 00 00 00 00 00 00
Revision, Name) 51 Bytes 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 01 60
b0 d3 6e cc e1 45 40 14 da 65 22 bd
08 f3 cd
CIST Internal Root Path Cost 00 00 00 00
CIST Bridge Identifier 80 00 00 a0 12 11 29 92
CIST Remaining hops 28
MSTI1
Flags 4e
MSTI Regional Root Identifier 80 01 00 a0 12 11 29 92
00 00 00 00
MSTI Internal root path cost
80
MSTI Bridge Priority
80
MSTI Port Priority
28
MSTI Remaining hops
MSTI2
Flags 4e
MSTI Regional Root Identifier 80 02 00 a0 12 11 29 92
00 00 00 00
MSTI Internal root path cost
80
MSTI Bridge Priority
80
MSTI Port Priority
28
MSTI Remaining hops
xSTP Commands
Commands Hierarchy
device-name#
+ config terminal
+ ethernet
+ spanning-tree
- [no] hold-count <value>
- [no] forward-delay <interval>
- [no] hello-time <interval>
- [no] learn-mode {none | standard | temporary-disabled}
- [no] max-age <interval>
+ [no] port {UU/SS/PP | agN}
- [no] bpdu-rx
- [no] bpdu-tx
- [no] cisco-compliant
- [no] detect-bpdu-loss
- [no] edge-port
- [no] edge-port-flush
- [no] link-type {auto | point-to-point | shared}
- [no] mstp instance-id <instance-id>
- [no] path-cost <cost>
- [no] priority <priority>
- [no] restricted-root
- [no] restricted-tcn
- [no] shutdown
- [no] priority <priority>
+ [no] protocol-fast-ring
- [no] border-bridge preferred-link {UU/SS/PP | agN}
- [no] ring-ports {UU1/SS1/PP1 | agN1} {UU2/SS2/PP2 |
agN2}
- [no] shutdown
+ [no] protocol-mstp
+ [no] instance <value>
- [no] priority <priority>
- [no] max-hops <hops>
- [no] region-name NAME
Commands Descriptions
Table 6: Configuration Commands
Command Description
Command Description
learn-mode {none | standard | Specifies the mode in which MAC addresses are
temporary-disabled} learned and flushed:
none: permanently disables
learning on non-edge/ring ports
standard: permanently enables
learning on non-edge/ring ports
temporally-disabled: enables
learning, except for cases where
an MSTP topology change occurs and
learning is temporarily disabled
Standard
no learn-mode Restores to default
Command Description
Command Description
Command Description
Command Description
Command Description
show ethernet mstp [cist port UU/SS/PP | Displays the MSTP port states and roles for
configuration | detailed | instance each instance :
<value> port UU/SS/PP]
cist port UU/SS/PP: (optional)
displays detailed MSTP
configuration of the selected port
detailed: (optional) displays
detailed information about MSTP
information vectors
configuration: (optional) displays
the current regions MSTP
configuration
instance <value> port UU/SS/PP:
(optional) displays MSTP instance
configuration on port
The port range is:
UU/SS/PP: 1/1/1-1/1/4 and 1/2/1-
1/2/8
show ethernet rstp [port UU/SS/PP | Displays the RSTP general information or RSTP
details] information per port:
details: (optional) displays
detailed information about MSTP
information vectors
port UU/SS/PP: (optional) displays
detailed RSTP configuration of the
selected port
The port range is:
UU/SS/PP: 1/1/1-1/1/4 and 1/2/1-
1/2/8
show ethernet stp [port UU/SS/PP | Displays the STP general information or STP
details] information per port:
details: (optional) displays
detailed information about MSTP
information vectors
port UU/SS/PP: (optional) displays
detailed STP configuration of the
selected port
The port range is:
UU/SS/PP: 1/1/1-1/1/4 and 1/2/1-
1/2/8
Admin Link-Type auto The device automatically manages the port's link-type. The
device considers the port connected to a point-to-point LAN
segment if any of the following conditions are met:
The MST algorithm determines that the LAN segment
operates in full duplex mode.
If you configure the port by management means to a
full duplex operation. Otherwise, consider the MAC to
be connected to a LAN segment that is not point-to-
point (shared media).
point-to-point Consider the device connected to a point-to-point LAN
segment that forces the operational link-type to be point-to-
point.
shared Consider the device connected to a shared media LAN
segment that forces the operational link-type to be shared.
Operational Link- If you configure Admin link-type to auto, then you can determine the value of
Type Operational link-type in accordance with the specific procedures defined for
the device entity, as defined in Admin link-type (auto).
If the port is connected to a point-to-point LAN segment, then Operational
link-type is set to point-to-point, otherwise it is set to shared.
In the absence of a specific definition of how to determine whether the
device is connected to a point-to-point LAN segment or not, the value of link-
type is shared.
Configuration Examples
Example 1
In the following example, four devices are connected via VLANs V100 and V200 that are mapped
to two MST instances on each device. The example shows the redundancy achieved with MSTP.
After configuring the network, use the show mstp command on each device to verify that the MST
instances are configured correctly.
Configuring Device 1:
1. Create VLANs V100 and V200 and add the appropriate ports to each VLAN:
Device1(config)#vlan default 1
Device1(config-vlan-1)#no untagged 1/1/1
Device1(config-vlan-1)#no untagged 1/1/2
Device1(config-vlan-1)#no untagged 1/1/3
Device1(config-vlan-1)#no untagged 1/1/4
Device1(config-vlan-1)#exit
Device1(config)#vlan v100 100
Device1(config-vlan-100)#tagged 1/1/1
Device1(config-tagged-1/1/1)#tagged 1/1/3
Device1(config-tagged-1/1/3)#exit
Device1(config-vlan-100)#untagged 1/1/4
Device1(config-untagged-1/1/4)#top
Device1(config)#port 1/1/4
Device1(config-port-1/1/4)#default-vlan 100
Device1(config-port-1/1/4)#exit
Device1(config)#vlan v200 200
Device1(config-vlan-200)#tagged 1/1/2
Device1(config-tagged-1/1/2)#tagged 1/1/3
Device1(config-tagged-1/1/3)#top
2. Enable MSTP:
Device1(config)#ethernet
Device1(config-ethernet)#spanning-tree protocol-mstp
Device1(config-protocol-mstp)#no shutdown
Configuring Device 2:
1. Create VLANs V100 and V200 and add the appropriate ports to each VLAN:
Device2#configure
Device2(config)#vlan default 1
Device2(config-vlan-1)#no untagged 1/1/1
Device2(config-vlan-1)#no untagged 1/1/2
Device2(config-vlan-1)#no untagged 1/1/3
Device2(config-vlan-1)#no untagged 1/1/4
Device2(config-vlan-1)#exit
Device2(config)#vlan v100 100
Device2(config-vlan-100)#tagged 1/1/1
Device2(config-tagged-1/1/1)#tagged 1/1/3
Device2(config-tagged-1/1/3)#top
Device2(config)#vlan v200 200
Device2(config-vlan-200)#tagged 1/1/2
Device2(config-tagged-1/1/2)#tagged 1/1/3
Device2(config-tagged-1/1/3)#exit
Device2(config-vlan-200)#untagged 1/1/4
Device2(config-untagged-1/1/4)#top
Device2(config)#port 1/1/4
Device2(config-port-1/1/4)#default-vlan 200
Device2(config-port-1/1/4)#exit
2. Enable MSTP:
Device2(config)#ethernet
Device2(config-ethernet)#spanning-tree protocol-mstp
Device2(config-protocol-mstp)#no shutdown
Device2(config-vlan-per-instance-2)#commit
Configuring Device 3:
1. Create VLANs V100 and V200 and add the appropriate ports to each VLAN:
Device3#configure
Device3(config)#vlan default 1
Device3(config-vlan-1)#no untagged 1/1/1
Device3(config-vlan-1)#no untagged 1/1/2
Device3(config-vlan-1)#no untagged 1/1/4
Device3(config)#vlan v100 100
Device3(config-vlan-100)#tagged 1/1/1
Device3(config-tagged-1/1/1)#tagged 1/1/2
Device3(config-tagged-1/1/2)#exit
Device3(config-vlan-100)#untagged 1/1/4
Device3(config-untagged-1/1/4)#top
Device3(config)#port 1/1/4
Device3(config-port-1/1/4)#default-vlan 100
Device3(config-port-1/1/4)#exit
Device3(config)#vlan v200 200
Device3(config-vlan-200)#tagged 1/1/2
Device3(config-tagged-1/1/2)#tagged 1/1/3
Device3(config-tagged-1/1/3)#exit
Device3(config-vlan-200)#untagged 1/1/4
Device3(config-untagged-1/1/4)#top
Device3(config)#port 1/1/4
Device3(config-port-1/1/4)#default-vlan 200
Device3(config-port-1/1/4)#exit
2. Enable MSTP:
Device3(config)#ethernet
Device3(config-ethernet)#spanning-tree protocol-mstp
Device3(config-protocol-mstp)#no shutdown
Configuring Device 4:
1. Create VLAN V200 and add the appropriate ports to each VLAN:
Device4#configure
Device4(config)#vlan default 1
Device4(config-vlan-1)#no untagged 1/1/1
Device4(config-vlan-1)#no untagged 1/1/2
Device4(config-vlan-1)#no untagged 1/1/4
Device4(config)#vlan v100 100
Device4(config-vlan-100)#tagged 1/1/1
Device4(config-tagged-1/1/1)#tagged 1/1/2
Device4(config-tagged-1/1/2)#exit
Device4(config-vlan-100)#untagged 1/1/4
Device4(config-untagged-1/1/4)#top
Device4(config)#port 1/1/4
Device4(config-port-1/1/4)#default-vlan 100
Device4(config-port-1/1/4)#exit
Device4(config)#vlan v200 200
Device4(config-vlan-200)#tagged 1/1/1
Device4(config-tagged-1/1/1)#tagged 1/1/2
Device4(config-tagged-1/1/2)#exit
Device4(config-vlan-200)#untagged 1/1/4
Device4(config-untagged-1/1/4)#top
Device4(config)#port 1/1/4
Device4(config-port-1/1/4)#default-vlan 200
2. Enable MSTP:
Device4(config-ethernet)#spanning-tree protocol-mstp
Device4(config-protocol-mstp)#no shutdown
CIST Information
VLANs mapped = 1..99,101..199,201..4094
Priority = 32768
Regional Root = 32768.00:A0:12:27:00:80
RemainingHopCount = 39
TimeSinceTopologyChange = 3039 (Sec)
TopChanges = 6
Border Bridge = Disabled
No active ports are mapped to the MSTI
MST 1
VLANs mapped = 100
Priority = 0
Regional Root = This bridge is the root
RemainingHopCount = 40
TimeSinceTopologyChange = 3039 (Sec)
TopChanges = 5
Border Bridge = disabled
==========================================================================
Port |Pri|Prt role|State|PCost |DCost |Designated bridge |DPrt
--------+---+--------+-----+---------+---------+------------------+-------
01/01/01 128 Designat frwrd 200000 0 00000.00A0122700C0 128.003
01/01/03 128 Designat frwrd 200000 0 00000.00A0122700C0 128.005
01/01/04 128 Designat frwrd 200000 0 00000.00A0120A0168 128.006
MST 2
VLANs mapped = 200
Priority = 32768
Regional Root = 00002.00:A0:12:27:14:20
RemainingHopCount = 39
TimeSinceTopologyChange = 3039 (Sec)
TopChanges = 7
Border Bridge = disabled
==========================================================================
Port |Pri|Prt role|State|PCost |DCost |Designated bridge |DPrt
--------+---+--------+-----+---------+---------+------------------+-------
01/01/02 128 Designat frwrd 200000 0 32768.00A0122700C0 128.004
01/01/03 128 Root frwrd 200000 0 00000.00A012271420 128.005
FastRing = disabled
LearnMode = standard
CIST Information
VLANs mapped = 1..99,101..199,201..4094
Priority = 32768
Regional Root = 32768.00:A0:12:27:00:C0
RemainingHopCount = 39
TimeSinceTopologyChange = 3039 (Sec)
TopChanges = 4
Border Bridge = disabled
No active ports are mapped to the MSTI
MST 1
VLANs mapped = 100
Priority = 32768
Regional Root = 00001.00:A0:12:27:00:C0
RemainingHopCount = 39
TimeSinceTopologyChange = 3039 (Sec)
TopChanges = 4
Border Bridge = disabled
==========================================================================
Port |Pri|Prt role|State|PCost |DCost |Designated bridge |DPrt
--------+---+--------+-----+---------+---------+------------------+-------
01/01/01 128 Alternat block 200000 200000 32768.00A0122700C0 128.004
01/01/03 128 Root frwrd 200000 200000 00000.00A0122700C0 128.005
MST 2
VLANs mapped = 200
Priority = 0
Regional Root = This bridge is the root
RemainingHopCount = 40
TimeSinceTopologyChange = 3039 (Sec)
TopChanges = 4
Border Bridge = disabled
==========================================================================
Port |Pri|Prt role|State|PCost |DCost |Designated bridge |DPrt
--------+---+--------+-----+---------+---------+------------------+-------
01/01/02 128 Designat frwrd 200000 0 00000.00A012271420 128.002
01/01/03 128 Designat frwrd 200000 0 00000.00A012271420 128.003
01/01/04 128 Designat frwrd 200000 0 00000.00A012271420 128.005
HelloTime = 2 (Sec)
ForwardDelay = 15 (Sec)
BridgeMaxAge = 20 (Sec)
BridgeHelloTime = 2 (Sec)
BridgeForwardDelay = 15 (Sec)
ProtoMigratioDelay = 3 (Sec)
MaxHopCount = 40
TxHoldCount = 3
FastRing = disabled
LearnMode = standard
CIST Information
VLAN mapped = 1..99,101..199,201..4094
Priority = 32768
Regional Root = This bridge is the root
RemainingHopCount = 39
TimeSinceTopologyChange = 3039 (Sec)
TopChanges = 3
Border Bridge = disabled
No active ports are mapped to the MSTI
MST 1
VLANs mapped = 100
Priority = 32768
Regional Root = 0001.00:A0:12:27:00:C0
RemainingHopCount = 39
TimeSinceTopologyChange = 3039 (Sec)
TopChanges = 2
Border Bridge = disabled
==========================================================================
Port |Pri|Prt role|State|PCost |DCost |Designated bridge |DPrt
--------+---+--------+-----+---------+---------+------------------+-------
01/01/01 128 Root frwrd 200000 0 00000.00A0122700C0 128.003
01/01/02 128 Designat frwrd 200000 0 32768.00A0122700C0 128.004
01/01/04 128 Designat frwrd 200000 0 32768.00A0122700C0 128.006
MST 2
VLANs mapped = 200
Priority = 32768
Regional Root = 00002.00:A0:12:27:14:20
RemainingHopCount = 39
TimeSinceTopologyChange = 3039 (Sec)
TopChanges = 3
Border Bridge = disabled
No active ports are mapped to the MSTI
TimeSinceTopologyChange = 0 (Sec)
TopChanges = 2
CIST Root = 32768.00:A0:12:27:00:80
MaxAge = 20 (Sec)
HelloTime = 2 (Sec)
ForwardDelay = 15 (Sec)
BridgeMaxAge = 20 (Sec)
BridgeHelloTime = 2 (Sec)
BridgeForwardDelay = 15 (Sec)
ProtoMigratioDelay = 3 (Sec)
MaxHopCount = 40
TxHoldCount = 3
FastRing = disabled
LearnMode = standard
CIST Information
VLAN mapped = 1..99,101..199,201..4094
Priority = 32768
Regional Root = 32768.00:A0:12:27:00:80
RemainingHopCount = 38
TimeSinceTopologyChange = 3039 (Sec)
TopChanges = 2
Border Bridge = disabled
No active ports are mapped to the MSTI
MST 1
VLAN mapped = 100
Priority = 32768
Regional Root = 00001.00:A0:12:27:00:C0
RemainingHopCount = 39
TimeSinceTopologyChange = 3039 (Sec)
TopChanges = 5
Border Bridge = disabled
No active ports are mapped to the MSTI
MST 2
VLAN mapped = 200
Priority = 32768
Regional Root = 00002.00:A0:12:27:14:20
RemainingHopCount = 39
TimeSinceTopologyChange = 3039 (Sec)
TopChanges = 2
Border Bridge = disabled
==========================================================================
Port |Pri|Prt role|State|PCost |DCost |Designated bridge |DPrt
--------+---+--------+-----+---------+---------+------------------+-------
01/01/01 128 Root frwrd 200000 0 00000.00A012271420 128.003
01/01/02 128 Designat frwrd 200000 0 32768.00A012271420 128.004
01/01/04 128 Designat frwrd 200000 0 32768.00A012271420 128.006
Example 2
In the example above if the direct link between Device 1 and Device 3 fails, MSTI1 is recalculated,
and port 1/1/2 in Device 3 changes its role from alternative to root.
In this case, the show ethernet mstp detailed command displays the following:
MaxAge = 20 (Sec)
HelloTime = 2 (Sec)
ForwardDelay = 15 (Sec)
BridgeMaxAge = 20 (Sec)
BridgeHelloTime = 2 (Sec)
BridgeForwardDelay = 15 (Sec)
ProtoMigratioDelay = 3 (Sec)
MaxHopCount = 40
TxHoldCount = 3
FastRing = disabled
LearnMode = standard
CIST Information
VLANs mapped = 1..99,101..199,201..4094
Priority = 32768
CIST Root = 32768.00:A0:12:27:00:80
RemainingHopCount = 38
TimeSinceTopologyChange = 3039 (Sec)
TopChanges = 6
Border Bridge = disabled
No active ports are mapped to the MSTI
MST 1
VLAN mapped = 100
Priority = 0
Regional Root = This bridge is the root
RemainingHopCount = 40
TimeSinceTopologyChange = 3039 (Sec)
TopChanges = 5
Border Bridge = disabled
==========================================================================
Port |Pri|Prt role|State|PCost |DCost |Designated bridge |DPrt
--------+---+--------+-----+---------+---------+------------------+-------
01/01/03 128 Designat frwrd 200000 0 00000.00A0122700C0 128.005
01/01/04 128 Designat frwrd 200000 0 32768.00A0122700C0 128.006
MST 2
VLAN mapped = 200
Priority = 32768
Regional Root = 00002.00:A0:12:27:14:20
RemainingHopCount = 39
TimeSinceTopologyChange = 3039 (Sec)
TopChanges = 7
Border Bridge = disabled
==========================================================================
Port |Pri|Prt role|State|PCost |DCost |Designated bridge |DPrt
--------+---+--------+-----+---------+---------+------------------+-------
01/01/02 128 Designat frwrd 200000 0 32768.00A0122700C0 128.002
01/01/03 128 Root frwrd 200000 0 00000.00A012271420 128.003
FastRing = disabled
LearnMode = standard
CIST Information
VLAN mapped = 1..99,101..199,201..4094
Priority = 32768
CIST Root = This bridge is the root
RemainingHopCount = 39
TimeSinceTopologyChange = 3039 (Sec)
TopChanges = 3
Border Bridge = disabled
No active ports are mapped to the MSTI
MST 1
VLAN mapped = 100
Priority = 32768
Regional Root = 00001.00:A0:12:0A:01:68
RemainingHopCount = 38
TimeSinceTopologyChange = 3039 (Sec)
TopChanges = 3
Border Bridge = disabled
==========================================================================
Port |Pri|Prt role|State|PCost |DCost |Designated bridge |DPrt
--------+---+--------+-----+---------+---------+------------------+-------
01/01/02 128 Root frwrd 200000 400000 32768.00A00001090B 128.002
01/01/04 128 Designat frwrd 200000 400000 32768.00A012BBBBBB 128.006
MST 2
VLAN mapped = 200
Priority = 32768
Regional Root = 00002.00:A0:12:27:14:20
RemainingHopCount = 39
TimeSinceTopologyChange = 3039 (Sec)
TopChanges = 3
Border Bridge = disabled
No active ports are mapped to the MSTI
Configuring Device 1:
1. Enable MSTP and configure Device 1 to be the root device:
Device1(config-ethernet)#spanning-tree protocol-mstp
Device1(config-protocol-mstp)#no shutdown
Device1(config-protocol-mstp)#exit
Device1(config-spanning-tree)#priority 0
2. Create VLAN V10, V20, and V30. Add the appropriate ports to each VLAN:
Device1(config)#vlan default 1
Device1(config-vlan-default/1)#no untagged 1/2/1
Device1(config-vlan-default/1)#no untagged 1/1/2
Device1(config)#vlan v10 10
Device1(config-vlan-10)#tagged 1/2/1
Device1(config-tagged-1/2/1)#tagged 1/1/2
Device1(config-tagged-1/1/2)#exit
Device1(config)#vlan v20 20
Device1(config-vlan-20)#tagged 1/2/1
Device1(config-tagged-1/2/1)#tagged 1/1/2
Device1(config-tagged-1/1/2)#exit
Device1(config)#vlan v30 30
Device1(config-vlan-30)#tagged 1/2/1
Device1(config-tagged-1/2/1)#tagged 1/1/2
Device1(config-tagged-1/1/2)#commit
Configuring Device 2:
1. Enable MSTP fast-ring and configure fast ring ports:
Device2(config-spanning-tree)#protocol-fast-ring
Device2(config-protocol-fast-ring)#no shutdown
Device2(config-protocol-fast-ring)#ring-ports 1/2/1 1/1/2
Device2(config-protocol-fast-ring)#exit
3. Create VLAN V10, V20, and V30. Add the appropriate ports to each VLAN:
Device2(config)#vlan default 1
Device2(config-vlan-default/1)#no untagged 1/1/1
Device2(config-vlan-default/1)#no untagged 1/1/2
Device2(config-vlan-default/1)#no untagged 1/2/1
Device2(config-vlan-default/1)#no untagged 1/1/3
Device2(config-vlan-default/1)#no untagged 1/1/4
Device2(config)#vlan v10 10
Device2(config-vlan-10)#untagged 1/1/1
Device2(config-untagged-1/1/1)#exit
Device2(config-vlan-10)#tagged 1/2/1
Device2(config-tagged-1/2/1)#tagged 1/1/2
Device2(config-tagged-1/1/2)#top
Device2(config)#vlan v20 20
Device2(config-vlan-20)#untagged 1/1/3
Device2(config-untagged-1/1/3)#exit
Device2(config-vlan-20)#tagged 1/2/1
Device2(config-tagged-1/2/1)#tagged 1/1/2
Device2(config-tagged-1/1/2)#top
Device2(config)#vlan v30 30
Device2(config-vlan-30)#untagged 1/1/4
Device2(config-untagged-1/1/4)#exit
Device2(config-vlan-30)#tagged 1/2/1
Device2(config-tagged-1/2/1)#tagged 1/1/2
Device2(config-tagged-1/1/2)#top
Device2(config)#port 1/1/1
Device2(config-port-1/1/1)#default-vlan 10
Device2(config-port-1/1/1)#port 1/1/3
Device2(config-port-1/1/3)#default-vlan 20
Device2(config-port-1/1/3)#port 1/1/4
Device2(config-port-1/1/4)#default-vlan 30
Device2(config-port-1/1/4)#commit
Configuring Device 3:
1. Enable MSTP fast-ring and configure fast ring ports:
Device3(config-spanning-tree)#protocol-fast-ring
Device3(config-protocol-fast-ring)#no shutdown
Device3(config-protocol-fast-ring)#ring-ports 1/2/1 1/1/2
2. Create VLAN V10, V20, and V30. Add the appropriate ports to each VLAN:
Device3(config)#vlan default 1
Device3(config-vlan-1)#no untagged 1/2/1
Device3(config-vlan-1)#no untagged 1/1/2
Device3(config)#vlan v10 10
Device3(config-vlan-10)#tagged 1/2/1
Device3(config-tagged-1/2/1)#tagged 1/1/2
Device3(config-tagged-1/1/2)#exit
Device3(config)#vlan v20 20
Device3(config-vlan-20)#tagged 1/2/1
Device3(config-tagged-1/2/1)#tagged 1/1/2
Device3(config-tagged-1/1/2)#exit
Device3(config)#vlan v30 30
Device3(config-vlan-30)#tagged 1/2/1
Device3(config-tagged-1/2/1)#tagged 1/1/2
Device3(config-tagged-1/1/2)#commit
Configuring Device 4:
1. Enable MSTP fast-ring and configure fast ring ports:
Device4(config-spanning-tree)#protocol-fast-ring
Device4(config-protocol-fast-ring)#no shutdown
Device4(config-protocol-fast-ring)#ring-ports 1/2/1 1/1/2
3. Create VLAN V10, V20, and V30. Add the appropriate ports to each VLAN:
Device4(config)#vlan default 1
Device4(config-vlan-1)#no untagged 1/1/1
Device4(config-vlan-1)#no untagged 1/1/2
Device4(config-vlan-1)#no untagged 1/2/1
Device4(config-vlan-1)#no untagged 1/1/3
Device4(config-vlan-1)#no untagged 1/1/4
Device4(config)#vlan v10 10
Device4(config-vlan-10)#untagged 1/1/1
Device4(config-untagged-1/1/1)#exit
Configuring Device 5:
1. Enable MSTP fast-ring and configure fast ring ports:
Device5(config-spanning-tree)#protocol-fast-ring
Device5(config-protocol-fast-ring)#no shutdown
Device5(config-protocol-fast-ring)#ring-ports 1/2/1 1/1/2
3. Create VLAN V10, V20, and V30. Add the appropriate ports to each VLAN:
Device5(config)#vlan default 1
Device5(config-vlan-1)#no untagged 1/2/1
Device5(config-vlan-1)#no untagged 1/1/2
Device5(config)#vlan v10 10
Device5(config-vlan-10)#tagged 1/2/1
Device5(config-tagged-1/2/1)#tagged 1/1/2
Device5(config-tagged-1/1/2)#vlan v20 20
Device5(config-vlan-20)#tagged 1/2/1
Device5(config-tagged-1/2/1)#tagged 1/1/2
Device5(config-tagged-1/1/2)#vlan v30 30
Device5(config-vlan-30)#tagged 1/2/1
Device5(config-tagged-1/2/1)#tagged 1/1/2
Device5(config-tagged-1/1/2)#commit
Configuring Device 1:
Any xSTP protocol is not enabled on Device 1 but Device 1 forwards BPDUs.
1. Create VLAN V10, V20, and V30. Add the appropriate ports to each VLAN:
Device1(config)#vlan default 1
Device1(config-vlan-default/1)#no untagged 1/2/1
Device1(config-vlan-default/1)#no untagged 1/1/2
Device1(config)#vlan v10 10
Device1(config-vlan-10)#tagged 1/2/1
Device1(config-tagged-1/2/1)#tagged 1/1/2
Device1(config-tagged-1/1/2)#exit
Device1(config)#vlan v20 20
Device1(config-vlan-20)#tagged 1/2/1
Device1(config-tagged-1/2/1)#tagged 1/1/2
Device1(config-tagged-1/1/2)#exit
Device1(config)#vlan v30 30
Device1(config-vlan-30)#tagged 1/2/1
Device1(config-tagged-1/2/1)#tagged 1/1/2
Device1(config-tagged-1/1/2)#commit
Configuring Device 2:
1. Enable MSTP fast-ring, configure fast ring ports, and set border-bridge preferred-link:
Device2(config-spanning-tree)#protocol-fast-ring
Device2(config-protocol-fast-ring)#no shutdown
Device2(config-protocol-fast-ring)#ring-ports 1/2/1 1/1/2
Device2(config-protocol-fast-ring)#border-bridge preferred-link 1/1/2
Device2(config-border-bridge)#exit
3. Create VLAN V10, V20, and V30. Add the appropriate ports to each VLAN:
Device2(config)#vlan default 1
Device2(config-vlan-default/1)#no untagged 1/1/1
Device2(config-vlan-default/1)#no untagged 1/1/2
Device2(config-vlan-default/1)#no untagged 1/2/1
Device2(config-vlan-default/1)#no untagged 1/1/3
Device2(config-vlan-default/1)#no untagged 1/1/4
Device2(config)#vlan v10 10
Device2(config-vlan-10)#untagged 1/1/1
Device2(config-untagged-1/1/1)#exit
Device2(config-vlan-10)#tagged 1/2/1
Device2(config-tagged-1/2/1)#tagged 1/1/2
Device2(config-tagged-1/1/2)#top
Device2(config)#vlan v20 20
Device2(config-vlan-20)#untagged 1/1/3
Device2(config-untagged-1/1/3)#exit
Device2(config-vlan-20)#tagged 1/2/1
Device2(config-tagged-1/2/1)#tagged 1/1/2
Device2(config-tagged-1/1/2)#top
Device2(config)#vlan v30 30
Device2(config-vlan-30)#untagged 1/1/4
Device2(config-untagged-1/1/4)#exit
Device2(config-vlan-30)#tagged 1/2/1
Device2(config-tagged-1/2/1)#tagged 1/1/2
Device2(config-tagged-1/1/2)#top
Device2(config)#port 1/1/1
Device2(config-port-1/1/1)#default-vlan 10
Device2(config-port-1/1/1)#port 1/1/3
Device2(config-port-1/1/3)#default-vlan 20
Device2(config-port-1/1/3)#port 1/1/4
Device2(config-port-1/1/4)#default-vlan 30
Device2(config-port-1/1/4)#commit
Configuring Device 3:
2. Create VLAN V10, V20, and V30. Add the appropriate ports to each VLAN:
Device3(config)#vlan default 1
Device3(config-vlan-1)#no untagged 1/2/1
Device3(config-vlan-1)#no untagged 1/1/2
Device3(config)#vlan v10 10
Device3(config-vlan-10)#tagged 1/2/1
Device3(config-tagged-1/2/1)#tagged 1/1/2
Device3(config-tagged-1/1/2)#exit
Device3(config)#vlan v20 20
Device3(config-vlan-20)#tagged 1/2/1
Device3(config-tagged-1/2/1)#tagged 1/1/2
Device3(config-tagged-1/1/2)#exit
Device3(config)#vlan v30 30
Device3(config-vlan-30)#tagged 1/2/1
Device3(config-tagged-1/2/1)#tagged 1/1/2
Device3(config-tagged-1/1/2)#commit
Configuring Device 4:
1. Enable MSTP fast-ring and configure fast ring ports:
Device4(config-spanning-tree)#protocol-fast-ring
Device4(config-protocol-fast-ring)#no shutdown
Device4(config-protocol-fast-ring)#ring-ports 1/2/1 1/1/2
3. Create VLAN V10, V20, and V30. Add the appropriate ports to each VLAN:
Device4(config)#vlan default 1
Device4(config-vlan-1)#no untagged 1/1/1
Device4(config-vlan-1)#no untagged 1/1/2
Device4(config-vlan-1)#no untagged 1/2/1
Device4(config-vlan-1)#no untagged 1/1/3
Device4(config-vlan-1)#no untagged 1/1/4
Device4(config)#vlan v10 10
Device4(config-vlan-10)#untagged 1/1/1
Device4(config-untagged-1/1/1)#exit
Device4(config- vlan-10)#tagged 1/2/1
Device4(config-tagged-1/2/1)#tagged 1/1/2
Device4(config)#vlan v20 20
Device4(config-vlan-20)#untagged 1/1/3
Device4(config-untagged-1/1/3)#exit
Device4(config-vlan-20)#tagged 1/2/1
Device4(config-tagged-1/2/1)#tagged 1/1/2
Device4(config-tagged-1/1/2)#vlan v30 30
Device4(config-vlan-30)#untagged 1/1/4
Device4(config-untagged-1/1/4)#exit
Device4(config-vlan-30)#tagged 1/2/1
Device4(config-tagged-1/2/1)#tagged 1/1/2
Device4(config-tagged-1/1/2)#top
Device4(config)#port 1/1/1
Device4(config-port-1/1/1)#default-vlan 10
Device4(config-port-1/1/1)#port 1/1/3
Device4(config-port-1/1/3)#default-vlan 20
Device4(config-port-1/1/3)#port 1/1/4
Device4(config-port-1/1/4)#default-vlan 30
Device4(config-port-1/1/4)#commit
Configuring Device 5:
1. Enable MSTP fast-ring, configure fast ring ports, and set border-bridge preffer-link:
Device5(config-spanning-tree)#protocol-fast-ring
Device5(config-protocol-fast-ring)#no shutdown
Device5(config-protocol-fast-ring)#ring-ports 1/2/1 1/1/2
Device5(config-protocol-fast-ring)#border-bridge preferred-link 1/2/1
Device5(config-border-bridge)#exit
3. Create VLAN V10, V20, and V30. Add the appropriate ports to each VLAN:
Device5(config)#vlan default 1
Device5(config-vlan-1)#no untagged 1/2/1
Device5(config-vlan-1)#no untagged 1/1/2
Device5(config)#vlan v10 10
Device5(config-vlan-10)#tagged 1/2/1
Device5(config-tagged-1/2/1)#tagged 1/1/2
Device5(config-tagged-1/1/2)#vlan v20 20
Device5(config-vlan-20)#tagged 1/2/1
Device5(config-tagged-1/2/1)#tagged 1/1/2
Device5(config-tagged-1/1/2)#vlan v30 30
Device5(config-vlan-30)#tagged 1/2/1
Device5(config-tagged-1/2/1)#tagged 1/1/2
Device5(config-tagged-1/1/2)#commit
Spanning Tree Protocols IEEE 802.1d-1998 No MIBs are RFC 2863, Interfaces
(xSTP) IEEE 802.1t-2001 supported by this Group MIB
feature. (configL2IfaceTable)
IEEE 802.1w-2001
IEEE 802.1s-2002
List of Tables 2
MVR Commands 31
Commands Hierarchy31
Commands Descriptions 31
Configuration Example 1 35
Configuration Example 2 36
Table of Figures
Figure 1: Initial IGMP Join Message ................................................................................................... 5
Figure 2: IGMP Configuration Flow ................................................................................................... 6
List of Tables
Table 1: IGMP Snooping Commands ................................................................................................. 9
Table 2: MVR Commands .................................................................................................................. 31
T-Marc3312SC/T-Marc3312SCH
NOTE
The maximum number of multicast entries in the Multicast Forwarding Table is
1024.
Dynamic Entries
The host can request to join or leave one or more multicast groups using the following IGMP
Report types:
IGMP Join Message: Host side request to join an IP multicast group by sending an
unsolicited IGMP Join Message that identifies the IP multicast group. The CPU creates a
multicast entry in the Multicast Forwarding table for that group and adds the port to the table.
The host associated with that port receives multicast traffic for that group.
On receipt of an IGMP Join Message on the host side, the device generates and sends an
IGMP Join Message on the transmitter side upstream, via the MRouter port, to the
multicast traffic source. By doing so, the device creates a logical connection between the
host and the source of the multicast traffic.
IGMP Leave Group Message: When the device receives an IGMP Leave Group message
(IGMP Version 2), the device deletes the port number for the host from the Multicast
Forwarding Table. When the device receives a Leave Group message from a host, the Group
timer is reset to the robustness value* last member query interval value (see the IGMP Snooping
Commands table).
If the user enables fast leave processing, the device handles requests to leave a multicast
group immediately to ensure optimal bandwidth management for all hosts on a switched
network even when the device manages several multicast groups simultaneously.
On the edge of the network, the multicast router connects to an IGMP Snooping device on the
transmitter side. The transmitter side port where the Mrouter connects becomes an Mrouter port
either through static configuration or automatically upon receipt of an IGMP Query from the
multicast traffic source side.
When the device receives a transmitter side request, known as an IGMP Query, the device
automatically responds with an IGMP Join Message for any active Multicast groups maintained by
the device.
Static Entries
Along with IGMP Snooping-learned entries, the Multicast Forwarding table can also include static
entries. Create static entries using the IGMP Snooping commands for the Command Line Interface
(CLI) found in Table 1.
NOTE
Static, or permanent, entries supersede dynamic changes creates through the IGMP
Snooping protocol.
Commands Hierarchy
device-name#
+ config terminal
- [no] multicast filter-mode {any-source | source-specific}
+ [no] vlan VLAN-NAME <vlan-id>
+ [no] ip-igmp-snooping
- [no] mode {proxy | report-suppression | transparent}
- [no] ip-tos-check
- [no] router-alert-check
+ [no] router-timers
- [no] force-forward
- [no] report-block
- show igmp-snooping
- show igmp-snooping service [<service-id> | detailed | groups |
mrouters | statistics]
- show igmp-snooping vlan [<vlan-id> | detailed | groups | mrouters |
statistics]
Commands Descriptions
Table 1: IGMP Snooping Commands
Command Description
Command Description
IGMP proxy supports IGMPv2
control traffic.
report-suppression: device uses
IGMP report suppression mode to
forward only one IGMP report per
multicast router query to
multicast devices. When IGMP
router suppression is selected,
the device sends the first IGMP
report from all hosts for a group
to all the multicast routers. The
device does not send the
remaining IGMP reports for the
group to the multicast routers.
This feature prevents duplicate
reports from being sent to the
multicast devices.
transparent: snooping device does
not generate packets, only
listens and builds its database
and forwards the rules quietly.
In this mode of operation the
multicast router receives all
IGMP messages generated in the
VLAN. These can overhead the
router with reports or sending
specific queries.
Transparent
no mode Restores to default
ip-tos-check Enables the IP TOS field verification (RFC
3376)
Enabled
no ip-tos-check Disables the IP TOS field check
router-alert-check Enables the IP Router Alert option (RFC 2113)
verification
Enabled
no router-alert-check Disables the IP Router Alert option check
router-timers Enters IGMP Snooping Timer Configuration
mode
no router-timers Removes the IGMP Snooping Timer
configuration
last-member-query-interval Specifies the time that the IGMP router waits to
<interval> receive a response to a Group-Specific query:
interval: in the range of <1-
1024> seconds
1 second
no last-member-query- Restores to default
interval
Command Description
1024> seconds
125 seconds
no query-interval Restores to default
Command Description
Command Description
can be registered:
unsignedInt: in the range of <0-
1024>
1024
no max-groups Restores to default
mrouter Configures a port as a multicast router port
Disabled
no mrouter Restores to default
mrouter-allow-reports Processes the IGMP reports, received on the
Mrouter port. The port becomes Dynamic
Querier (the port will send IGMP General
Queries at intervals).
Disabled
no mrouter-allow-reports Restores to default
mrouter-block All IGMP queries, received on the MRouter port,
are not processed and are entered in local
IGMP database
Disabled
no mrouter-block Restores to default
report-block All IGMP reports received on the MRouter port,
are not processed and are entered in local
IGMP database
Disabled
no report-block Restores to default
Command Description
Command Description
the device sends the first IGMP
report from all hosts for a group
to all the multicast routers. The
device does not send the
remaining IGMP reports for the
group to the multicast routers.
This feature prevents duplicate
reports from being sent to the
multicast devices.
transparent: snooping device does
not generate packets, only
listens and builds its database
and forwards the rules quietly.
In this mode of operation the
multicast router receives all
IGMP messages generated in the
VLAN. These can overhead the
router with reports or sending
specific queries.
transparent
no mode Restores to default
ip-tos-check Enables the IP TOS field verification (RFC
3376)
Enabled
no ip-tos-check Disables the IP TOS field check
router-alert-check Enables the IP Router Alert option (RFC 2113)
verification
Enabled
no router-alert-check Disables the IP Router Alert option check
router-timers Enters IGMP Snooping Timer Configuration
mode
no router-timers Removes the IGMP Snooping Timer
configuration
last-member-query- Specifies the time that the IGMP router waits to
interval <interval> receive a response to a Group-Specific query:
interval: in the range of <1-
1024> seconds
1 second
no last-member-query- Restores to default
interval
Command Description
2
no robustness Restores to default
query-response-interval Specifies the time, the multicast router waits to
<interval> receive a response to an IGMP General query:
interval: in the range of <1-
1024> seconds
10 seconds
no query-response- Restores to default
interval
Command Description
Packets source address is 0.0.0.0.
no source-address Removes the configured source address
Command Description
Command Description
Command Description
Configuration Example 1
In the following example IGMP snooping is configured on VLAN 100. The multicast router that
sends IGMP queries is connected to port 1/2/5. The multicast host that sends the IGMP report is
connected to port 1/2/4:
1. Enter the Configuration mode of VLAN v100 with ID 100:
device-name(config)#vlan v100 100
device-name(config-vlan-100)#untagged 1/2/4
device-name(config-untagged-1/2/4)#exit
device-name(config-vlan-100)#untagged 1/2/5
device-name(config-untagged-1/2/5)#top
device-name(config)#port 1/2/4 default-vlan 100
device-name(config)#port 1/2/5 default-vlan 100
device-name(config-port-1/2/5)#commit
2. Enable IGMP snooping on the specified VLAN and configure last-member-query interval:
device-name(config)#vlan v100 100
device-name(config-vlan-100)#ip-igmp-snooping
device-name(config-ip-igmp-snoopping)#router-timers last-member-query-
interval 20
device-name(config-router-timers)#exit
device-name(config-ip-igmp-snooping)#exit
device-name(config-vlan-100)#untagged 1/2/4
device-name(config-untagged-1/2/4)#igmp-snooping
device-name(config-igmp-snooping)#exit
device-name(config-untagged-1/2/4)#exit
device-name(config-vlan-100)#untagged 1/2/5
device-name(config-untagged-1/2/5)#igmp-snooping
3. Display IGMP snooping queries and reports information (the multicast router with source IP
address 100.1.1.33 is connected to port 1/2/5 and a multicast host joines a multicast group
with IP address 224.2.2.2 on port 1/2/4):
device-name#show igmp-snooping vlan 100 mrouters
================================================================================
Vlan ID 100 - IGMP Snooping Mrouters
================================================================================
Port ID: 1/2/5 Mrouters: 1
--------------------------------------------------------------------------------
Mrouter Ip: 100.1.1.33 Type: Dynamic
Group Ip: 224.2.2.2 Age: 244s
--------------------------------------------------------------------------------
Configuration Example 2
In the following example, IGMP Snooping is configured on VPLS-MTU 1010. The multicast
router that sends IGMP queries is connected to SAP 1/1/3: The multicast host that sends the
IGMP report is connected to SAP 1/1/3::.
Device_1(config-vlan-20)#routing-interface sw20
Device_1(config-vlan-20)#untagged 1/1/2
Device_1(config-untagged-1/1/2)#port 1/1/1
Device_1(config-port-1/1/1)#default-vlan 10
Device_1(config-port-1/1/1)#port 1/1/2
Device_1(config-port-1/1/2)#default-vlan 20
Device_1(config-port-1/1/2)#top
Device_1(config)#router interface lo1 address 1.1.172.101/32
Device_1(config-interface-lo1)#exit
Device_1(config-router)#interface sw10
Device_1(config-interface-sw10)#address 11.0.10.1/24
Device_1(config-interface-sw10)#exit
Device_1(config-router)#interface sw20
Device_1(config-interface-sw20)#address 11.0.20.1/24
Device_1(config-interface-sw20)#commit
Commit complete.
Device_1(config-interface-sw20)#exit
Device_1(config-router)#ospf
Device_1(config-ospf)#router-id 1.1.172.101
Device_1(config-ospf)#area 0.0.0.2
Device_1(config-area-0.0.0.2)#interface 1.1.172.101
Device_1(config-interface-1.1.172.101)#passive
Device_1(config-interface-1.1.172.101)#exit
Device_1(config-area-0.0.0.2)#interface 11.0.10.1
Device_1(config-interface-11.0.10.1)#exit
Device_1(config-area-0.0.0.2)#interface 11.0.20.1
Device_1(config-interface-11.0.20.1)#commit
Commit complete.
Device_1(config-interface-11.0.20.1)#exit
Device_1(config-area-0.0.0.2)#exit
Device_1(config-ospf)#trafic-engineering
Device_1(config-ospf)#commit
Commit complete.
Device_1(config-ospf)#exit
Device_1(config-router)#mpls lsr-id 1.1.172.101
Device_1(config-mpls)#ldp
Device_1(config-ldp)#interface lo1
Device_1(config-interface-lo1)#interface sw10
Device_1(config-interface-sw10)#interface sw20
Device_1(config-interface-sw20)#commit
Commit complete.
Device_1(config-interface-sw20)#exit
Device_1(config-ldp)#targeted-peer 1.1.3.1
Device_1(config-targeted-peer-1.1.3.1)#targeted-peer 1.1.4.1
Device_1(config-targeted-peer-1.1.4.1)#exit
Device_1(config-ldp)#distribute ingress ospf
Device_1(config-distribute)#egress ip 1.1.172.101/32
Device_1(config-ip-1.1.172.101/32)#exit
Device_1(config-distribute)#exit
Device_1(config-ldp)#exit
Device_1(config-router)#rsvp-te
Device_1(config-rsvp-te)#commit
Commit complete.
Device_1(config-rsvp-te)#exit
Device_1(config-router)#end
Device_1#
Device_1#show router ospf neighbor
Neighbor ID Pri State Dead Time Uptime Address Interface
RXmtL RqstL DBsmL
1.1.3.1 0 Full/DROther 00:00:32 0d 00:00:17 11.0.10.2 sw10:11.0.10.1
0 0 0
1.1.4.1 0 Full/DROther 00:00:32 0d 00:00:17 11.0.20.2 sw20:11.0.20.1
0 0 0
Device_1(config-igmp-snooping)#exit
Device_1(config-spoke-sdp-1)#exit
Device_1(config-vpls-1010)#spoke-sdp 2
Device_1(config-spoke-sdp-2)#igmp-snooping
Device_1(config-igmp-snooping)#commit
Commit complete.
Device_1(config-igmp-snooping)#end
--------------------------------------------------------------------------------
100.1.1.50 Forward 256s
100.1.1.11 256s
100.1.1.51 Forward 256s
100.1.1.11 256s
100.1.1.52 Forward 256s
100.1.1.11 256s
================================================================================
Group IP: 239.1.1.4 Mode: Include
--------------------------------------------------------------------------------
SrcIp Mode Joined Host ExpTime
--------------------------------------------------------------------------------
100.1.1.52 Forward 256s
100.1.1.11 256s
================================================================================
Group IP: 239.1.1.5 Mode: Include
--------------------------------------------------------------------------------
SrcIp Mode Joined Host ExpTime
--------------------------------------------------------------------------------
100.1.1.53 Forward 256s
100.1.1.11 256s
================================================================================
Group IP: 239.1.1.6 Mode: Exclude ExpTimer: 258s
--------------------------------------------------------------------------------
SrcIp Mode Joined Host ExpTime
--------------------------------------------------------------------------------
100.1.1.10 Block
================================================================================
Group IP: 239.1.1.7 Mode: Exclude ExpTimer: 258s
--------------------------------------------------------------------------------
SrcIp Mode Joined Host ExpTime
--------------------------------------------------------------------------------
100.1.1.10 Block
100.1.1.11 Block
================================================================================
Device_2(config-router)#interface sw10
Device_2(config-interface-sw10)#address 12.0.10.1/24
Device_2(config-interface-sw10)#exit
Device_2(config-router)#interface sw20
Device_2(config-interface-sw20)#address 12.0.20.1/24
Device_2(config-interface-sw20)#exit
Device_2(config-router)#commit
Commit complete.
Device_2(config-router)#ospf
Device_2(config-ospf)#router-id 1.1.172.102
Device_2(config-ospf)#trafic-engineering
Device_2(config-ospf)#area 0.0.0.0
Device_2(config-area-0.0.0.0)#exit
Device_2(config-ospf)#no area 0.0.0.0
Device_2(config-ospf)#area 0.0.0.1
Device_2(config-area-0.0.0.1)#interface 1.1.172.102
Device_2(config-interface-1.1.172.102)#exit
Device_2(config-area-0.0.0.1)#interface 1.1.172.102
Device_2(config-interface-1.1.172.102)#passive
Device_2(config-interface-1.1.172.102)#exit
Device_2(config-area-0.0.0.1)#interface 12.0.10.1
Device_2(config-interface-12.0.10.1)#exit
Device_2(config-area-0.0.0.1)#interface 12.0.20.1
Device_2(config-interface-12.0.20.1)#exit
Device_2(config-area-0.0.0.1)#exit
Device_2(config-ospf)#commit
Commit complete.
Device_2(config-ospf)#exit
Device_2(config-router)#mpls lsr-id 1.1.172.102
Device_2(config-mpls)#ldp
Device_2(config-mpls)#interface lo1
Device_2(config-interface-lo1)#interface sw10
Device_2(config-interface-sw10)#interface sw20
Device_2(config-interface-sw20)#commit
Commit complete.
Device_2(config-interface-sw20)#exit
Device_2(config-mpls)#ld
Device_2(config-ldp)#targeted-peer 1.1.3.2
Device_2(config-targeted-peer-1.1.3.2)#exit
Device_2(config-ldp)#targeted-peer 1.1.4.2
Device_2(config-targeted-peer-1.1.4.2)#exit
Device_2(config-ldp)#distribute ingress ospf
Device_2(config-distribute)#egress ip 1.1.172.102/32
Device_2(config-ip-1.1.172.102/32)#exit
Device_2(config-distribute)#exit
Device_2(config-ldp)#rs
Device_2(config-rsvp-te)#commit
Commit complete.
Device_2(config-rsvp-te)#end
Device_2#
Device_2#show router ospf neighbor
Neighbor ID Pri State Dead Time Uptime Address Interface
RXmtL RqstL DBsmL
MVR Modes
The device supports two MVR modes of operation:
In the dynamic mode, the device performs standard IGMP snooping. When the device receives
an IGMP report for a particular group-on MVR receiver port, it forwards the IGMP report to
the multicast router, connected to any MVR source port. The multicast router only forwards
multicast streams for groups for which reports are received. Receiver ports are treated as
members of the multicast VLAN for MVR multicast control and data traffic.
In the static mode, the device sends IGMP reports for all configured multicast groups to the
multicast router. The multicast router is forced to send multicast stream for all configured
groups. When the device receives an IGMP report on the receiver port, it immediately starts
switching the stream to the subscriber.
NOTE
The maximum number of multicast groups is 256.
Immediate Leave
If Immediate Leave is enabled on a receiver port, the port leaves a multicast group more quickly.
Without Immediate Leave, when the device receives an IGMP leave message from a subscriber on a
receiver port, it sends out an IGMP query on that port and waits for IGMP group membership
reports. If no reports are received within a configured time period, the receiver port is removed
from multicast group membership. With Immediate Leave, an IGMP query is not sent from the
receiver port on which the IGMP leave was received. As soon as the leave message is received, the
receiver port is removed from multicast group membership, which speeds up leave latency.
MVR Commands
Commands Hierarchy
device-name#
+ config terminal
- [no] multicast filter-mode source-specific
+ ethernet
+ [no] mvr
+ [no] mc-group <id>
+ [no] asm-group <value>
- [no] count <value>
- [no] grp-address A.B.C.D
+ [no] ssm-group <value>
- [no] grp-address A.B.C.D
- [no] mode {exclude | include}
- [no] source-list <value>
- [no] mvr-mode {dynamic | static}
- [no] mvr-source-ip A.B.C.D
- [no] mvr-vlan <vlan-id>
+ [no] port UU/SS/PP
- [no] explicit-tracking {false | true}
- [no] fast-leave {false | true}
- [no] mc-group <value>
- [no] mvr-type {receiver | source}
- [no] shutdown
- show multicast mvr [groups [<string> | dynamic] | members | ports]
Commands Descriptions
Table 2: MVR Commands
Command Description
Command Description
Command Description
Command Description
Command Description
show multicast mvr [groups [<string> | Displays the MVR configuration, filtered by the
dynamic] | members | ports] following option:
groups string: statically-defined
MVR multicast group
groups dynamic: dynamically-
defined MVR multicast group
members:
ports: MVR ports configuration
Configuration Example 1
In the following example, MVR is configured in dynamic mode. The multicast router that receives
and sends multicast data is connected to port 1/1/1. The multicast host that receives multicast data
is connected to port 1/1/2:
1. Enter Configuration mode of the MVR source VLAN v10 with ID 10:
device-name(config)#vlan v10 10
device-name(config-vlan-10)#tagged 1/1/1
device-name(config-tagged-1/1/1)#commit
3. Enable MVR on the specified ports and configure fast-leave on the receiver port:
device-name(config)#ethernet mvr
device-name(config-mvr)#no shutdown
device-name(config-mvr)#commit
device-name(config-mvr)#mvr-mode dynamic
device-name(config-mvr)#mvr-source-ip 11.11.11.11
device-name(config-mvr)#mvr-vlan 10
device-name(config-mvr)#port 1/1/1
device-name(config-port-1/1/1)#mvr-type source
device-name(config-port-1/1/1)#exit
device-name(config-mvr)#port 1/1/2
device-name(config-port-1/1/2)#mvr-type receiver
device-name(config-port-1/1/2)#fast-leave true
device-name(config-port-1/1/2)#commit
Configuration Example 2
In the following example, MVR is configured in static mode. Static groups are configured. The
multicast router that receives and sends multicast data is connected to port 1/1/1. The multicast
host that receives multicast data is connected to port 1/1/2:
1. Enter Configuration mode of the MVR source VLAN v10 with ID 10:
device-name(config)#vlan v10 10
device-name(config-vlan-10)#tagged 1/1/1
device-name(config-tagged-1/1/1)#commit
device-name(config-mvr)#mvr-mode static
device-name(config-mvr)#mvr-source-ip 11.11.11.11
device-name(config-mvr)#mvr-vlan 10
device-name(config-mvr)#port 1/1/1
device-name(config-port-1/1/1)#mvr-type source
device-name(config-port-1/1/1)#exit
device-name(config-mvr)#port 1/1/2
device-name(config-port-1/1/2)#mvr-type receiver
device-name(config-port-1/1/2)#commit
4. Configure static group with ASM entry and apply it to the receiver port:
device-name(config)#ethernet mvr
device-name(config-mvr)#mc-group k1
device-name(config-mc-group-k1)#asm-group 1 count 1 grp-address 224.2.2.2
device-name(config-asm-group-1)#commit
device-name(config-asm-group-1)#exit
device-name(config-mc-group-k1)#exit
device-name(config-mvr)#port 1/1/2
device-name(config-port-1/1/2)#mc-group k1
device-name(config-port-1/1/2)#commit
5. Configure static group with SSM entry and apply it to the receiver port:
device-name(config)#ethernet mvr
device-name(config-mvr)#mc-group k2
device-name(config-mc-group-k2)#ssm-group 1 grp-address 224.3.3.3 mode
include source-list 10.5.5.5
device-name(config-ssm-group-1)#commit
device-name(config-ssm-group-1)#exit
device-name(config-mc-group-k2)#exit
device-name(config-mvr)#port 1/1/2
device-name(config-port-1/1/2)#mc-group k2
device-name(config-port-1/1/2)#commit
=========================================================================
Group IP : 224.2.2.2
Number of source entries : 0
Filter mode : Exclude
Port list : 1/1/2
-------------------------------------------------------------------------
Group IP : 224.3.3.3
Number of source entries : 1
Source list : 10.5.5.5
Filter mode : Include
Port list : 1/1/2
=========================================================================
List of Tables 1
Configuration Example 8
Table of Figures
Figure 1: LLDPDU Frame Structure................................................................................................... 3
Figure 2: Example for Configuring LLDP on two Devices............................................................. 8
List of Tables
Table 1: LLDP Commands ................................................................................................................... 4
T-Marc3312SC/T-Marc3312SCH
TLV Format
In an LLDPDU, the chassis ID, port ID, and TTL TLV are the first three TLVs. The optional
TLVs are placed after the TTL TLV. The End of LLDPDU TLV is placed last. There is no
restriction regarding the length of LLDPDUs. The restriction comes from the transport layer, for
example in 802.3 MAC environments the maximum size of the PDU is 1500 bytes.
The figure below provides the LLDPDU structure and the mandatory LLDPDU TLV structure
details:
Commands Descriptions
Table 1: LLDP Commands
Command Description
port UU/SS/PP
Command Description
advertise-basic {management-
address | port-description
| system-capabilities | Configures the LLDP advertising:
system-description |
system-name} port-description: configures an
LLDP-enabled port to advertise its
port description
management-address: configures an
LLDP-enabled port to advertise the
devices management address
system-capabilities: configures an
LLDP-enabled port to advertise its
system capabilities
system-description: configures an
LLDP-enabled port to advertise the
system description
system-name: configures an LLDP-
enabled port to advertise the
system name
no advertise-basic Disabled the process of advertising
{management-address | port-
description | system-
capabilities | system-
description | system-name}
Command Description
Command Description
Configuration Example
The following example shows how to configure LLDP on two devices.
Device1 Configuration:
1. Enable the LLDP:
device-name#config terminal
Entering configuration mode terminal
device-name(config)#ethernet
device-name(config-ethernet)#lldp
device-name(config-lldp)#no shutdown
device-name(config-lldp)#commit
======================================================================
Chassis Id Subtype : MAC address
System ChassisId : 00:a0:12:96:24:21
System Name : device-name
System Description : device-name Service Demarcation Switch
software version 2.4R3 Sun Jun 3 14:44:48 EEST 2012
System capabilities supported : Bridge
Router
Subtype : ipV4
Address : 010.003.155.009
Interface Numbering Subtype : ifIndex
Interface ID : 2
Device2 Configuration:
5. Enable the LLDP:
device-name#config terminal
Entering configuration mode terminal
device-name(config)#ethernet
device-name(config-ethernet)#lldp
device-name(config-lldp)#no shutdown
device-name(config-lldp)#commit
Subtype : ipV4
Address : 10.3.155.8
Interface Numbering Subtype : ifIndex
Interface ID : 2
List of Tables 2
Overview 3
ACL Type 3
Processing Options 4
ACL Commands 8
Table of Figures
Figure 1: ACL Configuration Flow ...................................................................................................... 7
List of Tables
Table 1: Traffic Counting Commands................................................................................................. 8
Table 2: Implicit ACLs Configuration Commands ........................................................................... 8
Table 3: Monitoring Profile Commands ............................................................................................. 9
Table 4: IP ACLs Configuration Commands ................................................................................... 20
Table 5: IP ACLs Show Commands .................................................................................................. 36
Table 6: IPv6 ACLs Configuration Commands............................................................................... 42
Table 7: MAC ACLs Configuration Commands ............................................................................. 57
Table 8: MAC ACLs Show Commands ............................................................................................ 68
Table 9: EtherType ACLs Configuration Commands .................................................................... 74
Table 10: EtherType ACLs Show Commands ................................................................................. 85
Table 11: Traffic Types ........................................................................................................................ 85
Table 12: Monitoring Profiles ............................................................................................................. 86
Table 13: Valid ToS Values ................................................................................................................. 86
Table 14: Valid Precedence Values .................................................................................................... 86
Table 15: Valid ICMP Message Type Values ................................................................................... 87
Table 16: Valid ICMP Code Values ................................................................................................... 88
Table 17: Valid TCP Port Literal Values........................................................................................... 88
Table 18: Valid UDP Port Literal Values.......................................................................................... 89
Table 19: Valid FC Values ................................................................................................................... 90
Table 20: Known EtherType Values ................................................................................................. 90
T-Marc3312SC/T-Marc3312SCH
Overview
An Access Control List (ACL) is a set of numbered rules that are processed in sequential order.
Packet parameters are tested against conditions defined in the ACL; the first condition matched
determines the action taken by the port.
Using ACLs, system administrators can filter packets passing through the port according to defined
criteria. The main advantages to ACLs are as follows:
Security: Manage network security policies by forwarding or dropping traffic on ingress to the
port.
Traffic Control: Manipulate traffic flow, reduce bottlenecks, and congestion by enforcing
redirection rules.
Traffic Rate Limitation: Control traffic rates by port, by group of ports or by SAP, according
to user-defined criteria.
Quality of Service (QoS): Assign packet-handling priority to data flow by sorting into eight
priority queues based on ACL criteria. You can also use ACLs to remark VPT and ToS/DSCP
values.
ACL Type
Each ACL is identified by a unique name or a number. There are four basic ACL types and each
type matches specific fields in a packet:
Processing Options
Apply ACLs to both ingress (inbound) and egress (outbound) traffic:
Ingress: Process incoming packets to the port according to matched conditions defined with
the ACL. Packets that pass definied criteria are handled by the port. Packets that do not pass
the defined criteria are discarded, thereby reducing the load on the outbound interface.
Egress: Process packets at Egress mainly to shape traffic, remark, and collect statistics. To a
lesser extent, ACLs at the outbound port can also be used to filter traffic. As with packets
received at an inbound port, packets are matched to ACL conditions; packets that meet one of
the defined criteria are passed through the port.
Egress ACLs do not filter packets originated by the device (such as outgoing Telnet
session packets, NTP service packets, and various broadcast packets, such as ARP
request).
VLAN Traffic Redirection: Redirect ingress traffic according to conditions defined by an
Access Control Group (ACG) relating to VLAN assignment. Systems administrators can
change the VLAN ID in the VLAN tag header to forward traffic between VLANs.
NOTE
VLAN-based ACLs cannot be applied on Dot1q/TLS/VPLS SAP ports.
NOTE
IPv6 ACLs can be applied only with Ingress ACGs
NOTE
Rules of the VLAN-based ACL take precedence over any other configured ACLs.
Rules of Ingress and Egress ACLs are matched sequentially starting with the lowest
numbered rule.
Once created, users can remove existing rules and/or add new rules to the ACL.
The device tests packets only the first match is found. That match defines whether to permit
or deny the packet.
If the packet does not match any of the conditions defined for the ports ACLs:
On Ingress: The packet is denied because the last rule is an implicit deny statement.
On Egress: Packet is permitted (unless the user configures a rule to implicitly deny
packets that do not match any of the rules).
VLAN-based ACL (VLAN translation): Packet is permitted.
Egress ACLs have no default rule. All options defined in an ACG are applied only on traffic
that is explicitly defined in permit rule.
VLAN-based ACLs have no default rule. All options defined in ACG are applied only on
traffic that is explicitly defined in permit rule.
VLAN-based ACLs are permit by default.
Processing occurs using the order in which the ACLs were applied (via ACGs).
NOTE
ACLs do not take effect on protocol control packets (BPDUs).
During periods of heavy network traffic, congestion can cause incoming packets to be dropped. To
prevent congestion on provider networks, system administrators can allocate a specific bandwidth
per user port or traffic. A traffic rate limiter monitors the incoming traffic by:
forwarding conforming traffic (within the predefined rate)
dropping non-conforming traffic
marking non-conforming traffic as yellow or red
The Single Rate Three Color Marker (srTCM) meters a traffic stream and marks packets according
to three parameters:
Parameter Description Result
Committed Information Rate Determines the long-term, Traffic within CIR always
(CIR) average transmission rate confirms and is marked
green
Committed Burst Size (CBS) Determines how large a traffic Traffic above the CBS but
burst can be before some of below EBS, is marked
the traffic exceeds the rate limit yellow
Excess Burst Size (EBS) Determines how large a traffic Traffic exceeding the EBS
burst can before all traffic is marked red or dropped
exceeds the rate limit
Committed Information Rate Determines the long-term Traffic within CIR and
(CIR) average transmission rate CBS always conforms
Committed Burst Size (CBS) Associated with CIR, and is marked green
determines how large a traffic
burst can be before some of
the traffic exceeds the rate limit
Peak Information Rate (PIR) Determines the long term Traffic that does not
delimiter between yellow and conform to CIR and CBS
red packets but does confirm to PIR
Peak Burst Size (PBS) Associated with PIR, and PSB is marked
determines the burst size yellow
before traffic exceeds PIR. Traffic not conforming to
PIR and PBS is dropped
or marked red
Exceed Action
Once the packet is classified as exceeding a particular rate limit, the device either:
drops the packet
marks the packet as yellow or red
processes the packet based on congestion avoidance mechanisms,
ACL Commands
In this section, command hierarchies are described and definitions for individual commands are
provided. Also included are examples.
Command Description
mode
no resource-management Removes specific resource management
configurations
apply-default-access-list-rule Enables the hidden deny-any ACLs
Deny-any ACLs rules are applied
no apply-default-access-list- Disables the hidden deny-any ACLs. Removing
rule deny-any ACLs is recommended when the
you configure permit-any ACLs (for example,
in case of rate limiting).
+ config terminal
+ [no] ip access-list standard {NAME | <acl-number>}
- [no] description DESCRIPTION
+ [no] rule <value>
- action {deny | permit}
- [no] dscp <value>
- [no] inner-vlan <vlan-id> [inner-vlan-mask <vlan-mask>]
- [no] inner-vpt <priority>
- source-ip A.B.C.D/MASK
- [no] untagged
- [no] vlan <vlan-id> [vlan-mask <vlan-mask>]
- [no] vpt <priority>
+ [no] ip access-list extended {NAME | <acl-number>}
- [no] description DESCRIPTION
+ [no] rule <value>
- action {deny | permit}
- destination-ip A.B.C.D/MASK
- [no] inner-vlan <vlan-id> [inner-vlan-mask <vlan-mask>]
- [no] inner-vpt <priority>
- [no] precedence TYPE
+ protocol TYPE
- [no] established
- [no] icmp-code <value>
- [no] icmp-type <value>
- [no] tcp-source-port <value>
- [no] tcp-destination-port <value>
- [no] udp-source-port <value>
- [no] udp-destination-port <value>
- source-ip A.B.C.D/MASK
- [no] tos <value>
- [no] untagged
- [no] vlan <vlan-id> [vlan-mask <vlan-mask>]
- [no] vpt <priority>
- [no] dscp <value>
+ port UU/SS/PP
[no] access-groups-rule-sequence <number>
+ [no] ip-access-group-standard {NAME | <acl-number>} in
- [no] restrict-egress-forwarding UU/SS/PP
- [no] fc <value>
rule <value>
Command Description
vlan <vlan-id> [vlan-mask Denies a specific VLAN ID and mask for the outer
<vlan-mask>] IP-header:
vlan-id: in the range of <1-4094>
vlan-mask: in hexadecimal format
FF:FF:FF:FF. Use 0 for meaningful
bits (exact-match) and F for
meaningless bits (any). The last 12
bits are meaningful.
no vlan [<vlan-id>] [vlan-mask Removes the selected outer-VLAN and outer-
[<vlan-mask>]] mask:
vlan-id: (optional) in the range of
1-4094
vlan-mask: (optional) in
hexadecimal format FF:FF:FF:FF
vpt <priority> Specifies packet filtering by the VLAN Priority Tag
(VPT) in the outer-VLAN tag header:
priority: in the range of <0-7>
no vpt [<priority>] Removes the selected VPT:
priority: (optional) in the range
of <0-7>
dscp <value> Specifies packet filtering by the DSCP value in the
IP header of the packet:
value: in the range of <0-63>
no dscp [<value>] Removes the defined DSCP value
Command Description
NAME: a string of
<110> characters
acl-number: in the range of <100-
199>
no ip access-list extended [NAME | Removes the selected extended IP ACL:
<acl-number>]
NAME: (optional) a string of
<110> characters
acl-number: (optional) in the range
of <100-199>
description DESCRIPTION Associates a description with extended IP ACL:
DESCRIPTION: a string of
<130> characters
no description Removes the description
rule <value>
Command Description
protocol TYPE
tcp-source-port <value> (valid for TCP protocol only) Specifies the decimal
number or a name of source TCP port. Use TCP
port names when filtering TCP packets only:
value: in the range of <065535> or
a TCP port literal value (see Table
17)
no tcp-source-port Removes the literal value of the TCP source port
tcp-destination-port <value> (valid for TCP protocol only) Specifies the decimal
number or a name of destination TCP port. Use
Command Description
TCP port names when filtering TCP packets only:
value: in the range of <065535> or
a TCP port literal value (see Table
17)
no tcp-destination-port Removes the literal value of the TCP destination
port
udp-source-port <value> (valid for UDP protocol only) Specifies the decimal
number or a name of source UDP port. Use UDP
port names when filtering UDP packets only:
value: in the range of <065535> or
a UDP port literal value (see Table
18)
no udp-source-port Removes the literal value of the UDP source port
udp-destination-port <value> (valid for UDP protocol only) Specifies the decimal
number or a name of a UDP destination port. Use
UDP port names when filtering UDP packets only:
value: in the range of <065535> or
a UDP port literal value (see Table
18)
no udp-destination-port Removes the literal value of the UDP destination
port
source-ip A.B.C.D/MASK
vlan <vlan-id> [vlan-mask Specifies a specific VLAN ID and mask for the
<vlan-mask>] outer IP-header:
vlan-id: in the range of <1-4094>
vlan-mask: in hexadecimal format
FF:FF:FF:FF. Use 0 for meaningful
bits (exact-match) and F for
meaningless bits (any). The last 12
bits are meaningful.
no vlan [<vlan-id>] [vlan-mask Removes the selected outer-VLAN and outer-
[<vlan-mask>]] mask:
vlan-id: (optional) in the range of
<1-4094>
Command Description
vlan-mask: (optional) in
hexadecimal format FF:FF:FF:FF
vpt <priority> Specifies packet filtering by the VLAN Priority Tag
(VPT) in the outer-VLAN tag header:
priority: in the range of <0-7>
no vpt [<priority>] Removes the selected VPT:
priority: (optional) in the range
of <0-7>
dscp <value> Specifies packet filtering by the DSCP value in the
IP header of the packet:
value: in the range of <0-63>
no dscp [<value>] Removes the defined DSCP value
parent <id> single-rate-limit {cbs Specifies a parent rate-limiter, which allows you to
<value> | cir <value>} configure Hierarchical policers on the device.
id: in the range of <1-200>
single-rate-limit: configures a
rate limit for the parent group
cbs <value>: specifies the
Committed Burst Size (CBS), in the
range of <1-262144> KB
cir <value>: specifies the
Committed Information Rate (CIR),
in the range of, <81000000>
(depends on the link capacity) kbps
no parent <id> single-rate-limit Removes the configured parent
{cbs | cir}
Command Description
NOTE
For unqualified SAPs, options
inner-vpt and inner-vlan must
be used as a matching option.
For qualified SAPs, options
VPT and VLAN must be used
as a matching option.
agN: LAG ID. N is in the range of
<1-14>
vlan-id: (optional) in the range of
<1-4094>
igmp: (optional) indicates the
traffic type for the SAP port
UU1/SS1/PP1: CES WAN port, facing
the packet processor. The valid
values are: 1/3/9.
ces-circuit: circuit ID in the
range of <1-64>
ces: for circuits carrying data
packets
ces-oos: for circuits carrying
control packets
For more details refer to Configuring Circuit
Emulation Services (CES) of this User Guide
no vpls <vpls-id> sap [{{UU/SS/PP Removes the SAP:
| agN}[:[igmp] | :[<vlan-
id>]:[igmp] | UU/SS/PP: the corresponding
UU1/SS1/PP1:<ces- physical port (unit, slot and port)
circuit>:{ces | ces-oos}} ] defined as SAP.(can be obtained
from the show port command)
The valid port range is:
UU/SS/PP: 1/1/1-1/1/4, 1/2/1-1/2/8
agN: LAG ID. N is in the range of
<1-14>
vlan-id: (optional) in the range of
<1-4094>
igmp: (optional) indicates the
traffic type for the SAP port
UU1/SS1/PP1: CES WAN port, facing
the packet processor. The valid
values are: 1/3/9.
ces-circuit: circuit ID in the
range of <1-64>
ces: for circuits carrying data
packets
ces-oos: for circuits carrying
control packets
For more details refer to Configuring Circuit
Command Description
Emulation Services (CES) of this User Guide
tls <service-id> sap {UU/SS/PP |
agN} c-vlan {<cvlan-id> | all
| untagged} Creates a TLS service instance and enters TLS
Configuration mode:
service-id: in the range of <1
4294967295>
sap: creates a service access point
(SAP) and enters SAP Configuration
mode
UU/SS/PP: SAP port, in the range of
1/1/1-1/1/4, 1/2/1-1/2/8
agN: LAG ID. N is in the range of
<1-14>
c-vlan: specifies a customer VLAN
(C-VLAN) and enters C-VLAN
Configuration mode
cvlan-id: in the range of <1-4094>
all: tunnels all the traffic
untagged: tunnels the untagged
traffic only
no tls [<service-id>] sap
[UU/SS/PP | agN] c-vlan
[<cvlan-id> | all | untagged] Removes the created TLS service:
service-id: (optional) in the range
of <14294967295>
sap: (optional) creates a service
access point (SAP) and enters SAP
Configuration mode
UU/SS/PP: (optional) SAP port, in
the range of 1/1/1-1/1/4, 1/2/1-
1/2/8
agN: (optional) LAG ID. N is in the
range of <1-14>
c-vlan: (optional) Specifies a
customer VLAN (C-VLAN) and enters
C-VLAN Configuration mode
cvlan-id: (optional) in the range
of <1-4094>
all: (optional) tunnels all the
traffic
untagged:(optional) tunnels the
untagged traffic only
dot1q <service-id> sap {UU/SS/PP Enters 802.1Q service Configuration mode for the
| agN} c-vlan {<cvlan-id> | specified SAP C-VLAN, creates a service access
untagged} point (SAP), and specifies a customer VLAN (C-
VLAN):
service-id: in the range of <1-
4294967294>
UU/SS/PP: SAP port, in the range of
Command Description
1/1/1-1/1/4 and 1/2/1-1/2/8. This
port has to be an untagged member
of the S-VLAN
agN: LAG ID. N is in the range of
<1-14>
cvlan-id: in the range of <1-4094>
all: tunnels all the traffic
untagged: tunnels the untagged
traffic only
NOTE
You cannot use the same
physical port as MPLS and TLS
SAP.
You cannot use the MPLS
uplink for L2 SAP, and vice
versa.
The default VLAN of the TLS
SAP port must not be changed.
no dot1q [<service-id>] sap Removes the specified 802.1Q service or, when
[{UU/SS/PP | agN} c-vlan used without a parameter, removes all configured
{<cvlan-id> | untagged}] 802.1Q services:
service-id: (optional) in the range
of <1-4294967294>
UU/SS/PP: (optional) SAP port, in
the range of 1/1/1-1/1/4 and 1/2/1-
1/2/8
agN: (optional) LAG ID. N is in the
range of <1-14>
cvlan-id: in the range of <1-4094>
all: tunnels all the traffic
untagged: tunnels the untagged
traffic only
access-groups-rule-sequence
<number>
Specifies the sequential order in which the ACL
rules are processed:
number: in the range of <1-250>
NOTE
When applying the same ACL type
(for example, IP or MAC ACLs) to
an already used sequence number,
remove and apply the ACL again.
This action is not required when
applying different ACL types to the
same sequence number.
no access-groups-rule-sequence Removes the configured sequence number:
[<number>]
number: (optional) in the range of
<1-250>
Command Description
ip-access-group-standard {NAME
| <acl-number>} {in | out |
vlan} Assigns a IP ACG to a port/s and enters the IP
ACG Configuration mode:
NAME: a string of <110> characters
acl-number: in the range of <1-99>
in: filters the ingress traffic
only
out: filters the egress traffic
only
vlan: redirects the matching
ingress traffic to a VLAN
no ip-access-group-standard Removes the specified IP ACG:
[NAME | <acl-number>] [in
| out | vlan] NAME: (optional) a string of
<110> characters
acl-number: (optional) in the range
of <1-99>
in: (optional) filters the ingress
traffic only
out: (optional) filters the egress
traffic only
vlan: redirects the matching
ingress traffic to a VLAN
restrict-egress-forwarding (valid only for ingress ACLs) Restricts the traffic
UU/SS/PP to be forwarded only to a specific port:
UU/SS/PP: 1/1/1-1/1/4, 1/2/1-1/2/8
no restrict-egress-forwarding Removes the restriction from all ports or only from
[UU/SS/PP] the selected port when the UU/SS/PP argument is
specified
fc <value> Applies forwarding class (FC) mapping on ACG
(only the ingress traffic) and enters the FC
Configuration mode:
value: FC value (see Table 19)
no fc [<value>] Removes FC mapping:
value: (optional) FC value
color {red | green | Specifies the conforming level:
yellow}
red: the non-conforming drop level
green: the conforming drop level
yellow: the partially conforming
level
monitoring-profile <profile- Enables fps and bps packet counters per ACL
id> rules:
profile-id: any number. Up to 24
profiles can be defined.
no monitoring-profile Disables fps and bps monitoring:
[<profile-id>]
profile-id: (optional) any number
Command Description
rate-limit {dual | single} Applies a rate-limit on the ACG for the specified
port and enters Rate-Limit Configuration mode:
dual: the Two Rate Three Color
Marker (RFC 2698)
single: the Single Rate Three Color
Marker (RFC 2697)
no rate-limit [dual | single] Removes the rate limit from the configured ACG:
dual: (optional) the Two Rate Three
Color Marker (RFC 2698)
single: (optional)the Single Rate
Three Color Marker (RFC 2697)
cbs <value> Specifies the Committed Burst Size (CBS):
value: in the range of <1-262144>
KB
100 KB
no cbs Restores to default
pbs <value> (valid only for dual rate) Specifies the Peak Burst
Size (PBS):
value: in the range of <1-262144>
KB
100 KB
no pbs Restores to default
pir <value> (valid only for dual rate) Specifies the Peak
Information Rate (PIR):
value: in the range of, <81000000>
(depends on the link capacity) kbps
1000 kbps
no pir Restores to default
ebs <value> (valid only for single rate) Specifies the Excess
Burst Size (EBS):
value: in the range of <0-262144>
KB
100 KB
no ebs Restores to default
exceed-action {drop | Specifies the action performed once the packet is
mark-yellow | mark-red} classified as exceeding a particular rate limit:
drop: drops the packet
Command Description
Command Description
ip-access-group-extended {NAME
| <acl-number>} {in | out |
vlan} Assigns a IP ACG to a port/s and enters the IP
ACG Configuration mode:
NAME: a string of
<110> characters
acl-number: in the range of <100-
199>
in: filters the ingress traffic
only
out: filters the egress traffic
only
vlan: redirects the matching
ingress traffic to a VLAN
no ip-access-group-extended Removes the specified IP ACG:
[NAME | <acl-number>] [in |
out | vlan] NAME: (optional) a string of
110 characters
acl-number: (optional) in the range
of <100-199>
in: (optional) filters the ingress
traffic only
out: (optional) filters the egress
traffic only
vlan: redirects the matching
ingress traffic to a VLAN
restrict-egress-forwarding (valid only for ingress ACLs) Restricts the traffic
UU/SS/PP to be forwarded only to a specific port:
UU/SS/PP: 1/1/1-1/1/4, 1/2/1-1/2/8
no restrict-egress-forwarding Removes the restriction from all ports or only from
[UU/SS/PP] the selected port when the UU/SS/PP argument is
specified
fc <value> Applies forwarding class (FC) mapping on ACG
(only the ingress traffic) and enters FC
Configuration mode:
value: FC value (see Table 19)
no fc [<value>] Removes FC mapping:
Command Description
pbs <value> (valid only for dual rate) Specifies the Peak Burst
Size (PBS):
v value: in the range of <1-262144>
KB
100 KB
no pbs Restores to default
pir <value> (valid only for dual rate) Specifies the Peak
Command Description
Information Rate (PIR):
value: in the range of, <81000000>
(depends on the link capacity) kbps
1000 kbps
no pir Restores to default
ebs <value> (valid only for single rate) Specifies the Excess
Burst Size (EBS):
value: in the range of <0-262144>
KB
100 KB
no ebs Restores to default
Command Description
inner-vpt <priority> (for egress ACLs) Changes the VLAN Priority Tag
(VPT) in the inner-VLAN tag header:
priority: the new VPT value in the
range of <07>
no inner-vpt [<priority>] Removes the defined VPT:
priority: (optional) in the range
of <07>
vpt <priority> (For VLAN and egress ACLs) Changes the VLAN
Priority Tag (VPT) in the outer-VLAN tag header:
priority: the new VPT value in the
range of <0-7>
no vpt [<priority>] Removes the defined VPT:
priority: (optional) in the range
of <07>
copy-inner-vpt-to-outer-vpt (valid only for ingress ACLs)
Remarks the outer S-VLAN ID with the inner C-
VLAN ID
Disabled
no copy-inner-vpt-to-outer- Restores to default
vpt
set-green-to-dscp <value> (valid only for egress ACLs) Remarks the DSCP
value in the IP header for traffic marked green:
value: in the range of <0-63>
no set-green-to-dscp Removes the configured value
set-green-to-vpt <value> (valid only for egress ACLs) Remarks the CoS
priority value in the IP header for traffic marked
green:
value: in the range of <0-7>
no set-green-to-vpt Removes the configured value
set-red-to-dscp <value> (valid only for egress ACLs) Remarks the DSCP
value in the IP header for traffic marked red:
value: in the range of <0-63>
no set-red-to-dscp Removes the configured value
set-red-to-vpt <value> (valid only for egress ACLs) Remarks the CoS
priority value in the IP header for traffic marked
green:
value: in the range of <0-7>
no set-red-to-vpt Removes the configured value
set-yellow-to-dscp <value> (valid only for egress ACLs) Remarks the DSCP
value in the IP header for traffic marked red:
Command Description
set-yellow-to-vpt <value> (valid only for egress ACLs) Remarks the CoS
priority value in the IP header for traffic marked
green:
value: in the range of <0-7>
no set-yellow-to-vpt Removes the configured value
set-green-to-fc <value> (valid only for ingress ACLs) Maps traffic marked
green to a Forwarding Class (FC):
value: FC value (see Table 19)
no set-green-to-fc Removes the configured value
set-red-to-fc <value> (valid only for ingress ACLs) Maps traffic marked
red to a Forwarding Class (FC):
value: FC value (see Table 19)
no set-red-to-fc Removes the configured value
set-yellow-to-fc <value> (valid only for ingress ACLs) Maps traffic marked
yellow to a Forwarding Class (FC):
value: FC value (see Table 19)
no set-yellow-to-fc Removes the configured value
Command Description
show port UU/SS/PP [access-groups- Displays information about the extended IP ACGs,
rule-sequence <number>] ip-access- filtered by the command arguments:
group-extended [NAME | <acl-
number>] [in | out | vlan] UU/SS/PP: port number
[monitoring-profile <profile-id>
[statistics [fbrs-green-bps | fbrs- number: the sequence number ,in the
green-fps | fbrs-match-counter-bps | range of <1-250>
fbrs-match-counter-fps | fbrs-not-
green-bps | fbrs-not-green-fps | NAME: a string of
fbrs-not-red-bps | fbrs-not-red-fps | <110> characters
fbrs-red-bps | fbrs-red-fps | fbrs-
yellow-bps | fbrs-yellow-fps | green- acl-number: in the range of <100-
bps | green-fps | match-counter-bps | 199>
match-counter-fps | not-green-bps |
not-green-fps | not-red-bps | not- in: only ingress ACGs
red-fps | red-bps | red-fps | yellow-
bps | yellow-fps]]] out: only egress ACGs
monitoring-profile statistics:
counts match packets
profile-id: any number
vlan: only VLAN traffic redirection
ACLs
NOTE
Statistics counters are reset
whenever a new ACL/monitoring
profile is applied on a port/SAP
port.
show running-config ip access-list Displays the configured IP ACLs
show running-config ip access-list Displays information about standard IP ACLs,
standard [NAME | <1-99>] filtered by command arguments
[description DESCRIPTION | rule
{<1-250> | {action {deny | permit} |
inner-vlan <vlan-id> [inner-vlan-mask
<VLAN mask>] | inner-vpt <priority>
| source-ip A.B.C.D/MASK | untagged
| vlan <vlan-id> [vlan-mask <vlan-
mask>] | vpt <priority>}}]
Command Description
- [no] untagged
+ port UU/SS/PP
[no] access-groups-rule-sequence <number>
+ [no] ipv6-access-group NAME in
- [no] restrict-egress-forwarding UU/SS/PP
+ [no] fc <value>
- color {red | green | yellow}
- [no] monitoring-profile <profile-id>
+ [no] rate-limit {dual | single}
- [no] cbs <value>
- [no] cir <value>
- [no] color-aware
- [no] ebs <value>
- [no] pbs <value>
- [no] pir <value>
- [no] exceed-action {drop | mark-yellow |
mark-red}
- [no] set-green-to-fc <value>
- [no] set-red-to-fc <value>
- [no] set-yellow-to-fc <value>
- [no] copy-inner-vpt-to-outer-vpt
- [no] redirect UU/SS/PP
+ ethernet lag lag-id agN
[no] access-groups-rule-sequence <number>
+ [no] ipv6-access-group NAME in
- [no] restrict-egress-forwarding UU/SS/PP
+ [no] fc <value>
- color {red | green | yellow}
- [no] monitoring-profile <profile-id>
+ [no] rate-limit {dual | single}
- [no] cbs <value>
- [no] cir <value>
- [no] color-aware
- [no] ebs <value>
- [no] pbs <value>
- [no] pir <value>
- [no] exceed-action {drop | mark-yellow |
mark-red}
- [no] set-green-to-fc <value>
- [no] set-red-to-fc <value>
rule <value>
Command Description
Command Description
Packets that do no match are TCP packets sent
to initialize a TCP session.
no established (valid for TCP protocol only) Removes the
configured match of ACK or RST bits.
icmp-code <value> ( valid for ICMP protocol only) matches ICMP
packets by the ICMP message code:
value: in the range of <0255> or
a valid literal ICMP message code
(see Table 13)
no icmp-code Removes the ICMP message code
Command Description
port
source-ip IPv6-PREFIX/LENGTH
Command Description
service
Command Description
dot1q <service-id> sap {UU/SS/PP Enters 802.1Q service Configuration mode for
| agN} c-vlan {<cvlan-id> | the specified SAP C-VLAN, creates a service
untagged} access point (SAP), and specifies a customer
VLAN (C-VLAN):
service-id: in the range of <1-
4294967294>
UU/SS/PP: SAP port, in the range
of 1/1/1-1/1/4 and 1/2/1-1/2/8.
This port has to be an untagged
member of the S-VLAN
agN: LAG ID. N is in the range of
<1-14>
cvlan-id: in the range of <1-4094>
all: tunnels all the traffic
untagged: tunnels the untagged
traffic only
NOTE
You cannot use the same
physical port as MPLS and TLS
SAP.
You cannot use the MPLS
uplink for L2 SAP, and vice
versa.
The default VLAN of the TLS
SAP port must not be changed.
no dot1q [<service-id>] sap Removes the specified 802.1Q service or, when
[{UU/SS/PP | agN} c-vlan used without a parameter, removes all
{<cvlan-id> | untagged}] configured 802.1Q services:
service-id: (optional) in the
range of <1-4294967294>
UU/SS/PP: (optional) SAP port, in
the range of 1/1/1-1/1/4 and
1/2/1-1/2/8
agN: (optional) LAG ID. N is in
the range of <1-14>
cvlan-id: in the range of <1-4094>
all: tunnels all the traffic
untagged: tunnels the untagged
traffic only
vpls <vpls-id> sap {{UU/SS/PP |
agN}[:[igmp] | :[<vlan-
id>]:[igmp] | UU1/SS1/PP1:<ces- Adds a client port to a specific VPLS instance
circuit>:{ces | ces-oos}} and enters SAP Configuration mode:
vpls-id: in the range of <1
4294967295>
UU/SS/PP: the corresponding
physical port (unit, slot and
port) defined as SAP.(can be
obtained from the show port
Command Description
command)
The valid port range is:
UU/SS/PP: 1/1/1-1/1/4, 1/2/1-1/2/8
NOTE
For unqualified SAPs, options
inner-vpt and inner-vlan must
be used as a matching option.
For qualified SAPs, options
VPT and VLAN must be used
as a matching option.
agN: LAG ID. N is in the range of
<1-14>
vlan-id: (optional) in the range
of <1-4094>
igmp: (optional) indicates the
traffic type for the SAP port
UU1/SS1/PP1: CES WAN port, facing
the packet processor. The valid
values are: 1/3/9.
ces-circuit: circuit ID in the
range of <1-64>
ces: for circuits carrying data
packets
ces-oos: for circuits carrying
control packets
For more details refer to Configuring Circuit
Emulation Services (CES) of this User Guide
no vpls <vpls-id> sap {{UU/SS/PP | Removes the SAP:
agN}[:[igmp] | :[<vlan-
id>]:[igmp] | UU1/SS1/PP1:<ces- UU/SS/PP: the corresponding
circuit>:{ces | ces-oos}} physical port (unit, slot and
port) defined as SAP.(can be
obtained from the show port
command)
agN: LAG ID. N is in the range of
<1-14>
vlan-id: (optional) in the range
of <1-4094>
igmp: (optional) indicates the
traffic type for the SAP port
UU1/SS1/PP1: CES WAN port, facing
the packet processor. The valid
values are: 1/3/9.
ces-circuit: circuit ID in the
range of <1-64>
ces: for circuits carrying data
packets
ces-oos: for circuits carrying
control packets
Command Description
Command Description
pbs <value> (valid only for dual rate) Specifies the Peak Burst
Size (PBS):
value: in the range of <1-262144>
KB
100 KB
no pbs Restores to default
pir <value> (valid only for dual rate) Specifies the Peak
Information Rate (PIR):
value: in the range of, <8
1000000> (depends on the link
capacity) kbps
1000 kbps
Command Description
ebs <value> (valid only for single rate) Specifies the Excess
Burst Size (EBS):
value: in the range of <0-262144>
KB
100 KB
no ebs Restores to default
exceed-action {drop | mark- Specifies the action performed once the packet is
yellow | mark-red} classified as exceeding a particular rate limit:
drop: drops the packet
mark-yellow: marks the packet as
yellow
mark-red: marks the packet as red
Drop
no exceed-action [drop | Restores to default
mark-yellow | mark-red]
set-green-to-fc <value> (valid only for ingress ACLs) Maps traffic marked
green to a Forwarding Class (FC):
value: FC value (see Table 16)
no set-green-to-fc Removes the configured value
set-red-to-fc <value> (valid only for ingress ACLs) Maps traffic marked
red to a Forwarding Class (FC):
value: FC value (see Table 19)
no set-red-to-fc Removes the configured value
set-yellow-to-fc <value> (valid only for ingress ACLs) Maps traffic marked
yellow to a Forwarding Class (FC):
value: FC value (see Table 16)
no set-yellow-to-fc Removes the configured value
copy-inner-vpt-to-outer-vpt (valid only for ingress ACLs)
Remarks the outer S-VLAN ID with the inner C-
VLAN ID
Disabled
no copy-inner-vpt-to-outer-vpt Restores to default
show port UU/SS/PP [access-groups- Displays the IPv6 ACGs configured on ports:
Command Description
rule-sequence <number>] ipv6-
UU/SS/PP: port number
access-group NAME [in] [monitoring-
profile <profile-id> [statistics number: the sequence number ,in
[fbrs-green-bps | fbrs-green-fps | the range of <1-250>
fbrs-match-counter-bps | fbrs-match-
counter-fps | fbrs-not-green-bps | NAME: a string of
fbrs-not-green-fps | fbrs-not-red- <110> characters
bps | fbrs-not-red-fps | fbrs-red-
bps | fbrs-red-fps | fbrs-yellow-bps in: only ingress ACGs
| fbrs-yellow-fps | green-bps |
green-fps | match-counter-bps | monitoring-profile statistics:
match-counter-fps | not-green-bps | counts match packets
not-green-fps | not-red-bps | not-
red-fps | red-bps | red-fps | profile-id: any number
yellow-bps | yellow-fps]]]
NOTE
Statistics counters are reset
whenever a new ACL/monitoring
profile is applied on a port.
show running-config ipv6 access-list Displays the configured IPv6 ACLs
Command Description
rule <value>
Command Description
source_mac HH:HH:HH:HH:HH:HH
source_mac_mask
HH:HH:HH:HH:HH:HH Specifies the source MAC-address of the packet
and the mask:
HH:HH:HH:HH:HH:HH: MAC address and
mask in hexadecimal format. The
any keyword that represents all
MAC addresses
tos <value> The ACL rule matches packets by the service
level type:
value: in the range of <015> or a
literal ToS value (See Table 13)
no tos Removes the valid literal ToS value
untagged The ACL rule matches untagged packets only
Both tagged and untagged
no untagged Restores to default
vlan <vlan-id> [vlan-mask Denies a specific VLAN ID and mask for the
<vlan-mask>] outer IP-header:
vlan-id: in the range of <1-4094>
vlan-mask: in hexadecimal format
FF:FF:FF:FF. Use 0 for meaningful
bits (exact-match) and F for
meaningless bits (any). The last
12 bits are meaningful.
no vlan [<vlan-id>] [vlan-mask Removes the selected outer-VLAN and outer-
[<vlan-mask>]] mask:
vlan-id: (optional) in the range
of <1-4094>
vlan-mask: (optional) in
hexadecimal format FF:FF:FF:FF
vpt <priority> Specifies packet filtering by the VLAN Priority
Tag (VPT) in the outer-VLAN tag header:
priority: in the range of <0-7>
no vpt [<priority>] Removes the selected VPT:
priority: (optional) in the range
of <0-7>
dscp <value> Specifies packet filtering by the DSCP value in
the IP header of the packet:
value: in the range of <0-63>
no dscp [<value>] Removes the defined DSCP value
ethernet lag lag-id agN Creates a static LAG and enters LAG
Command Description
Configuration mode:
agN: LAG ID. N is in the range of
<1-14>
service
parent <id> single-rate-limit {cbs Specifies a parent rate-limiter, which allows you
<value> | cir <value>} to configure Hierarchical policers on the device.
id: in the range of <1-200>
single-rate-limit: configures a
rate limit for the parent group
cbs <value>: specifies the
Committed Burst Size (CBS), in the
range of <1-262144> KB
cir <value>: specifies the
Committed Information Rate (CIR),
in the range of, <81048575>
(depends on the link capacity)
kbps
no parent <id> single-rate-limit Removes the configured parent
{cbs | cir}
Command Description
Command Description
NOTE
Command Description
Command Description
only
vlan: redirects the matching
ingress traffic to a VLAN
no mac-access-group [NAME | Removes the specified MAC ACG:
<acl-number>] [in | out |
vlan] NAME: (optional) a string of
<110> characters
acl-number: (optional) in the
range of <400-499>
in: (optional) filters the ingress
traffic only
out: (optional) filters the egress
traffic only
vlan: redirects the matching
ingress traffic to a VLAN
restrict-egress-forwarding (valid only for ingress ACLs) Restricts the traffic
UU/SS/PP to be forwarded only to a specific port:
UU/SS/PP: 1/1/1-1/1/4, 1/2/1-1/2/8
no restrict-egress-forwarding Removes the restriction from all ports or only
[UU/SS/PP] from the selected port when the UU/SS/PP
argument is specified
fc <value> Applies forwarding class (FC) mapping on ACG
(only the ingress traffic) and enters FC
Configuration mode:
value: FC value (see Table 19)
no fc [<value>] Removes FC mapping:
value: (optional) FC value
color {red | green | Specifies the conforming level:
yellow}
red: the non-conforming drop level
green: the conforming drop level
yellow: the partially conforming
level
monitoring-profile <profile- Enables fps and bps packet counters per ACL
id> rules:
profile-id: any number. Up to 24
profiles can be defined.
no monitoring-profile Disables fps and bps monitoring:
[<profile-id>]
profile-id: (optional) any number
rate-limit {dual | single} Applies a rate-limit on the ACG for the specified
port and enters Rate-Limit Configuration mode:
dual: the Two Rate Three Color
Marker (RFC 2698)
single: the Single Rate Three
Color Marker (RFC 2697)
no rate-limit [dual | single] Removes the rate limit from the configured ACG:
dual: (optional) the Two Rate
Three Color Marker (RFC 2698)
Command Description
pbs <value> (valid only for dual rate) Specifies the Peak Burst
Size (PBS):
value: in the range of <1-262144>
KB
100 KB
no pbs Restores to default
pir <value> (valid only for dual rate) Specifies the Peak
Information Rate (PIR):
value: in the range of, <8
1000000> (depends on the link
capacity) kbps
1000 kbps
no pir Restores to default
ebs <value> (valid only for single rate) Specifies the Excess
Burst Size (EBS):
value: in the range of <0-262144>
KB
100 KB
no ebs Restores to default
exceed-action {drop | Specifies the action performed once the packet is
mark-yellow | mark-red} classified as exceeding a particular rate limit:
drop: drops the packet
mark-yellow: marks the packet as
yellow
mark-red: marks the packet as red
Drop
no exceed-action [drop | Restores to default
mark-yellow | mark-red]
Command Description
Command Description
VLAN ID
Disabled
no copy-inner-vpt-to-outer-vpt Restores to default
set-green-to-dscp <value> (valid only for egress ACLs) Remarks the DSCP
value in the IP header for traffic marked green:
value: in the range of <0-63>
no set-green-to-dscp Removes the configured value
set-green-to-vpt <value> (valid only for egress ACLs) Remarks the CoS
priority value in the IP header for traffic marked
green:
value: in the range of <0-7>
no set-green-to-vpt Removes the configured value
set-red-to-dscp <value> (valid only for egress ACLs) Remarks the DSCP
value in the IP header for traffic marked red:
value: in the range of <0-63>
no set-red-to-dscp Removes the configured value
set-red-to-vpt <value> (valid only for egress ACLs) Remarks the CoS
priority value in the IP header for traffic marked
green:
value: in the range of <0-7>
no set-red-to-vpt Removes the configured value
set-yellow-to-dscp <value> (valid only for egress ACLs) Remarks the DSCP
value in the IP header for traffic marked red:
value: in the range of <0-63>
no set-yellow-to-dscp Removes the configured value
set-yellow-to-vpt <value> (valid only for egress ACLs) Remarks the CoS
priority value in the IP header for traffic marked
green:
value: in the range of <0-7>
no set-yellow-to-vpt Removes the configured value
set-green-to-fc <value> (valid only for ingress ACLs) Maps traffic marked
green to a Forwarding Class (FC):
value: FC value (see Table 19)
no set-green-to-fc Removes the configured value
set-red-to-fc <value> (valid only for ingress ACLs) Maps traffic marked
red to a Forwarding Class (FC):
value: FC value (see Table 19)
no set-red-to-fc Removes the configured value
set-yellow-to-fc <value> (valid only for ingress ACLs) Maps traffic marked
yellow to a Forwarding Class (FC):
value: FC value (see Table 19)
no set-yellow-to-fc Removes the configured value
- [no] color-aware
- [no] ebs <value>
- [no] pbs <value>
- [no] pir <value>
+ [no] vpls <vpls-id> sap{{UU/SS/PP | agN}[:[igmp] | :[<vlan-
id>]:[igmp] | UU1/SS1/PP1:<ces-circuit>:{ces | ces-oos}}
- [no] access-groups-rule-sequence <number>
+ [no] ether-type-access-group {NAME | <acl-number>}
in
- [no] restrict-egress-forwarding UU/SS/PP
- [no] fc <value>
- color {red | green | yellow}
- [no] monitoring-profile <profile-id>
+ [no] rate-limit {dual | single}
- [no] cbs <value>
- [no] cir <value>
- [no] color-aware
- [no] ebs <value>
- [no] pbs <value>
- [no] pir <value>
- [no] exceed-action {drop | mark-yellow |
mark-red}
- [no] parent <id>
- [no] redirect UU/SS/PP
- [no] set-green-to-fc <value>
- [no] set-red-to-fc <value>
- [no] set-yellow-to-fc <value>
+ [no] ether-type-access-group {NAME | <acl-number>}
out
+ [no] rate-limit {dual | single}
- [no] cbs <value>
- [no] cir <value>
- [no] color-aware
- [no] ebs <value>
- [no] pbs <value>
- [no] pir <value>
- show port UU/SS/PP [access-groups-rule-sequence <number>] ether-type-
access-group [NAME | <acl-number>] [in | out | vlan] [monitoring-
profile <profile-id> [statistics [fbrs-green-bps | fbrs-green-fps |
fbrs-match-counter-bps | fbrs-match-counter-fps | fbrs-not-green-bps
| fbrs-not-green-fps | fbrs-not-red-bps | fbrs-not-red-fps | fbrs-
red-bps | fbrs-red-fps | fbrs-yellow-bps | fbrs-yellow-fps | green-
bps | green-fps | match-counter-bps | match-counter-fps | not-green-
rule <value>
Command Description
EtherType:
type: see Table 20
ether-type-mask: (Optional) allows
a range of EtherTypes to be
specified together
mask: hexadecimal number in the
range of <0-FFFF>. An EtherType
mask of 0 requires an exact match
of the EtherType.
no ether-type [<type>] [ether- Removes the specified EtherType:
type-mask [<mask>]]
type: (optional) see Table 20
ether-type-mask: (Optional) allows
a range of EtherTypes to be
specified together
mask: (Optional) hexadecimal number
in the range of <0-FFFF>
inner-vlan <vlan-id> [inner- Defines a specific VLAN ID and mask for the inner
vlan-mask <vlan-mask>] vlan tag. Applying it on TLS SAP is meaningless.
It cannot be used in combination with the
untagged option.
vlan-id: in the range of <1-4094>
vlan-mask: in hexadecimal format
FF:FF:FF:FF. Use 0 for meaningful
bits (exact-match) and F for
meaningless bits (any). The last 12
bits are meaningful.
no inner-vlan [<vlan-id>] Removes the selected inner-VLAN and inner-
[inner-vlan-mask [<vlan- mask:
mask>]]
vlan-id: (optional) in the range of
<1-4094>
vlan-mask: (optional) in
hexadecimal format FF:FF:FF:FF
inner-vpt <priority> Specifies packet filtering by the VLAN Priority Tag
(VPT) in the inner-VLAN tag header:
priority: in the range of <0-7>
no inner-vpt [<priority>] Removes the selected VPT:
priority: (optional) in the range
of <0-7>
precedence TYPE Supported only when the value of the
EtherType field of the Ethernet frame is
0x0800.
The ACL rule matches packets by literal
precedence values.
TYPE: see Table 14
no precedence Removes the precedence value
Command Description
type:
value: in the range of <015> or a
valid literal ToS value (See Table
13)
no tos Removes the valid literal ToS value
vlan <vlan-id> [vlan-mask Denies a specific VLAN ID and mask for the outer
<vlan-mask>] IP-header:
vlan-id: in the range of <1-4094>
vlan-mask: in hexadecimal format
FF:FF:FF:FF. Use 0 for meaningful
bits (exact-match) and F for
meaningless bits (any). The last 12
bits are meaningful.
no vlan [<vlan-id>] [vlan-mask Removes the selected outer-VLAN and outer-
[<vlan-mask>]] mask:
vlan-id: (optional) in the range of
<1-4094>
vlan-mask: (optional) in
hexadecimal format FF:FF:FF:FF
vpt <priority> Supported only when the value of the
EtherType field of the Ethernet frame is
0x8100.
Specifies packet filtering by the VLAN Priority Tag
(VPT) in the outer-VLAN tag header:
priority: in the range of <0-7>
no vpt [<priority>] Removes the selected VPT:
priority: (optional) in the range
of <0-7>
untagged The ACL rule matches untagged packets only
Both tagged and untagged
no untagged Restores to default
ethernet lag lag-id agN Creates a static LAG and enters LAG
Configuration mode:
agN: LAG ID. N is in the range of
<1-14>
service
Command Description
parent <id> single-rate-limit {cbs Specifies a parent rate-limiter, which allows you to
<value> | cir <value>} configure Hierarchical policers on the device.
id: in the range of <1-200>
single-rate-limit: configures a
rate limit for the parent group
cbs <value>: specifies the
Committed Burst Size (CBS), in the
range of <1-262144> KB
cir <value>: specifies the
Committed Information Rate (CIR),
in the range of, <81000000>
(depends on the link capacity) kbps
no parent <id> single-rate-limit Removes the configured parent
{cbs | cir}
Command Description
control packets
For more details refer to Configuring Circuit
Emulation Services (CES) of this User Guide
no vpls <vpls-id> sap [{{UU/SS/PP Removes the SAP:
| agN}[:[igmp] | :[<vlan-
id>]:[igmp] | UU/SS/PP: the corresponding
UU1/SS1/PP1:<ces- physical port (unit, slot and port)
circuit>:{ces | ces-oos}} ] defined as SAP.(can be obtained
from the show port command)
The valid port range is:
UU/SS/PP: 1/1/1-1/1/4, 1/2/1-1/2/8
agN: LAG ID. N is in the range of
<1-14>
vlan-id: (optional) in the range of
<1-4094>
igmp: (optional) indicates the
traffic type for the SAP port
UU1/SS1/PP1: CES WAN port, facing
the packet processor. The valid
values are: 1/3/9.
ces-circuit: circuit ID in the
range of <1-64>
ces: for circuits carrying data
packets
ces-oos: for circuits carrying
control packets
For more details refer to Configuring Circuit
Emulation Services (CES) of this User Guide
tls <service-id> sap {UU/SS/PP |
agN} c-vlan {<cvlan-id> | all
| untagged} Creates a TLS service instance and enters TLS
Configuration mode:
service-id: in the range of <1
4294967295>
sap: creates a service access point
(SAP) and enters SAP Configuration
mode
UU/SS/PP: SAP port, in the range of
1/1/1-1/1/4, 1/2/1-1/2/8
agN: LAG ID. N is in the range of
<1-14>
c-vlan: specifies a customer VLAN
(C-VLAN) and enters C-VLAN
Configuration mode
cvlan-id: in the range of <1-4094>
all: tunnels all the traffic
untagged: tunnels the untagged
traffic only
no tls [<service-id>] sap
[UU/SS/PP | agN] c-vlan
Command Description
[<cvlan-id> | all | untagged] Removes the created TLS service:
service-id: (optional) in the range
of <14294967295>
sap: (optional) creates a service
access point (SAP) and enters SAP
Configuration mode
UU/SS/PP: (optional) SAP port, in
the range of 1/1/1-1/1/4, 1/2/1-
1/2/8
agN: (optional) LAG ID. N is in the
range of <1-14>
c-vlan: (optional) specifies a
customer VLAN (C-VLAN) and enters
C-VLAN Configuration mode
cvlan-id: (optional) in the range
of <1-4094>
all: (optional) tunnels all the
traffic
untagged:(optional) tunnels the
untagged traffic only
dot1q <service-id> sap {UU/SS/PP Enters 802.1Q service Configuration mode for the
| agN} c-vlan {<cvlan-id> | specified SAP C-VLAN, creates a service access
untagged} point (SAP), and specifies a customer VLAN (C-
VLAN):
service-id: in the range of <1-
4294967294>
UU/SS/PP: SAP port, in the range of
1/1/1-1/1/4 and 1/2/1-1/2/8. This
port has to be an untagged member
of the S-VLAN
agN: LAG ID. N is in the range of
<1-14>
cvlan-id: in the range of <1-4094>
all: tunnels all the traffic
untagged: tunnels the untagged
traffic only
NOTE
You cannot use the same
physical port as MPLS and TLS
SAP.
You cannot use the MPLS
uplink for L2 SAP, and vice
versa.
The default VLAN of the TLS
SAP port must not be changed.
no dot1q [<service-id>] sap Removes the specified 802.1Q service or, when
[{UU/SS/PP | agN} c-vlan used without a parameter, removes all configured
{<cvlan-id> | untagged}] 802.1Q services:
service-id: (optional) in the range
Command Description
of <1-4294967294>
UU/SS/PP: (optional) SAP port, in
the range of 1/1/1-1/1/4 and 1/2/1-
1/2/8
agN: (optional) LAG ID. N is in the
range of <1-14>
cvlan-id: in the range of <1-4094>
all: tunnels all the traffic
untagged: tunnels the untagged
traffic only
access-groups-rule-sequence
<number>
Specifies the sequential order in which ACL rules
are processed:
number: in the range of <1-250>
NOTE
When applying the same ACL type
(for example, IP or MAC ACLs) to
an already used sequence number,
remove and apply the ACL again.
This action is not required when
applying different ACL types to the
same sequence number.
no access-groups-rule-sequence Removes the configured sequence number:
[<number>]
number: (optional) in the range of
<1-250>
ether-type-access-group {NAME |
<acl-number>} {in | out |
vlan} Assigns an EtherType ACG to a port/s and enters
EtherType ACG Configuration mode:
NAME: a string of
<110> characters
acl-number: in the range of <500-
599>
in: filters the ingress traffic
only
out: filters the egress traffic
only
vlan: redirects the matching
ingress traffic to a VLAN
no ether-type-access-group Removes the specified EtherType ACG:
[NAME | <acl-number>] [in
| out | vlan] NAME: (optional) a string of
<110> characters
acl-number: (optional) in the range
of <500-599>
in: (optional) filters the ingress
traffic only
out: (optional) filters the egress
traffic only
Command Description
Command Description
pbs <value> (valid only for dual rate) Specifies the Peak Burst
Size (PBS):
value: in the range of <1-262144>
KB
100 KB
no pbs Restores to default
pir <value> (valid only for dual rate) Specifies the Peak
Information Rate (PIR):
value: in the range of, <81000000>
(depends on the link capacity) kbps
1000 kbps
no pir Restores to default
ebs <value> (valid only for single rate) Specifies the Excess
Burst Size (EBS):
value: in the range of <0-262144>
KB
100 KB
no ebs Restores to default
exceed-action {drop | Specifies the action performed once the packet is
mark-yellow | mark-red} classified as exceeding a particular rate limit:
drop: drops the packet
mark-yellow: marks the packet as
yellow
mark-red: marks the packet as red
Drop
no exceed-action [drop | Restores to default
mark-yellow | mark-red]
Command Description
set-green-to-vpt <value> (valid only for egress ACLs) Remarks the CoS
priority value in the IP header for traffic marked
green:
value: in the range of <0-7>
no set-green-to-vpt Removes the configured value
Command Description
set-red-to-dscp <value> (valid only for egress ACLs) Remarks the DSCP
value in the IP header for traffic marked red:
value: in the range of <0-63>
no set-red-to-dscp Removes the configured value
set-red-to-vpt <value> (valid only for egress ACLs) Remarks the CoS
priority value in the IP header for traffic marked
green:
value: in the range of <0-7>
no set-red-to-vpt Removes the configured value
set-yellow-to-dscp <value> (valid only for egress ACLs) Remarks the DSCP
value in the IP header for traffic marked red:
value: in the range of <0-63>
no set-yellow-to-dscp Removes the configured value
set-yellow-to-vpt <value> (valid only for egress ACLs) Remarks the CoS
priority value in the IP header for traffic marked
green:
value: in the range of <0-7>
no set-yellow-to-vpt Removes the configured value
set-green-to-fc <value> (valid only for ingress ACLs) Maps traffic marked
green to a Forwarding Class (FC):
value: FC value (see Table 19)
no set-green-to-fc Removes the configured value
set-red-to-fc <value> (valid only for ingress ACLs) Maps traffic marked
red to a Forwarding Class (FC):
value: FC value (see Table 19)
no set-red-to-fc Removes the configured value
set-yellow-to-fc <value> (valid only for ingress ACLs) Maps traffic marked
yellow to a Forwarding Class (FC):
value: FC value (see Table 19)
no set-yellow-to-fc Removes the configured value
show port UU/SS/PP [access-groups-rule- Displays information about the EtherType ACGs,
sequence <number>] ether-type-access- filtered by command arguments:
group [NAME | <500-599>] [in | out |
vlan] [monitoring-profile <profile- UU/SS/PP: port number
id> [statistics [fbrs-green-bps |
fbrs-green-fps | fbrs-match-counter- number: the sequence number ,in the
bps | fbrs-match-counter-fps | fbrs- range of <1-250>
not-green-bps | fbrs-not-green-fps |
fbrs-not-red-bps | fbrs-not-red-fps | NAME: a string of
fbrs-red-bps | fbrs-red-fps | fbrs- <110> characters
yellow-bps | fbrs-yellow-fps | green-
bps | green-fps | match-counter-bps | acl-number: in the range of <500-
match-counter-fps | not-green-bps | 599>
not-green-fps | not-red-bps | not-
red-fps | red-bps | red-fps | yellow- in: only ingress ACGs
bps | yellow-fps]]]
out: only egress ACGs
monitoring-profile: the rate, in
frame per second and bytes per
second, of transmitted packets that
are marked as red, green, or yellow
on a selected port
profile-id: any number
statistics: counts match packets
vlan: only VLAN traffic redirection
ACLs
NOTE
Statistics counters will be reset
whenever a new ACL/monitoring
profile is applied on a port/SAP
port.
show running-config ether-type access- Displays information about EtherType ACLs
list
Value Description
NOTE
Permitting EtherType code 0x8XXX allows tagged traffic since EtherType 0x8100 is
used.
duplex auto
learn-new-mac-addresses
no shutdown
qos-ingress-policy defInPol
qos-egress-policy defEgPol
access-groups-rule-sequence 1
ip-access-group-standard 3 in
rate-limit single
cir 5000
cbs 50
!
exit
!
exit
!
!
3. Apply the configured ACL on port 1/1/1 and redirect the matching traffic to the VLAN 200
by changing the VLAN ID in the packet header:
device-name(config)#port 1/1/1
device-name(config-port-1/1/1)#access-groups-rule-sequence 1
device-name(config-access-groups-rule-sequence-1)#ip-access-group-extended
100 vlan
device-name(config-ip-access-group-extended-100/vlan)#vlan 200
device-name(config-ip-access-group-extended-100/vlan)#commit
Commit complete.
4. Apply the configured ACL on port 1/1/2 and limit the outgoing traffic to 5M, and remark
dscp value with 44:
device-name(config)#port 1/1/2
device-name(config-port-1/1/2)#
device-name(config-port-1/1/1)#access-groups-rule-sequence 1
device-name(config-access-groups-rule-sequence-1)#ip-access-group-extended
100 out
2. Create ACLs:
device-name(config)#ip access-list standard 66
device-name(config-standard-66)#rule 1
device-name(config-rule-1)#action permit
device-name(config-rule-1)#source-ip 1.0.0.1/32
device-name(config-rule-1)#vpt 2
device-name(config-rule-1)#ip access-list standard 67
device-name(config-standard-67)#rule 1
device-name(config-rule-1)#action permit
device-name(config-rule-1)#source-ip 1.0.0.2/32
device-name(config-rule-1)#vpt 3
device-name(config-rule-1)#ip access-list standard 68
device-name(config-standard-68)#rule 1
device-name(config-rule-1)#action permit
device-name(config-rule-1)#source-ip 1.0.0.3/32
device-name(config-rule-1)#vpt 4
device-name(config-rule-1)#commit
Commit complete.
3. Apply ACGs (on the ingress traffic only) on a SAP port with defined traffic rate-limit:
device-name(config-vpls-2)#sap 1/1/1:20:
device-name(config-sap-1/1/1:20:)#access-groups-rule-sequence 1
device-name(config-access-groups-rule-sequence-1)#ip-access-group-standard
66 in
device-name(config-ip-access-group-standard-66/in)#monitoring-profile 10
device-name(config-ip-access-group-standard-66/in)#access-groups-rule-
sequence 2
device-name(config-access-groups-rule-sequence-1)#ip-access-group-standard
67 in
device-name(config-ip-access-group-standard-67/in)#monitoring-profile 5
device-name(config-ip-access-group-standard-67/in)#access-groups-rule-
sequence 3
device-name(config-access-groups-rule-sequence-1)#ip-access-group-standard
68 in
device-name(config-ip-access-group-standard-68/in)#rate-limit single cir
5000 cbs 16
device-name(config-ip-access-group-standard-68/in)#monitoring-profile 10
device-name(config-rate-limit-single)#commit
Commit complete.
service
tls 1
sap 1/1/1
c-vlan 12
access-groups-rule-sequence 1
ip-access-group-extended 100 in
rate-limit dual
cir 1000
cbs 16
pir 2000
pbs 16
exceed-action mark-yellow
color-aware
!
monitoring-profile 10
!
!
!
!
!
!
!
Device-name(config-rule-3)#vpt 3
Device-name(config-rule-3)#commit
Commit complete.
Device-name(config-rule-3)#top
Device-name(config)#ip access-list extended 100
Device-name(config-extended-100)#rule 1
Device-name(config-rule-1)#action permit
Device-name(config-rule-1)#protocol tcp
Device-name(config-rule-1)#source-ip 1.0.0.1/32
Device-name(config-rule-1)#destination-ip 2.0.0.4/32
Device-name(config-rule-1)#commit
Commit complete.
Device-name(config-rule-1)#top
Device-name(config)#
set-green-to-vpt 7
set-yellow-to-vpt 5
dscp 20
!
!
access-groups-rule-sequence 2
ip-access-group-extended 100 out
rate-limit single
cir 50000
!
!
!
!
!
sdp s-vlan 10
ethertype 0x8100
port 1/1/2
!
!
!
!
Access Control No standards are Private MIB, RFC 2697, A Single Rate
Lists (ACLs) supported by this PRVT-SWITCH- Three Color Marker
feature. ACCESS-LIST- RFC 2698, A Two Rate Three
MIB.mib Color Marker
List of Tables 2
QoS Commands 21
Configuration Examples 40
Table of Figures
Figure 1: Port-based QoS Architecture ............................................................................................... 4
Figure 2: 802.1p Priority Header Fields .............................................................................................. 5
Figure 3: Type of Service (ToS) Header Fields .................................................................................. 6
Figure 4: Strict Priority Queuing ........................................................................................................ 10
Figure 5: Weighted Round-Robin Queuing ...................................................................................... 11
Figure 5: Service Ingress QoS Architecture ...................................................................................... 16
Figure 6: Combining Service Ingress QoS and Port-based QoS ................................................... 16
Figure 7: QoS Configuration Flow (applied on ports) .................................................................... 21
List of Tables
Table 1: Modified Deficit Round-Robin Queuing Algorithms...................................................... 12
Table 2: QoS Default Configuration ................................................................................................. 13
Table 3: QoS Default Configuration ................................................................................................. 19
Table 4: QoS Profiles Configuration Commands ............................................................................ 23
Table 5: QoS Policy Configuration Commands .............................................................................. 32
Table 6: QoS Port/Service Configuration Commands ................................................................... 37
Table 7: QoS Display Configuration Commands ............................................................................ 39
T-Marc3312SC/T-Marc3312SCH
Most browser-based applications have an asymmetric data flow (small data flows from
the browser client and large data flows from the server to the browser client). An
exception to this pattern may be created by some Java -based applications.
Web-based applications are generally tolerant of latency, jitter, and some packet loss:
however, small packet-loss may have a large impact on perceived performance due to the
nature of TCP.
File server applications typically pose the greatest demand on bandwidth. File server
applications are very tolerant of latency, jitter, and some packet loss depending on the network
operating system and the use of TCP or UDP.
QoS Mechanisms
The user can control Quality of Service behavior through the following mechanisms:
Mapping inbound packets into eight Forwarding classes that correspond to eight outbound
queues. Existing QoS markers such as VPT and DSCP values can be used for mapping
purposes.
Policing ingress traffic rate using rate-limit ACLs.
The device maps ingress traffic containing 802.1p prioritization information, to hardware queues
on the egress port of the device. The transmitting hardware queue determines bandwidth
management and priority characteristics used in packet transmission and exact mapping depends on
the employed trust mode.
By default, 802.1p priority information is not replaced or manipulated. Priority information
observed on ingress is preserved during packet transmission and is not affected by the switching or
routing configuration of the device. The device is capable of using the 802.1p priority information
of incoming traffic for internal QoS mapping and handling or ignore it (default untrusted mode)
changing, however in any case the 802.1p priority information is kept during transmission of an
802.1Q tagged frame (unless the device is configured to remark it)
The device examines the first six of eight ToS bits, known as the Differentiated Services Code
Point (DSCP), for incoming packets arriving on the ingress port. Depending on the trust mode
assigned to the packet and based on the DSCP, the device can assign the QoS priority used to
subsequently transmit the packet. QoS priority:
Controls the hardware queue used to transmit packets out of the device
Determines the forwarding class of a particular DSCP
Advantages to using the DSCP field include:
Class of service information can be carried throughout the network infrastructure without
repeated complex traffic policies at each device location
End stations can perform packet marking on an applicationspecific basis.
Application software can observe and manipulate DSCP information without performance
penalty.
This classification is performed according to the configured mapping profile and the trust mode for
the port. During this process, a "color" is assigned to each packet in addition to the FC.
The FC value determines the transmission queue and the color will be used for the Congestion
Avoidance mechanism.
There are eight FC values representing eight transmission queues with different priorities (low to
high):
be queue 1
l2 queue 2
af queue 3
l1 queue 4
h2 queue 5
ef queue 6
h1 queue 7
nc queue 8
A single packet can be assigned to one of the eight queues for transmission. The order of packet
transmission out of the queues occurs according to the configured QoS scheduling algorithm (Strict
Priority by default).
For example, a packet received with VPT 2 and classified as the Forwarding Class be (and by
extension, to transmission queue 1), will be served in queue1 but it will egress the device with the
received VPT 2.
By default, the QoS markers (VPT \DSCP) for incoming traffic to a port are ignored (untrusted
mode) and all traffic is mapped to FC "be", assigned with "green" color and transmitted via queue
1.
Normally, once traffic is assigned to a FC at the ingress it remains in that FC throughout its time
within the system.
Profiles
A profile includes a set of configurable values that can be applied within a QoS policy. The device
supports the following QoS Profile types:
Mapping Profile: Maps L2 (VPT) or L3 (DSCP) marked traffic (or both) to particular
Forwarding Classes (FCs) and traffic colors.
Scheduling Profile: Specifies the queuing/scheduling algorithm to apply to a queue.
Shaper Profile: Specifies the shaping algorithm to apply to a port or a queue.
Remarking profile: Specifies the VPT or DSCP remarking per egress according to FC and
color.
Port-Related Policies
The device supports the following port-related QoS policies:
Order of Configuration
1. Define and configure the following profiles:
Mapping profiles
Shaper profiles
Scheduling profiles
Remarking profile
2. Define and configure the ingress/egress policies.
Port Ingress Policy: Map VPT and DSCP bits for incoming traffic to internal Forwarding
Class (FC), color, and trust mode. The FC groups in ingress policies are mapped to
queues.
Port Egress Policy: Define the queueing mechanism (scheduling) and shaper profile.
Apply the configured policies to ports. Once applied, QoS profiles and policies can be
modified. For updating the configuration of any port, the applied policies must first be
first removed from that configuration. You are not able to delete profiles and polices
attached to port.
Untrusted (default): For incoming traffic, VPT\DSCP fields are ignored and all incoming
traffic is mapped to a single Forwarding Class and color, according to untrust-to-fc command
configuration.
VPT-trusted: Incoming traffic carrying VPT will be mapped according to a "global" or user-
defined mapping profile.
Inner-VPT-trusted: Incoming double-tagged traffic will be classified by inner VPT according
to a "global" or user-defined mapping profile.
DSCP-trusted: Incoming traffic carrying DSCP will be mapped according to a "global" or
user defined mapping profile.
VPT and DSCP trusted: VPT and DSCP incoming traffic will be mapped according to a
"global" or user defined mapping profile.
Traffic Scheduling
Traffic scheduling controls congestion by determining transmission order for packets based on
assigned priorities. Traffic scheduling requires:
Assignment of packets to port queues based on packet mapping
Setting the method for timing the transmission of packet out of the queues
Using scheduling features, packets accumulate at port queues waiting for transmission. Packets are
scheduled for transmission according to their assigned priority and the configured queuing
mechanism. The device determines the order of packet transmission by controlling which packets
are placed in which queue and how those queues are serviced with respect to each other.
Scheduling Methods
The following scheduling methods are available:
Strict Priority Scheduling (SP)
Weighted Round-Robin Scheduling (WRR)
Hybrid Scheduling
Deficit Round Robin Scheduling (DRR)
Modified Deficit Round Robin Scheduling (MDRR)
Using SP can mean that lower priority traffic is denied bandwidth in favor of higher priority traffic.
As a result, use of Strict Priority could, in the worst case, result in lower priority traffic never being
transmitted. To avoid inflicting this condition on lower priority traffic, use rate-limit to control the
rate of the higher priority traffic.
Figure 4: illustrates the Strict Priority mechanism in a four-queue architecture.
Strict Priority Scheduling provides absolute preferential treatment to high priority traffic ensuring
that mission-critical traffic traversing various WAN links gets priority treatment. In addition, SP
provides a faster response time than do other methods of queuing.
the second queue, it sends a 300-byte packet; and when it services the third queue, it sends two 100-
byte packets. The effective ratio is 50/30/20 - setting the byte count too low can result in an
unintended bandwidth allocation.
Figure 5 shows how WRR queuing behaves in a four-queue architecture.
Hybrid Scheduling
The Hybrid Scheduling method combines Strict Priority queuing and Weighted Round Robin
scheduling. Queues with higher priority are serviced with SP while the remaining queues are
serviced in accordance with WRR once the higher priority queues are empty.
SP/WRR hybrid scheduling guarantees immediate delivery of packets from high-ranking queues
while avoiding starvation of the lowest-ranking queues.
Table 2 explains the available hybrid scheduling algorithms.
Table 2: Hybrid Scheduling Algorithms
Algorithm Name Algorithm Description
size is subtracted from the packet length. Packets exceeding that number are held back until the
next visit of the scheduler.
With DRR scheduling, you can send frames from non-empty queues one after the other, in round-
robin. Each time frames are sent from a queue, a fixed amount of data is de-queued and the
algorithm sends from the next queue. When sending frames from a queue, DRR keeps track of the
number of data bytes de-queued in excess of the configured value.
When sending from the queue again, less data is de-queued to compensate for the excess data
previously sent. As a result, the average amount of data de-queued per queue is close to the
configured value.
Two variables define each DRR/MDRR queue:
Quantum Value: An average number of bytes served in each round. The quantum value is 2
KB.
Deficit Counter: Tracks the number of transmitted bytes per queue in each round. Initially,
the counter holds the quantum value.
For each queue, the mechanism sends packets as long as the deficit counter is greater than zero.
Each sent packet decreases the deficit counter by a value equal to its length in bytes. You cannot
send a queue after the deficit counter drops to zero or moves into negative numbers. DRR serves
more packets at a time if the packet size is less than the quantum value.
Each DRR queue can receive a relative weight with one of the queues from the group defined as a
priority queue. The weights assign relative bandwidth for each queue when the port is congested.
NOTE
DRR scheduling using fixed packet size behaves the same as Weighted Round
Robin.
Traffic Shaping
When congestion occurs, output or egress traffic is shaped on a per-port, per-service, and per-
queue basis. Output traffic monitoring verifies that the traffic conforms to the rate configured for
the device. When excessive traffic is detected on the device, the output port applies traffic shaping
and controls excess traffic. If the device queues overflow, traffic is dropped.
The shaping implementation in the device uses CIR to limit the traffic rate and CBS to allow
temporary bursts to breach the CIR as part of the Service Level Agreement.
global 0 - be green
1 - l2 green
2 - af green
3 - l1 green
4 - h2 green
5 - ef green
6 - h1 green
7 - nc green
- 0-7 be green
- 8-15 l2 green
- 16- af green
23
- 24- l1 green
31
- 32- h2 green
39
- 40- ef green
47
- 48- h1 green
55
- 56- nc green
63
Mapping Scheduling
VPT 0 1 2 3 4 5 6 7
FC be l2 af l1 h2 ef h1 nc
Queue 1 2 3 4 5 6 7 8
Table 12: Default Configuration of FC to Queue Mapping for Broadcast, Multicast and
Unknown Traffic
VPT 0 1 2 3 4 5 6 7
FC be l2 af l1 h2 ef h1 nc
Queue 1 2 2 2 7 7 7 8
0 0 0 be 1
1 1 1 l2 2
2 2 1 af 3
3 3 1 l1 4
4 4 6 h2 5
5 5 6 ef 6
6 6 6 h1 7
7 7 7 nc 8
Initial Packet Priority Packet Priority (DSCP) Packet Priority (DSCP) FC Queue
(DSCP) after Remarking for after Remarking for
unicast traffic multicast traffic
0-7 0 0 be 1
8-15 1 1 l2 2
16-23 2 1 af 3
24-31 3 1 l1 4
32-39 4 6 h2 5
40-47 5 6 ef 6
48-55 6 6 h1 7
56-63 7 7 nc 8
(usually more profitable than selling more bandwidth to each customer) while also allowing each
customer to save on bandwidth expenses.
Profiles
A profile includes a set of configurable values that can be applied within a QoS policy. The device
supports the following QoS Profile types:
Mapping Profile: Maps L2(VPT or L3 (DSCP) marked traffic (or both) to particular
Forwarding Classes (FCs) and traffic colors.
Scheduling Profile: Specifies the queuing/scheduling algorithm to apply to a queue.
Shaper Profile: Specifies the shaping algorithm to apply to a port or a queue.
Port-Related Policies
The device supports the following port-related QoS policies:
Port Ingress Policy
Applied per port.
Applies mapping of VPT/DSCP values to Forwarding Class (FC) and traffic color
through a mapping profile.
Applies trust mode of the VPT/DSCP values to the ingress traffic.
Port Egress Policy
Applied per port
Applies scheduling algorithms through a scheduling profile.
Applies shaper per port/per queue or both through a shaper profile.
Service-Related Policies
The device supports the following service-related QoS policies:
Service Ingress Policy
Applies shaper profile per SAP or per queue.
Applies scheduling algorithms through a scheduling profile.
Order of Configuration
3. Define and configure the following profiles:
Mapping profiles
Shaper profiles
Scheduling profiles
Remarking profile
4. Define and configure the ingress/egress policies and service ingress policies.
Port Ingress Policy: Map VPT and DSCP bits for incoming traffic to internal Forwarding
Class (FC), color, and trust mode. The FC groups in ingress policies are mapped to
queues.
Port Egress Policy: Define the queueing mechanism (scheduling) and shaper profile.
Service ingress policy includes configuring the shaper and scheduling profiles.
5. Apply the configured policies to ports/Service SAP. Once applied, QoS profiles and policies
can be modified. For updating the configuration of any service or port, the applied policies
must first be first removed from that configuration. You are not able to delete profiles and
polices attached to port or SAP.
global 0 - be green
1 - l2 green
2 - af green
3 - l1 green
4 - h2 green
5 - ef green
6 - h1 green
7 - nc green
- 0-7 be green
- 8-15 l2 green
- 16-23 af green
- 24-31 l1 green
- 32-39 h2 green
- 40-47 ef green
- 48-55 h1 green
- 56-63 nc green
Mapping Scheduling
VPT 0 1 2 3 4 5 6 7
FC be l2 af l1 h2 ef h1 nc
Queue 1 2 3 4 5 6 7 8
VPT 0 1 2 3 4 5 6 7
FC be l2 af l1 h2 ef h1 nc
Queue 1 2 2 2 7 7 7 8
QoS Commands
Commands Hierarchy
+ config terminal
+ qos
Commands Descriptions
Table 4: QoS Profiles Configuration Commands
Command Description
Command Description
Command Description
Command Description
Command Description
Command Description
Command Description
Command Description
algorithm
mdrr-6: specifies scheduling
according to the sixth MDRR
algorithm
sp: specifies Strict Priority
(SP) scheduling
wrr: specifies Weighted Round-
Robin (WRR) scheduling
queue1-weight <value> Specifies the weighting factor for the queue:
value: in the range <1-127>
no queue1-weight Removes the configured weigh
Command Description
Commands Hierarchy
+ config terminal
+ qos
+ [no] port-egress-policy POLICY-NAME
Commands Descriptions
Table 5: QoS Policy Configuration Commands
Command Description
Command Description
Command Description
Command Description
Command Description
Commands Hierarchy
device-name#
+ config terminal
+ port UU/SS/PP
- [no] qos-egress-policy POLICY-NAME
- [no] qos-ingress-policy POLICY-NAME
+ [no] service
+ [no] tls <service-id>
- [no] qos-ingress-policy POLICY-NAME
+ [no] sap {UU/SS/PP | agN}
+ [no] c-vlan {<cvlan-id> | all | untagged}
- [no] apply-qos-policy
+ [no] dot1q <service-id>
- [no] qos-ingress-policy POLICY-NAME
+ [no] sap {UU/SS/PP | agN}
+ [no] c-vlan {<cvlan-id> | all | untagged}
- [no] apply-qos-policy
Commands Descriptions
Command Description
Commands Hierarchy
device-name#
- show running-config qos service-ingress-policy POLICY-NAME
- show qos mapping-profile [PROFILE-NAME]
- show qos port-egress-policy [POLICY-NAME]
- show qos port-ingress-policy [POLICY-NAME]
- show qos remarking-profile [PROFILE-NAME]
- show qos shaper-profile [<profile-id>]
- show qos scheduling-profile [<profile-id>]
- show qos service-ingress-policy POLICY-NAME
- show qos port UU/SS/PP [ingress | egress]
Commands Descriptions
Table 7: QoS Display Configuration Commands
Command Description
show running-config qos service-ingress- Displays the specified service ingress policy or,
policy POLICY-NAME when used without a parameter, displays all
configured service ingress policies.
POLICY-NAME: name of the service
ingress policy to display
show qos mapping-profile [PROFILE-NAME] Displays the specified mapping profile or, when
used without a parameter, displays all
configured mapping profiles.
PROFILE-NAME: name of the mapping
profile to display
show qos port-egress-policy [POLICY-NAME] Displays the specified port egress policy or,
when used without a parameter, displays all
configured port egress policies.
POLICY-NAME: name of the policy
to display
show qos port-ingress-policy [POLICY- Displays the specified port ingress policy or,
NAME] when used without a parameter, displays all
configured port ingress policies.
POLICY-NAME: name of the policy
to display
show qos remarking-profile [PROFILE-NAME] Displays the specified remarking profile or,
when used without a parameter, displays all
configured remarking profiles.
PROFILE-NAME: Name of the
remarking profile to display
show qos shaper-profile [<profile-id>] Displays all configured shaper profiles:
profile-id: ID of the shaper
profile to display
Command Description
show qos scheduling-profile [<profile- Displays the specified scheduling profile or,
id>] when used without a parameter, displays all
configured scheduling profiles.
profile-id: ID of the scheduling
profile to display
show qos service-ingress-policy POLICY- Displays the specified service ingress policy or,
NAME when used without a parameter, displays all
configured service ingress policies.
POLICY-NAME: name of the service
ingress policy to display
show qos port UU/SS/PP [ingress | egress] Displays the QoS configuration of the specified
port, including the ingress/egress policies
applied to it or, when used without a parameter,
displays the configuration for all ports.
UU/SS/PP: 1/1/1-1/1/4, 1/2/1-
1/2/8
ingress, egress: displays
ingress/egress port policies
Configuration Examples
Configuring QoS Shaper per Port
1. Create port shaper profile:
device-name#config terminal
device-name(config)#qos
device-name(config-qos)#shaper-profile port 1 cir 6000 cbs 16
device-name(config-port-1)#commit
Commit complete.
device-name(config-port-1)#
Device-name(config-scheduling-profile-5)#commit
Commit complete.
Device-name(config-scheduling-profile-5)#exit
4. Specify QoS policy and apply QoS shaper profile and scheduling profile:
Device-name(config)#qos
Device-name(config-qos)#service-ingress-policy Shape
Device-name(config-service-ingress-policy-Shape)#shaper-profile 5
Device-name(config-service-ingress-policy-Shape)#scheduling-profile 5
Device-name(config-service-ingress-policy-Shape)#commit
Commit complete.
Device-name(config-service-ingress-policy-Shape)#exit
Device-name(config-qos)#exit
List of Tables 3
Key Objectives 61
Test Rates 62
Methodology 62
Bidirectional Test 62
Y.1564 Commands 63
Configuration Example 70
Table of Figures
Figure 1: OAM Ethernet Tools ............................................................................................................ 5
Figure 2: MEP1 and MEP3 Send a Multicast CC Frame ................................................................. 6
Figure 3: MEP4 and MEP2 Send a Multicast CC Frame ................................................................. 6
Figure 4: Loopback Operation ............................................................................................................. 7
Figure 5: Link Trace Operation ............................................................................................................ 8
Figure 6: CFM Configuration Flow ................................................................................................... 10
List of Tables
Table 1: Defects and Priorities ............................................................................................................. 9
Table 2: CFM Configuration Commands ......................................................................................... 13
Table 3: CFM Display Commands..................................................................................................... 23
Table 4: EFM Configuration Commands ......................................................................................... 34
Table 5: EFM Display Commands .................................................................................................... 39
Table 6: Log messages employed by the EFM-OAM protocol..................................................... 40
Table 7: R-APS Commands over Ethernet ...................................................................................... 50
Table 8: Y.1564 Test Commands ....................................................................................................... 64
Table 9: TWAMP Commands ............................................................................................................ 77
Table 10: ITU-T Y.1731 SAA In-Service Test Commands ........................................................... 85
Table 11: ITU-T Y.1731-SLM SAA In-Service Test Commands ................................................. 96
Table 12: SAA Throughput Commands ......................................................................................... 109
Table 13: Event Propagation Commands ....................................................................................... 121
T-Marc3312SC/T-Marc3312SCH
CFM Purpose
Bridges are used increasingly in networks operated by multiple, independent organizations. In such
networks, each organization maintains restricted access to its equipment. CFM assists in detection,
verification, and isolation of connectivity failures in networks where multiple organizations are
involved in the provision and use of Ethernet services such as customers, service providers, and
operations.
Customers purchase Ethernet service from service providers who in turn may utilize their own
network or the network of other operators to provide connectivity for the requested service.
Customers themselves may be service providers. For example, a customer may be an Internet
service provider that sells Internet connectivity.
Operators need minimal Ethernet OAM as opposed to providers that need more comprehensive
Ethernet OAM for themselves as well as the ability to provide their customers with better
monitoring functionality.
In order to validate service quality and perform fault verification on Maintenance End Points
(MEP) and Maintenance Intermediate Points (MIPs) belonging to the organization, each
organization defines its own maintenance domain. MEPs and MIPs are then linked to the relevant
domain creating a Maintenance Association (MA).
A CCM timeout is used to detect connectivity faults (such as a software failure, memory corruption,
or problems with configuration). A CCM loss is assumed when a MEP does not receive the next
CCM from a remote MEP within the CCM timeout.
If a MEP on a local bridge (local MEP) stops receiving periodic CCMs from a peer MEP on a
remote bridge (remote MEP), the receiving MEP assumes that a failure in the remote bridge or in
the continuity of the path has occurred. If the MEP does not receive three consecutive CCMs, the
MEP declares a connectivity loss.
In this case, the bridge can notify the network management application about the failure and initiate
fault verification and fault isolation either automatically or by operator command.
Since a short CCM interval rate is a key point in ensuring fast connection-failure detection, the
systems administrator can define a CCM interval rate of down to 3.3 milliseconds.
In cases where a MEP is deliberately taken out of commission, status indication for the MEP is sent
to other peer MEPs to avoid triggering false fault detections.
CFM also provides an alarm suppression mechanism in cases where a network fault affects more
than one VLAN and where different MEPs generate an alarm for the same common fault.
In the Figure 4 two maintenance entities are shown: one comprising the yellow MEPs and MIPs, the
other comprising orange MEPs and MIPs.
For the Ethernet, fault isolation is more challenging since MAC addresses age and erase the
information needed to locate the fault. Possible ways to address this issue are:
Carry out Linktrace within the age-out time frame
Maintain information about the destination MEP at the MIPs along the path using CCMs
Maintaining the path visibility at the source MEPs through periodic LTMs (in intervals larger
than the CCM rate interval)
You can also use Linktrace to:
Discover normal data paths through the network when the network is fault-free. Path
discovery can prove helpful when Linktrace cannot provide the information needed to isolate
a fault.
Issue LBMs to MPs along normal data paths to retrieve additional information.
DefRemoteCCM: The MEP is not receiving CCMs from one of the MEPs in its configured
list
DefErrorCCM: The MEP is receiving invalid CCMs
DefXconCCM: The MEP is receiving CCMs from a different MA
The following table shows the relationship between variables:
Variable: The name of the variable as defined by the 802.1ag standard
HighestDefect: Represents the highest priority defect currently detected by the MEP
HighestDefectPri: Represents the priority of the defect, expressed as an integer, named in the
HighestDefect variable
Importance: Describes the severity of the defect
Table 1: Defects and Priorities
Defect Priority
Disable Disable 6
xconCCMdefect DefXconCCM 5 most
errorCCMdefect DefErrorCCM 4
someRMEPCCMdefect DefRemoteCCM 3
someMACstatusDefect DefMACstatus 2
someRDIdefect DefRDICCM 1 least
CFM Commands
Commands Hierarchy
device-name#
+ config terminal
+ [no] oam
+ [no] cfm
+ [no] shutdown
+ [no] domain DOMAIN-NAME
- level <level>
+ ma MA-NAME
- [no] ais-lck-receive
+ [no] ais-lck-transmit
- [no] ais-lck-interval {1min | 1sec}
- [no] round-trip-jitter-monitoring
- [no] round-trip-latency-error <value>
- [no] round-trip-latency-error-period <value>
- [no] round-trip-latency-warning <value>
- [no] round-trip-latency-warning-period <value>
- [no] round-trip-latency-monitoring
- [no] results-bucket-size <size>
- [no] priority <priority>
- [no] rate <rate>
- [no] description <string>
- [no] payload-size <value>
- [no] description <string>
- [no] update-interval <value>
- [no] test <id> DOMAIN-NAME MA-NAME
- [no] threshold-profile-id <id>
- [no] repeat-interval <value>
- [no] shutdown
- oam cfm linktrace domain DOMAIN-NAME ma MA-NAME mep <id> {target-mep
<target-mep-id> | target-mip HH:HH:HH:HH:HH:HH} {timeout <value> | ttl
<value>}
- oam cfm loopback domain DOMAIN-NAME ma MA-NAME mep <id> {target-mep
<target-mep-id> | target-mip HH:HH:HH:HH:HH:HH} [timeout <value> |
payload <value> | delay <value> | number <value>]
- clear oam cfm remote-mep-table domain-name NAME ma NAME [remote-mep
<id>]
- show oam cfm
- show oam cfm connectivity [domain-name DOMAIN-NAME] [ma MA-NAME]
- show oam cfm connectivity [extended]
- show oam cfm domain level <level>
- show oam cfm update-interval
- show oam cfm {interface UU/SS/PP | interfaces}
- show oam cfm test [id <id>]
- show oam cfm threshold-profile [id <id>]
- show oam cfm linktrace-results domain-name DOMAIN-NAME [ma MA-NAME]
Commands Descriptions
Table 2: CFM Configuration Commands
Command Description
Enables CFM
domain DOMAIN-NAME
level <level>
Specifies a MD level:
level: in the range of <0-7>
The MD levels are:
Operator Maintenance Association (MA)
levels: 02
Provider MA levels: 34
Customer MA levels: 57
ma MA-NAME
vlan <vlan-id>
Command Description
mep <id> UU/SS/PP Specifies the maintenance end point (MEP) ID:
id: in the range of <08191>
Command Description
bind-to
{UU/SS/PP:[svlan-
id>]:[<cvlan-id>]: | Adds a local port, member of 802.1Q, TLS, or
UU/SS/PP:[<cvlan- VPLS service, as MEP to a specific MA:
id>]:
UU/SS/PP: a local port (unit,
| {UU/SS/PP | slot and port) to be added as MEP
agN}[:[igmp] |
:[<vlan-id>]:[igmp] | The valid port range is:
UU1/SS1/PP1:<ces- UU/SS/PP: 1/1/1-1/1/4, 1/2/1-
circuit>:{ces | ces-
oos}}
1/2/8
agN: LAG ID. N is in the range of
<1-14>
cvlan-id: (optional) specifies a
customer VLAN (C-VLAN), in the
range of <1-4094>
vlan-id: (optional) in the range
of <1-4094>
igmp: (optional) indicates the
traffic type for the SAP port
UU1/SS1/PP1: CES WAN port, facing
the packet processor. The valid
values are: 1/3/9.
ces-circuit: circuit ID in the
range of <1-64>
ces: for circuits carrying data
packets
ces-oos: for circuits carrying
control packets
For more details refer to Configuring Circuit
Emulation Services (CES) of this User Guide
shutdown Disables the MEP
Disabled
no shutdown Enables the MEP
direction {up | down} Specifies the direction the MEP faces the
bridge port:
up, down: direction
ccm-enabled Enables CCM message generation by the MEP
no ccm-enabled Restores to default
Disabled
ccm-priority Specifies the VLAN priority assigned to all CCM
and LTM packets for a particular MEP:
priority: in the range of <0-7>
When this command is used with combination
with the dot1q sdp vlan priority command (refer
to L2 services chapter of this User Guide), the
dot1q sdp vlan priority command takes
precedence over the ccm-priority command.
Command Description
6
no ccm-priority Restores to default
fault-notification-delay Specifies the length of time defects must be
<value> present before a local MEP generates a Fault
Alarm:
value: in the range of <250-1000>
in hundredths of a seconds
250 hundredths of a second
no fault-notification- Restores to default
delay
mip-policy {default | defer Specifies the conditions under which MIPs are
| explicit | none} automatically created on ports:
default: always creates MIPs
defer: adopts the setting of the
Command Description
enclosing domain
explicit: creates MIPs only if a
MEP exists on a lower MD Level
none: does not create any MIPs
for the specified MA
defer
no mip-policy Restores the default MIP policy setting
sender-id-content {hostname Specifies the content of the Type Length Value
| defer | all | (TLV) of the Sender ID included in most of the
management-address |
none} CFM packets sent by MEPs:
hostname: the Sender IDs TLV
includes only the device
hostname: the local hostname is
visible to all remote sites on
the MA but the local management
address is hidden
defer: adopts the setting of the
enclosing domain
all: the Sender IDs TLV includes
both the hostname and the
management address of the device
management-address: the Sender ID
TLVs includes only the devices
management address: the local
management mechanism and
management address are visible to
all remote sites on the MA, but
the local hostname is hidden
none: does not send the Sender
IDs TLV to remote MEPs: the
chassis ID and management
information are hidden from all
remote sites
defer
Command Description
none
no mip-policy Restores to default
sender-id-content {hostname Specifies the content of the Type Length Value
| defer | all | (TLV) of the Sender ID included in most of the
management-address |
none} CFM packets sent by MEPs:
hostname: the Sender IDs TLV
includes only the device
hostname: the local hostname is
visible to all remote sites on
the MA but the local management
address is hidden
defer: adopts the setting of the
enclosing domain
all: the Sender IDs TLV includes
both the hostname and the
management address of the device
management-address: the Sender ID
TLVs includes only the devices
management address: the local
management mechanism and
management address are visible to
all remote sites on the MA, but
the local hostname is hidden
none: does not send the Sender
IDs TLV to remote MEPs: the
chassis ID and management
information are hidden from all
remote sites
defer
Command Description
Command Description
Command Description
oam cfm linktrace domain DOMAIN-NAME ma Sends a linktrace message to a specified MEP
MA-NAME mep <id> {target-mep <target- or MIP in the domain:
mep-id> | target-mip
HH:HH:HH:HH:HH:HH} [timeout <value> | DOMAIN-NAME: a string of <1-22>
ttl <value>] characters
MA-NAME: a string of <1-45>
Command Description
characters
mep <id>: the source MEP ID, in
the range of <18191>
target-mep <target-mep-id>: the
linktrace destination MEP ID, in
the range of <18191>
target-mip HH:HH:HH:HH:HH:HH: the
MAC address of the linktrace
destination MIP
timeout <value>: (optional) the
linktrace reply (LTR) timeout, in
the range of <160> seconds
2 seconds
ttl <value>: (optional) the
initial TTL field value, in the
range of <1255>
oam cfm loopback domain DOMAIN-NAME ma Sends a loopback message to a specific MEP
MA-NAME mep <id> {target-mep <target- or MIP in a specified domain:
mep-id> | target-mip
HH:HH:HH:HH:HH:HH} [timeout <value> | DOMAIN-NAME: a string of <1-22>
payload <value> | delay <value> | characters
number <value>]
MA-NAME: a string of <1-45>
characters
mep <id>: the source MEP ID, in
the range of <18191>
target-mep <target-mep-id>: the
loopback destination MEP ID, in
the range of <18191>
target-mip HH:HH:HH:HH:HH:HH: the
MAC address of the loopback
destination MIP
timeout <value>: (optional) the
loopback reply (LBR) timeout, in
the range of <160> seconds
2 seconds
payload <value>: (optional) the
loopback message PDU size, in the
range of <01462> bytes
0 bytes
delay <value>: (optional) the
delay between 2 consecutive
loopback messages, in the range
of <060> seconds
5 seconds
number <value>: (optional)
specifies the number of loopback
messages sent, in the range of
<11024>
3 messages
clear oam cfm remote-mep-table domain-name Clears a remote MEP connectivity table:
NAME ma NAME remote-mep <id>
DOMAIN-NAME: clears table for a
Command Description
domain name string, in the range
of <1-43> characters
ma NAME: clears table for a MA
name string, in the range of <1-
45> characters
remote-mep <id>: clears table for
a specific MEP, in the range of
<08191>. A value of 0 clears all
remote MEPs
show oam cfm {interface UU/SS/PP | Displays the CFM configuration per interface
interfaces}
show oam cfm test [id <id>] Displays information about performed test(s):
id: in the range of <1-256>
show oam cfm threshold-profile [id <id>] Displays information about CFM profile(s):
id: in the range of <1-256>
show oam cfm linktrace-results domain-name Displays linktrace results for a management
DOMAIN-NAME [ma MA-NAME] domain and maintenance association:
domain-name DOMAIN-NAME: a
string of <1-22> characters
ma MA-NAME: (optional) a string
of <1-45> characters
Configuration Example
1. Enable CFM:
device-name(config)#oam cfm
device-name(config-cfm)#no shutdown
2. Create a maintenance domain with a specified name d7 and level 7 and create a MA ma7 within
a specified domain:
device-name(config-cfm)#domain d1 level 1
device-name(config-domain-d7)#ma ma1 vlan 501
3. Specify the identification data sent to the remote MEPs creation policy on the specified MA:
device-name(config-ma-ma7)#sender-id-content all
device-name(config-ma-ma7)#mip-policy explicit
4. Add port 1/1/1 as MEP with an ID 10 to a specified MA and specify the CCM flow direction:
device-name(config-ma-ma1)#mep 601
device-name(config-mep-601)#bind-to 1/1/2
device-name(config-mep-601)#ccm-enabled
device-name(config-mep-601)#no shutdown
device-name(config-mep-601)#exit
device-name(config-ma-ma1)#exit
device-name(config-domain-d1)#exit
5. Create a profile with ID 4 and configure the profile priority, rate, round-trip jitter, frame loss,
and latency errors monitoring:
device-name(config-cfm)#threshold-profile 4
device-name(config-threshold-profile-4)#priority 2
device-name(config-threshold-profile-4)#rate 2
device-name(config-threshold-profile-4)#round-trip-jitter-error 100
device-name(config-threshold-profile-4)#frame-loss-error 20
device-name(config-threshold-profile-4)#no frame-loss-monitoring
device-name(config-threshold-profile-4)#round-trip-latency-error 200
device-name(config-cfm)#no shutdown
device-name(config-cfm)#commit
Commit complete.
device-name(config-cfm)#end
Local MEPs
T-Marc3312SC/T-Marc3312SCH
Potential Applications
Service providers use the link layer EFM for demarcation point OAM services.
Using the Ethernet demarcation service, providers can manage remote devices (defined as passive
devices) without utilizing an IP layer. Instead, they can utilize link-layer SNMP counter request and
reply, loopback testing, and other techniques that are controlled remotely.
Installation Configurations
The following configuration shows how to manage the provider device (CPE passive device) using
the 802.3ah standard.
The configuration below illustrates how to manage customer devices using EFM 802.3ah.
Figure 9: Managing Customer Devices (Passive) Using the EFM 802.3ah Standard
Discovery
In the first phase, EFM-OAM enabled DTEs identify other DTEs along with their OAM
capabilities using Information OAMPDUs, advertising the following information:
OAM configuration (capabilities): OAM capabilities of the local DTE. Using this
information, a peer can determine what functions are supported and accessible (for example,
loopback capability).
OAM mode: OAM mode of the DTE, also used to determine DTE functionality:
Active Mode: The DTE instigates OAM communications and issues queries and
commands to the remote device.
Passive Mode: The DTE generally waits for the peer DTE to instigate OAM
communications and then responds. The DTE does not instigate commands and queries.
For more information about the rules for active and passive mode DTEs, refer to Rules
for Active Mode and Rules for Passive Mode below.
The mode combinations are:
One active and one passive OAM DTE
Timers
Two configurable timers control the protocol:
Hello Timer: Determines the rate at which OAMPDUs are sent
Keep-Alive Timer: Determines the time interval during which OAMPDUs are expected from
the peer
An additional one-second, non-configurable timer is used for error aggregation. This timer is
necessary for the Link Monitoring Process to generate link quality events.
Flags
Each OAMPDU includes a Flags field that describes the discovery process status. There are three
possible status values:
Discovering: Discovery is in progress
Stable: Discovery is complete. The remote device can start sending any type of OAMPDU.
Unsatisfied: Mismatches in OAM configuration prevented OAM from completing the
discovery process
Process Overview
The discovery process allows a local Data Terminating Entity (DTE) to detect OAM on a remote
DTE. Once OAM support is detected, both ends of the link exchange state and configuration
information (such as mode, PDU size, loopback support, etc.). If both DTEs are satisfied with the
settings, OAM is enabled on the link. However, link loss or failure to receive OAMPDUs during
the defined, keep alive time interval (for example, 5 seconds) may cause the discovery process to
restart.
DTEs may either be in active or passive mode:
Active mode DTEs instigate OAM communications and can issue queries and commands to a
remote device.
Passive mode DTEs generally wait for the peer device to instigate OAM communications and
respond to, but do not instigate, commands and queries.
Rules of what DTEs in active or passive mode can do are discussed in the following sections.
Dying Gasp: Detected when the receiver goes down. The Dying Gasp condition is considered
as unrecoverable. Conditions for dying gasp:
Management of the reload command
Device power down (incidental / deliberate)
Critical Event: When a critical event occurs, the device is unavailable, resulting from a
malfunction, and must be restarted by you. Critical events can be sent immediately and
continually. Conditions for critical events:
Fatal error mess any task on the device (suspend)
When a link receives no signal from its peer at the physical layer (for example, if the laser
is malfunctioning), the local entity sets this flag to let the peer know that the transmit path
is inoperable.
Since these conditions are severe, OAMPDUs updated with these flags are not subject to normal
rate limiting policy.
Storm Loopback
Employs hardware-created frames at wire-speed to test the link under extreme, high-load
conditions. Upon return from the remote peer, hardware-created frames are discarded on the active
device. Storm Loopback tests and displays counters for both the local and remote peer.
CAUTION
Starting EFM-OAM loopback on a xSTP Ring topology with traffic forwarding
enabled, can cause serious problems.
EFM-OAM Commands
Command Hierarchy
device-name#
+ config terminal
+ [no] oam
+ [no] efm
+ [no] shutdown
- [no] event-config UU/SS/PP
- [no] critical-event-enable
- [no] dying-gasp-enable
- [no] error-frame-event-notification-enable
- [no] error-frame-threshold <framethreshold>
- [no] error-frame-window <value>
- [no] error-symbol-period-event-notification-enable
- [no] error-symbol-period-threshold <period
threshold>
- [no] error-symbol-period-window <value>
- [no] hello-interval <value>
- [no] history-limit <value>
- [no] keep-alive-interval <value>
- [no] log-events
- [no] multiple-pdu-count <pdu-count>
- [no] priority <priority-level>
- [no] remote-event
- oam efm ping port UU/SS/PP [delay-time <value> | echo-number
<value> | timeout <value>]
- oam efm loopback port UU/SS/PP storm [count <value> | delay-time
<value> | packet-size <value> | timeout <value>]
+ port UU/SS/PP
- [no] efm mode [basic | enhanced]
- [no] efm accept-loopback-commands
- [no] efm event-forward-status UU/SS/PP
- [no] efm event-forward-shutdown UU/SS/PP
- [no] efm event-return-shutdown <number-of-attempts>
- [no] efm role [active | passive]
- [no] efm shutdown
- show oam efm [details]
- show oam efm event-log
Commands Descriptions
Table 4: EFM Configuration Commands
Command Description
Command Description
remote peer. The message is written both to the
system log and to the feature history.
Additionally, the event counters are updated.
framethreshold: the valid range
is <1-1488000>
256
no error-frame-threshold Restores to default.
NOTE
Command Description
NOTE
The keep-alive interval (keep-
alive-interval) must be twice as
long as the hello-interval.
no hello-interval Restores to default
Command Description
Command Description
10 seconds
port UU/SS/PP Accesses Interface Configuration Mode for the
specified port:
UU/SS/PP: 1/1/1-1/1/4, 1/2/1-
1/2/8
efm accept-loopback-commands Enables the processing of OAM loopback
control PDUs from peers
Disabled
no efm accept-loopback-commands Restores to default
efm mode [basic | enhanced] Enables/disables the organization-specific
EFM-OAM enhancements on a specific
interface or interface range. Depending on the
required variable used, this command specifies
one of the following two alternative EFM
modes:
Basic: Does not employ organization-
specific extensions
Enhanced: Allows definition and retrieval
of all SNMP variables on the remote
device.
If the remote device is not an organization
device, Basic mode is used, even when
Enhanced mode is configured; configure both
devices with Enhanced mode for the devices to
exchange their hostname.
basic: enables Basic mode
enhanced: enables Enhanced mode
Enhanced
no efm mode Returns the default EFM mode configuration
Command Description
efm event-return-shutdown <number- Enables the Event Return feature. This feature
of-attempts> determines the number of discovery attempts
prior to administratively shutting down the port.
number-of-attempts: number of
discovery attempts before
shutting down the port; the valid
range is <010> (0 disables the
feature)
0
no efm event-return-shutdown Disables shutting down a target interface
efm role [active | passive] Enables EFM-OAM on a specific interface and
specifies one of the following two alternative
modes:
Active: Device sends Hello packets over
this interface to initiate EFM-OAM
discovery process.
Passive: Device cannot use this interface
to initiate EFM-OAM discovery process.
The valid mode combinations are either
one active and one passive OAM interface
two active OAM interfaces
When both peer interfaces are in Passive
mode, Remote Status information is not
updated and might be inaccurate.
active: specifies the devices
role as Active for uplinks and
user interfaces.
passive: enables Enhanced mode.
passive
no efm role Restores to default
efm shutdown Disables the EFM-OAM protocol for the
configured interface. Though disabled, the
EFM-OAM configuration for the interface is
preserved and can be restored with the no efm
shutdown command.
no efm shutdown Enables the EFM-OAM protocol for the
configured interface. This command restores
the EFM-OAM configuration, previously
disabled with the efm shutdown command, for
the interface.
show oam efm [details] Displays the current EFM configuration and
EFM status:
details: displays EFM details
Command Description
Configuration Example
The following example demonstrates how to configure an Ethernet network using the EFM-OAM
protocol.
Configuring Device1:
1. Verify if the EFM-OAM protocol is enabled on the device (default):
Device1#show oam efm
===========================================================================
EFM-OAM
===========================================================================
Administrative Status : Enabled
Local MAC : 00:a0:12:27:0d:e1
History Count : 0
Hello Interval : 1000 milliseconds
6. Define the aging interval in seconds for the neighboring device that last sent packets:
Device1(config-efm)#keep-alive-interval 3000
Device1(config-efm)#exit
Device1(config-oam)#exit
7. Enable EFM-OAM on the specified interface and set its mode to active:
Device1(config)#port 1/1/1
Device1(config-port-1/1/1)#efm role active
Configuring Device2:
1. Verify if the EFM-OAM protocol is enabled on the device (default):
2. Access EFM Configuration Mode:
3. Specify the number of OAMPDUs:
Device2(config-efm)#multiple-pdu-count 3
6. Define the aging interval in seconds for the neighboring device that last sent packets:
Device2(config-efm)#keep-alive-interval 3000
Device2(config-efm)#exit
Device2(config-oam)#exit
Device2(config)#
7. Enable EFM-OAM on the specified interface and set its mode to active:
Device2(config)#port 1/1/1
Device2(config-port-1/1/1)#efm role active
Device2(config-port-1/1/1)#
T-Marc3312SC/T-Marc3312SCH
To minimize management overhead, R-APS utilizes existing CFM-OAM CCMs. These CCMs can
be used also for CFM-OAM but not for customer traffic.
NOTE
You must disable xSTP protocols on all the ports in the ring to use this feature.
R-APS Mechanism
Definitions
Ring Protection Link: one ring link is configured as the Ring Protection Link (RPL). To
prevent loops, this link is disabled under normal conditions. The RPL is disabled as long as the
primary path is active.
RPL Owner: A node adjacent to the RPL responsible for blocking its end of the ring under
normal conditions (when the ring is established and no requests are present in the ring). The
RPL Owner is also responsible for reverting the ring from the protected path to the primary.
RPL Neighbor: A node adjacent to the RPL that is responsible for blocking its end of the
ring under normal conditions like the RPL Owner. However, this node is not responsible for
reverting the ring.
Simple Node: all other nodes that participate only in the R-APS ring.
Ring Protection
A dedicated maintenance association (MA) is configured as the ring protection.
The R-APS ring uses a dedicated VLAN for Continuity Check Message (CCM) and Automatic
Protection Switching (APS) communication within this MA.
Each device in the MA must be configured with two Maintenance Association End Point (MEP)s,
both MEPs must be assigned to the dedicated VLAN.
Operation
Upon a failure detection, a signal-fail status bit is enabled in the APS messages sent
throughout the ring. Upon receipt of an APS signal-fail message, the RPL Owner sends a
switchover command to all the devices in the ring and enables RPL. Traffic is now sent via the
secondary path.
Figure 12: Network with two R-APS Instances (Traffic flowing in different directions)
Behavior of the system following recovery of the primary path is configurable. There are two
options:
Revertive Operation: When the primary path recovers, traffic is switched over to the primary
path and the RPL is blocked again. This mode is used in scenarios in which the primary path is
an optimized path, at the expense of an additional traffic interruption for switching back to this
path.
Non-Revertive Operation: Traffic continues to use the RPL, even when the primary path
recovers. This mode is used when there is no advantage in reverting to the primary path and
avoids a second traffic interruption.
Timing Configuration
The following configurable timers control aspects of R-APS behavior:
Guard Timer: To reduce the possibility of receiving outdated R-APS packets, R-APS packets
are blocked for a specified length of time after receiving a signal failure or clear message.
Wait-to-Restore Timer: Used in Revertive Mode, the Wait-To_Restore Timer defines the
length of time to wait after recovery of the primary path before reverting traffic. This timer
prevents flapping in case of frequent failures.
Hold-Off Timer: The amount of time to wait while attempting fault recovery before
declaring a signal-fail condition. This timer prevents flapping in case of short failures.
NOTE
Configuring timer values is optional. If not configured, the default values are
used.
Commands Descriptions
Table 7: R-APS Commands over Ethernet
Command Description
Command Description
Command Description
Command Description
Command Description
Command Description
Command Description
Command Description
virtual-channel-vlan <vlan- Uses the R-APS virtual channel over the main
id> ring.
In order to transmit RAPS packets from one
interconnection node to other, the R-APS
packets of the subring are encapsulated with
virtual channel VLAN tag in order to be
forwarded through the main ring. The R-APS
packets reach the other interconnection node
where the virtual channel VLAN tag is stripped
and the packets are transmitted in the subring
with the control VLAN tag.
vlan-id: in the range of <14094>
no virtual-channel-vlan Removes the configured virtual channel:
[<vlan-id>]
vlan-id: (optional) in the range
of <14094>
wait-to-restore-timer Specifies the length of time to wait after recovery
<value> before reverting to the primary path:
value: in the range of <1-12>
minutes
5 minutes
no wait-to-restore-timer Restores to default
ethernet ring-aps instance <value> clear Triggers a revertive behavior, in case revertive
mode is not used or in case the wait-to-restore
timer is active
ethernet ring-aps instance <value> port Enables the manual switch option for R-APS
<id> manual-switch ring.
In the absence of a failure, block one of the ring
ports in a ring node to perform maintenance on
that link.
(The command is reverted by the clear
command.)
value: in the range of <1-10>
id: R-APS port ID in the range of
<0-1>
ethernet ring-aps instance <value> port Enables the forced switch option for R-APS ring.
<id> forced-switch
In the absence of a failure, block one of the ring
ports in a ring node to perform maintenance on
that link.
(The command is reverted by the clear
command.)
value: in the range of <1-10>
id: R-APS port ID in the range of
<0-1>
Command Description
ethernet ring-aps instance <value> lag Enables the manual switch option for an R-APS
<id> manual-switch ring (for more information refer to ITU-T
Recommendation G.8032/Y.1344 version 2)
In the absence of a failure, block one of the ring
LAGs in a ring node to perform maintenance on
that link.
(The command is reverted by the clear
command.)
value: in the range of <1-10>
id: R-APS LAG ID in the range of
<0-1>
ethernet ring-aps instance <value> lag Enables the forced switch option for an R-APS
<id> forced-switch ring (for more information refer to ITU-T
Recommendation G.8032/Y.1344 version 2)
In the absence of a failure, block one of the ring
LAGs in a ring node to perform maintenance on
that link.
(The command is reverted by the clear
command.)
value: in the range of <1-10>
id: R-APS LAG ID in the range of
<0-1>
ethernet ring-aps instance <value> subring Triggers revertive behavior, in case revertive
<id> clear mode is not used or in case the wait-to-restore
timer is active in sub ring.
ethernet ring-aps instance <value> subring Enables the manual switch option for R-APS
<id> manual-switch subring.
In the absence of a failure, block one of the ring
ports in a ring node to perform maintenance on
that link.
(The command is reverted by the clear
command.)
value: in the range of <1-10>
id: in the range of <1-10>
ethernet ring-aps instance <value> subring Enables the forced switch option for R-APS
<id> forced-switch subring.
In the absence of a failure, block one of the ring
ports in a ring node to perform maintenance on
that link.
(The command is reverted by the clear
command.)
value: in the range of <1-10>
id: in the range of <1-10>
show ethernet ring-aps [detailed [instance Displays detailed R-APS status information,
<value> [subring <value>]]] filtered by the commands arguments
show running-config ethernet ring-aps Displays R-APS configuration.
T-Marc3312SC/T-Marc3312SCH
3. Specify the CFM domain level for this instance (level 1):
device-name(config-instance-1)#cfm-domain-level 1
5. Specify the monitored VLAN ID. You can configure single VLAN, several VLAN or range of
VLAN:
device-name(config-instance-1)#monitor-vlan 23
device-name(config-instance-1)#exit
10. Specify the ring-ID that the instance belongs to (100 configured):
device-name(config-instance-1)#ring-id 100
Device-name(config-instance-1)#no shutdown
15. Commit current configuration (You may commit when R-APS instance (without Sub ring) is
configured or R-APS instance and Sub ring are configured):
Device-name(config-instance-1)#commit
17. Configure the port of the subring (port 1/2/3 ) NOTE only one sub ring port per sub-ring:
device-name(config-subring-2)#subring-port 1/2/3
device-name(config-subring-port-1/2/3)#mep 500
21. Specify the virtual channel VLAN. Virtual Channel VLAN must be a monitored VLAN of the
main ring instance:
device-name(config-subring-2)#virtual-channel-vlan 23
T-Marc3312SC/T-Marc3312SCH
By default, the ITU-T Y.1564 test is non-intrusive, meaning that it runs while the service is
operational, and do not interfere with the user-traffic flowing within the service. For diagnoses and
root-cause analysis of customer-impacting problems in a live network, non-intrusive testing is the
most common and efficient means.
The ITU-T Y.1564 can behave also as intrusive (see Example 1), meaning that the test itself
interferes with what is being tested. When ITU-T Y.1564 is running, normal service frames are not
being forwarded. Instead, ITU-T Y.1564 inserts a high frequency of measurement frames into the
network, and calculates performance metrics under a specified heavy load.
Thus this type of testing is intended to happen before the service is activated or during a
maintenance window.
Y.1564 focuses on the following indicators for service quality:
Bandwidth - this is a bit rate measure of the available or consumed data communication
resources expressed in bits/second or multiples of it (kilobits/s, megabits/s, etc.).
Frame transfer delay (FTD) (latency) - this is a measurement of the time delay between the
transmission and the reception of a frame. Typically this is a round-trip measurement, meaning
that the calculation measures both the near-end to far-end and far-end to near-end directions
simultaneously.
Frame delay variations (packet jitter) - this is a measurement of the variations in the time delay
between packet deliveries. As packets travel through a network to their destination, they are
often queued and sent in bursts to the next hop. There may be prioritization at random
moments, also resulting in packets being sent at random rates. Packets are therefore received at
irregular intervals. The direct consequence of this jitter is stress on the receiving buffers of the
end nodes where buffers can be overused or underused when there are large swings of jitter.
Frame loss - this is a measurement of the number of packets lost over the total number of
packets sent. Frame loss can be due to a number of issues such as network congestion or
errors during transmissions.
Key Objectives
The ITU-T Y.1564 methodology has the following main objectives:
Test Rates
ITU Y.1564 defines three test rates based on the MEF service attributes for Ethernet virtual circuit
(EVC) and UNI bandwidth profiles.
CIR denes the maximum transmission rate for a service where it is guaranteed certain
performance objectives; these objectives are typically defined and enforced via SLAs.
EIR denes the maximum transmission rate above the committed information rate considered
as excess traffic. This excess traffic is forwarded as the capacity allows and is not subject to
meeting any guaranteed performance objectives (best effort forwarding)
Overshoot rate denes a testing transmission rate above CIR or EIR and is used to ensure
that the DUT or network under test does not forward more traffic than specified by the CIR
or EIR of the service.
Methodology
The ITU-T Y.1564 is built around two key subtests, the service-configuration test and the service-
performance test, which are performed in order:
Service configuration test-the test is designed to measure the ability of the device or the
network under test to properly forward in three different states:
In the CIR phase, where performance metrics for the service are measured and compared
to the SLA performance objectives
In the EIR phase, where performance is not guaranteed and the services transfer rate is
measured to ensure that CIR is the minimum bandwidth
In the discard phase, where the service is generated at the overshoot rate and the expected
forwarded rate is not greater than the committed information rate or excess rate
Service performance test-the test measures the ability of the device or network under test to
forward multiple services, while maintaining SLA conformance for each service. Services are
generated at the CIR, where performance is guaranteed, and pass/fail assessment is performed
on the key performance indicators (KPI) values for each service according to its SLA.
Bidirectional Test
The user can perform round-trip measurements with a loopback device. In this case, the results
reflect the average of both test directions, from the test set to the loopback point and back to the
test set. In this scenario, the loopback functionality can be performed by another test instrument in
Loopback mode or by a network interface device in Loopback mode.
Y.1564 Commands
Commands Hierarchy
device-name#
+ config terminal
+ [no] saa
+ [no] profile PROFILE-NAME
- type y1564
+ [no] y1564
- [no] frame-delay <value>
- [no] s-vlan-drop-eligible
- [no] s-vlan-priority <value>
- [no] target-type {mac | mep}
- [no] target-mep <value>
- [no] target-mac HH:HH:HH:HH:HH:HH
- [no] timeout <value>
- [no] traffic-policing
- show profile name [NAME]
- show test name [NAME] owner [NAME]
Command Descriptions
Table 8: Y.1564 Test Commands
Command Description
Command Description
type y1564
mode bi-test-loopback
Command Description
data-size <value>
Command Description
domain DOMAIN-NAME
Command Description
ma MA-NAME
Command Description
Example 1
The following example displays the configuration needed to convert the ITU-T Y.1564 testing
from non-intrusive (default status) to intrusive. The user needs to configure any MAC ACL and
apply it on port, group of ports, or SAP port.
device-name(config)#mac access-list 400
device-name(config-access-list-400)#rule 1 action deny source-mac any
destination-mac any vlan 300
device-name(config-rule-1)#exit
device-name(config-access-list-400)#rule 2 action permit source-mac any
destination-mac any
Configuration Example
The following example demonstrates how to configure Y.1564 test:
1. Configure theY.1564 head device:
Configure the packet size of the selected port:
device-name(config)#port 1/1/1
device-name(config-port-1/1/1)#mtu 9000
device-name(config-port-1/1/1)#exit
Enable CFM:
device-name(config)#oam
device-name(config-oam)#cfm
device-name(config-cfm)#no shutdown
Configure MA:
device-name(config-domain-d6)#ma ma6
device-name(config-ma-ma6)#vlan 300
Configure CFM:
device-name(config-ma-ma6)#mep 3209
device-name(config-mep-3209)#bind-to 1/1/1
device-name(config-mep-3209)#no shutdown
device-name(config-mep-3209)#ccm-enabled
device-name(config-mep-3209)#exit
device-name(config-test-LAB_TEST/John)#profile 4
Enable CFM:
device-name(config)#oam
device-name(config-oam)#cfm
device-name(config-cfm)#no shutdown
Configure MA:
device-name(config-domain-d6)#ma ma6
device-name(config-ma-ma6)#vlan 300
Configure CFM:
device-name(config-ma-ma6)#mep 3208
device-name(config-mep-3208)#bind-to 1/1/1
device-name(config-mep-3208)#no shutdown
device-name(config-mep-3208)#ccm-enabled
device-name(config-mep-3208)#exit
device-name(config-test-LAB_TEST/John)#type y1564
device-name(config-test-LAB_TEST/John)#y1564
device-name(config-y1564)#mode bi-test-loopback
device-name(config-y1564)#domain d6
device-name(config-y1564)#ma ma6
device-name(config-y1564)#mep 3209
FrameLoss : 100.000 %
FrameDelay : 1000000 us
FrameDelayVariation : 300000 us
------------------------------------------------------------------------
| Step 1 CIR: 50000Kbps Status: Pass |
------------------------------------------------------------------------
| Size | IR | FLR | FTD | FDV |
+--------+-------------+-----------+-----------------+-----------------+
| 64 | 500000Kbps | 0.000 % | 17.354 us | 2.560 us |
+--------+-------------+-----------+-----------------+-----------------+
| 128 | 500000Kbps | 0.000 % | 21.335 us | 1.024 us |
+--------+-------------+-----------+-----------------+-----------------+
| 256 | 500000Kbps | 0.000 % | 29.798 us | 1.024 us |
+--------+-------------+-----------+-----------------+-----------------+
| 512 | 500000Kbps | 0.001 % | 46.169 us | 1.024 us |
+--------+-------------+-----------+-----------------+-----------------+
| 1024 | 500000Kbps | 0.003 % | 78.985 us | 1.024 us |
+--------+-------------+-----------+-----------------+-----------------+
| 1280 | 500000Kbps | 0.004 % | 95.378 us | 1.024 us |
+--------+-------------+-----------+-----------------+-----------------+
| 1518 | 500000Kbps | 0.004 % | 110.517 us | 1.024 us |
+--------+-------------+-----------+-----------------+-----------------+
| 1522 | 500000Kbps | 0.004 % | 111.008 us | 2.048 us |
+--------+-------------+-----------+-----------------+-----------------+
| 1526 | 500000Kbps | 0.004 % | 111.168 us | 1.536 us |
+--------+-------------+-----------+-----------------+-----------------+
| 1530 | 500000Kbps | 0.004 % | 111.547 us | 1.024 us |
+--------+-------------+-----------+-----------------+-----------------+
| 1534 | 500000Kbps | 0.004 % | 111.692 us | 1.024 us |
+--------+-------------+-----------+-----------------+-----------------+
| 2000 | 500000Kbps | 0.006 % | 141.074 us | 0.512 us |
+--------+-------------+-----------+-----------------+-----------------+
| 2500 | 500000Kbps | 0.008 % | 174.080 us | 0.000 us |
+--------+-------------+-----------+-----------------+-----------------+
| 9000 | 500000Kbps | 0.043 % | 446.637 us | 1.024 us |
+--------+-------------+-----------+-----------------+-----------------+
Result: Pass
------------------------------------------------------------------------
| Step 2 CIR: 50000Kbps Status: Pass |
------------------------------------------------------------------------
| Size | IR | FLR | FTD | FDV |
+--------+-------------+-----------+-----------------+-----------------+
| 64 | 1000000Kbps | 99.646 % | 127.395 us | 786.944 us |
+--------+-------------+-----------+-----------------+-----------------+
Result: Pass
Each TWAMP-enabled device may participate in several active sessions at the same time, both as
control- client/session-sender and server/session-reflector. Device can be only client or only server.
In a TWAMP test session, packets are time stamped, tagged with sequence numbers and
transmitted from a session-sender to a session-reflector. The session-reflector time stamps the
incoming packets, create new test packets (one packet is created for each test packet received by the
session-reflector) and send them to the session-sender as soon as possible. Using these time stamps
and sequence numbers, the session-sender can then calculate the one-way delay, jitter and packet
loss for the session in the forward path and the reverse path.
TWAMP Commands
This section defines the command hierarchy for the TWAMP and provides a list of available
commands. Included also, is a configuration example.
Command Hierarchy
device-name#
+ config terminal
+ [no] saa
+ [no] twamp
+ [no] server
- [no] client A.B.C.D
- [no] max-parallel-sessions <value>
- [no] max-sessions <value>
- [no] server-inactivity <value>
- [no] session-inactivity <value>
- [no] shutdown
+ [no] test TEST-NAME
- [no] delay <value>
- [no] packets <value>
- server-ip A.B.C.D
- [no] session-count <value>
- [no] timeout <value>
- saa twamp test TEST-NAME {start | stop}
- show twamp test [name TEST-NAME]
- show twamp server
Command Descriptions
Table 9: TWAMP Commands
Command Description
Command Description
client A.B.C.D
Command Description
test TEST-NAME
server-ip A.B.C.D
saa twamp test TEST-NAME {start | stop} Manipulates the TWAMP test execution:
TEST-NAME: up to 32 characters
start: starts test execution
stop: stops test execution
Command Description
show twamp test [name TEST-NAME] Displays the TWAMP test configuration on the
client side:
name TEST-NAME: (optional)
displays a specific test
configuration and results if the
mode is set to test
show twamp server Displays the TWAMP test configuration on the
server side
Configuration Example
The following example shows how to configure the TWAMP test:
device-name(config-router)#interface sw10
device-name(config-interface-sw10)#address 1.0.0.11/16
device-name(config-interface-sw10)#no shutdown
device-name(config-interface-sw10)#exit
device-name(config-router)#exit
device-name(config)#vlan 10
device-name(config-vlan-10)#name VLAN10
device-name(config-vlan-10)#management
device-name(config-vlan-10)#routing-interface sw10
device-name(config-vlan-10)#tagged 1/1/2
device-name(config-tagged-1/1/2)#exit
device-name(config-vlan-10)#exit
device-name(config)#port 1/1/2
device-name(config-port-1/1/2)#default-vlan 10
device-name(config-port-1/1/2)#exit
T-Marc3312SC/T-Marc3312SCH
For one-way ETH-DM to work properly, clocks on the peer MEPs must be synchronized. The
sending MEP sends 1DM frames including timestamp at transmission time. The receiving MEP
calculates the frame delay using the timestamp at the reception of the 1DM frame and the
timestamp in the 1DM frame. For one-way frame delay variation measurement, clock
synchronization on the peer MEPs is not required. The out-of-phase period can be removed by the
difference of subsequent frame delay variation measurements. If clocks on peer MEPs are not
synchronized, a MEP can measure frame delay using two-way ETH-DM. When two-way DM is
enabled, a MEP sends ETH-DM request (DMM) frames including timestamp at transmission time.
The receiving MEP copies the timestamp into ETH-DM Reply (DMR) and sends that DMR back
to the sending MEP. The sending MEP receives the DMR and calculates the two-way frame delay
using the timestamp in the DMR and the timestamp at reception of the DMR. Frame delay
variation measurement is done by calculating the difference between two subsequent two-way
frame delay measurements.
Command Hierarchy
device-name#
+ config terminal
+ [no] saa
+ [no] profile PROFILE-NAME
- type {y1731 | y1731-slm}
+ [no] y1731
- [no] delay-far-end <value>
- [no] delay-near-end <value>
- [no] jitter-far-end <value>
- [no] jitter-near-end <value>
+ [no] test TEST-NAME TEST-OWNER
- type y1731
- profile PROFILE-NAME
+ [no] y1731
- [no] count-all-priorities
- mode {loopback | test}
- [no] delay-method {average | p-
percentile}
- [no] delay-p-value <value>
- [no] frequency <value>
- [no] function {both | delay-measurement
| loss-measurement}
- [no] history <value>
- [no] interval <value>
- [no] jitter-method {p-percentile | peak-
to-peak | variance}
- [no] jitter-p-value <value>
- domain DOMAIN-NAME
- mep <value>
- [no] mode {loopback | test}
- [no] period <value>
- [no] priority <value>
- [no] target-mac HH:HH:HH:HH:HH:HH
- [no] target-mep <value>
- target-type {mac | mep}
- [no] timeout <value>
- [no] ma MA-NAME
- [no] shutdown
- show saa test [name TEST-NAME owner TEST-OWNER]
Command Descriptions
Table 10: ITU-T Y.1731 SAA In-Service Test Commands
Command Description
Command Description
type y1731
Command Description
domain DOMAIN-NAME
Command Description
Command Description
Command Description
Configuration Example
The following example shows how to configure the SAA In-Service test on two devices.
device-name(config-y1731)#history 50
device-name(config-y1731)#interval 60
device-name(config-y1731)#jitter-method variance
device-name(config-y1731)#ma ma6
device-name(config-y1731)#mep 3208
device-name(config-y1731)#period 1000
device-name(config-y1731)#priority 6
device-name(config-y1731)#target-type mep
device-name(config-y1731)#target-mep 7124
device-name(config-y1731)#timeout 5
device-name(config-y1731)#commit
Commit complete.
device-name(config-y1731)#exit
device-name(config-test-test1/user)#no shutdown
device-nameconfig-test-test1/user)#commit
Commit complete.
device-name(config-test-test1/user)#end
Command Hierarchy
device-name#
+ config terminal
+ [no] saa
+ [no] profile PROFILE-NAME
- type y1731-slm
+ [no] y1731-slm
- [no] delay-far-end <value>
- [no] delay-near-end <value>
- [no] frameloss-far-end <value>
- [no] frameloss-near-end <value>
- [no] jitter-far-end <value>
- [no] jitter-near-end <value>
Command Descriptions
Table 11: ITU-T Y.1731-SLM SAA In-Service Test Commands
Command Description
Command Description
Command Description
type y1731-slm
Command Description
mep <value>
Command Description
pdu-size <value>
Supported only for Bi-test-head mode and
Uni-test-head mode.
Specifies the synthetic packets size:
value: in the range of <64-9000>
bytes
no pdu-size Restores to default
Command Description
Command Description
show saa profile [name PROFILE-NAME] Displays the SAA profile configuration:
name PROFILE-NAME: (optional)
displays a specific profile
configuration
Example
The following example demonstrates how to configure bi-directional Y1731-SLM test:
1. Configure the Test-head device:
Device-name#config terminal
Entering configuration mode terminal
Device-name(config)#service tls 111
Device-name(config-tls-111)#no shutdown
Device-name(config-tls-111)#sap 1/1/1 c-vlan 1111
Device-name(config-c-vlan-1111)#sdp s-vlan 111 port 1/1/2
Device-name(config-port-1/1/2)#top
Device-name(config)#oam cfm
Device-name(config-cfm)#no shutdown
Device-name(config-cfm)#domain SLM level 1
Device-name(config-domain-SLM)#ma 11 service 111
Device-name(config-ma-11)#hello-interval 1s
Device-name(config-ma-11)#mep 1 bind-to 1/1/1:1111: direction up ccm-
enabled
Device-name(config-mep-1)#no shutdown
Device-name(config-mep-1)#top
Device-name(config)#saa profile SLM
Device-name(config-profile-SLM)#type y1731-slm
Device-name(config-profile-SLM)#top
Device-name(config)#saa test 111 111
Device-name(config-test-111/111)#type y1731-slm
Device-name(config-test-111/111)#profile SLM
Device-name(config-test-111/111)#y1731-slm
Device-name(config-y1731-slm)#mode bi-test-head
Device-name(config-y1731-slm)#include-delay-measurement
Device-name(config-y1731-slm)#domain SLM
Device-name(config-y1731-slm)#interval 60
Device-name(config-y1731-slm)#period 1sec
Device-name(config-y1731-slm)#gathering-interval 1sec
Device-name(config-y1731-slm)#history 1
Device-name(config-y1731-slm)#mep 1
Device-name(config-y1731-slm)#ma 11
Device-name(config-y1731-slm)#priority 6
Device-name(config-y1731-slm)#target-type mep
Device-name(config-y1731-slm)#target-mep 2
Device-name(config-y1731-slm)#pdu-size 1024
Device-name(config-y1731-slm)#test-id 111
Device-name(config-y1731-slm)#exit
Device-name(config-test-111/111)#no shutdown
Device-name(config-test-111/111)#commit
Commit complete.
Device-name(config-test-111/111)#
T-Marc3312SC/T-Marc3312SCH
To perform the SAA Unidirectional Throughput test, define the following parameters:
Test-head (source) and test-tail (target) within an existing domain
PDU sizes for the selected test: the test calculates performance for each PDU size (64, 128,
256, 512, 1024, 1280, 1518, 2000, 9000 bytes), and displays the results per PDU size.
Maximum traffic rate and the ratio between constant and burst traffic: the test sends two
traffic streams from the test-head simultaneously:
Stream 1: The constant traffic rate (simulating the Committed Information Rate (CIR)).
The stream uses 90% of the maximum traffic rate by default.
Stream 2: The burst traffic rate (simulating the Committed Burst Size [CBS]). The stream
uses the remaining ten percent of the maximum traffic rate by default.
Burst size (in kbps) for Stream 2, the CBS size
Test duration per selected PDU size
When performing a Unidirectional Throughput test:
The test-tail calculates the packet count for each test sequence and sends the results to the test-
head. The test-head reduces the test rate or continues to the next PDU size.
To ensure notification delivery, the test-tail keeps sending results until the test-head sends a
reply to the test-tail or until it reaches the configured timeout.
The test ends if the test-head does not receive the message.
The bi-directional throughput test generates test frames using 802.1ag LBM/LBR format.
To perform the SAA Bi-Directional throughput test, define the following parameters:
Test-head (source) and test loopback (target) within an existing domain
PDU sizes for the selected test. The test calculates performance for each PDU size (64, 128,
256, 512, 1024, 1280, 1518, 1530, 2000, 9000 bytes), and displays test results per PDU size.
Committed Information Rate (CIR), expressed in Mbps
The test duration per selected PDU size
Select one of the following loopback types:
MAC-Swap: Swaps the MAC source and destination addresses of the packet before
looping the packet back. The OpCode field remains the same.
OAM: Swaps the MAC source and destination addresses of the packet before looping the
packet back. The OpCode field is changed from LoopBack Message (LBM) to LoopBack
Reply (LBR).
When performing a Bi-Directional Throughput test:
The test transmits PDUs at the defined CIR rate for the test duration to determine whether
the frame loss differs from the threshold.
After completing packet transmission, the test is suspended for a length of time equal to the
maximum latency at which all packets arrive.
Transmitted PDU has an ID (sequence number) and timestamp used for statistics calculation.
If frame loss is higher than the maximum frame loss percentage, the test-head repeats the test
at a lower rate until frame loss is within the configured SLA range.
Command Hierarchy
device-name#
+ config terminal
+ [no] saa
+ [no] profile PROFILE-NAME
- type rfc2544
+ [no] rfc2544
[no] frameloss <value>
+ [no] test TEST-NAME TEST-OWNER
- type rfc2544
- profile PROFILE-NAME
- [no] shutdown
+ [no] rfc2544
- mode bi-test-head
- mode bi-test-loopback
- mode uni-test-head
- mode uni-test-tail
- [no] burst-percentage <value>
- [no] c-vlan <cvlan-id>
- [no] c-vlan-drop-eligible
- [no] c-vlan-priority <value>
- [no] cir <value>
- [no] cbs <value>
- [no] data-size <value>
- [no] custom-data-size <value>
- domain DOMAIN-NAME
- [no] duration <value>
- [no] loopback-type {mac-swap | oam}
- ma MA-NAME
- mep <value>
- mode {bi-test-head | bi-test-loopback | uni-test-
head | uni-test-tail}
- [no] pattern {none | null | null-crc | prbs |
prbs-crc}
- [no] result-ack-timeout <value>
- [no] s-vlan-drop-eligible
- [no] s-vlan-priority <value>
- [no] target-mac HH:HH:HH:HH:HH:HH
- [no] target-mep <value>
- target-type {mac | mep}
Command Descriptions
Table 12: SAA Throughput Commands
Command Description
Command Description
type rfc2544
Command Description
data-size <value>
domain DOMAIN-NAME
Command Description
ma MA-NAME
Command Description
pattern {none | null | null-crc Supported only for unidirectional and bi-
| prbs | prbs-crc} directional test-heads.
Specifies the test packet's pattern type:
none: arbitrary pattern
null: null signal without Cyclic
Redundancy Check (CRC)-32
null-crc: null signal with
Cyclic Redundancy Check (CRC)-32
prbs: Pseudo-Random Byte
Sequence (PRBS) without Cyclic
Redundancy Check (CRC)-32
prbs-crc: Pseudo-Random Byte
Sequence (PRBS)with Cyclic
Redundancy Check (CRC)-32
PRBS
no pattern Restores to default
Command Description
target-mep <value>
target-mac HH:HH:HH:HH:HH:HH
Command Description
show saa profile [name PROFILE-NAME] Displays the SAA profile configuration:
name PROFILE-NAME: (optional)
displays a specific profile
configuration
Example 1
The following example displays the configuration needed to convert the RFC2544 testing from
non-intrusive (default status) to intrusive. The user needs to configure any MAC ACL and apply it
on port, group of ports, or SAP port.
device-name(config)#mac access-list 400
device-name(config-access-list-400)#rule 1 action deny source-mac any
destination-mac any vlan 300
device-name(config-rule-1)#exit
device-name(config-access-list-400)#rule 2 action permit source-mac any
destination-mac any
Configuration Example
The following example shows how to configure the RFC2544 SAA Throughput test on two
devices.
device-name(config-profile-1)#type rfc2544
device-name(config-profile-1)#rfc2544
device-name(config-rfc2544)#frameloss 10000
device-name(config-rfc2544)#commit
Commit complete.
device-name(config-rfc2544)#exit
device-name(config-profile-1)#exit
Pattern : prbs
Priority : 6
DE flag : 0
Duration : 5 seconds
Timeout : 10 seconds
Datasize : 64, 128, 256, 512, 1024, 1280, 1518, 2000, 9000
Loopback type : oam
----------------------------------------------------------------
| Size | Successful rate | Net Successful rate | Frame-loss |
+--------+-----------------+---------------------+-------------+
| 64 | 1000000Kbps | 761904Kbps | 1.576 % |
| 128 | 1000000Kbps | 864864Kbps | 0.513 % |
| 256 | 1000000Kbps | 927536Kbps | 0.015 % |
| 512 | 1000000Kbps | 962406Kbps | 0.004 % |
| 1024 | 1000000Kbps | 980842Kbps | 0.000 % |
| 1280 | 1000000Kbps | 984615Kbps | 0.473 % |
| 1518 | 1000000Kbps | 986996Kbps | 0.008 % |
| 2000 | 1000000Kbps | 990099Kbps | 0.000 % |
| 9000 | 1000000Kbps | 997782Kbps | 0.000 % |
+--------+-----------------+---------------------+-------------+
----------------------------------------------------------------
| Size | Min Delay | Avg Delay | Max Delay |
+--------+-----------------+-----------------+-----------------+
| 64 | 14.336 us | 47.807 us | 53.760 us |
| 128 | 16.384 us | 66.643 us | 78.336 us |
| 256 | 19.456 us | 95.708 us | 125.440 us |
| 512 | 28.160 us | 133.010 us | 221.184 us |
| 1024 | 44.544 us | 151.638 us | 258.048 us |
| 1280 | 51.712 us | 158.837 us | 264.704 us |
| 1518 | 59.904 us | 167.333 us | 273.408 us |
| 2000 | 74.240 us | 181.933 us | 287.744 us |
| 9000 | 294.400 us | 400.991 us | 506.880 us |
+--------+-----------------+-----------------+-----------------+
The Successful traffic rate is the total number of physically transferred bits per second over the
communication link, including useful data as well as protocol overhead.
The Net Successful rate is the capacity excluding the physical layer protocol overhead; it is
calculated by the following formula:
NetSuccRate = SuccRate*PDUSIZE/(PDUSIZE+160),
where SuccRate is the measured Successful traffic rate, PDUSIZE is the packets size, and the 160
bytes includes 96 interframe gap (IFG) bites, and 64 preamble bytes.
device-name(config-profile-1)#type rfc2544
device-name(config-rfc2544)#frameloss 10000
device-name(config-profile-1)#exit
Event Propagation
The Event Propagation feature allows you to configure automatic actions executed upon the
occurrence of specific events.
The feature acts upon receiving events from the events provider. It matches the received events
with pre-configured pairs of event-action and then forwards the matched action to the related
action performer.
To configure this feature, you have to define profiles grouping the event-action pairs. Profiles are
applied to various targets, such as SAPs or physical ports.
By enabling event propagation, the device:
detects a remote link failure or a local ports down status
disconnects a link to a peer device
restores the link to the peer device in case the event is reversed
To avoid flapping events, you can configure two timers per profile:
Event timer (hold-off): the interval from the time the event starts before the event propagation
disconnects a link or sends LDP MAC address withdraw message.
Revertive timer (wait-to-restore): the interval from the time the event is reversed before reversing the
Event Propagation action.
This feature is based on TLS and the CFM-OAM functionality. Therefore, it can function only on
devices where these features are enabled.
Command Description
NOTE
When action lacp-standby is
specified, configuration of VRRP
and event propagation must be
committed in a single transaction.
event {ais-lck | con-lost | none |
rcvd-tc-bpdu | status-down}
Specifies the expected event type:
ais-lck: the AIS (Alarm
Indication Signal) bit is
received
con-lost: the connectivity is
lost
none: no expected event
rcvd-tc-bpdu: xSTP-topology-
change BPDU is received
status-down: the port is in down
state
perform-mac-flush Enables MAC addresses, dynamically-learned
on port/s, to be flushed when the port receives
specific event
Disabled
no perform-mac-flush Restores to default
reverse {lacp-active | link-restore Specifies the reverse action to be performed
| none} when the configured event stops processing:
lacp-active: LACP operates in
Active negotiation mode
link-restore: restores the link
none: no action is performed
None
no reverse [link-restore | none] Removes the configured action
source {local-mep <id> | local-port Specifies the source from which the event-
{UU/SS/PP | agN} | rem-mep <id>} propagation profile receives the configured
event:
local-mep <id>: receives events
from a local MEP with ID, in the
range of <18191>
local-port UU/SS/PP or agN:
receives events from a local port
or a group of ports
rem-mep <id>: receives events
from a remote MEP with ID, in the
range of<18191>
The valid port range is:
UU/SS/PP: 1/1/1-1/1/4, 1/2/1-
1/2/8
agN: LAG ID. N is in the range of
<1-14>
Command Description
Command Description
Command Description
Configuration Example
The following example shows how to configure event propagation on two devices (Device 1 and
Device 4).
Provider side is in domain 5 level 5 VLAN 10.
Customer side is in domain 6 level 6 VLAN 10.
In case of problem on level 5, you will receive ais-lck event on level 6. So if you receive such issue
an automatic action can be triggered in Device1 or Device2 based on above mentioned event.
Configure Device 1:
Configure CFM:
device-name#config terminal
Entering configuration mode terminal
device-name(config)#vlan 10
device-name(config-vlan-10)#tagged 1/1/1
device-name(config-tagged-1/1/1)#exit
device-name(config-vlan-10)#tagged 1/1/2
device-name(config-tagged-1/1/2)#commit
Commit complete.
device-name(config)#oam
device-name(config-oam)#cfm
device-name(config-cfm)#domain d6
device-name(config-domain-d6)#level 6
device-name(config-domain-d6)#ma ma6
device-name(config-ma-ma6)#vlan 10
device-name(config-ma-ma6)#ais-lck-receive
device-name(config-ma-ma6)#ais-lck-transmit
device-name(config-ais-lck-transmit)#ais-lck-level 7
device-name(config-ais-lck-transmit)#ais-lck-priority 3
device-name(config-ais-lck-transmit)#ais-lck-vlan 10
device-name(config-ais-lck-transmit)#mep 602
device-name(config-mep-602)#bind-to 1/1/1
device-name(config-mep-602)#direction up
device-name(config-mep-602)#no shutdown
device-name(config-mep-602)#ccm-enabled
device-name(config-mep-602)#ccm-priority 5
device-name(config-mep-602)#exit
device-name(config-ma-ma6)#exit
device-name(config-domain-d6)#exit
Configure Device 2:
Configure CFM:
device-name#config terminal
Entering configuration mode terminal
device-name(config)#vlan 10
device-name(config-vlan-10)#tagged 1/1/1
device-name(config-tagged-1/1/1)#exit
device-name(config-vlan-10)#tagged 1/1/2
device-name(config-tagged-1/1/2)#commit
Commit complete.
device-name(config-tagged-1/1/2)#exit
device-name(config-vlan-10)#exit
device-name(config)#oam cfm
device-name(config-cfm)#domain d5 level 5
device-name(config-domain-d5)#ma ma5 vlan 10
device-name(config-ma-ma5)#ais-lck-receive
device-name(config-ma-ma5)#ais-lck-transmit ais-lck-level 6
device-name(config-ais-lck-transmit)#exit
device-name(config-ma-ma5)#ais-lck-transmit ais-lck-priority 7
device-name(config-ais-lck-transmit)#exit
device-name(config-ma-ma5)#ais-lck-transmit ais-lck-vlan 10
device-name(config-ais-lck-transmit)#exit
device-name(config-ma-ma5)#mep 1 bind-to 1/1/2 direction up
device-name(config-mep-1)#ccm-enabled
device-name(config-mep-1)#ccm-priority 5
device-name(config-mep-1)#exit
device-name(config-ma-ma5)#exit
device-name(config-domain-d5)#exit
device-name(config-cfm)#no shutdown
device-name(config-cfm)#commit
Configure Device 3:
Configure CFM:
device-name#config terminal
Entering configuration mode terminal
device-name(config)#vlan 10
device-name(config-vlan-10)#tagged 1/1/1
device-name(config-tagged-1/1/1)#exit
device-name(config-vlan-10)#tagged 1/1/2
device-name(config-tagged-1/1/2)#commit
Commit complete.
device-name(config-tagged-1/1/2)#exit
device-name(config-vlan-10)#exit
device-name(config)#oam cfm
device-name(config-cfm)#domain d5 level 5
device-name(config-domain-d5)#ma ma5 vlan 10
device-name(config-ma-ma5)#ais-lck-receive
device-name(config-ma-ma5)#ais-lck-transmit ais-lck-level 6
device-name(config-ais-lck-transmit)#exit
device-name(config-ma-ma5)#ais-lck-transmit ais-lck-priority 7
device-name(config-ais-lck-transmit)#exit
device-name(config-ma-ma5)#ais-lck-transmit ais-lck-vlan 10
device-name(config-ais-lck-transmit)#exit
device-name(config-ma-ma5)#mep 2 bind-to 1/1/2 direction up
device-name(config-mep-1)#ccm-enabled
device-name(config-mep-1)#ccm-priority 5
device-name(config-mep-1)#exit
device-name(config-ma-ma5)#exit
device-name(config-domain-d5)#exit
device-name(config-cfm)#no shutdown
device-name(config-cfm)#commit
Configure Device 4:
Configure CFM:
device-name#config terminal
Entering configuration mode terminal
device-name(config)#vlan 10
device-name(config-vlan-10)#tagged 1/1/1
device-name(config-tagged-1/1/1)#exit
device-name(config-vlan-10)#tagged 1/1/2
device-name(config-tagged-1/1/2)#commit
Commit complete.
device-name(config)#oam cfm
device-name(config-cfm)#domain d6
device-name(config-domain-d6)#level 6
device-name(config-domain-d6)#ma ma6
device-name(config-ma-ma6)#vlan 10
device-name(config-ma-ma6)#ais-lck-receive
device-name(config-ma-ma6)#ais-lck-transmit
device-name(config-ais-lck-transmit)#ais-lck-level 7
device-name(config-ais-lck-transmit)#ais-lck-priority 3
device-name(config-ais-lck-transmit)#ais-lck-vlan 10
device-name(config-ais-lck-transmit)#mep 601
device-name(config-mep-601)#bind-to 1/1/1
device-name(config-mep-601)#direction up
device-name(config-mep-601)#no shutdown
device-name(config-mep-601)#ccm-enabled
device-name(config-mep-601)#ccm-priority 5
device-name(config-mep-601)#exit
device-name(config-ma-ma6)#exit
device-name(config-domain-d6)#exit
device-name(config-cfm)#no shutdown
List of Tables 2
Synchronization 10
DPLL10
Clock Sources 10
Selecting a Clock Reference10
Output Clocks 11
SyncE Commands 11
Command Hierarchy 12
Command Descriptions 13
Configuration Example 20
Table of Figures
Figure 1: SDH/SONET Network Synchronization Hierarchy ....................................................... 3
Figure 2: Clock Transmission over Traditional Ethernet ................................................................. 6
Figure 3: Clock Transmission over Synchronized Ethernet ............................................................ 7
Figure 4: Schematic Presentation of the System Synchronization Concept ................................ 10
List of Tables
Table 1: Hierarchy of Quality Levels in Option I Synchronization Networks ............................. 5
Table 2: Hierarchy of Quality Levels in Option II Synchronization Networks ............................ 5
Table 3: ESMC PDU Format ............................................................................................................... 8
Table 4: General Structure of the TLV Field ..................................................................................... 9
Table 5: Structure and Content of TLV Field Containing an SSM ................................................. 9
Table 6: SyncE Commands ................................................................................................................. 13
T-Marc3312SC
While PRC/PRS and SSU/BITS are usually implemented as standalone products with timing
functionality only (no data transmission), SEC/SMC/EEC are almost exclusively embedded in
networking products.
ITU-T Recommendation G.781 specifies the following clock source quality levels corresponding to
4 base levels of synchronization quality for SDH networks or Synchronous Ethernet networks that
connect to or replace SDH (option I):
QL-PRC: A synchronization trail transporting timing quality generated by a Primary
Reference Clock as defined in Recommendation G.811
QL-SSU-A: A synchronization trail transporting timing quality generated by a transit slave
clock as defined in Recommendation G.812, Types I and V
QL-SSU-B: A synchronization trail transporting a timing quality generated by a local slave
clock as defined in Recommendation G.812, Type VI
QL-SEC: A synchronization trail transporting a timing quality generated by an SDH
Equipment Clock (SEC) as defined in Recommendation G.813, Option I, or Ethernet
Equipment Clock (EEC) as defined in Recommendation G.8262, Option I.
QL-DNU: While not used for synchronization, this signal is used when clock quality of the
source is either unknown, too low, or when use of the source risks formation of a
synchronization loop.
QL-INVx, -FAILED, -UNC, -NSUPP: Internal QLs inside the network equipment that are
never generated at an output port.
The following clock-source quality-levels are defined in the synchronization selection process of an
option II network corresponding to second generation quality levels.
QL-PRS: PRS-traceable ([ITU-T G.811])
QL-STU: synchronizedtraceability unknown
QL-ST2: traceable to stratum 2 ([ITU-T G.812], type II)
QL-TNC: traceable to transit node clock ([ITU-T G.812], type V)
QL-ST3E: traceable to stratum 3E ([ITU-T G.812], type III)
QL-ST3: traceable to stratum 3 ([ITU-T G.812], type IV)
QL-SMC: traceable to SONET clock self timed ([ITU-T G.813] or [ITU-T G.8262], option
II)
QL-ST4: traceable to stratum 4 freerun (only applicable to 1.5 Mbit/s signals)
QL-PROV: provisionable by the network operator
QL-DUS: not used for synchronization
NOTE
First generation quality levels do not define QL-ST3E and QL-TNC as separate
quality levels and QL-PROV was identified as QL-RES.
Table 1 and Table 2 show the clock source quality levels for SDH networks and for Synchronous
Ethernet networks that connect to or replace SONET, as specified by ITU-T Recommendation
G.781 (as option I and option II networks, respectively).
QL-PRC highest
QL-SSU-A
QL-SSU-B
QL-SEC
QL-DNU
QL-INVx, -FAILED, -UNC, -NSUPP lowest
QL-PRS highest
QL-STU
QL-ST2
QL-TNC
QL-ST3
QL-ST3E
QL-SMC
QL-ST4
QL-PROV (default position)
QL-DUS
QL-DNU
QL-INVx, -FAILED, -UNC, -NSUPP lowest
When multiple inputs have the same high quality level, the device selects the input with the
highest priority
When multiple inputs have the same high priority and quality level, the existing reference is
maintained when that reference belongs to the same group
Otherwise, the reference with the lowest Index in the group is selected.
If no clock source could be selected, the local clock oscillator is selected as reference.
For 1000Base-T networks, manually configure ports to alternate the master and slave function
(in the clock path).
On 1000Base-X (fiber) and 10GBASE-X (10 gigabit) networks, where there is no bi-
directional transmission on a single fiber, one fiber is always used for transmission and the
other for reception.
Gigabit or 10-Gigabit Ethernet Physical Layer Devices (PHYs) devices, which are capable of
providing recovered clock on one of their output pins, support SyncE. The recovered clock is
cleaned by the PLL and fed to the 25MHz crystal oscillator input pin on the PHY device. Newer
Ethernet PHY devices provide a dedicated pin for synchronization input. The advantage of this
approach is that frequency input can be higher than 25MHz resulting in lower jitter and avoidance
of potential timing loop problems within the PHY device.
Despite the fact that the average message rate is about one message/second, this messaging
arrangement ensures a short reaction time. If an information message (alive signal) is not received
within a five-second period, the clock considers the incoming ESMC protocol as having failed.
The ESMC protocol payload uses Type-Length-Values (TLVs) for content format. The clock
quality level is transmitted in a TLV containing the standard 4-bit, SSM quality level values defined
by ITU- T, ANSI and Telcordia.
The ESMC protocol is a unidirectional transmission channel. The Tx phase provides the necessary
information and clock states; the Rx phase always receives that information and states, but the
device may choose whether to use or ignore the information depending upon configuration.
ESMC contains:
the standard Ethernet header for OSSP
the ITU-T Organization Unique Identifier (OUI)
a specific ITU-T subtype
an ESMC-specific header
a flag field
a Type-Length-Value (TLV) field.
The use of flags and TLVs is aimed at improving SyncE link management and the associated
timing change. Table 3 presents the ESMC PDU format. Note that in the TLV field, padding
bits are added to ensure that the field length is an integer number of bytes and covers the
required minimum of 64 bytes.
Table 3: ESMC PDU Format
Octet Number Field Size Content (HEX)
Table 4 and Table 5 show the structure of the TLV field, respectively its general structure and the
structure and content when containing an SSM. The ability to use TLV fields keeps the ESMC
protocol open to accommodating future extensions.
Table 4: General Structure of the TLV Field
Field Size
Type 1 octet
Length 2 octets
Data and padding up to 1387 octets
Type 1 octet 01
Length 2 octets 04
Unused 4 bits 0
SSM 4 bits SSM code
Synchronization
DPLL
DPLL 0: Generates all output clocks.
Clock Sources
The clock source is a logical entity corresponding to a physical input clock (Ethernet, etc.). Specifics
and configuration options depend on the input clock type. SyncE Clock Source is supported.
Equal Reference: When the top-rated references have the same QL and priority, the
reference with lowest IfIndex (interface index) is selected.
Reference Lock-out: Reference cannot be selected temporarily.
Manual Switch: Used only to override the configured priority.
Forced Switch: Applied to any Reference that is enabled and not locked-out.
Output Clocks
SyncE Output clock is supported.
SyncE Commands
This section describes the command hierarchy for SyncE, lists available commands, and provides a
configuration example.
Command Hierarchy
device-name#
- system sync-timing clear-timer clock-source-name UU/SS/PP timer-type
{hold-off | wait-to-restore}
- system sync-timing reset module-id <id> reference-clock-name UU/SS/PP
- system sync-timing switch {module-id <id> | reference-clock-name
UU/SS/PP | mode {forced | clear | manual}}
+ config terminal
- system
+ [no] sync-timing
- [no] ql-prov-position {before | after} {ql-dnu | ql-dus
| ql-inv | ql-prc | ql-prov | ql-prs | ql-sec | ql-
smc | ql-ssu-a | ql-ssu-b | ql-st2 | ql-st3 | ql-st3e
| ql-stu | ql-tnc}
+ [no] clock-output UU/SS/PP
- [no] esmc
+ [no] clock-source UU/SS/PP
- [no] esmc
- [no] quality {ql-dnu | ql-dus | ql-inv | ql-prc |
ql-prov | ql-prs | ql-sec | ql-smc | ql-ssu-a |
ql-ssu-b | ql-st2 | ql-st3 | ql-st3e | ql-stu |
ql-tnc}
- [no] quality-change-notify
- [no] shutdown
- [no] debug {{assert | drv | management | selection}
{true | false}| packet {event {recv | send} |
informational {recv | send}}}
+ [no] dpll <module-id>
- [no] reference-change-notify
+ [no] reference-clock UU/SS/PP
- [no] priority <value>
- [no] lock-out
- [no] reference-selection {freerun | q781}
- quality-level {enable | disable}
- [no] status-change-notify
- [no] shutdown
- [no] g781-option {I | II}
- [no] hold-off <value>
- [no] wait-to-restore <value>
- show system sync-timing [displaylevel <value>]
- show system sync-timing clock-source [displaylevel <value>]
Command Descriptions
Table 6: SyncE Commands
Command Description
Command Description
Command Description
ql-ssu-a | ql-ssu-b | ql- below are listed in the order of preference in
st2 | ql-st3 | ql-st3e |
ql-stu | ql-tnc}
which they are used by the system (not counting
dnu):
ql-dnu: the signal should not be
used for synchronization. This
parameter is specific for Option
I.
ql-dus: the signal should not be
used for synchronization. This
parameter is specific for Option
II.
ql-inv: internal quality level.
This quality level cannot be set
on clock-source. It indicates
that an invalid ESMC message is
received on the clock-source.
ql-prc: the signal is traceable
to a primary reference clock.
This parameter is specific for
Option I.
ql-prov: provided at the
discretion of the network
operator and may take different
order positions. This parameter
is specific for Option II.
ql-prs: the signal is traceable
to a primary reference source.
This parameter is specific for
Option II.
ql-sec: the signal is traceable
to the SDH equipment clock. This
parameter is specific for Option
I.
ql-smc: the signal is traceable
to the SONET minimum clock
ql-ssu-a: THIS synchronization
trail transports a timing quality
generated by Types I or V slave
clock. This parameter is specific
for Option I.
ql-ssu-b: this synchronization
trail transports a timing quality
generated by a Type VI slave
clock. This parameter is specific
for Option I.
ql-st2: the signal is traceable
to the stratum 2 level. This
parameter is specific for Option
II.
ql-st3: the signal is traceable
to the stratum 3 level. This
parameter is specific for Option
II.
ql-st3e: the signal is traceable
Command Description
to the stratum 3E level. This
parameter is specific for Option
II.
ql-stu: the signal is traceable
to unknown stratum level. This
parameter is specific for Option
II.
ql-tnc: the signal is traceable
to transit node clock. This
parameter is specific for Option
II.
dus
no quality Restores to default
quality-change-notify Enables notification whenever clock quality
changes on the specified port
no quality-change-notify Disables notification whenever clock quality
changes on the specified port
shutdown Enables the clock source
no shutdown Disables the clock source
debug {{assert | drv | management Enables displaying of additional log messages
| selection} {true | false}| related to:
packet {event {recv | send} |
informational {recv | send}}} assert: critical events related
to memory space, hardware
problems with chips
drv: interactions with drivers
management: interactions with the
management interface
selection: clock-selection
mechanism
packet event, informational
(recv, send): sent/received
packets
no debug {{assert | drv | Disables displaying of additional log messages
management | selection} {true
| false}| packet {event {recv
| send} | informational {recv
| send}}}
Command Description
and enters clock-reference configuration mode
for that port:
UU/SS/PP: 1/2/1-1/2/8
no reference-clock [UU/SS/PP] Disables reference clock:
UU/SS/PP: (optional) 1/2/1-1/2/8
priority <value> Specifies the priority of the configured DPLL
module for reference clock selection:
value: in the range of <0-256>
0
no priority [<value>] Restores to default
Command Description
Command Description
Configuration Example
In the following example, clock sources, Ethernet ports using ESMC for dynamic Quality Level, are
configured and assigned to DPLL 0.
Output clocks are generated by the DPLL 0.
1. Enter SyncE Configuration mode:
device-name(config)#system sync-timing
2. Enable clock source and ESMC protocol for clock input on port 1/1/2:
device-name(config-sync-timing)#clock-source 1/1/2
device-name(config-clock-source-1/1/2)#esmc
device-name(config-clock-source-1/1/2)#commit
Commit complete.
device-name(config-clock-source-1/1/2)#no shutdown
device-name(config-clock-source-1/1/2)#commit
Commit complete.
3. Enable clock source and ESMC protocol for clock input on port 1/1/3:
device-name(config-clock-source-1/1/2)#clock-source 1/1/3
device-name(config-clock-source-1/1/3)#esmc
device-name(config-clock-source-1/1/3)#commit
Commit complete.
device-name(config-clock-source-1/1/3)#no shutdown
device-name(config-clock-source-1/1/3)#commit
Commit complete.
4. Enable clock source and ESMC protocol for clock input on port 1/1/4. Send notifications
whenever clock quality changes:
device-name(config-clock-source-1/1/3)#clock-source 1/1/4
device-name(config-clock-source-1/1/4)#esmc
device-name(config-clock-source-1/1/4)#commit
Commit complete.
device-name(config-clock-source-1/1/4)#no shutdown
device-name(config-clock-source-1/1/4)#commit
device-name(config-clock-source-1/1/4)#quality-change-notify
Commit complete.
device-name(config-dpll-0)#quality-level enable
device-name(config-dpll-0)#status-change-notify
device-name(config-dpll-0)#commit
Commit complete.
SyncE The following ITU-T standards No private MIBs are No RFCs are
are supported: supported by this supported by this
G.8261 feature. feature
G.8262
G.8264
G.781
List of Tables 2
IPv6 Addressing 4
IPv6 Address Structure 4
IPv6 Configuration Commands 4
IP Unicast Routing 9
Populating the Routing Table (FIB) 9
Special IP Interfaces 10
Route-Maps 10
Prefix-List 11
The IP Unicast Routing Default Configuration 11
IP Configuration Commands 12
Table of Figures
Figure 1: OSPF Topology ................................................................................................................... 18
Figure 2: Virtual Link Providing Redundancy.................................................................................. 21
Figure 3: OSPF Configuration Flow.................................................................................................. 23
Figure 4: OSPF Configuration Example ........................................................................................... 33
Figure 5: Level 1, Level 2, and Level 1-2 Routers in an IS-IS Network Topology..................... 41
Figure 6: IS-IS Configuration Flow ................................................................................................... 44
List of Tables
Table 1: IPv6 Commands..................................................................................................................... 5
Table 2: IP Unicast Routing Default Configuration........................................................................ 11
Table 3: Default Administrative Distances of the Dynamic Routing Protocols ......................... 11
Table 4: Static Routes Commands ..................................................................................................... 12
Table 5: LSA Type Names and Numbers ......................................................................................... 19
Table 6: OSPF Commands ................................................................................................................. 25
Table 7: TE Commands ...................................................................................................................... 37
Table 8: IS-IS Packet Types ................................................................................................................ 42
Table 9: IS-IS Hello PDU Fields ........................................................................................................ 43
Table 10: IS-IS Commands ................................................................................................................. 46
T-Marc3312SC/T-Marc3312SCH
IPv6 Addressing
IPv6 is the latest version of the Internet Protocol (IP). The main idea of IPv6 is to meet the
demand for globally unique IP addresses. While IPv4 addresses are 32 bits long, the IPv6 address
space has been extended to 128 bits. The architecture of IPv6 allows existing IPv4 users to
transition easily to IPv6 while providing services such as end-to-end security, quality of service
(QoS), and globally unique addresses. The flexibility of the IPv6 address space reduces the need for
private addresses and the use of Network Address Translation (NAT); therefore, IPv6 enables new
application protocols that do not require special processing by border routers at the edge of
networks.
Commands Hierarchy
device-name#
+ config terminal
+ router
- [no] ipv6 disable
+ [no] interface {outBand0 | loN | swN}
- [no] ipv6 address <ipv6-address/prefix-length>
- [no] static-ipv6-route <destination-ipv6-address/prefix-
length> <nexthop-ipv6-address> <distance-value>
+ system
- [no] netconf-server
- [no] ipv6 port <value>
- [no] ssh-server
- [no] ipv6 port <value>
+ [no] snmp
- [no] ipv6 general-port <value>
- [no] target-address ADDR-NAME
- [no] ipv6 address <ipv6-address>
- show routes-ipv6 [RouteEntry {Flags {blackhole | changed | deleted |
ibgp | internal | mpls_egress | mpls_ingress | outband | selected |
self_ip | selfroute | stale | static | staticarp | vrrp_ip} | IfName
| Metrics | NextHopFlags | NextHopType | Uptime} | displaylevel]
- show router interface name IPv6NAME
- tracepath6 {<ipv6-address> | HOSTNAME}
- ping6 {ipv6-address | HOSTNAME} [number <number> | length <length>]
Commands Descriptions
Table 1: IPv6 Commands
Command Description
ipv6 port <value> Specifies the port through which the NETCONF
connection is established, in case IPv6 packet
processing is used:
number: the port number, in the
range of <165535>
Port 830
Telnet connection also supports IPv6
addressing.
ipv6 port <value> Specifies the port through which the SSH
connection is established, in case IPv6 packet
processing is used:
number: the port number, in the
range of <165535>
Port 22
Telnet connection also supports IPv6
addressing.
no ipv6 port Restores to default
snmp Enters SNMP Configuration mode
no snmp Removes the SNMP configuration
ipv6 address <ipv6-address> Defines the IP address of the target host. The
IPv6 host can perform SNMP queries and
receive SNMP notifications from a device
running IPv6 software:
ipv6-address: the IPv6 address of
the target
0:0:0:0:0:0:0:0
no ipv6 address Removes the configured address
show routes-ipv6 [RouteEntry {Flags { Displays the current contents of the IPv6 routing
blackhole | changed | deleted | ibgp | table, filtered by any of the commands
internal | mpls_egress | mpls_ingress
| outband | selected | self_ip | arguments
selfroute | stale | static | staticarp
| vrrp_ip} | IfName | Metrics |
NextHopFlags | NextHopType | Uptime} |
displaylevel]
show router interface name swN Displays the status and configuration of the
selected interface:
swN: an IPv6 interface number
IP Unicast Routing
Populating the Routing Table (FIB)
The routing table is a database that stores and updates the locations (addresses) of other network
devices and the most efficient routes to them. It is used to directing routing.
The table is populated from the following sources:
Dynamic routes, typically learned from routing protocol packets (see Dynamic Routes)
Static routes, manually entered by the network administrator (see Static Routes). They include:
Default routes, configured by the network administrator
Local routes, of IP interface addresses assigned to the system
Other static routes, configured by the network administrator
Dynamic Routes
Dynamic routes are typically learned by the routing protocols (OSPF, IS-IS). Routers that use the
routing protocols exchange information in their routing tables by advertising. Using dynamic
routes, the routing table only contains accessible networks. Dynamic routes are deleted from the
table when either of the following occurs:
An update for the network is not received for a period of time that is determined by the
routing protocol (i.e., the dynamic route is aged out of the table)
A neighbor sends a command to delete the dynamic routes advertised by the routing protocol
OSPF (by setting the route aging time to the maximum and flooding the Link-State
Advertisement (LSA) to the advertiser neighbors)
Static Routes
Static routes are manually entered into the routing table. Static routes are important in the following
cases:
When the router cannot build a route to a particular destination automatically
When, for security reasons, you need to make changes to the routing table of the router
When it is necessary to specify a gateway of last resort to which all unroutable packets will be
sent
Static routes are never aged out of the routing table.
A static route must be associated with a valid IP subnet and next hop IP address. When the IP
interface goes down, next hop IP address is not resolved. The static route using the next hop will
become inactive, although it will remain in the routing table.
The device remembers the static routes until they are manually removed. However, the static routes
decisions can be overridden by the dynamic routing information through prudent assignment of
administrative distance values. Each dynamic routing protocol has a default administrative distance,
as indicated in Table 3.
NOTE
If you want to override a static route by information received from a dynamic routing
protocol, simply ensure that the administrative distance of the static route is higher
than that of the dynamic protocol.
Special IP Interfaces
A permanent Layer 3 interface (sw0) is attached to the default VLAN. All available ports in the
system are attached to the default VLAN as untagged. For the device to be able to route between
the VLANs, the Layer 3 interfaces must be configured with an IP address.
The lo1-lo9 Layer 3 interfaces are not directly related to a VLAN. These interfaces can never be in
a down state. The packets sent through them are looped back to the IP stack and are then routed
on a destination-IP-address basis.
The outBand0 Layer 3 IP interface (OutBand interface) is destined for debugging purposes and
cannot be used to pass data.
Route-Maps
A route map provides an advanced filtering mechanism used to control and modify routing
information, and to specify the criteria for permitting or denying redistribution of routes between
routing devices. Route maps consist of a list of match and set clauses that specify the required
criteria and the actions to perform if these criteria are met.
Prefix-List
Prefix-lists work like access lists for route advertisements (prefixes). Prefix-lists are used to match
routes as opposed to traffic. Two things are matched:
The prefix (the network itself)
The prefix-length (the length of the subnet mask). Two optional keywords (ge and le) can be
used to designate a range of prefix lengths to be matched.
Prefix lists work very similarly to access lists; a prefix list contains one or more ordered entries
which are processed sequentially. As with access lists, the evaluation of a prefix against a prefix list
ends as soon as a match is found.
An empty prefix list permits all prefixes. A prefix that does not match any entries of a prefix list is
denied.
Connected IP interface 0
OSPF 110
IS-IS 115
Unknown 255
IP Configuration Commands
Commands Hierarchy
device-name#
+ config terminal
+ router
- [no] static-route A.B.C.D/M A1.B1.C1.D1 <distance-value>
- [no] prefix-list NAME
- [no] rule ID
- [no] ge <value>
- [no] ip-prefix A.B.C.D/M
- [no] le <value>
- [no] type {deny | permit}
- [no] route-map NAME
- [no] rule ID
- [no] match {interface {outBand0 | loN | swN} | ip-
address-prefixlist NAME | ip-nexthop-prefixlist
NAME | metric <value> | tag <value>}
- [no] next-rule <value>
- [no] on-match {exit | goto | next}
- [no] set {metric-type {type-1 | type-2} | metric
<value> | tag <value>}
- [no] type {deny | permit}
- show routes [RouteEntry {Flags {blackhole changed | deleted | ibgp |
internal | mpls_egress | mpls_ingress | outband | selected | self_ip
| selfroute | static | staticarp | vrrp_ip} | ifname NAME | metrics
<metric value> | NextHopFlags {active | fib | fibsetoutband |
notready | outband | recursive} | nexthoptype {ifindex | ifname |
ipv4 | ipv4_ifindex | ipv4_ifname ipv6 | ipv6_ifindex | ipv6_ifname}
| uptime <duration> | A.B.C.D/M}]
Commands Descriptions
Table 4: Static Routes Commands
Command Description
match {interface {outBand0 | Specify the criteria for matching route entries:
loN | swN} | ip-address-
prefixlist NAME | ip- interface: IP interface type
nexthop-prefixlist NAME | A route-map entry is created to match routes
metric <value> | tag first-hop IP interface to the specified IP interface.
<value>}
Valid interfaces are:
outBand0: an Ethernet network interface
loN: an internal logical loopback IP-
interface. N is in the range of <09>
swN: an IP interface number in the range of
<09999>
ip-address-prefixlist NAME:
specifies a prefix list used to
match against the IP address of
the route entries
ip-nexthop-prefixlist NAME:
specifies a prefix list used to
match against nexthop of the route
entries
metric <value>: matches the
specified metric, in the range of
<1-16777215>
tag <value>: matches the specified
tag
no match Removes the configured criteria
Area types
OSPF requires dividing the network into a logical star of areas.
Backbone area
Stub area
Normal Area
Not So Stubby area (NSSA)
The topology within an area is hidden from the rest of the AS. Hiding this information significantly
reduces LSA traffic and the calculations needed to maintain the LSDB. Routing within the area is
determined only by the topology.
Backbone Area
This area (also called Area 0) connects all other OSPF areas to each other. Any traffic
between areas must go through the backbone area. Due to its role, this area has to be
robust and stable. It should have internal redundancy and efficient bandwidth to handle
the traffic between areas.
Network areas should be contiguous (all in one connected piece). OSPF has a mechanism
for handling disconnections between network areas (other than Area 0) due to link
failures.
Stub Area
A stub area is connected to other areas; one of them may be the backbone area. External route
information is not distributed into stub areas. Stub areas are used to reduce memory consumption
and computation requirements on OSPF routers.
Normal Area
An area which is not Area 0 or a Stub area.
Not-So-Stubby-Area (NSSA)
NSSA is an optional area that does not flood all LSAs from the core into the area, but can import
and redistribute AS-external routes within the area.
OSPF Neighbors
Upon initialization, routers running OSPF attempt to locate neighboring routers to exchange LSAs.
Routers form adjacencies with neighboring routers before exchanging routing information. The
routers check details, such as subnet address, OSPF area number, network type, and authentication
passwords before forming an adjacency.
On broadcast or point-to-point segments, the routers dynamically discover neighbors through
the OSPF multicast, 224.0.0.5, using the OSPF Hello protocol.
On Non-Broadcast Multiple Access (NBMA) networks the system administrators have to
configure neighbors manually before the Hello protocol initializes in a unicast fashion,
beginning the adjacency forming process.
Broadcast
The Broadcast OSPF network type typically runs on multi-access broadcast IP interfaces such as
Ethernet, Token Ring, or FDDI.
Each Broadcast OSPF area includes one Designated Router (DR) and one Backup Designated
Router (BDR) elected dynamically on a broadcast segment with which all other routers form
adjacencies. The election criteria include router ID, loopback IP interface presence, and router IP
interface priority values.
The system administrators can manually configure these criteria to influence the selection process.
The DR and BDR are responsible for collecting link state information from all routers on the
broadcast segment, compiling, and distributing the resulting area map back to each router. This
prevents all routers on a common segment from exchanging link state information with every other
router on a segment, thus reducing the amount of traffic on a broadcast segment.
Point-to-Point
The point-to-point OSPF network type is typically implemented across dedicated WAN circuits,
such as T-1 links or on frame relay point-to-point sub-interfaces.
This network type does not have a designated router since each segment includes only two routers.
These routers exchange link state information and routes as peers across a common subnet.
Virtual Links
You can configure virtual links between any two backbone routers that have an IP interface to a
common non-backbone area. The protocol treats two routers joined by a virtual link as if they were
connected by a point-to-point connection in the backbone.
If you cannot physically connect an area to the backbone area, you can use a virtual link to connect
to the backbone through a non-backbone area, known as a transit area. The transit area must have
full routing information; therefore it cannot be a stub area.
In the image below if the connection between ABR1 and the backbone fails, the connection via
ABR2 provides redundancy, ensuring communication between ABR1 and the backbone using the
virtual link.
OSPF Commands
Commands Hierarchy
device-name#
+ config terminal
+ [no] router
+ [no] ospf
[no] helper-mode
+ [no] area <id>
- [no] area-range <range-id> [advertise nssa-
external-link | do-not-advertise]
- [no] shortcut-configuration
+ [no] interface A.B.C.D
- [no] auth-key-md5 entry <value> word STRING
- [no] auth-key-simple STRING
- [no] auth-type {md5 | simple}
- [no] dead-interval <interval>
- [no] hello-interval <interval>
- [no] interface-type {broadcast | point-to-
point}
- [no] metric <value>
- [no] passive
- [no] priority <priority>
- [no] transit-delay <delay>
+ [no] nssa
- [no] summaries
+ [no] stub
- [no] default-metric <metric>
- [no] summaries
+ [no] virtual-link A.B.C.D
- [no] auth-key-md5 entry <value> word STRING
- [no] auth-key-simple STRING
- [no] auth-type {md5 | simple}
- [no] dead-interval <interval>
- [no] hello-interval <interval>
- [no] transit-delay <interval>
- [no] compatible-rfc-1583
- [no] dscp-mapping <value>
+ [no] redistribute {connect | static}
Commands Descriptions
Table 6: OSPF Commands
Command Description
Command Description
area <id>
interface A.B.C.D
Command Description
Command Description
Command Description
Command Description
Command Description
Command Description
show router ospf database [area <area-id> | Displays the OSPF database:
asbr-summary | external | max-age |
network | nssa-external | opaque | router area-id: in the range of
| self-originate | summary] <0.0.0.0-255.255.255.255>
asbr-summary: the ASBR summary
link states
external: the external link
states
max-age: the LSAs in the MaxAge
list
network: the network link states
nssa-external : the NSSA
database content per area
opaque: the information about TE
opaque LSAs
router: the router link states
self-originate: the self-
originated link states
summary: the network summary
link states
show router ospf interface name {outBand0 | Displays OSPF interfaces related information:
loN | swN}
outBand0: an Ethernet network
interface
loN: an internal logical
loopback IP-interface. N is in
the range of <09>
swN: an IP interface number in
the range of <09999>
show router ospf neighbor [all [detail] | Displays information on OSPF neighbors on a
detail | id A.B.C.D | interface swN per-interface basis:
[detail]]
all: (optional) information for
all neighbors that are in a down
state (neighbors not in full or
2-way state)
detail: (optional) detailed
information for all neighbors
id A.B.C.D: the neighbors IP
address
interface swN: an IP interface
number in the range of <09999>
show router ospf opaque-database Display lists of information about the TE
opaque LSAs
show router ospf route Displays all routes received through the OSPF
router
clear router ospf neighbour id A.B.C.D Clears the established OSPF database
between two OSPF neighbors:
id A.B.C.D: the neighbors IP
address
Command Description
clear router ospf process Resets the entire OSPF process, forcing
OSPF to re-create neighbors, database, and
routing table.
Configuration Example
Figure 4 shows an example of a network that uses OSPF routing. The diagram is followed by
commands that create this network.
RSW1 Configuration:
1. Enable OSPF and set the OSPF Router ID:
RSW1#configure terminal
RSW1(config)#router ospf router-id 192.168.1.1
2. Enable OSPF for the network 192.168.1.0/24 and assign the area 1 for the network:
RSW1(config)#router ospf area 0.0.0.1 interface 192.168.1.1
RSW1(config)#commit
RSW2 Configuration:
3. Enable OSPF and Set the OSPF Router ID:
RSW2#configure terminal
RSW2(config)#router ospf router-id 192.168.1.2
4. Enable OSPF for the network 192.168.1.0/24 and assign the area 1 for the network:
RSW2(config)#router ospf area 0.0.0.1 interface 192.168.1.2
RSW2(config)#commit
RSW3 Configuration:
5. Enable OSPF and Set the OSPF Router ID:
RSW3#configure terminal
RSW3(config)#router ospf router-id 192.168.1.3
6. Enable OSPF for the network 192.168.1.0/24 and assign the area 1 for the network:
7. Enable OSPF for the network 20.0.0.0/8 and assign the area 2.2.2.2 for the network:
RSW3(config)#router ospf area 2.2.2.2 interface 20.0.0.1
8. Enable OSPF for the network 10.0.0.0/8 and assign the area 0 for the network:
RSW3(config)#router ospf area 0.0.0.0 interface 10.0.0.1
RSW3(config)#commit
RSW4 Configuration:
9. Enable OSPF and Set the OSPF Router ID:
RSW4#configure terminal
RSW4(config)#router ospf router-id 192.168.0.1
10. Enable OSPF for the network 192.168.0.1/24 and assign the area 3 for the network:
RSW4(config)#router ospf area 0.0.0.3 stub
RSW4 (config-area-0.0.0.3)# interface 192.168.0.1
11. Enable OSPF for the network 30.0.0.0/8 and assign the area 2.2.2.2 for the network:
RSW4(config)#router ospf area 2.2.2.2 interface 30.0.0.1
12. Enable OSPF for the network 10.0.0.0/8 and assign the area 0 for the network:
RSW4(config)#router ospf area 0.0.0.0 interface 10.0.0.2
RSW4(config)#commit
RSW5 Configuration:
13. Enable OSPF and Set the OSPF Router ID:
RSW5#configure terminal
RSW5(config)#router ospf router-id 30.0.0.2
14. Enable OSPF for the network 30.0.0.0/8 and assign the area 2.2.2.2 for the network:
RSW5(config)#router ospf area 2.2.2.2 interface 30.0.0.2
15. Enable OSPF for the network 20.0.0.0/8 and assign the area 2.2.2.2 for the network:
RSW5(config)#router ospf area 2.2.2.2 interface 20.0.0.2
RSW5(config)#commit
RSW6 Configuration:
17. Enable OSPF for the network 192.168.0.0/24 and assign the area 0.0.0.3 for the network:
RSW6(config)#router ospf area 0.0.0.3 stub
RSW6 (config-area-0.0.0.3)#interface 192.168.0.2
RSW6(config)#commit
TE Commands
Commands Hierarchy
device-name#
- tool traffic-engineering admin-group {exclude <value> | include-any
<value> | include-all <value>}
- tool traffic-engineering clear-query
- tool traffic-engineering destination ip A.B.C.D
- tool traffic-engineering excluded-link start-ip A.B.C.D end-ip A.B.C.D
- tool traffic-engineering excluded-node ip A.B.C.D
- tool traffic-engineering intermediate-hop address A.B.C.D maximum-
backup-hops <unsignedInt> maximum-hops <unsignedInt>
- tool traffic-engineering maximum-bandwidth value <value>
- tool traffic-engineering maximum-reserved-bandwidth value <value>
- tool traffic-engineering minimum-mtu value <unsignedInt>
- tool traffic-engineering originating ip A.B.C.D
- tool traffic-engineering relax-maximum-bandwidth value <unsignedInt>
- tool traffic-engineering unreserved-bandwidth-0 value <unsignedInt>
- tool traffic-engineering unreserved-bandwidth-1 value <unsignedInt>
- tool traffic-engineering unreserved-bandwidth-2 value <unsignedInt>
- tool traffic-engineering unreserved-bandwidth-3 value <unsignedInt>
- tool traffic-engineering unreserved-bandwidth-4 value <unsignedInt>
- tool traffic-engineering unreserved-bandwidth-5 value <unsignedInt>
- tool traffic-engineering unreserved-bandwidth-6 value <unsignedInt>
- tool traffic-engineering unreserved-bandwidth-7 value <unsignedInt>
- tool traffic-engineering run
- tool traffic-engineering show
Commands Descriptions
Table 7: TE Commands
Command Description
Command Description
Command Description
NOTE
ISIS protocol supports only broadcast type of interfaces.
ISIS protocol cannot be enabled on sw0 interface.
Figure 5: Level 1, Level 2, and Level 1-2 Routers in an IS-IS Network Topology
Network Types
Broadcast networksconnect more than two devices. When one router sends a packet, all
connected routers receive it. One IS elects the DIS itself. The DIS is responsible for flooding;
it creates and floods a new pseudo-node LSP for each routing level in which it participates
(Level 1 or Level 2) and for each LAN to which it is connected.
LSPs on broadcast media (LANs) are sent to a multicast address.
No configuration is needed to inform IS-IS as to what the network type is.
IS-IS Commands
Commands Hierarchy
+ config terminal
+ [no] router
+ [no] isis
- [no] authentication-check
- [no] authentication-key-simple STRING
- [no] authentication-key-md5 STRING
- [no] authentication-type {none | simple | md5}
- [no] area-address FF:FF:FF:FF:FF:FF
+ [no] interface {outBand0 | loN | swN}
- [no] level {level1 | level1L2 | level2}
+ [no] level-1
Commands Descriptions
Table 10: IS-IS Commands
Command Description
Command Description
Command Description
Command Description
Command Description
Command Description
Command Description
Command Description
show router isis database [level {level-1 | Displays the internal routing database:
level-2}] [details]
details: (optional) detailed
information
level-1: (optional) level1
related information
level-2: (optional) level2
related information
show router isis interfaces [interface { Displays IS-IS interfaces related information:
outBand0 | loN | swN}] [details]
outBand0: (optional) an Ethernet
network interface
loN: (optional) an internal
logical loopback IP-interface. N
is in the range of <09>
swN: (optional) an IP interface
number in the range of <09999>
details: detailed information
show router isis neighbor Displays information for IS-IS neighbors
Configuration Example
1. The following example enables IS-IS as a Level1-2 router on interfaces sw10 and sw20:
device-name(config-isis)#router-id 11:11:11:11:11:11
device-name(config-isis)#interface sw10
device-name(config-interface-sw10)#level level1L2
device-name(config-interface-sw10)#exit
device-name(config-interface)#exit
device-name(config-isis)#interface sw20
device-name(config-interface-sw20)#level level1L2
device-name(config-interface-sw20)#exit
device-name(config-interface)#exit
device-name(config-isis)#area-address 11:22:33:44
device-name(config-area-address-11:22:33:44)#commit
Level 1 setup:
LSP generation interval 30 secs,
Level 2 setup:
LSP generation interval 30 secs,
metric style is NARROW
overload state: ON; set overload: FALSE
L2 authentication type: None
Suppress L1 incoming packets authentication: Disabled
IP Unicast No standards are Private MIB, RFC 791, Internet Protocol DARPA
Routing supported by this PRVT-SWITCH- Internet Program Protocol
feature. IPVLAN-MIB.mib. Specifications
RFC 919, Broadcasting Internet
Datagrams
RFC 922, Broadcasting Internet
Datagrams in the Presence of Subnets
RFC 1042, A Standard for the
Transmission of IP Datagrams over
IEEE 802 Networks
RFC 1122, Requirements for Internet
Hosts -- Communication Layers
RFC 1812, Requirements for IP
Version 4 Routers
Open Shortest STD 54, OSPF RFC 1850, OSPF RFC 1370, Applicability Statement for
Path First Version 2 Version 2 OSPF
(OSPF) Management RFC 1587, The OSPF NSSA Option
Information Base
RFC 1765, OSPF Database Overflow
Private MIB,
RFC 2328, OSPF Version 2
PRVT-OSPF-
MIB.mib
IS-IS ISO 10589 Private MIB, RFC 1195, Use of OSI IS-IS for
Information PRVT-ISIS- Routing in TCP/IP and Dual
Technology MIB.mib Environments
Telecommunicati RFC 2966, Domain-wide Prefix
on and Distribution with Two-Level IS-IS
information
RFC 3373, Three-way handshake
exchange
between RFC 3567, IS-IS Cryptographic
systems Authentication
Intermediate
system to
Intermediate
system intra-
domain routing
information
exchange
protocol for use
in conjunction
with the protocol
for providing the
connectionless-
mode Network
Service (ISO
8473), 1992.
List of Tables 1
Node Redundancy 2
Advantages of Virtual Router Redundancy Protocol (VRRP) 2
VRRP Router Priority 3
Event Propagation 7
Event Propagation VRRP Related Commands Hierarchy 7
Table of Figures
Figure 1: Node Redundancy Scenarios................................................................................................ 2
List of Tables
Table 1: VRRP Commands ................................................................................................................... 4
Table 2: Event Propagation VRRP Related Commands .................................................................. 7
T-Marc3312SC/T-Marc3312SCH
Node Redundancy
Node Redundancy feature allows a single T-Marc 3312SC/T-Marc 3312SCH device to be backed
up. It uses the concept of Master/Backup. When a failure occurs in the master device, the backup
devices takes over the masters role, so that it can provides stable services.
The figure below illustrates the redundancy connectivity between two T-Marc 3312SC/T-Marc
3312SCH devices:
NOTE
Currently, only a single backup device is supported.
Inter Switch Link (ISL) is a physical link between the devices, used to send redundancy
protocol messages.
External Network collects network devices connected to the BiNOX devices. The External
Network is physically connected to both the Master and the Slave devices.
Master device transmits VRRP advertisement packets at the stated periods to the network to
inform its status to backup device. If there is no VRRP advertisement packet during the time, the
backup device sends VRRP advertisement packets. Then they decide the priorities according to the
received advertise packets and then the new Master device is decided.
In the network embodied by VRRP, the external network devices do not need to know the real
master device.
Changes in the VRRP are automatically propagated using the Event Propagation feature.
VRRP Advertisements
The Master device sends VRRP advertisements to other VRRP device in the same group. The
advertisements communicate the priority and state of the Master device. The VRRP advertisements
are encapsulated in IP packets and sent to the IP Version 4 multicast address assigned to the VRRP
group. The advertisements are sent every one second by default.
System Interfaces
The system interfaces are divided into four groups:
Monitored (traced) physical interfaces - these interfaces are monitored for failures. When there
are at least N failing interfaces (N is a configurable threshold) within the group, fail-over
occurs. Upon fail-over, all interfaces in this group are shut down in order to neighboring nodes
to flush their MAC tables. After fail-over is completed, and wait-to-restore timer has expired,
these interfaces can be brought up again so the new Slave device can protect the new Master
device once the operational interface failures have been fixed.
Linked physical interfaces - this group of interfaces allow the other line cards in the chassis to
detect the current Master device by simply sensing the link up/down state. These interfaces are
always administratively enabled on the Master device and disabled on the Slave device.
VRRP interfaces ("Inter-Switch Link") - this group of IP interfaces, over which the VRRP
advertisements are sent. The physical interfaces over which these IP interface are defined, may
also belong to the Monitored interfaces group.
One-IP Advertisement interfaces - these interfaces are used to advertise the Virtual IP address
by sending the Gratuitous ARP. Only IP interfaces are allowed in this group.
Commands Hierarchy
device-name#
+ config terminal
+ router
- [no] vrrp virtual-router <value>
- [no] accept-mode {all | none | icmp}
- [no] advertised-interval <value>
- [no] interface swN
- [no] preempt
- [no] priority <value>
- [no] shutdown
- [no] trace-uplink UU/SS/PP
- [no] trace-uplink-flush-timer <value>
- [no] trace-uplink-threshold <value>
- [no] version {2 | 3}
- [no] virtual-ip-address A.B.C.D
- [no] range <value>
- show vrrp virtual-router [detailed]
- show running-config router vrrp virtual-router
Commands Descriptions
Table 1: VRRP Commands
Command Description
Command Description
Command Description
Event Propagation
The Event Propagation feature allows you to configure automatic actions executed upon the
occurrence of specific events (refer to Operations, Administration, and Maintenance (OAM) chapter
of this User Guide for more information).
Command Description
propagation profile receives the configured
event:
value: receives events from
Virtual Router group with ID in
the range <1-255>
no source Removes the configured event source
Example
device-name#config terminal
Entering configuration mode terminal
device-name(config)#router interface sw3 add 3.3.3.3/24
device-name(config-interface-sw3)#no shutdown
device-name(config-interface-sw3)#commit
Commit complete.
device-name(config-interface-sw3)#top
device-name(config)#
device-name(config)#vlan 3
device-name(config-vlan-3)#routing-interface sw3
device-name(config-vlan-3)#tagged 1/1/1
device-name(config-tagged-1/1/1)#commit
Commit complete.
device-name(config-tagged-1/1/1)#top
device-name(config)#
device-name(config)#event-propagation profile vrrp
device-name(config-profile-vrrp)#event vrrp-status-backup
device-name(config-profile-vrrp)#source vrrp-group 3
device-name(config-profile-vrrp)#action link-drop
device-name(config-profile-vrrp)#reverse link-restore
device-name(config-profile-vrrp)#commit
Commit complete.
device-name(config-profile-vrrp)#top
device-name(config)#port 1/1/2
device-name(config-port-1/1/2)#event-propagation-profile vrrp
device-name(config-port-1/1/2)#port 1/1/3
device-name(config-port-1/1/3)#event-propagation-profile vrrp
device-name(config-port-1/1/2)#port 1/1/4
device-name(config-port-1/1/4)#event-propagation-profile vrrp
device-name(config-port-1/1/4)#commit
Commit complete.
device-name(config-port-1/1/4)#top
device-name(config)#
device-name(config)#router vrrp virtual-router 3
device-name(config-virtual-router-3)#interface sw3
device-name(config-virtual-router-3)#virtual-ip-address 3.3.3.33
device-name(config-virtual-ip-address-3.3.3.33)#exit
device-name(config-virtual-router-3)#priority 110
device-name(config-virtual-router-3)#no shutdown
device-name(config-virtual-router-3)#commit
Commit complete.
device-name(config-virtual-router-3)#trace-uplink 1/2/1
device-name(config-trace-uplink-1/2/1)#trace-uplink 1/2/2
device-name(config-trace-uplink-1/2/2)#commit
Commit complete.
device-name(config-trace-uplink-1/2/2)#top
3 backup
List of Tables 2
PW RedundancyService Protection 8
A Spoke PW Failure in a Hub and Spoke Topology 8
A Mesh PW Failure in a Hub and Spoke Topology 9
Traffic-Engineering Tool 15
Configuration Examples 52
RSVP-TE Tunnels Configuration Examples 52
Table of Figures
Figure 1: MPLS Cloud ........................................................................................................................... 4
Figure 12: VPWS .................................................................................................................................... 4
Figure 2: VPLS Cloud ............................................................................................................................ 5
Figure 3: Packets at Different Points of the VPLS ........................................................................... 6
Figure 4: H-VPLS Topology................................................................................................................. 7
Figure 5: Two-tiered Hierarchical VPLS Model ................................................................................ 7
Figure 6: A Spoke PW Failure in a Hub and Spoke Topology ........................................................ 9
Figure 7: Recovery from a Spoke PW Failure .................................................................................... 9
Figure 8: A Mesh PW Failure in a Hub and Spoke Topology ......................................................... 9
Figure 9: Recovery from A Mesh PW Failure .................................................................................... 9
Figure 10: Establishing a TE-tunnel .................................................................................................. 11
Figure 11: One-to-One Backup Method........................................................................................... 12
Figure 12: Facility Backup Method .................................................................................................... 13
Figure 13: Penultimate Hop Popping ................................................................................................ 15
Figure 14: MPLS and VPLS Configuration Flow ............................................................................ 16
Figure 15: A Triangle Topology Configuration Example .............................................................. 57
List of Tables
Table 1: Term Definitions and Acronyms ........................................................................................ 11
Table 2: MPLS Configuration Commands ....................................................................................... 17
Table 3: LDP Configuration Commands.......................................................................................... 20
Table 4: RSVP and TE Entity Configuration Commands ............................................................. 25
Table 5: VPLS Commands.................................................................................................................. 36
Table 6: Show Commands .................................................................................................................. 44
Table 7: Fields Displayed by show mpls tunnel command ............................................... 47
T-Marc3312SC/T-Marc3312SCH
Architecture
An MPLS network is typically a large group of core devices distributed over a wide geographic area.
MPLS can also be used in metropolitan area networks.
The MPLS network is built by unidirectional Label Switched Paths (LSPs) that are created by a
signaling protocol prior to data transmission. LSPs include:
Label Edge Routers (LER): Devices at the LSP ingress and egress points connected to the
non-MPLS networks.
Label Switching Routers (LSR): Devices within the MPLS network core.
Upon data transmission, data packets are routed to the LER (at the MPLS ingress point). Based on
packet details, the LER determines which LSP to tunnel the packet through and prefixes the packet
with an appropriate label. Each LSR along the LSP switches the packet label to another label and
then forwards the packet to the next LSR along the path. The LER at the MPLS network egress
removes the label from the packet and forwards the packet to the external network.
For further details refer to Multiprotocol Label Switching Architecture RFC 3031.
Pseudowire (PW) describes the connection between the end-points. A full mesh of PWs must exist
among PEs within the same VPLS instance. In order to prevent loops, a PE must not forward
traffic from one pseudowire to another in the same VPLS instance. Note that this does not apply to
traffic received on a PE user port that is considered an access port for the VPLS service. If a packet
with an unknown destination MAC address arrives at such a port, the PE must flood this packet to
all pseudowires and users ports (if any) pertaining to the VPLS instance.
While traveling along a PW, packets contain a stack of two labels. Both labels are added by PEs at
the time the packets enter the MPLS core. The core routers (LSRs) use the outer, transport label to
switch the packet through to the far-end PE. LSRs do not know that the packet belongs to a given
VPLS instance as they only take into account the outer label. This feature provides an additional
level of security for user traffic.
The other, inner, Virtual Circuit label, is put to use at the far-end PE. The Virtual Circuit label
identifies the VPLS instance to which the packet belongs (for example, it is used as a service
delimiter). Once the PE becomes aware of the VPLS, the packet is switched based on the
destination MAC address.
On receipt, the far-end PE strips the Ethernet header and labels used within the MPLS cloud off
the packet. Depending on the VC label, the PE sends the packet to a respective access port.
When the PE receives an Ethernet frame carrying a VLAN tag intended to go into the MPLS
cloud, the PE can operate using two encapsulation modes (VC types):
Ethernet-VLAN: The PE regards tags placed in the packet by customer equipment as
service-delimiting. The service provider uses that tag to segment traffic. For example, LANs
from different customers may be attached to the same service provider device which, in turn,
applies VLAN tags to distinguish between customer traffic and forwards the frames to the PE.
In this case, it is important to make sure the tag is kept while traveling in the MPLS cloud.
When pseudowire is operating in this mode, every packet sent on the pseudowire must
have a service-delimiting VLAN tag. If the frame is received by the PE from the user
without a VLAN tag, the PE prepends the frame with a dummy VLAN tag of 1 before
sending the frame on the pseudowire.
ETHERNET: The PE regards tags placed in the packet by customer equipment as not
service-delimiting. In this mode, the tag has no meaning to the PE. Service-delimiting tags
are never sent over the pseudowire. If a service-delimiting tag is present when the packet is
received from a user by the PE, the tag must be removed from the packet before the packet is
sent to the pseudowire.
When this mode is used, the remote PE receives an untagged frame from the pseudowire
after the original tag was stripped off by the transmitting PE. Depending on the VPLS
instance SAP (Service Access Point) configuration, the PE may add a different tag, on
frame reception, to achieve VLAN translation across the PW, or the PE may leave the
frame untagged.
In both modes, when a single Ethernet packet contains more than one tag, the PE device inspects
the outermost tag to adapt the Ethernet packet to the pseudowire, and encapsulates the stacked tags
in VC type VLAN mode or removes the outer tag before encapsulation in VC type Ethernet mode.
NOTE
The VC type should match on the PW endpoint device.
MTU and PE devices connect to each other via a single spoke pseudowire. There is no need
for a full mesh of pseudowires between an MTU and all the PEs of a particular VPLS instance
as in a classic VPLS application. This is achieved by introducing a slight change in PE
operation, specifically, PE devices treating spoke pseudowires as user access ports. As a result,
PEs flood packets received from spoke pseudowires to other spoke pseudowires and mesh
pseudowires associated with the same customer. The PE will flood packets received from
mesh pseudowires only to spoke pseudowires and not to other mesh pseudowires in order to
prevent loops and achieve Split-Horizon functionality.
According to its position in the H-VPLS topology, the device operates in two modes:
MTU-S mode single-active-spoke and backup-spoke pseudowires are allowed per VPLS
instance.
NOTE
In H-VPLS terminology, spoke pseudowires are referred to as spoke-SDPs (service
distribution points), and mesh/hub pseudowire are referred to as mesh-SDPs.
NOTE
The VPT preservation is enabled by default.
NOTE
You cannot use the same service ID for all MPLS L2 services.
You cannot use the same physical port as a MPLS and TLS SAP.
PW RedundancyService Protection
In H-VPLS topology, VPLS core PWs (mesh) are augmented with access PWs (spokes) to form a
two-tier hierarchical VPLS. The use of Dual-Homing, Active and Backup PWs terminating on
different PEs provides protection against the failure of the spoke or the failure of the PE.
In certain applications, there is a need for a different mechanism to protect the target PE node or
the MTU Service Access Point failure. PW redundancy overcomes such failures by signaling the
preferred PW used for forwarding data traffic between the local and remote peers of the PW. This
mechanism becomes operational once multiple PWs (SDPs) are configured for the same service.
The status of a spoke-PW/SDP (Active/Backup) determines the order of precedence for the PW.
In an MTU VPLS service instance with two PWs, the PW with the lower value will be the Active
one. If both PWs are the same, with respect to precedence, the Active PW would be the first one
signaled to the PEs.
Mechanism behavior s defined per service using the redundancy-mode parameter. By default, the
parameter is set to independent mode in which the PW state is defined both by PW precedence and
remote requests.
NOTE
switchover between
Active and Standby 1 3
Active PW-sp
Active PW-spoke oke
PE VPLS
Mesh
PE
A MTU B MTU
Backup oke
PW-sp 2 4 PW-sp
oke Backup
PE PE
switchover request
(by clearing preferential forwarding bit)
Once the standby spoke PW is active and a new path is used, the MTU for the activated, standby
PW sends a MAC-Address Withdrawal to the PE, which in turn distributes the MAC-Address
Withdrawal to all other PE devices, allowing faster convergence:
1 3
Active PW-sp
Backup PW-spoke oke
PE VPLS
Mesh
PE
A MTU B MTU
Active oke
PW-sp 2 4 PW-sp
oke Backup
PE PE
MAC Address
Withdrawal
With the backup spoke PW active, using a new path, the MTU for the standby PW, sends a MAC-
Address Withdrawal to the PE. To achieve faster convergence, the PE, in turn, distributes the
MAC-Address Withdrawal to all other PE devices.
1 3
Backup PW-sp
Backup PW-spoke oke
PE VPLS
Mesh
PE
A MTU B MTU
Active oke
PW-sp 2 4 PW-sp
oke Active
PE PE
MAC Address
Withdrawal
Local Repair Techniques used to repair LSP tunnels quickly when a node or link
along the LSP fails.
Merge Point (MP) The LSR where one or more backup tunnels rejoin the path of the
protected LSP downstream of the potential failure. The same LSR may
R2 can provide user traffic protection by creating a partial backup LSP that merges with the
protected LSP at R4. The partial one-to-one backup LSP [R2->R7->R8->R4] is a detour.
To protect an LSP that traverses N nodes, there could be as many as (N - 1) detours.
To minimize the number of LSPs in the network, it is recommended to merge a detour back to its
protected LSP, whenever possible. Merger occurs when a detour LSP intersects its protected LSP at
an LSR with the same outgoing interface.
When a failure occurs along the protected LSP, the PLR redirects traffic onto the local detour. For
instance, if the [R2->R3] link fails, R2 switches traffic received from R1 onto the protected LSP
along link [R2->R7], using the label received when R2 created the detour.
When R4 receives traffic with the label provided for R2's detour, R4 switches this traffic onto link
[R4-R5], using the label received from R5 for the protected LSP.
At no point does the depth of the label stack increase as a result of the detour.
In the above example, R2 has built a bypass tunnel to protect against link failure [R2->R3] and
node [R3]. The doubled lines represent this tunnel. This technique provides scalability improvement
in that the same bypass tunnel can also be used to protect LSPs from any of R1, R2, or R8 to any of
R4, R5, or R9. Example 2 describes three different protected LSPs that are using the same bypass
tunnel for protection.
There could be as many as (N-1) bypass tunnels to fully protect an LSP that traverses N nodes.
However, each of those bypass tunnels could protect a set of LSPs.
When a failure occurs along a protected LSP, the PLR redirects traffic into the appropriate bypass
tunnel. For instance, if link [R2->R3] fails in Example 2, R2 will switch traffic received from R1 on
the protected LSP onto link [R2->R6]. The label will be switched for one which will be understood
by R4 to indicate the protected LSP, and the bypass tunnel label will then be pushed onto the label-
stack of the redirected packets.
If penultimate-hop-popping is used, the merge point in Example 2, R4, will receive the redirected
packet with a label indicating the protected LSP that the packet is to follow. If penultimate-hop-
popping is not used, R4 will pop the bypass tunnel label and examine the label underneath to
determine the protected LSP that the packet is to follow. When R2 is using the bypass tunnel for
protected LSP 1, the traffic takes the path [R1->R2->R6->R7->R4->R5]; the bypass tunnel is the
connection between R2 and R4.
Secondary LSP
In addition to LSP FRR protection, which can be established dynamically (based on CSPF) or
defined explicitly to bypass a local failure, you can use a secondary pre-defined LSP, a redundant
path to the same end point of the protected LSP, to protect RSVP LSP. Same as an FRR bypass
LSP, the secondary LSP can be established dynamically (based on CSPF) or defined explicitly.
RSVP LSP can be protected by FRR, a secondary LSP, or both.
When both protection methods are applied on LSP, FRR will be the first to protect on failure; the
secondary LSP will be second. After an FRR event occurs, the bypass tunnel will be used until
expiration of the configured timeout. After expiration of the MBB timer, the bypass tunnel will be
torn down.
A secondary LSP will be used if it has been configured and established. In order to keep service
functional when the primary LSP fails to recover, the user must have configured a secondary
instance or the MBB timer must be disabled.
Traffic-Engineering Tool
When CSPF is used for automatic RSVP-TE based LSP management, you can determine the path
hops used between two endpoints in the MPLS topology using a CLI, Traffic Engineering tool that
queries the CSPF database and tracks all hops between the endpoints.
Since the CSPF database is used by RSVP-TE to establish an LSP, the path indicated by this tool
will represent the LSP to be established by RSVP-TE protocol. The tool can be used for advanced
troubleshooting; usage requires specifying the head and tail ends of a desired path as shown in the
following example.
NOTE
In addition, two more mpls connectivity tools are available: mpls-ping and mpls-
trace.
mpls tunnels rebuild-now <value> Specifies index for the RSVP-TE tunnel to be
re-signaled manually:
value: in the range of <1-32638>
no mpls-te automatic-bypass TunnelIndex Specifies index of the dynamic bypass tunnel to
<value> be deleted:
value: in the range of <32639-
32767>
router Enters Router Configuration mode
no router Removes the router configurations
mpls Enables MPLS and enters MPLS Configuration
mode
Command Description
mpls lsp-ping {lsp LSP_NAME | prefix Starts an LSP connectivity-test by sending in-
A.B.C.D/M} band MPLS echo packets to the egress LSR:
LSP_NAME: the LSP name
A.B.C.D/M: the FECs prefix
count <count> The number of messages the test sends:
count: in the range of
<1100>
1
size <octets> The minimum packet size:
octets: in the range of
<84-1300> octets
No pad TLV added
Command Description
Command Description
ingress {isis | ospf | static Specifies the ingress (remote router) distribution
| ip A.B.C.D/M} policy:
isis: marks the routes learned
from the IS-IS for usage of
ingress LDP LSPs
ospf: marks the routes learned
from the OSPF for usage of ingress
LDP LSPs
static: marks the static routes
for usage of ingress LDP LSPs
ip A.B.C.D: marks specific IP
address or network for usage for
ingress LDP LSPs
Distribution is disabled
no ingress {isis | ospf static Removes the ingress distribution policy:
| ip A.B.C.D/M}
isis: marks the routes learned
from the IS-IS for usage of
ingress LDP LSPs
ospf: marks the routes learned
from the OSPF for usage of ingress
LDP LSPs
static: marks the static routes
for usage of ingress LDP LSPs
ip A.B.C.D: marks specific IP
address or network for usage for
ingress LDP LSPs
egress {connected | static | Specifies the egress (local router) distribution
ospf | ip A.B.C.D/M} policy:
connected: distributes all the
local interfaces
static: marks the static routes
for usage of egress LDP LSPs
ospf: marks the routes learned
from the OSPF for usage of egress
LDP LSPs
ip A.B.C.D: distributes to a
specific IP route
Distribution is disabled
no egress {connected | static Removes the egress distribution policy:
| ospf | ip A.B.C.D/M}
connected: distributes all the
local interfaces
static: marks the static routes
for usage of egress LDP LSPs
ospf: marks the routes learned
from the OSPF for usage of egress
LDP LSPs
ip A.B.C.D: distributes to a
specific IP route
Command Description
interface {outBand0 | loN | swN} Specifies LDP values for an already configured
IP interface:
outBand0: an Ethernet network
interface
NOTE
LDP protocol is not supported on
the Eth interface.
loN: an internal logical loopback
IP-interface.
N: in the range of <09>
swN: an IP interface number in the
range of <09999>
no interface {outBand0 | loN | Disables MPLS on an already configured IP
swN} interface:
outBand0: an Ethernet network
interface
NOTE
LDP protocol is not supported on
the Eth interface.
loN: an internal logical loopback
IP-interface.
N: in the range of <09>
swN: an IP interface number in the
range of <09999>
hello-hold-timer <value> Specifies the LDP link session hello-hold time:
value: in the range of <165535>
seconds
15 seconds
LDP hello messages are sent hello-hold-time/3
seconds.
NOTE
Shutdown the peer to change this
value
no hello-hold-timer Restores to default
Command Description
- [no] exclude-resource-affinity
+ [no] secondary
- [no] admin-group include-all
<tunnel_affinity_id>
- [no] admin-group include-any
<tunnel_affinity_id>
- [no] admin-group exclude-any
<tunnel_affinity_id>
- [no] description DESCRIPTION
- [no] cspf
- [no] holding-priority <priority>
- [no] mbb-timeout <value>
- [no] rebuild-timer <value>
- [no] mtu <mtu>
- name LSP_NAME
- [no] setup-priority <priority>
- [no] path <path>
- [no] exclude-resource-affinity
- [no] shutdown
- [no] shutdown
Command Description
name ADMIN_GROUP_
NAME
The TE admin groups name:
ADMIN_GROUP_NAME: a string of <1
15> characters
interface {outBand0 | loN | swN} Enable RSVP on an already configured IP
interface (for more information on configuring IP
interfaces, refer to the Physical Ports and Logical
Interfaces chapter of this user guide):
outBand0: an Ethernet network
interface
NOTE
RSVP protocol is not supported on
the Eth interface.
loN: an internal logical loopback
IP-interface.
N: in the range of <09>
swN: an IP interface number in the
range of <09999>
no interface {outBand0 | loN | Disables RSVP on an already configured IP
swN} interface:
outBand0: an Ethernet network
interface
NOTE
RSVP protocol is not supported on
the Eth interface.
loN: an internal logical loopback
IP-interface.
N: in the range of <09>
swN: an IP interface number in the
range of <09999>
admin-group <admin_group_id> Selects an existing TE admin group or a range of
TE admin groups:
admin_group_id: in the range of
<132>
no admin-group Removes the TE admin-group
<admin_group_id>
Command Description
Command Description
path <path> The RSVP-TE unique path ID. Each path can
include multiple hops:
path: in the range of <0
4294967294>
no path [<path>] Removes the path (only if the path is not used):
path: (optional) in the range of
<04294967294>
hop <id> The hop used along the path:
id: any positive number
no hop [<id>] Removes the defined hop:
id: (optional) any positive number
hop-type {strict | loose} Specifies the hop type:
strict: only directly connected
hops are used between this hop and
the previous hop of the path
loose: non-directly connected hops
may be used between this hop and
the previous hop of the path
Loose
no hop-type Restores to default
Command Description
ip-address A.B.C.D
{include | exclude}
Specifies the hops IP address:
A.B.C.D: hop's IP address in
dotted-decimal format
include: the hop's IP address is
included into the path
exclude: the hop's IP address is
excluded from the path
no ip-address A.B.C.D Removes the hops IP address:
A.B.C.D: hop's IP address in
dotted-decimal format
shutdown Disables the defined path
no shutdown Enables the defined path
far-end A.B.C.D
Command Description
Command Description
Command Description
Command Description
Command Description
name LSP_NAME
far-end A.B.C.D
Command Description
Command Description
sap {{UU/SS/PP | agN}[:[igmp] | Adds a client port to a specific VPLS instance and
:[<vlan-id>]:[igmp] | specifies the SAP attributes:
UU1/SS1/PP1:<ces-
circuit>:{ces | ces-oos}} UU/SS/PP: the corresponding physical
port (unit, slot and port) defined
as SAP.(can be obtained from the
show port command)
The valid port range is:
UU/SS/PP: 1/1/1-1/1/4, 1/2/1-1/2/8
NOTE
CLI accepts multiple
definitions of unqualified
SAP, i.e: UU/SS/PP,
UU/SS/PP: or UU/SS/PP::.
All definitions result in
UU/SS/PP::.
CLI accepts multiple
definitions of qualified
SAP, i.e: UU/SS/PP:vlan-
id or UU/SS/PP:vlan-id:.
All definitions result in
UU/SS/PP:vlan-id:.
agN: LAG ID. N is in the range of
<1-14>
vlan-id: (optional) in the range of
<1-4094>
igmp: (optional) indicates the
traffic type for the SAP port
UU1/SS1/PP1: CES WAN port, facing
the packet processor. The valid
values are: 1/3/9.
ces-circuit: circuit ID in the range
of <1-64>
ces: for circuits carrying data
packets
ces-oos: for circuits carrying
control packets
For more details refer to Configuring Circuit
Emulation Services (CES) of this User Guide
no sap [{{UU/SS/PP | agN}[:[igmp] Removes the defined SAP:
| :[<vlan-id>]:[igmp] |
UU1/SS1/PP1:<ces- UU/SS/PP: (optional) the
corresponding physical port (unit,
Command Description
circuit>:{ces | ces-oos}} ] slot and port) defined as SAP.(can
be obtained from the show port
command)
The valid port range is:
UU/SS/PP: 1/1/1-1/1/4, 1/2/1-1/2/8
agN: LAG ID. N is in the range of
<1-14>
vlan-id: (optional) in the range of
<1-4094>
igmp: (optional) indicates the
traffic type for the SAP port
UU1/SS1/PP1: CES WAN port, facing
the packet processor. The valid
values are: 1/3/9.
ces-circuit: circuit ID in the range
of <1-64>
ces: for circuits carrying data
packets
ces-oos: for circuits carrying
control packets
For more details refer to Configuring Circuit
Emulation Services (CES) of this User Guide
ethertype <value> Indicates which protocol is encapsulated in the
payload of the Ethernet frame:
value: the valid values are: 0x8100,
0x9100, and 0x88a8
NOTE
The same ethertype value
must be configured for all
SAPs using the same
physical port.
The same ethertype value
must be configured for all
remote and local SAPs in
the same service.
In case of matching the
VLAN ID of the SAP port
with the traffic VLAN ID,
the traffic is permitted
regardless of the
configured ethertype value.
0x8100
no ethertype Restores to default
Command Description
Disabled
no shutdown Enables the SAP
secured Enables secured mode on a SAP. Traffic from a
secured SAP can be switched only to a non-
secured SAP/SDP. Can only be set in admin down
state.
Disabled
no secured Disables secured mode on the SAP
untagged Only untagged traffic passes through the SAP
Disabled
no untagged Untagged and tagged traffic pass
Command Description
NOTE
Command Description
Command Description
Command Description
Command Description
guarded [brief] | hold-timer | hops |
non-frr-guarded [brief] | transit down: only inactive LSPs
[brief] | up [brief]]
bypass-tunnels: only bypass LSPs
protected-lsps: shows which
primary tunnels are protected by
which bypass tunnels
egress: only LSPs that end on
this device
frr-activated: FRR activated LSPs
only
frr-guarded: FRR guarded LSPs
only
hold-timer: the LSPs hold timer
hops: the LSPs hops
non-frr-guarded: non-FRR guarded
LSPs only
transit: only transit LSPs
up: only active LSPs
show mpls tunnels <lsp_id> [brief Displays information about the MPLS tunnels for
[egress] | brief [transit] | egress the specified LSP ID, filtered by the below
[brief] | hops | transit [brief]]
arguments:
lsp_id: in the range of
<1-32767>
brief: brief information
egress: only LSPs that end on
this device
transit: only transit LSPs
hops: the LSPs hops
show mpls tunnels name string [brief Displays information about the MPLS tunnels for
[egress] | brief [transit] | egress the specified LSP name, filtered by the below
[brief] | hops | transit [brief]]
arguments:
string: up to 32 characters
brief: brief information
egress: only LSPs that end on
this device
transit: only transit LSPs
hops: the LSPs hops
show mpls tunnels interface <id> [brief Displays information about the MPLS tunnels for
[egress] | brief [transit] | egress the specified interface ID, filtered by the below
[brief] | hops | transit [brief]]
arguments:
id: in the range of
<0-2147483647>
brief: brief information
egress: only LSPs that end on
this device
transit: only transit LSPs
Command Description
Command Description
1/2/8
agN: LAG ID. N is in the range of
<1-14>
vlan-id: (optional) in the range
of <1-4094>
igmp: (optional) indicates the
traffic type for the SAP port
UU1/SS1/PP1: CES WAN port, facing
the packet processor. The valid
values are: 1/3/9.
ces-circuit: circuit ID in the
range of <1-64>
ces: for circuits carrying data
packets
ces-oos: for circuits carrying
control packets
For more details refer to Configuring Circuit
Emulation Services (CES) of this User Guide
show vpls [<vpls-id>] sdp [details] Displays the VPLS SDP information:
details: (optional) detailed SDPs
information
vpls-id: (optional) displays the
specified VPLS information
show vpws [<vpws-id>] [details] Displays the VPWS settings and instances:
details: (optional) detailed VPWS
information
vpws-id: (optional) displays the
specified VPWS information
show vpws [<vpws-id>] sdp [details] Displays the VPWS SDP information:
vpws-id: (optional) displays the
specified VPWS information
details: (optional) detailed SDP
information
Example
In the following example, the show mpls tunnel command displays the configured MPLS tunnels:
-------------------------------------------------------------------------------
RSVP LSPs - Ingress (Detail)
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Tunnel Name : frr1 (Ingress)
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
LSP Name : frr1 (Primary)
Description :
-------------------------------------------------------------------------------
Instance Id : 1 Admin State : Up
Setup Prio : 0 Oper State : Up
Hold Prio : 0
Sess Attrib : LocProt, MergPerm, IsPers, RecRt, NodProt, RecLbl
Max Rate : 1000000 bps Mean Rate : 1000000 bps
Max Burst : 9216000 bytes Mean Burst : 9216000 bytes
L-LSP PSC : 0 DiffSrvClssType: 0
FastReroute : Enabled FRR Method : Facility
Bck HoldPrio: 7 Bck Bandwdth : 0 bps
Bck Stp Prio: 0 Bck Max Hops : 16
Bck Inc All : 0
Bck Inc Any : 0
Bck Exc Any : 0
Rebld Timer : 60 MTU : 9216
Owner : CLI MBB Timeout : 10
Path Comp : Explicit
Path In Use : 1
-----------------------------------------
Hop Index : 1 Hop Type : Loose
Ip Addr : 11.0.10.2/32 Include/Exclude: Include
Hop Index : 2 Hop Type : Loose
Ip Addr : 2.2.2.2/32 Include/Exclude: Include
Outgoing information
-----------------------------------------
Out If Idx : 35
Num Labels : 1 --> 285
Out Port : 3 VLAN : 10
Dest MAC : 00:00:0b:00:0a:02
-------------------------------------------------------------------------------
Tunnel Name : lsp2 (Ingress)
-------------------------------------------------------------------------------
Tunnel Index : 2 Tunnel IF Index : 1026
From : 1.1.1.1 To : 3.3.3.3
-------------------------------------------------------------------------------
LSP Name : lsp2 (Primary)
Description :
-------------------------------------------------------------------------------
Instance Id : 1 Admin State : Up
Setup Prio : 0 Oper State : Up
Hold Prio : 0
Sess Attrib : MergPerm, IsPers, RecRt, RecLbl
Max Rate : 1000000 bps Mean Rate : 1000000 bps
Outgoing information
-----------------------------------------
Out If Idx : 36
Num Labels : 1 --> 124
Out Port : 4 VLAN : 20
Dest MAC : 00:00:0b:00:14:02
-------------------------------------------------------------------------------
LSPs : 2
-------------------------------------------------------------------------------
Filed Description
Filed Description
Filed Description
MBB Timeout Make-before-break timeout. Amount of time an LSP uses for its
bypass
Path Comp Path computation mode. Takes one of the following values:
Explicitmanually created path using strict hop(s), not using
CSPF
Dynamicusing the CSPF calculator mechanism to select
the preferred path for the tunnel
Path In Use (only for Explicit Path) Index of the used path (internal)
Hop Index (only for Explicit Path) The index of the hops used along the path
Hop Type (only for Explicit Path) Type of the hop. Takes one of the following
values:
Strictthe hop is specified explicitly
Loosethe hop is chosen by CSPF
Ip Addr IP address of a hop in the path
Include/Exclude (only for Explicit Path) The hop is included/excluded to/from the
path by user configuration
ProtectFlags (only for Explicit Path) Protection availability on this hop:
LocProtAvaillocal protection is available
No Protection
Out If Idx Output interface index of the tunnel (internal)
Num Labels The Head-end egress label of the tunnel. If the tunnel is protected,
the Head-end egress label of the backup tunnel and the MP are
specified too.
Out Port Outbound port index of the tunnel (internal)
VLAN Outbound VLAN ID of the tunnel
Dest MAC MAC address of the next LSR along the path.
Configuration Examples
NOTE
You must enable OSPF TE protocol extensions - prior to this step.
NOTE
You must enable OSPF TE protocol extensions - prior to this step.
NOTE
You must shutdown an active tunnel before applying the path.
NOTE
You must enable OSPF TE protocol extensions - prior to this step.
NOTE
You must shutdown an active tunnel before applying the path.
NOTE
You must enable OSPF TE protocol extensions - prior to this step.
You must define RSVP protocol extensionsto support facility mode, detour
mode, or bothprior to this step.
You can set an FRR set only on primary LSP.
Dynamic bypass are created for every FRR tunnel by default.
All routers within the topology must support a detour in order to establish
detour LSP.
NOTE
You must enable OSPF TE protocol extensions - prior to this step.
NOTE
You must create the secondary LSP with an explicit path or administrative-group.
NOTE
Once defined, a manual bypass is preferred over dynamic bypass.
NOTE
The manual bypass must use a path or an administrative-group.
NOTE
The above command is optional when RSVP-TE LSP is needed.
device-name(config-sdp-1)#commit
device-name(config-sdp-1)#top
device-name(config)#service
device-name(config-service)#sdp 1 far-end 2.2.2.2 lsp tunnel1
device-name(config-sdp-1)#commit
device-name(config-sdp-1)#exit
device-name(config-service)#sdp 2 far-end 3.3.3.3 lsp tunnel2
device-name(config-sdp-2)#commit
device-name(config-sdp-2)#exit
device-name(config-service)#vpls 101 mode mtu-s
device-name(config-vpls-101)#commit
device-name(config-vpls-101)#no shutdown
device-name(config-vpls-101)#commit
device-name(config-vpls-101)#sap 1/1/2:10:
device-name(config-sap-1/1/2:10:)#no shutdown
device-name(config-sap-1/1/2:10:)#commit
device-name(config-sap-1/1/2:10:)#exit
device-name(config-vpls-101)#spoke-sdp 1
device-name(config-spoke-sdp-1)#commit
device-name(config-spoke-sdp-1)#no shutdown
device-name(config-spoke-sdp-1)#commit
device-name(config-vpls-101)#spoke-sdp 2 pw-precedence 7
device-name(config-spoke-sdp-2)#commit
device-name(config-spoke-sdp-2)#no shutdown
device-name(config-spoke-sdp-2)#commit
NOTE
Untagged mode is disabled by default.
device-name(config-vpls-100)#sap 1/2/1::
device-name(config-sap-1/2/1::)#untagged
device-name(config-sap-1/2/1::)#no shutdown
device-name(config-sap-1/2/1::)#commit
Configuring OSPF:
PE1(config)#router
PE1(config-router)#ospf
PE1(config-ospf)#router-id 1.1.1.1
PE1(config-ospf)#trafic-engineering
PE1(config-ospf)#area 0.0.0.0
PE1(config-area-0.0.0.0)#interface 1.1.1.1
PE1(config-interface-1.1.1.1)#interface 150.2.1.1
PE1(config-interface-150.2.1.1)#dead-interval 10
PE1(config-interface-150.2.1.1)#hello-interval 3
PE1(config-interface-150.2.1.1)#interface 150.3.1.1
PE1(config-interface-150.3.1.1)#dead-interval 10
PE1(config-interface-150.3.1.1)#hello-interval 3
PE2(config)#router
PE2(config-router)#ospf
PE2(config-ospf)#router-id 2.2.2.2
PE2(config-ospf)#trafic-engineering
PE2(config-ospf)#area 0.0.0.0
PE2(config-area-0.0.0.0)#interface 2.2.2.2
PE2(config-interface-2.2.2.2)#interface 150.2.1.2
PE2(config-interface-150.2.1.2)#dead-interval 10
PE2(config-interface-150.2.1.2)#hello-interval 3
PE2(config-interface-150.2.1.2)#interface 150.3.2.2
PE2(config-interface-150.3.2.2)#dead-interval 10
PE2(config-interface-150.3.2.2)#hello-interval 3
MTU(config)#router
MTU(config-router)#ospf
MTU(config-ospf)#router-id 3.3.3.3
MTU(config-ospf)#trafic-engineering
MTU(config-ospf)#area 0.0.0.0
MTU(config-area-0.0.0.0)#interface 3.3.3.3
MTU(config-interface-3.3.3.3)#interface 150.3.1.2
MTU(config-interface-150.3.1.2)#dead-interval 10
MTU(config-interface-150.3.1.2)#hello-interval 3
MTU(config-interface-150.3.1.2)#interface 150.3.2.1
MTU(config-interface-150.3.2.1)#dead-interval 10
MTU(config-interface-150.3.2.1)#hello-interval 3
Configuring MPLS
PE1(config)#router mpls
PE1(config-mpls)#lsr-id 1.1.1.1
PE1(config-mpls)#exit
PE1(config-router)#exit
PE1(config)#commit
PE2(config)#router mpls
PE2(config-mpls)#lsr-id 2.2.2.2
PE2(config-mpls)#exit
PE2(config-router)#exit
PE2(config)#commit
MTU(config)#router mpls
MTU(config-mpls)#lsr-id 3.3.3.3
MTU(config-mpls)#exit
MTU(config-router)#exit
MTU(config)#commit
PE1(config-ldp)#exit
PE1(config-router)#commit
PE2(config)#router ldp
PE2(config-ldp)#interface lo1
PE2(config-interface-lo1)#exit
PE2(config-ldp)#interface sw12
PE2(config-interface-sw12)#exit
PE2(config-ldp)#interface sw23
PE2(config-interface-sw23)#exit
PE2(config-ldp)#targeted-peer 1.1.1.1
PE2(config-targeted-peer-1.1.1.1)#exit
PE2(config-ldp)#targeted-peer 3.3.3.3
PE2(config-targeted-peer-3.3.3.3)#exit
PE2(config-ldp)#distribute ingress ospf
PE2(config-distribute)#exit
PE2(config-ldp)#distribute egress connected
PE2(config-distribute)#exit
PE2(config-ldp)#exit
PE2(config-router)#commit
MTU(config)#router ldp
MTU(config-ldp)#interface lo1
MTU(config-interface-lo1)#exit
MTU(config-ldp)#interface sw23
MTU(config-interface-sw23)#exit
MTU(config-ldp)#interface sw13
MTU(config-interface-sw13)#exit
MTU(config-ldp)#targeted-peer 1.1.1.1
MTU(config-targeted-peer-1.1.1.1)#exit
MTU(config-ldp)#targeted-peer 2.2.2.2
MTU(config-targeted-peer-2.2.2.2)#exit
MTU(config-ldp)#distribute ingress ospf
MTU(config-distribute)#exit
MTU(config-ldp)#distribute egress connected
MTU(config-distribute)#exit
MTU(config-ldp)#exit
MTU(config-router)#commit
Configuring RSVP
PE1(config)#router rsvp-te
PE1(config-rsvp)#interface lo1
PE1 (config-interface-lo1)#exit
PE1(config-rsvp)#interface sw12
PE1 (config-interface-sw12)#exit
PE1(config-rsvp)#interface sw13
PE1 (config-interface-sw13)#exit
PE1(config-rsvp)#bypass-fast-reroute
PE1(config-rsvp-te)#ignore-ingress-interface-affinities
PE1(config-rsvp-te)#commit
PE2(config)#router rsvp-te
PE2(config-rsvp)#interface lo1
PE2(config-interface-lo1)#exit
PE2(config-rsvp)#interface sw12
PE2(config-interface-sw12)#exit
PE2(config-rsvp)#interface sw23
PE2(config-interface-sw23)#exit
PE2(config-rsvp)#bypass-fast-reroute
PE2(config-rsvp-te)#ignore-ingress-interface-affinities
PE2(config-rsvp-te)#commit
MTU(config)#router rsvp-te
MTU(config-rsvp)#interface lo1
MTU(config-interface-lo1)#exit
MTU(config-rsvp)#interface sw23
MTU(config-interface-sw23)#exit
MTU(config-rsvp)#interface sw13
MTU(config-interface-sw13)#exit
PE1(config-rsvp)#bypass-fast-reroute
MTU(config-rsvp-te)#ignore-ingress-interface-affinities
MTU(config-rsvp-te)#commit
PE1(config-lsp-2)#commit
# PE2 uses Strict Hop for the path to reach directly PE1
# PE2 uses Loose Hop (via CSPF) for the path to reach MTU
PE2(config)#router rsvp-te
PE2(config-rsvp-te)#path 1
PE2(config-path-1)#hop 1
PE2(config-hop-1)#ip-address 150.2.1.1 include
PE2(config-ip-address-150.2.1.1/true)#hop-type strict
PE2(config-hop-1)#no shutdown
PE2(config-hop-1)#exit
PE2(config-path-1)#exit
PE2(config-rsvp-te)#path 2
PE2(config-path-2)#hop 1
PE2(config-hop-1)#ip-address 3.3.3.3 include
PE2(config-ip-address-3.3.3.3/true)hop-type loose
PE2(config-hop-1)#no shutdown
PE2(config-hop-1)#commit
PE2(config-hop-1)#exit
PE2(config-path-2)#exit
PE2(config-rsvp-te)#lsp 1 name PE2_PE1 far-end 1.1.1.1
PE2(config-lsp-1)#fast-reroute-mode facility
PE2(config-lsp-1)#path 1
PE2(config-lsp-1)#no shutdown
PE2(config-lsp-1)#commit
PE2(config-lsp-1)#exit
PE2(config-rsvp-te)#lsp 2 name PE2_MTU far-end 3.3.3.3
PE2(config-lsp-2)#fast-reroute-mode facility
PE2(config-lsp-2)#path 2
PE2(config-lsp-2)#cspf
PE2(config-lsp-2)#commit
PE2(config)#service
PE2(config-service)#sdp 5001 far-end 1.1.1.1
PE2(config-sdp-5001)#description ldp_sdp_to_PE1
PE2(config-sdp-5001)#exit
PE2(config-service)#sdp 5003 far-end 3.3.3.3
PE2(config-sdp-5003)#description ldp_sdp_to_MTU
PE2(config-sdp-5003)#exit
PE2(config-service)#commit
MTU(config)#service
MTU(config-service)#sdp 5001 far-end 1.1.1.1
MTU(config-sdp-5001)#description ldp_sdp_to_PE1
MTU(config-sdp-5001)#exit
MTU(config-service)#sdp 5002 far-end 2.2.2.2
MTU(config-sdp-5002)#description ldp_sdp_to_PE2
MTU(config-sdp-5002)#no shutdown
MTU(config-sdp-5002)#exit
MTU(config-service)#commit
PE1(config-service)#vpls 50600
PE1(config-vpls-50600)#mode pe-rs
PE1(config-vpls-50600)#commit
PE1(config-vpls-50600)#no shutdown
PE1(config-vpls-50600)#commit
PE1(config-vpls-50600)#sap 1/1/3:600:
PE1(config-sap-1/1/3:600:)#no shutdown
PE1(config-sap-1/1/3:600:)#commit
PE1(config-sap-1/1/3:600:)#exit
PE1(config-vpls-50600)#mesh-sdp 5002
PE1(config-mesh-sdp-5002)#commit
PE1(config-mesh-sdp-5002)#vc-type ethernet-vlan
PE1(config-mesh-sdp-5002)#no shutdown
PE1(config-mesh-sdp-5002)#commit
PE1(config-mesh-sdp-5002)#exit
PE1(config-vpls-50600)#spoke-sdp 5003
PE1(config-spoke-sdp-5003)#commit
PE1(config-spoke-sdp-5003)#vc-type ethernet-vlan
PE1(config-spoke-sdp-5003)#no shutdown
PE1(config-spoke-sdp-5003)#commit
PE2(config-service)#vpls 50600
PE2(config-vpls-50600)#mode pe-rs
PE2(config-vpls-50600)#commit
PE2(config-vpls-50600)#no shutdown
PE2(config-vpls-50600)#commit
PE2(config-vpls-50600)#sap 1/1/3:600:
PE2(config-sap-1/1/3:600:)#commit
PE2(config-sap-1/1/3:600:)#no shutdown
PE2(config-sap-1/1/3:600:)#exit
PE2(config-vpls-50600)#mesh-sdp 5001
PE2(config-mesh-sdp-5001)#commit
PE2(config-mesh-sdp-5001)#vc-type ethernet-vlan
PE2(config-mesh-sdp-5001)#no shutdown
PE2(config-mesh-sdp-5001)#commit
PE2(config-mesh-sdp-5001)#exit
PE2(config-vpls-50600)#spoke-sdp 5003
PE2(config-spoke-sdp-5003)#commit
PE2(config-spoke-sdp-5003)#vc-type ethernet-vlan
PE2(config-spoke-sdp-5003)#no shutdown
PE2(config-spoke-sdp-5003)#commit
MTU(config-service)#vpls 50600
MTU(config-vpls-50600)#mode mtu-s
MTU(config-vpls-50600)#commit
MTU(config-vpls-50600)#no shutdown
MTU(config-vpls-50600)#commit
MTU(config-vpls-50600)#sap 1/1/3:600:
MTU(config-sap-1/1/3:600:)#no shutdown
MTU(config-sap-1/1/3:600:)#commit
MTU(config-sap-1/1/3:600:)#exit
MTU(config-vpls-50600)#spoke-sdp 5001
MTU(config-spoke-sdp-5001)#commit
MTU(config-spoke-sdp-5001)#vc-type ethernet-vlan
MTU(config-spoke-sdp-5001)#no shutdown
MTU(config-spoke-sdp-5001)#commit
MTU(config-spoke-sdp-5001)#exit
MTU(config-vpls-50600)#spoke-sdp 5002
MTU(config-spoke-sdp-5002)#commit
MTU(config-spoke-sdp-5002)#vc-type ethernet-vlan
MTU(config-spoke-sdp-5002)#backup
MTU(config-spoke-sdp-5002)#no shutdown
MTU(config-spoke-sdp-5002)#commit
PE2(config-service)#vpws 52603
PE2(config-vpws-52603)#commit
PE2(config-vpws-52603)#no shutdown
PE2(config-vpws-52603)#commit
PE2(config-vpws-52603)#sap 1/1/3:603:
PE2(config-sap-1/1/3:603:)#no shutdown
PE2(config-sap-1/1/3:603:)#commit
PE2(config-sap-1/1/3:603:)#exit
PE2(config-vpws-52603)#sdp 5103
PE2(config-sdp-5103)#commit
PE2(config-sdp-5103)#vc-type ethernet
PE2(config-sdp-5103)#no shutdown
PE2(config-sdp-5103)#commit
MTU(config-service)#vpws 52603
MTU(config-vpws-52603)#commit
MTU(config-vpws-52603)#no shutdown
MTU(config-vpws-52603)#commit
MTU(config-vpws-52603)#sap 1/1/3:603:
MTU(config-sap-1/1/3:603:)#no shutdown
MTU(config-sap-1/1/3:603:)#commit
MTU(config-sap-1/1/3:603:)#exit
MTU(config-vpws-52603)#sdp 5103
MTU(config-sdp-5103)#commit
MTU(config-sdp-5103)#vc-type ethernet
MTU(config-sdp-5103)#no shutdown
MTU(config-sdp-5103)#commit
===============================================================================
Traffic Engineering Query Tool
===============================================================================
Primary route:
Hops:
Address 1.1.0.53
Address type IPV4
Interface index 0
Interface address 105.53.52.2
Remote Interface Index 0
Remote Interface Address 105.53.52.1
Address 1.1.0.52
Address type IPV4
Interface index 0
Interface address 105.52.2.2
Remote Interface Index 0
Remote Interface Address 105.52.2.1
Address 1.1.0.2
Address type IPV4
Interface index 0
Interface address 0.0.0.0
Remote Interface Index 0
Remote Interface Address 0.0.0.0
te metric cost 30
max bandwidth 125000000
max reserve bandwidth 125000000
max unreserve bandwidth[0] = 125000000 bytes/sec
max unreserve bandwidth[1] = 125000000 bytes/sec
max unreserve bandwidth[2] = 125000000 bytes/sec
max unreserve bandwidth[3] = 125000000 bytes/sec
max unreserve bandwidth[4] = 125000000 bytes/sec
max unreserve bandwidth[5] = 125000000 bytes/sec
max unreserve bandwidth[6] = 125000000 bytes/sec
max unreserve bandwidth[7] = 125000000 bytes/sec
resource class 1,
srlg numbers: NONE
exclusion_overlap: routers = 0
exclusion_overlap: links = 0
exclusion_overlap: srlgs = 0
===============================================================================
List of Tables 2
Supported Topologies 3
Operation 5
TDM Timing 5
Clock Controller 6
Clock Controller ID Assignment 6
Clock States 7
CES Packet Details 8
CES PDU Format 8
Structured Emulation 9
Unstructure (Unframed) Emulation 9
L-Bit and R-Bit 10
Real-time Transport Protocol (RTP) Timestamp 10
CES Features 10
Operation, Administration and Management (OAM) 10
Frame Aggregation 10
Jitter Buffer 11
Alarms 12
Log Messages 12
CES Commands 15
Command Hierarchy 15
Command Descriptions 16
Configuration Example 27
Configuration Example 2 34
Configuration Example 3 44
Table of Figures
Figure 1: A Schematic View of the CES Concept ............................................................................. 3
Figure 2: Ethernet CLE based on Ring Topology with Virtual TDM Lines ................................. 3
Figure 3: Ethernet CLE Including CES Transport to a Central Office Using a Distributed
CES TDM Multiplexer over PSN ........................................................................................................ 4
Figure 4: Client Device Using a Providers Packet Network for PBX Interconnection As Well
As Data Transmission ............................................................................................................................ 4
Figure 5: Circuit Emulation Service over Packet Network .............................................................. 5
Figure 6: Clock Controller..................................................................................................................... 6
Figure 7: Clock State Machine .............................................................................................................. 8
Figure 8: The CES PDU Format ......................................................................................................... 8
Figure 9: Structured Emulation ............................................................................................................ 9
Figure 10: Unstructured Emulation ..................................................................................................... 9
Figure 11: CES Configuration Flow .................................................................................................. 14
Figure 12: CES over Ethernet Configuration................................................................................... 27
Figure 13: CES over VPLS Configuration ........................................................................................ 34
Figure 14: CES over MPLS Configuration ....................................................................................... 44
List of Tables
Table 1: Clock Controller ID Assignment .......................................................................................... 7
Table 2: Parameters Affect in Packet Transit Delay........................................................................ 11
Table 3: CES Log Warning Levels ..................................................................................................... 12
Table 4: CES Commands .................................................................................................................... 16
Table 5: Local Port Circuit Default Values....................................................................................... 52
T-Marc3312SC/T-Marc3312SCH
Use CES over Ethernet to emulate Time-Division Multiplexing (TDM) services by tunneling TDM
circuits (such as T1 or E1) using the CES over a Packet-Switched Network (CESoPSN) method.
Supported Topologies
Use the device in the following topologies:
Ethernet CLE (Customer Located Equipment) based on a ring topology, providing virtual
TDM lines for service-provider clients over a packet network:
Figure 2: Ethernet CLE based on Ring Topology with Virtual TDM Lines
Ethernet CLE including CES transport to a central office, using a distributed CES TDM
Multiplexer over PSN, to provide TDM services to telephony clients (mostly PBXs and TDM
multiplexers) using the packet network.
CPE using a provider packet network for PBX interconnection as well as data transmission.
Operation
CES over Ethernet, which encapsulates TDM data into a standard CES packet, forms packets on
ingress and reverses the process on egress, providing a transparent direct connection between any
two TDM devices, as shown in the following figure:
To convert TDM data to a standard CES packet form, Customer Located Equipment (CLE) on
both sides of the PSN needs to employ an internet working function (IWF) that is based either on
structured or unstructured emulation.
Structured (Framed) Emulation uses the TDM framing structure, where each packet
comprises a sequence of timeslots.
Unstructured (Unframed) Emulation (also called structure-agnostic transport) disregards
the TDM framing structure, treating the TDM data as a stream of consecutive octets.
With its MPLS capabilities, the device can transmit converted TDM data to an MPLS-based
network as part of VPLS/VPWS services (CES over Ethernet encapsulated in MPLS header).
TDM Timing
TDM timing is a crucial aspect of CES implementation. To avoid an overflow/underflow due to
differences in the clock, the clock rate for TDM has to be consistent across the emulated circuit.
TDM signals (such as E1/T1 and SONET/SDH) are synchronous. Therefore, physical TDM lines
always carry a clock signal for synchronization. When replacing a physical TDM line with a CES
service, the CES service has to synchronize both sides of the service either by providing the same
clock to both sides or by transporting clock information and regenerating the clock.
The module supports the following TDM timing modes:
Internal (Local): The modules internal oscillator is of insufficient quality for most
applications. The Internal (Local) mode relies upon the oscillator and is used when no other
timing source is available. We recommend using Internal (Local) Mode for debug/testing
purposes only.
Loopback: Uses an incoming clock from the same TDM port.
Adaptive: generates the clock from incoming CES data packets.
The device supports the Multiple Clock domains. Each TDM port uses an independent clock
controlled by one clock controller.
Clock Controller
You can define only multiple clock domains for a CES module and define each of the eight TDM
interface clocks independently.
In this case, each TDM interface has a clock that is defined by a unique ID (as shown in the
following diagram). Each clock is assigned to a clock controller that retrieves the clock for the
specific TDM port. Each controller uses one of the TDM timing modes.
The other case is to direct each port to the internal oscillator.
1 1 primary 1
2 2 primary 2
7 7 primary 7
8 8 primary 8
NOTE
For the interface, the clock-controller terms are primary and back up. The clock-
controllers in the CES module are defined using numbers.
NOTE
For the interface, the clock-controller terms are primary and back up.
Clock States
The current status of a clock can be shown using the Show Clock-Controller Status command
with the following possible values:
freeRun: The operating condition of a clock when the output signal is internally controlled
without the influence of a present or previous reference.
acquisition: Clock synchronizes to the input reference. The output frequency and phase may
not be sufficiently stable and therefore may not conform to standards.
normal: Clock is synchronized to a reference. The output frequency of the clock is traceable
to the input reference frequency over the long term and the phase difference between the
input and output is bound.
holdover: Operating condition of a clock that, having lost its references, uses data previously
acquired (while operating in normal mode) to control the output signal. The stored data, or
holdover value, used by a clock in holdover mode is an average value obtained over a certain
period of time (to reduce the effects of short-term variations in reference frequency that may
occur during normal operation).
fastAcquisition: Fast pull-in of the clock to a reference (for example, when recovering from
holdover or when the input reference experiences an abrupt change in frequency). After
achieving a lock, the clock automatically changes to the slower-tracking, normal mode the
clock input controller mode. Not all clock input controllers support all modes.
NOTE
The clock input controller status is 'locked' only when the clock input controller
is in 'normal' mode.
Structured Emulation
Structured (Framed) Emulation uses the TDM framing structure where each packet comsists of a
sequence of timeslots.
In structured emulation, the IWF strips the framing structure (for example, the F bit in a DS1) from
the data stream and places each timeslot in the packet payload followed by the same timeslots from
the next frame, and so on. Once the payload is complete, IWF adds a header and sends the packet
through the PSN to the CLE at the other end. On egress from the PSN, the CLE recreates the
TDM data stream.
The following figure presents a schematic example of how an IWF converts TDM frames into
structured CESoPSN packets where:
M represents the number of TDM frames received so far
K represents the number of frames aggregated in each packet.
Unstructured (Unframed) Emulation (also called structure-agnostic transport) disregards the TDM
framing structure and treats TDM data as a stream of consecutive octets.
The number of octets that comprise each PSN packet payload (M in the figure below) is
independent of the number of timeslots in each TDM frame. Any alignment of these octets with
the underlying timeslots is coincidental and not guaranteed. The payload length (M) is typically
selected to make packet formation time approximately 1 millisecond in length (193 octets for a T1
circuit and 256 octets for an E1 circuit).
The following figure is a schematic example of how an IWF converts TDM frames into
unstructured CESoPSN packets (where N is the number of TDM octets received so far).
CES Features
Operation, Administration and Management (OAM)
The following OAM operations are supported for CES services:
Jitter-buffer size and frame aggregation level specification
Local loopback, the incoming CES packet stream is looped back to the PSN, per E1/T1 port
(used for testing)
Remote loopback, the incoming T1/E1 TDM stream is looped back including the clock, (used
for testing)
Generate and display MIB-II statistics for T1/E1 virtual channel connections to remote CES
devices
Display current connections using CLI show commands
Perform IP or MEF OAM pinging to the remote device
Display log messages
Frame Aggregation
To save bandwidth, several frames are aggregated and sent in a single packet using a common
header.
Without Frame Aggregation:
In structured mode, 8-bit samples are captured from each selected 64 Kbits DS0 timeslot and
transmitted in a single packet over the PSN. In this case, a separate CES protocol header is
transmitted for each set of selected 8-bit samples (from each frame).
In unstructured mode, each packet includes 24 timeslots for T1 and 32 timeslots for E1 and as
a result, transmits up to 193 bits plus a header for T1 and 256 bits plus a header for E1. Each
E1/T1 unstructured frame or DS0-structured frame sent over the packet-switched network
contains a payload of 132 bytes (8256 bits) and a header.
Transmission of T1/E1 frames over the packet network requires high bandwidth since in most
PSNs, the minimum packet size is 64 bytes and the minimum header size is 14-20 bytes.
With Frame Aggregation: To reduce the high bandwidth requirement, between 18 frames are
aggregated and sent in each PSN packet (usually between 18 frames). The frames use a common
header and reduce bandwidth overhead to only a few percentage points.
This minor disadvantage to this solution is longer delays since several frames need to be received
and aggregated before sending the constructed packet over the PSN.
Configuration: Define the number of TDM frames aggregated in each packet.
NOTE
Minimum payload is 32 bytes with at least two timeslots.
Jitter Buffer
Jitter refers to the deviation in packet transit delay time that is sometimes present in emulated circuit
output. Jitter can also disrupt packet order in the network. The Jitter Buffer handles jitter and is
essential to the maintainance of the constant packet transit delay required to operate the CES end-
to-end system over time.
Packet transit delay is a direct result of four parameters:
Table 2: Parameters Affect in Packet Transit Delay
Parameter Effect on Packet Transit Delay Time
The device-names CES module uses a configurable jitter buffer to temporarily store ingressing
packets.
Configuration: Define the size the jitter buffer according to the maximum packet latency variation
expected in the network. The Jitter Buffer supports values between <1200> milliseconds.
NOTE
We recommend a jitter buffer size in the range of <140> milliseconds. However,
some applications require a larger jitter buffer of 150 milliseconds.
Alarms
E1/T1 performance defects that persist for more than 2.5 0.5 seconds generate corresponding
alarms. The T-Marc 3312SC/T-Marc 3312SCH supports the following alarms:
Remote Alarm Indication (RAI)
Loss of Frame (LOF)
Loss of Signal (LOS)
Alarm Indication Signal (AIS)
After ten seconds the alarm automatically shuts down if the defect that generated the alarm is not
detected.
Configuration: Configure the threshold levels for the alarms. For more information regarding
alarms and defects, refer to the ANSI T1.231-1997.
Log Messages
The CES application supports two types of log messages:
Local alert messages generated on the local device that are received from the CES board or
validated against a threshold value.
Remote alert messages generated from theSNMP private table of the remote device.
The following table shows the warning level of log messages defined in the CES application:
Table 3: CES Log Warning Levels
Warning Level Alert
CES Commands
This section includes the CES Configuration Command Hierarchy, descriptions of available
commands, and a configuration example.
Command Hierarchy
NOTE
In order to use any of the commands successfully, the CES module must be in
Ready state.
+ config terminal
+ [no] ces
- module 1/3
- [no] mode {e1 | t1}
- [no] ip-address A.B.C.D
- [no] clock {backplane | internal}
- [no] policy lops {type {idle | all-one | channel-idle}} |
{threshold {enter <value> | exit <value>}}
- [no] policy unstructured-lops type {all-one | none}
- [no] policy lbit type {idle | all-one | channel-idle | none}
- [no] policy unstructured-lbit type {all-one | none}
- [no] policy structured-replace type {all-one | idle}
- [no] policy unstructured-replace {type {all-one | filler} |
pattern <value>}
- [no] policy rbit type {none | rai | channel-idle}
- [no] policy rd type {none | rai | channel-idle}
- [no] policy idle {pattern <value> | signaling <value>}
- [no] policy lbit-on-ais
+ [no] interface <CES_INTERFACE>
+ [no] clock-controller primary
- [no] circuit <value>
- [no] shutdown
- [no] description DESCRIPTION
- [no] clock {adaptive | diferential | loopback | module}
- [no] framing {cas | noncas | unframed | sf-cas | sf-
noncas | esf-cas | esf-noncas}
- [no] linecode {ami | hdb3 | b8zs}
+ [no] circuit <value>
- [no] exp-priority <value>
- [no] interface <CES_INTERFACE>
- timeslots TYPE
- [no] shutdown
- [no] vlan-id <id>
- [no] vlan-priority <priority>}
- rtp {enable | disable}
- policy-payload-suppress {enable | disable}
- [no] maximum-jitter-expected <value>
- [no] samples-aggregation <value>
- [no] protocol {satop-cesopsn | metro-ethernet | mpls-
ldp}
- [no] ip-tos <value>
- [no] oos-tos <value>
- [no] rtp-payload-type <value>
- [no] oos-payload-type <value>
- [no] local {udp-port <value> | oos-udp-port <value> |}
- [no] destination {ip-address A.B.C.D | udp-port <value>
| oos-udp-port <value>}
- clear ces module 1/3 statistics circuit
- show ces module 1/3 [circuit <number> [status] | clock-controller |
interface <CES_INTERFACE>
Command Descriptions
Table 4: CES Commands
Command Description
Command Description
NOTE
Command takes effect only after
rebooting the CES module.
The IP address of the CES
module must be configured as
the IP address of any swN
interface.
The IP address of the CES
module must be specified
before any CES circuit is
configured.
no ip-address Restores to default
clock {backplane | internal} Specifies the system clock source obtained
using SyncE protocol:
backplane: retrieves the clock
from the system clock source
internal: retrieves the clock from
internal oscillator
Internal
no clock Restores to default
policy lops {type {idle | all- Specifies what is sent to the TDM line or what
one | channel-idle}} | affects the TDM circuit in specific situations:
{threshold {enter <value> |
exit <value>}} lops: specifies the Loss Of Packet
Synchronization (LOPS) state
policy
type: specifies behavior when
packet synchronization is lost
idle: sends the idle configured
byte
all-one: selects the all-one TDM
policy (see below)
channel-idle: sends the idle byte
instead of the payload contents
and turns on the channel idle
indication in the trunk-signaling
during LOPS condition. Use with
CAS signaling
threshold: specifies the threshold
of entry and exit LOPS state
enter <value>: entries threshold,
in the range of <1-1023>
(packets/second)
exit: exits threshold, in the
range of <1-1023> (packets/second)
All-One sends an AIS alarm:
When the circuit enters the LOPS state, an
AIS pattern (all ones for E1/T1) is sent on
the TDM transmit port.
Command Description
Command Description
policy structured-replace type Specifies the information sent on the TDM bound
{all-one | idle} interface when a missing packet is detected in a
structured circuit:
all-one: sends an AIS alarm
idle: sends the configured idle
pattern
All-one
no policy structured-replace Restores to default
type
Command Description
policy idle {pattern <value> | Specifies the idle pattern number for the module:
signaling <value>}
pattern <value>: specifies the
idle pattern sent on the TDM port
for the following events, in the
range of <0-255>:
the pattern includes receipt of L bit and
packet loss
the pseudo-wire is administratively disabled
for pseudo-wires
When detecting a missing packet and policy
structured/unstructured-replace is set to idle
When receiving a packet set with L bit, the
payload is present (not suppressed), and
policy L bit is set to idle
signaling <value>: specifies the
idle policy signaling number when
there is a failure on the TDM
port, including multi-frame
failures, in the range of <0-15>
no policy idle Restores to default
policy lbit-on-ais Configures the L-bit on the TX if AIS is detected
on the RX
Enabled
no policy lbit-on-ais Restores to default
Command Description
retrieved from the main modules
clock. Define this parameter for
all or some of the eight TDM ports
when using a single clock domain
loopback: loops back the clock
received on the TDM port
differential: transmits only the
differences between the TDM clock
and the reference clock. In this
case, configure the clock
controller for the TDM port to
point to the relevant circuit
adaptive: retrieves the clock from
CES circuits. In this case,
configure the clock controller for
the TDM port to point to the
relevant circuit
Module
no clock Restores to default
Command Description
Command Description
Command Description
Command Description
Command Description
oos-payload-type <value> Specifies the OOS payload type for the RTP of
the CES module. Must match the OOS type for
the RTP of the remote CES module (RTP must
be enabled):
value: in the range of <96-127>
See RFC 3555, for table showing payloads
corresponding to numerical values.
0
local {udp-port <value> | Specifies the local UDP port receiving Ethernet
oos-udp-port <value> } traffic from the circuit being configured:
udp-port <value>: local UDP port
in the range of <0-65535>. For
details see Table 6
oos-udp-port <value>: local Out of
Band Signals (OOS) port, in the
range of <0-65535>. Send the
ignaling to a separate port. For
details see Table 6
no local Removes the configuration
destination {ip-address Configures the destination (remote peer) for the
A.B.C.D | udp-port specified CES circuit:
<value> | oos-udp-port
<value>} ip-address: the destination
(remote peer) IP address, in
dotted-decimal (Ipv4) format
udp-port <value>: the destination
UDP local port that receives
Ethernet traffic from the
currently configured circuit, in
the range of <0-65535>. This
command is valid only for circuits
not using the Metro-Ethernet
Packet protocol
oos-udp-port <value>: the
destination OOS UDP local port
that receives Ethernet traffic
from the currently configured
circuit, in the range of <0-65535>
show ces module 1/3 [circuit <number> Displays CES configuration information, filtered
[status] | clock-controller | policy | by command arguments:
interface <CES_INTERFACE>
1/3: CES module
circuit <number>: circuit ID in
Command Description
the range of <1-30>
status: circuit status
clock-controller: the source used
by the clock controller
interface <CES_INTERFACE>: CES
interfaces number. The valid
ranges are:
e1 mode: from e1-1.0.0.0 to e1-8.0.0.0
t1 mode: from t1-1.0.0.0 to t1-8.0.0.0
clear ces module 1/3 statistics circuit Clears statistics for all CES circuits, specified
CES circuit.
Configuration Example
The following example displays how to configure CES over Ethernet.
Connection: PSTN <-------->First Device is over SF-CAS TDM signaling. First Device receives
the clock from the TDM line. PSTN is responsible for providing the clock.
Connection: First Device<-------->Second Device is over Ethernet network using CESoPSN
protocol.
Devices are connected in VLAN ID 10 with priority 5 through ports 1/1/1<-------->1/1/1
Second Device receives the clock from the Ethernet.
Connection: Second Device <-------->PBX. is over SF-CAS TDM signaling. PBX is in receive
mode, PBX receives the clock from the second device.
1. Configuring First Device:
a. Define the SW interface configuration. This will also configure the CES IP address.
Device-name#config terminal
Entering configuration mode terminal
Device-name(config)#router interface sw0
Device-name(config-interface-sw0)#address 1.0.0.170/24
Device-name(config-interface-sw0)#commit
Commit complete.
Device-name(config)#vlan 1
Device-name(config-vlan-1)#no routing-interface
Device-name(config-vlan-1)#exit
Device-name(config)#vlan 10
Device-name(config-vlan-10)#routing-interface sw0
Device-name(config-vlan-10)#tagged 1/1/1
Device-name(config-tagged-1/1/1)#ex
Device-name(config-vlan-10)#tagged 1/3/9
Device-name(config-tagged-1/3/9)#exit
Device-name(config-vlan-10)#commit
Commit complete.
c. Define the CES IP address and mode configuration: Defining the CES IP is done via
defining sw0 IP, given in example 1a; changing of working mode requires that the device
be reloaded.
Device-name(config)#ces module 1/3
Device-name(config-module-1/3)#mode t1
Device-name(config-module-1/3)#commit
Device-name(config-module-1/3)#
Jan 1 15:53:40 critical Ces [1/3] To apply the new working mode restart
of device is required.
Device-name(config-module-1/3)#top
Device-name(config)#system reload
Are you sure you want to reload the device(yes/no)?yes
Device-name(config-module-1/3)#circuit 1
Device-name(config-circuit-1)#no shutdown
Device-name(config-circuit-1)#commit
i. Define the CES IP address and mode configuration. Defining the CES IP is done via
defining sw0 IP, given in example 1a; changing of working mode requires that the device
be reloaded.
Device-name(config)#ces module 1/3
Device-name(config-module-1/3)#mode t1
Device-name(config-module-1/3)#commit
Device-name(config-module-1/3)#
Jan 1 15:59:47 critical Ces [1/3] To apply the new working mode restart
of device is required.
Device-name(config-module-1/3)#top
Device-name(config)#system reload
Are you sure you want to reload the device(yes/no)?yes
Device-name(config-circuit-1)#vlan-priority 5
Device-name(config-circuit-1)#maximum-jitter-expected 10
Device-name(config-circuit-1)#samples-aggregation 8
Device-name(config-circuit-1)#ip-tos 100
Device-name(config-circuit-1)#oos-tos 100
Device-name(config-circuit-1)#rtp-payload-type 110
Device-name(config-circuit-1)#oos-payload-type 115
Device-name(config-circuit-1)#local udp-port 3000
Device-name(config-circuit-1)#local oos-udp-port 3300
Device-name(config-circuit-1)#destination ip-address 1.0.0.170
Device-name(config-circuit-1)#destination udp-port 2200
Device-name(config-circuit-1)#destination oos-udp-port 2300
Device-name(config-circuit-1)#commit
===========================================================================
Module 1/3
Circuit 1
---------------------------------------------------------------------------
----
Interface : t1-1.0.0.0
Timeslots : 1-24
Admin Status : Disabled
Mode : Structured
Vlan ID : 10
Priority : 5
RTP : Disabled
Policy Payload Suppress : Enabled
Maximum Jitter Expected : 10
Samples Aggregation : 8
Protocol : SATOP/CESOPSN
IP TOS : 100
IP OOS TOS : 100
Destination IP Address : 1.0.0.177
Destination UDP Port : 3000
Destination OOS UDP Port : 3300
Local UDP Port : 2200
Local OOS UDP Port : 2300
===========================================================================
===========================================================================
---------------------------------------------------------------------------
----
Tx Up Counter :0
Jitter Information : Yes
Jitter Current (ms) 8.552
Jitter Buffer Delay (ms) 3.354
Jitter Min Level (ms) 6.677
Jitter Max Level (ms) 10.031
Ping to Peer 0
---------------------------------------------------------------------------
----
Counter Name Value
---------------------------------------------------------------------------
----
Valid Eth pps 100
Handled Eth pkts 270367
Unordered Eth pkts 0
Restarts TDM Tx 0
Restarts TDM Rx 1
Packets per sec 1000
Malformed Frames 106095
Underrun Eth pkts 11
LBit Counter pkts 481
RBit Counter pkts 429
Missing Eth pkts 16842752
===========================================================================
====
freeRun: The operating condition of a clock when the output signal is internally controlled,
without influence from a present or previous reference.
acquisition: Synchronization of the clock to the input reference. The output frequency and
phase may not be stable enough and therefore may not conform to standards.
normal: Synchronization of the clock to a reference. The output frequency of the clock is
traceable to the input reference frequency over the long term, and the phase difference
between the input and output is bound.
holdover: Operating condition of a clock when the clock has lost its references and is using
data acquired, during operation in normal mode, to control the output signal. In general, the
stored data or holdover value used by a clock in holdover mode is an average value obtained
over a certain period of time (to reduce the effects of short-term variations that may occur in
the reference frequency during normal operation).
fastAcquisition: Fast pull-in of the clock to a reference (for example, when recovering from
holdover or when the input reference has an abrupt change in frequency). After the clock
achieves a lock, the clock automatically changes to the slower-tracking, normal mode. The
mode of the clock input controller. Not all clock input controllers support all modes.
NOTE
The clock input controller status is 'locked' only if the clock input controller is
in 'normal' mode.
1. Display interface details:
NOTE
All 8 interfaces are displayed
Device-name#show ces module 1/3 interface
===============================================================================
CES
===============================================================================
Module 1/3
Interface e1-1.0.0.0
-------------------------------------------------------------------------------
Admin Status : Enabled
Link state : Down
Up Time : Thu Jan 1 19:48:02 1970
Service clock :
Framing : Unframed
Line Code : HDB3
Cable Length : 125 ohm
Loopback : None
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Module 1/3
Interface e1-8.0.0.0
-------------------------------------------------------------------------------
Admin Status : Enabled
Link state : Down
Up Time : Thu Jan 1 19:48:03 1970
Service clock :
Framing : CAS-NON CRC
Line Code : HDB3
Configuration Example 2
The following example displays how to configure CES over VPLS.
Connection: PSTN <-------->First Device is over SF-NONCAS TDM signaling. First Device
receives the clock from the TDM line. PSTN is responsible for providing the clock.
Connection: First Device<-------->Second Device is over VPLS network using CESoPSN over
Ethernet protocol to convert the TDM before encapsulating inside VPLS.
Devices are connected through ports 1/2/8<-------->1/2/8 running MPLS LDP LSPs over OSPF
infrastructure.
On both devices, TDM traffic is received on two circuits and converted into two Ethernet flows
carrying customer VLANs (C-VLANs) 100 and 200 entering into the MPLS cloud as two Service
Access Points (SAP) under the same VPLS service.
Second Device receives the clock from the Ethernet/MPLS.
device-name(config-router)#port 1/2/8
device-name(config-port-1/2/8)#default-vlan 34
device-name(config-port-1/2/8)#description 1/2/8
device-name(config-port-1/2/8)#service
device-name(config-service)#sdp 1
device-name(config-sdp-1)#far-end 4.4.4.4
device-name(config-sdp-1)#vpls 1
device-name(config-vpls-1)#no shutdown
device-name(config-vpls-1)#mode mtu-s
device-name(config-vpls-1)#sap 1/3/9:100:
device-name(config-sap-1/3/9:100:)#no shutdown
device-name(config-sap-1/3/9:100:)#spoke-sdp 1
device-name(config-spoke-sdp-1)#no shutdown
device-name(config-spoke-sdp-1)#no pw-status-signaling
device-name(config)#service vpls 2
device-name(config-vpls-2)#no shutdown
device-name(config-vpls-2)#mode mtu-s
device-name(config-vpls-2)#sap 1/3/9:200:
device-name(config-sap-1/3/9:200:)#no shutdown
device-name(config-sap-1/3/9:200:)#ex
device-name(config-vpls-2)#spoke-sdp 1
device-name(config-spoke-sdp-1)#no shutdown
device-name(config-spoke-sdp-1)#no pw-status-signaling
device-name(config-spoke-sdp-1)#commit
Commit complete.
device-name(config-spoke-sdp-1)#vlan 34
device-name(config-vlan-34)#name VLAN34
device-name(config-vlan-34)#no management
device-name(config-vlan-34)#routing-interface sw34
device-name(config-vlan-34)#untagged 1/2/8
device-name(config-untagged-1/2/8)#exit
device-name(config-vlan-34)#tagged 1/3/9
device-name(config-tagged-1/3/9)#exit
device-name(config-vlan-34)#commit
Commit complete.
device-name(config-router)#rsvp-te
device-name(config-rsvp-te)#dynamic-bypass
device-name(config-rsvp-te)#interface lo1
device-name(config-interface-lo1)#exit
device-name(config-rsvp-te)#interface sw34
device-name(config-interface-sw34)#exit
device-name(config-rsvp-te)#lsp 1
device-name(config-lsp-1)#far-end 3.3.3.3
device-name(config-lsp-1)#name 1
device-name(config-lsp-1)#cspf
device-name(config-lsp-1)#no shutdown
device-name(config-lsp-1)#exit
device-name(config-rsvp-te)#exit
device-name(config-router)#
device-name(config-router)#interface lo1
device-name(config-interface-lo1)#address 4.4.4.4/32
device-name(config-interface-lo1)#no shutdown
device-name(config-interface-lo1)#exit
device-name(config-router)#interface sw34
device-name(config-interface-sw34)#address 34.0.0.4/24
device-name(config-interface-sw34)#no shutdown
device-name(config-interface-sw34)#exit
device-name(config-router)#ospf
device-name(config-ospf)#router-id 4.4.4.4
device-name(config-ospf)#dscp-mapping 48
device-name(config-ospf)#traffic-engineering
device-name(config-ospf)#area 0
device-name(config-area-0)#interface 4.4.4.4
device-name(config-interface-4.4.4.4)#exit
device-name(config-area-0)#interface 34.0.0.4
device-name(config-interface-34.0.0.4)#exit
device-name(config-area-0)#exit
device-name(config-ospf)#mpls
device-name(config-mpls)#lsr-id 4.4.4.4
device-name(config-mpls)#exit
device-name(config-router)#ldp
device-name(config-ldp)#no shutdown
device-name(config-ldp)#targeted-peer 3.3.3.3
device-name(config-targeted-peer-3.3.3.3)#no shutdown
device-name(config-targeted-peer-3.3.3.3)#distribute
device-name(config-distribute)#ingress ospf
device-name(config-distribute)#egress connected
device-name(config-distribute)#interface lo1
device-name(config-interface-lo1)#exit
device-name(config-ldp)#interface sw34
device-name(config-interface-sw34)#exit
device-name(config-ldp)#exit
device-name(config-ldp)#commit
Commit complete.
device-name(config-port-1/2/8)#service
device-name(config-service)#sdp 1
device-name(config-sdp-1)#far-end 3.3.3.3
device-name(config-sdp-1)#vpls 1
device-name(config-vpls-1)#no shutdown
device-name(config-vpls-1)#mode mtu-s
device-name(config-vpls-1)#sap 1/3/9:100:
device-name(config-sap-1/3/9:100:)#no shutdown
device-name(config-sap-1/3/9:100:)#spoke-sdp 1
device-name(config-spoke-sdp-1)#no shutdown
device-name(config-spoke-sdp-1)#no pw-status-signaling
device-name(config-spoke-sdp-1)#vc-type ethernet-vlan
device-name(config)#service
device-name(config-service)#vpls 2
device-name(config-vpls-2)#no shutdown
device-name(config-vpls-2)#mode mtu-s
device-name(config-vpls-2)#sap 1/3/9:200:
device-name(config-sap-1/3/9:200:)#no shutdown
device-name(config-sap-1/3/9:200:)#ex
device-name(config-vpls-2)#spoke-sdp 1
device-name(config-spoke-sdp-1)#no shutdown
device-name(config-spoke-sdp-1)#no pw-status-signaling
device-name(config-spoke-sdp-1)#vc-type ethernet-vlan
device-name(config-spoke-sdp-1)#commit
Commit complete.
device-name(config-router)#port 1/2/8
device-name(config-port-1/2/8)# default-vlan 34
device-name(config-port-1/2/8)# description 1/2/8
device-name(config-spoke-sdp-1)#vlan 34
device-name(config-vlan-34)#name VLAN34
device-name(config-vlan-34)#no management
device-name(config-vlan-34)#routing-interface sw34
device-name(config-vlan-34)#untagged 1/2/8
device-name(config-untagged-1/2/8)#exit
device-name(config-vlan-34)#tagged 1/3/9
device-name(config-tagged-1/3/9)#exit
device-name(config-vlan-34)#commit
Commit complete.
Configuration Example 3
The following example displays how to configure CES over MPLS.
Connection: PSTN <-------->First Device is over SF-CAS TDM signaling. First Device receives
the clock from the TDM line. PSTN is responsible for providing the clock.
Connection: First Device<-------->Second Device is over MPLS network using CESoPSN
protocol to convert the TDM before encapsulating inside MPLS.
Devices are connected through ports 1/1/1<-------->1/2/1 running MPLS LDP LSPs over OSPF
infrastructure.
On both devices, TDM traffic is encapsulated with the MPLS header.
Second Device receives the clock from the CES over MPLS.
Connection: Second Device<-------->PBX. is over SF-CAS TDM signaling. PBX is in receive
mode, PBX receives the clock from the second device.
Device-name(config-service)#sdp 1
Device-name(config-sdp-1)#far-end 104.104.104.104
Device-name(config-sdp-1)#vpls 1
Device-name(config-vpls-1)#no shutdown
Device-name(config-vpls-1)#mode mtu-s
Device-name(config-vpls-1)#sap 1/3/9:1:ces-oos
Device-name(config-sap-1/3/9:1:ces-oos)#no shutdown
Device-name(config-sap-1/3/9:1:ces-oos)#
Device-name(config-sap-1/3/9:1:ces-oos)#spoke-sdp 1
Device-name(config-spoke-sdp-1)#no shutdown
Device-name(config-spoke-sdp-1)#vc-type ces_o_psn_tdm_cas
Device-name(config-spoke-sdp-1)#no pw-status-signaling
Device-name(config-spoke-sdp-1)#
Device-name(config-spoke-sdp-1)#vpls 2
Device-name(config-vpls-2)#no shutdown
Device-name(config-vpls-2)#mode mtu-s
Device-name(config-vpls-2)#sap 1/3/9:1:ces
Device-name(config-sap-1/3/9:1:ces)#no shutdown
Device-name(config-sap-1/3/9:1:ces)#
Device-name(config-sap-1/3/9:1:ces)#spoke-sdp 1
Device-name(config-spoke-sdp-1)#no shutdown
Device-name(config-spoke-sdp-1)#vc-type ces_o_psn_tdm_cas
Device-name(config-spoke-sdp-1)#no pw-status-signaling
Device-name(config-spoke-sdp-1)#top
Device-name(config)#vlan 11
Device-name(config-vlan-11)#name 11
Device-name(config-vlan-11)#no management
Device-name(config-vlan-11)#routing-interface sw1
Device-name(config-vlan-11)#untagged 1/1/1
Device-name(config-untagged-1/1/1)#exit
Device-name(config-vlan-11)#commit
Jan 1 02:05:59 critical Ces [1/3] To apply the new working mode restart
of device is required.
Device-name(config-circuit-1)#no shutdown
Device-name(config-circuit-1)#policy-payload-suppress disable
Device-name(config-circuit-1)#protocol mpls-ldp
Device-name(config-circuit-1)#top
Device-name(config-vpls-2)#no shutdown
Device-name(config-vpls-2)#mode mtu-s
Device-name(config-vpls-2)#sap 1/3/9:1:ces
Device-name(config-sap-1/3/9:1:ces)#no shutdown
Device-name(config-sap-1/3/9:1:ces)#
Device-name(config-sap-1/3/9:1:ces)#spoke-sdp 1
Device-name(config-spoke-sdp-1)#no shutdown
Device-name(config-spoke-sdp-1)#vc-type ces_o_psn_tdm_cas
Device-name(config-spoke-sdp-1)#no pw-status-signaling
Device-name(config-spoke-sdp-1)#top
Device-name(config)#vlan 11
Device-name(config-vlan-11)#name 11
Device-name(config-vlan-11)#no management
Device-name(config-vlan-11)#routing-interface sw1
Device-name(config-vlan-11)#untagged 1/2/1
Device-name(config-untagged-1/2/1)#exit
Device-name(config-vlan-11)#commit
Jan 1 02:05:59 critical Ces [1/3] To apply the new working mode restart
of device is required.
Local PW precedence: 1
Local VCCV : ttl/lsp-ping VCCV in use : ttl/lsp-ping
MAC Count : 0
-------------------------------------------------------------------------------
Service Description -
===============================================================================
Service ID : 2 Admin Status : Up
Service Type : MTU Oper Status : Up
VC ID : 2 Up Time : 02:34:53
Number SDPs (UP): 1 (1 ) Last Status Change : Oct 01 15:09:10 2009
Number SAPs (UP): 1 (1 ) Last Mnmt Change : Oct 01 15:06:46 2009
Secure SAPs mode: Disabled
Revert timer : 0
Mesh oper mode : Disabled
Spoke oper mode : Disabled
List of Tables 2
Periodic Monitoring 11
Alert Types 12
Periodic Monitoring Commands 12
Configuration Examples 19
Table of Figures
Figure 1: Periodic Monitoring Configuration Flow ......................................................................... 11
Figure 2: Port Mirroring ...................................................................................................................... 25
List of Tables
Table 1: BIST Result Groups ............................................................................................................... 9
Table 2: BIST Commands ..................................................................................................................... 9
Table 3: Periodic Monitor Types and Results .................................................................................. 12
Table 4: Periodic Monitoring Commands ........................................................................................ 14
Table 5: Monitor Indicators ................................................................................................................ 19
Table 6: Connectivity Diagnostic Commands.................................................................................. 23
Table 7: Characteristics of Port Types............................................................................................... 25
Table 8: Port Mirroring Commands .................................................................................................. 26
Table 9: Ethernet Loopback Test Commands ................................................................................. 30
Table 10: Technical Support Commands .......................................................................................... 35
T-Marc3312SC/T-Marc3312SCH
____________________________________________________________________________
3. From the textual menu, select the appropriate option. This will display the command prompt
for the selected options.
Examples
Example 1:
In the following example, the outband (option 1) command changes the OutBand IP address and
netmask of the device:
Type the desired menu option or command: outband
NOTICE: Only the current session is affected by the IP address you set
for the outband interface (no system configuration file is modified).
******************************************************************************
Example 2:
In the following example, the passwd (option 6) command restores the users password to its
default value (admin):
(SysMan version Platform/1.1/T-Marc-3312/dev-4)
_______ __
| __|.--.--..-----.| |_.-----..--------.
|__ || | ||__ --|| _| -__|| |
|_______||___ ||_____||____|_____||__|__|__|
_______ |_____|
| | |.---.-..-----..---.-..-----..-----..----.
| || _ || || _ || _ || -__|| _|
|__|_|__||___._||__|__||___._||___ ||_____||__|
|_____|
_________________________________________________________________________
/ \
| SysMan - Device Maintenance and Management - Main Menu |
\_________________________________________________________________________/
Type 'yes' if you are sure you want to change the administrator password: yes
Example 3:
In the following example, the free (option 9) command displays the free space available on the
image file system:
Type the desired menu option or command: free
_______________________________________________________________________
******************************************************************************
############################################################################
### Device Software Installation and Recovery ###########################
############################################################################
BIST Commands
This section defines the command hierarchy for BISTs and provides a list of available commands.
Included also, is a configuration example.
Command Hierarchy
device-name#
- system monitor self-test [execute-now | full]
Command Descriptions
Table 2: BIST Commands
Command Description
Example:
device-name#system monitor self-test full
self-test-result
CPU Temperature Test
Status : PASSED
Measure : 39C
Status : PASSED
Measure : 4%
Status : PASSED
Measure : 51%
Fan Test
Status : PASSED
Status : PASSED
Measure : 0%
Periodic Monitoring
Through periodic monitoring, you can:
periodically monitor crucial device functions in the background and receive alerts when the
monitored indicators vary from operating norms
as a troubleshooting tool, monitor transient conditions and track irregular behaviors. You can
use this method for triggering diagnostic data-polling based on the device operational status
The following flow chart shows the steps need to define a monitor:
When a monitor is defined for a device function (such as CPU temperature or RAM usage), results
are returned and actions taken according to a predefined configuration. The monitor can report two
types of results:
Pass/Fail: Operational status is reported as a simple Pass or Fail
Measurement: The monitor returns a specific, measured value (for example, the device CPU
usage)
The following table describes available monitors and the results returned by that monitor type.
Alert Types
For each monitor you establish, you also define the action or actions that will occur as a result.
These actions are defined individually for each monitor:
log: writes to the Command Line Interface (CLI) history and error message log files
led: flashes the FLT LED on the device front panel
trap: generates an SNMP trap
When monitoring a device function that returns a measurement, you can also define limit values so
that alerts are generated only when the device functions outside of the defined range. Log, LED,
and/or Trap alerts would be generated when:
the measured value rises above the defined limit
the measured value drops below the defined limit
the measured value is outside of the defined limits (above or below)
Command Hierarchy
NOTE
All periodic monitoring commands are applied immediately, no commit is required.
device-name#
+ config terminal
+ system
+ [no] monitor
+ [no] cpu-temperature
- [no] high-threshold <value>
- [no] led
- [no] log
- [no] low-threshold <value>
- [no] period <value>
- [no] shutdown
- [no] trap
+ [no] cpu-usage
- [no] high-threshold <value>
- [no] led
- [no] log
- [no] low-threshold <value>
- [no] period <value>
- [no] shutdown
- [no] trap
+ [no] fan
- [no] led
- [no] log
- [no] period <value>
- [no] shutdown
- [no] trap
+ [no] port-statistics
- [no] high-threshold <value>
- [no] led
- [no] log
- [no] low-threshold <value>
- [no] period <value>
- [no] shutdown
- [no] trap
+ [no] power-supply
- [no] led
- [no] log
- [no] period <value>
- [no] shutdown
- [no] trap
+ [no] ram-usage
- [no] high-threshold <value>
- [no] led
- [no] log
- [no] low-threshold <value>
- [no] period <value>
- [no] shutdown
- [no] trap
+ [no] laser
- [no] high-threshold <value>
- [no] led
- [no] log
- [no] low-threshold <value>
- [no] period <value>
- [no] shutdown
- [no] trap
- [no] port UU/SS/PP
- [no] rx-power {high-threshold <value> | low-
threshold <value>}
- [no] tx-power {high-threshold <value> | low-
threshold <value>}
- [no] temperature {high-threshold <value> |
low-threshold <value>}
- [no] shutdown
- [no] rx-power {high-threshold <value> | low-
threshold <value>}
- [no] tx-power {high-threshold <value> | low-
threshold <value>}
- [no] temperature {high-threshold <value> | low-
threshold <value>}
- [no] shutdown
- show system monitor [cpu-temperature | cpu-usage | | fan | port-
statistics [failed-ports | power-supply [fan] | ram-usage | laser
[port UU/SS/PP] [detail]]
- show system cpu-usage
- show system ram-usage
- show system temperature
Command Descriptions
Table 4: Periodic Monitoring Commands
Command Description
Command Description
Command Description
Command Description
Command Description
show system cpu-usage Displays CPU Usage for the current device
show system ram-usage Displays RAM load in percent
show system temperature Displays the temperature of the current device
Configuration Examples
2. Define the CPU usage high limit value to 10 and the low limit to 1:
device-name(config-cpu-usage)#high-threshold 10
device-name(config-cpu-usage)#low-threshold 1
2. Define the RAM usage high limit value to 10 and the low limit to 3:
device-name(config-ram-usage)#high-threshold 10
device-name(config-ram-usage)#low-threshold 3
2. Define the Laser monitor temperature thresholds to be in the range of -10 to 60 degrees and
to indicate by the led on a problem:
device-name(config-laser)#temperature high-threshold 60
device-name(config-laser)#temperature low-threshold -10
device-name(config-laser)#led
Period : 600
Status LED : Enabled
Traps : Disabled
Logging : Disabled
Temperature Limit :
Common : -10C..60C
1/2/7 : -5C..85C
1/2/8 : -5C..85C
Tx-Power :
Common : -16dBm..-5dBm
1/2/7 : -11dBm..-3dBm
1/2/8 : -11dBm..-3dBm
Rx-Power :
Common : -32dBm..-7dBm
1/2/7 : -20dBm..0dBm
1/2/8 : -20dBm..0dBm
Traceroute
Traceroute sends ICMP echo packets with varying IP Time-to-Live (TTL) values to the destination.
Upon receipt of an ICMP echo packet with a TTL value of 1 or 0, the device drops the packet and
sends a time-to-live-exceeded message back to the sender. Traceroute uses this mechanism to determine
the route to the destination:
Traceroute sends a User Datagram Protocol (UDP) to the destination device that sets the TTL
value to 1 and receives a time-to-live-exceeded message.
To identify the next hop, Traceroute sends another UDP packet, this time setting the TTL value to
2. The first device reached by the UDP decreases the TTL field by 1 and sends the datagram to the
next device. That device discards the datagram, with its TTL value of 1, and returns a time-to-live-
exceeded message to the source.
This process continues until the TTL has been incremented to a value large enough for the
datagram to reach the destination device (or until reaching the maximum value for the TTL is
reached).
To determine when a datagram reaches its destination, Traceroute sets the UDP destination port
number in the datagram to a value unlikely to be used by the destination device. When a device
receives a self-destined datagram containing a destination port number that is unused locally, it
sends an ICMP port unreachable error to the source. Because all errors except port unreachable errors
come from intermediate hops, the receipt of a port unreachable error means that the message was sent
by the destination.
Command Hierarchy
device-name#
- traceroute {A.B.C.D | HOSTNAME} [ttl <ttl> | timeout <timeout>]
- ping {A.B.C.D | HOSTNAME} [number <number> | length <length>]
+ config terminal
+ system
- [no] icmp access source-ip A.B.C.D/M
Command Descriptions
Table 6: Connectivity Diagnostic Commands
Command Description
Command Description
traceroute {A.B.C.D | HOSTNAME} [ttl Traces the data-packet route to the destination IP
<ttl> | timeout <timeout>] address:
A.B.C.D: the IP address of the
pinged device
HOSTNAME: the name of the pinged
device
ttl: the maximum number of devices
the traceroute command passes, in
the range of <1255>
30
timeout: the timeout for receiving
responses, in the range of <1600>
seconds
5 seconds
ping {A.B.C.D | HOSTNAME} [number Pings a remote device:
<number> | length <length>]
A.B.C.D: the IP address of the
pinged device
HOSTNAME: the name of the pinged
device
number: the number of ICMP echo
packets sent, in the range of
<12147483646>
5
length: the size of the ICMP echo
packet, in the range of
<5665535>
56
config terminal Enters Configuration mode
system Enters System Configuration mode
icmp access source-ip A.B.C.D/M Limits the access to the ICMP server only from
the specific sources IP address(es):
A.B.C.D/M: IP address and subnet
mask (in a dotted-decimal format)
that identify a network or hosts.
A.B.C.D/32 specifies a specific IP
address.
no icmp access source-ip Removes the trusted IP address(es)
A.B.C.D/M
Commands Hierarchy
device-name#
+ config terminal
+ system
+ [no] mirror UU/SS/PP
- [no] rx source UU/SS/PP
- [no] tx source {UU/SS/PP | cpu-port}
Commands Descriptions
Table 8: Port Mirroring Commands
Command Description
Command Description
Example
The following example shows how to configure the network traffic monitoring on ports. Ports
1/1/3 and 1/1/4 mirror the received and transmitted traffic on ports 1/1/1 and 1/1/2. Set the
destination port (sniffer port):
1. Set the destination port 1/1/3 and the group of source ports that will be monitored:
device-name(config)#system
device-name(config-system)#mirror 1/1/3
device-name(config-mirror-1/1/3)#tx source 1/1/1
device-name(config-mirror-1/1/3)#tx source 1/1/2
device-name(config-mirror-1/1/3)#rx source 1/1/1
device-name(config-mirror-1/1/3)#rx source 1/1/2
2. Set the destination port 1/1/4 and the group of source ports that will be monitored:
device-name(config-mirror-1/1/3)#mirror 1/1/4
device-name(config-mirror-1/1/4)#tx source 1/1/1
device-name(config-mirror-1/1/4)#tx source 1/1/2
device-name(config-mirror-1/1/4)#rx source 1/1/1
device-name(config-mirror-1/1/4)#rx source 1/1/2
device-name(config-mirror-1/1/4)#commit
Commit complete.
device-name(config-mirror-1/1/4)#end
!
mirror 1/1/4
tx source 1/1/1
tx source 1/1/2
rx source 1/1/1
rx source 1/1/2
NOTE
In case the Ethernet Loopback Test is initiated on port/LAG/SAP where
ACL/QoS policy is applied, any further modification of ACL/QoS policy
during the test, will not affect the loopback traffic.
If the Ethernet Loopback Test is initiated on one of the SAPs/SDPs of a
service, and traffic with a destination MAC address and VLAN tag
matching the configured Loopback test arrives on another SAP/SDP of the
same service, that traffic will also be looped back.
Commands Hierarchy
device-name#
+ config terminal
+ [no] oam
+ [no] loopback-test NAME
- [no] amount <value>
- [no] destination-mac HH:HH:HH:HH:HH:HH
- [no] ethertype <value>
- [no] inner-vlan-id <vlan-id>
- [no] inner-vlan-priority <value>
- [no] outer-vlan-id <vlan-id>
- [no] outer-vlan-priority <value>
- [no] source-mac HH:HH:HH:HH:HH:HH
- [no] untagged
- [no] oam loopback-test NAME port UU/SS/PP [duration <value> | sla-
aware]
- [no] oam loopback-test NAME lag agN [duration <value> | sla-aware]
Commands Descriptions
Table 9: Ethernet Loopback Test Commands
Command Description
loopback-test NAME
Command Description
outer-vlan-id <vlan-id>
oam loopback-test NAME port UU/SS/PP Applies the configured Ethernet loopback test
[duration <value> | sla-aware] on a specified port.
NOTE
The selected port must be member
of the Outer VLAN, if the traffic is
tagged.
NAME: Ethernet loopback test
name, previously configured
UU/SS/PP: port, in the range of
1/1/1-1/1/4 and 1/2/1-1/2/8.
duration <value>: (optional) test
duration, in the range of <1-
1440> min
5 minutes
sla-aware: (optional) specifies
test mechanism
Command Description
not sla-aware
oam loopback-test NAME lag agN [duration Applies the configured Ethernet loopback test
<value> | sla-aware] on a specified LAG:
NAME: Ethernet loopback test
name, previously configured
agN: LAG ID. N is in the range of
<1-14>
duration <value>: (optional) test
duration, in the range of <1-
1440> min
5 minutes
sla-aware: (optional) specifies
test mechanism
not sla-aware
oam loopback-test NAME service dot1q Applies the configured Ethernet loopback test
<service-id> {sap {UU/SS/PP | agN} on a specified 802.1Q service:
|sdp {UU/SS/PP | agN}} [duration
<value> | sla-aware] NOTE
When the Ethernet loopback
test is applied on SDP/SAP
port, the outer VLAN ID must
be the same as the service
VLAN ID for the specific
service. Inner VLAN ID must
be the same as C-VLAN ID,
member of which is the SAP
port.
NAME: Ethernet loopback test
name, previously configured
service-id: in the range of <1-
4294967294>
UU/SS/PP: SAP/SDP port, in the
range of 1/1/1-1/1/4 and 1/2/1-
1/2/8.
agN: SAP/SDP LAG ID. N is in the
range of <1-14>
duration <value>: (optional) test
duration, in the range of <1-
1440> min
5 minutes
sla-aware: (optional) specifies
test mechanism
not sla-aware
oam loopback-test NAME service tls Applies the configured Ethernet loopback test
<service-id> {sap {UU/SS/PP | agN} on a specified TLS service
|sdp {UU/SS/PP | agN}} [duration
<value> | sla-aware] NOTE
Command Description
Command Description
Example
1. Configure the Ethernet Loopback test:
Device-name#config terminal
Entering configuration mode terminal
Device-name(config)#oam
Device-name(config-oam)#loopback-test A1
Device-name(config-loopback-test-A1)#destination-mac 00:00:00:01:01:01
Device-name(config-loopback-test-A1)#outer-vlan-id 7
Device-name(config-loopback-test-A1)#outer-vlan-priority 5
2. Configure VLAN and add ports 1/1/1 and 1/1/2 as tagged members of it:
Device-name(config)#vlan v7 7
Device-name(config-vlan-7)#tagged 1/1/1
Device-name(config-vlan-7)#tagged 1/1/2
Command Hierarchy
device-name#
- file cp technical-support PROTOCOL[USER[:PASSWORD]@]IPv4[:PORT]/FILE-
NAME
- file cp technical-support use-external-file FILE-NAME USE-EXTERNAL-
FILE-NAME
- file cp technical-support use-external-file FILE-NAME
PROTOCOL[USER[:PASSWORD]@]IPv4[:PORT]/FILE-NAME USE-EXTERNAL-FILE-NAME
- file cp technical-support FILE-NAME
- show technical-support use-external-file USE-EXTERNAL-FILE-NAME
- show technical-support
Command Descriptions
Table 10: Technical Support Commands
Command Description
Command Description
Configuration Example
Execute commands from default TSDB and display the output:
device-name#show technical-support
===============================================================================
TECHNICAL SUPPORT
===============================================================================
It could take several minutes to complete the command. Please wait ...
-------------------------------------------------------------------------------
output from command show running-config
-------------------------------------------------------------------------------
snmp-server
no enable
port 161
engineID 80:00:61:81:05:01
notify linkDown
tag tag
type trap
-------------------------------------------------------------------------------
TSDB_default.db had 2 commands to process
Started at Wed Jul 20 15:05:10 EET 2010
Finished at Wed Jul 20 15:05:10 EET 2010
-------------------------------------------------------------------------------
===============================================================================
List of Tables 2
Getting Started 3
Audience 3
Introduction 3
Obtaining MIB Files 3
Compiling MIB Files 3
MIB Tree 4
Object Identifier (OID) 5
Managing Objects 6
SNMP Object Parameters 6
Configuration Example 80
Table of Figures
Figure 1: The MIB Tree ......................................................................................................................... 4
List of Tables
Table 1: Predefined SNMP Object Parameters ................................................................................. 6
T-Marc3312SC/T-Marc3312SCH
Getting Started
This guide describes the objects supported in the Management Information Base (MIB) on the
device and illustrates all parameters in the MIB structure. Many configuration examples are
provided to help you make the required changes to your system.
For more detailed information regarding any of the features described in this guide, please refer to
the BiNOX User Guide.
Audience
This guide is intended for network administrators who want to manage the system using SNMP
MIB applications.
Introduction
The Management Information Base (MIB) is a database of objects that can be used by a network
management system (NMS) to manage and monitor devices on the network. The managed objects
are structured in the form of a hierarchical tree.
The MIB can be retrieved by an NMS using Simple Network Management Protocol (SNMP). The
MIB structure determines the scope of management access allowed by a device.
SNMP defines the type of messages that are exchanged between the manager and agent (refer to
the Simple Network Management Protocol (SNMP) chapter). By using SNMP, a management application
can issue read or write operations within the scope of the MIB. Three versions of SNMP are
supported: SNMPv1, SNMPv2, and SNMPv3.
MIB Tree
The MIB database is presented in a tree form with conceptual tables, where each managed resource
is represented by an object. Individual data items, the MIB objects, make up the leaves of the tree.
At the top of the tree is the most general information available about the network. Each branch of
the tree gets more detailed into a specific network area.
Example:
To retrieve an object from the OSPF MIB, the software uses this OID:
1.3.6.1.2.1.14
which indicates this path:
iso(1).org(3).dod(6).internet(1).mgmt(2).mib-2(1).ospf(14)
Managing Objects
An SNMP application can read values for the objects (for device monitoring) and some
applications can also change the variables (to provide remote management of devices). Basic SNMP
operations include:
Get: Gets a specified SNMP object for a device
Get Next: Gets the next object in a table or list
Set: Sets the value of an SNMP object on a device
B: Sends a message about an event (that occurs on the device) to the management application
When you perform an SNMP Get operation, the SNMP manager sends the OID to the Agent,
which in turn determines whether the OID is supported. If the OID is supported, the Agent
returns information about the object (refer to the Simple Network Management Protocol (SNMP)
chapter).
It is possible to create a new syntax from those defined in this last. A new
syntax uses the keyword TEXTUAL CONVENTION.
ACCESS Indicates how the object could be addressed. Possible values are:
Read-only
Read-write
Read-create
Not-accessible
STATUS Indicates the status of the object
A standard MIB file defines a set of objects, some of which should be
implemented in the Agent. A query should have an answer to follow the
norm. Possible values are:
Mandatory: This object should be implemented in the agent.
Optional: This object could be implemented in the agent.
Obsolete: This object is no longer implemented on the new
generation of agent.
DESCRIPTION Information, presented in text format, describing the objects use and
associated value. Text is between quotes.
PRVT-LLDP-MIB
PRVT-INTERWORKING-OS-MIB
This MIB displays and manages the OS features of the device including OS upgrades. The MIB is
used to:
reset the device
change the active image
download a new image
download/upload running configuration
download technical support information rename or merge files
delete images
NOTE
For the purposes of system information management via SNMP, only the
prvtInterworkingOSMibObjects node of the PRVT-INTERWORKING-OS-MIB
is used.
Examples:
6. Verify that the image appears in the device and becomes active.
device-name#file ls os-image
The active image has star (*) symbol.
Upload a configuration file from the local file system to a TFTP server
via CLI:
1. Save the running configuration file to the local file system:
device-name#file cp running-configuration myconfig.cfg
device-name#file ls
Upload a configuration file from the local file system to a TFTP server
via SNMP:
1. Configure the source type to be the file system:
SET prvtConfigSourceType.0 (integer) fileSystem(1)
8. Configure the type of the file action. First to be prepare, and second to be copy:
SET prvtConfigAction.0 (integer) prepare(2)
SET prvtConfigAction.0 (integer) copy(3)
NOTE
Refer to the Managing the device chapter to see Software Upgrade example via CLI.
PRVT-CONFIGCHANGE-MIB
A private MIB providing notification for configuration changes as SNMP traps. Each trap contains:
Time at which the configuration change was committed
Name of the user who made the change
Method by which the change was made
Examples:
Configuration Management via CLI
1. Configure SNMP with Traps:
device-name(config)#system
device-name(config-system)#snmp
device-name(config-snmp)#no shutdown
device-name(config-snmp)#view myview 1.3 included
device-name(config-snmp)#group mygroup noAuthNoPriv read myview write
myview notify myview
device-name(config-snmp)#user tester mygroup v3
device-name(config-snmp)#target-address mycomp
device-name(config-target-address-mycomp)#dst-port 162
device-name(config-target-address-mycomp)#address 10.3.71.167
device-name(config-target-address-mycomp)#security-name tester
device-name(config-target-address-mycomp)#security-level noAuthNoPriv
device-name(config-target-address-mycomp)#message-model v3
device-name(config-target-address-mycomp)#type trap
device-name(config-target-address-mycomp)#com
Commit complete.
device-name(config-target-address-mycomp)#exit
device-name(config-snmp)#
The manufacturing details are retrieved from the sysManufacturing table of the MIB.
Examples:
Retrieving via CLI
Display manufacturing details using the show system manufacturing-details command:
device-name#show system manufacturing-details
===============================
System Manufacturing-Details
===============================
Main board
Serial number: 0309342504
Assembly No: AL001392
Part number: T-Marc 3312SC/T-Marc 3312SCH
CLEI:
HW revision: 02
HW subrevision:
Date: 30/09/2009
FW version: 32.77.48.21
Base MAC addr: 00:a0:12:64:08:60
RVT-SYNC-ETHERNET-MIB
This private MIB provides complete SNMP management of Synchronous Ethernet (SyncE).
PRVT-STATHIST-MIB
This section describes MIBs used to provide historical view of the interface statistics.
Example
Configuration via CLI
Device-name(config)#system
Device-name(config-system)#statistics-history
Device-name(config-statistics-history)#profile FFF xpath-template
/bridge:interfaces/interface{%s}/Counters/ifInOctets
Device-name(config-statistics-history)#com
Commit complete.
Device-name(config-statistics-history)#control 1 profile-name FFF xpath-key
1/1/1
Device-name(config-statistics-history)#type delta get-interval 10
Device-name(config-statistics-history)#no shutdown
Device-name(config-statistics-history)#commit
Commit complete.
PRVT-STATISTICS-MIB
This section describes MIBs used to provide Service statistics provide important information for
troubleshooting device problems at the service level in format of statistics, including the number of
bytes, number of unicast, multicast, broadcast packets, and the number of packets with specified
color or FC, a SAP/SDP port has received.
Examples:
3. Apply the ingress and egress statistics policies on SAP and SDP ports:
***** SNMP SET-RESPONSE START *****
1: prvtStatSapEgressPolicy.1.1101.20490 (octet string) B7
***** SNMP SET-RESPONSE END *****
***** SNMP SET-RESPONSE START *****
1: prvtStatSapIngressPolicy.1.1101.20490 (octet string) A2
***** SNMP SET-RESPONSE END *****
***** SNMP SET-RESPONSE START *****
1: prvtStatSdpIngressPolicy.1.1 (octet string) A2
***** SNMP SET-RESPONSE END *****
***** SNMP SET-RESPONSE START *****
1: prvtStatSdpEgressPolicy.1.1 (octet string) B7
***** SNMP SET-RESPONSE END *****
PRVT-LLDP-MIB
This section describes the MIB used by network devices for advertising their identity, capabilities,
interconnections, and store information about the network.
Examples:
Response:
User profile name: tester
Context name: (zero-length)
Context engine ID: 80.00.02.E2.03.00.A0.12.EF.CE.40 (hex)
Security user name: tester
Security engine ID: 80.00.02.E2.03.00.A0.12.EF.CE.40 (hex)
Authentication protocol: None
Privacy protocol: None
Security level: None
Security model: USM
1: sysUpTime.0 (timeticks) 0 days 03h:32m:22s.66th (1274266)
***** SNMP SET-RESPONSE START *****
1: prvtLldpEnable.0 (integer) true(1)
***** SNMP SET-RESPONSE END *****
***** SNMP SET-RESPONSE START *****
1: prvtLldpCfgPortRowStatus.5.49.47.50.47.49 (integer) createAndGo(4)
***** SNMP SET-RESPONSE END *****
***** SNMP SET-RESPONSE START *****
1: prvtLldpAdvBasicPortManAddr.5.49.47.50.47.49 (integer) true(1)
***** SNMP SET-RESPONSE END *****
***** SNMP SET-RESPONSE START *****
1: prvtLldpAdvBasicPortDescr.5.49.47.50.47.49 (integer) true(1)
***** SNMP SET-RESPONSE END *****
Device Authentication
This section describes MIBs used to define interfaces on a device and contains the following MIBs:
PRVT-MAC-SECURITY-MIB
PRVT-SWITCH-MIB (only configL2IfaceTable table)
PRVT-PORTS-AGGREGATION-MIB
PRVT-RESILIENT-LINK-MIB
PRVT-SWITCH-IPVLAN-MIB
PRVT-MAC-SECURITY-MIB
This private MIB provides complete SNMP management of port security.
Examples:
Configuration via CLI
1. Create a MAC learning profile with the following parameters:
Examples:
Configuration via CLI
1. Configure the desired speed on port 1/1/1:
device-name#config terminal
device-name(config)#port 1/1/1
device-name(config-port-1/1/1)#speed 1000
device-name(config-port-1/1/1)#commit
PRVT-PORTS-AGGREGATION-MIB
The private Ports Aggregation MIB is used to manage static and dynamic port aggregation for the
device.
Examples:
Configuration via CLI
PRVT-RESILIENT-LINK-MIB
The Resilient link MIB is used to manage the resilient link of the device.
Examples:
Configuration via CLI
device-name(config-ethernet)#resilient-link res1
device-name(config-resilient-link-res1)#primary-port 1/1/1
device-name(config-resilient-link-res1)#backup-port 1/1/2
device-name(config-resilient-link-res1)#backup-mode shutdown
device-name(config-resilient-link-res1)#commit
Commit complete
PRVT-SWITCH-IPVLAN-MIB
The IPVLAN MIB controls the assignment of IP subnets to VLANs.
Example:
Configuration via CLI:
1. Define an IP interface with name sw2:
device-name(config)#router interface sw2
Filtering Traffic
PRVT-SWITCH-ACCESS-LIST-MIB
The private Switch Access List MIB is used to manage ACL rules.
Examples:
device-name(config-rule-1)#commit
Commit complete.
device-name(config-rule-1)#
The following example creates and configures an extended MAC ACL 400:
Configuration via CLI
device-name#config terminal
device-name(config)#mac access-list 400
device-name(config-access-list-400)#rule 250
device-name(config-rule-255)#action permit
device-name(config-rule-255)#source_mac 00:00:00:aa:00:01
device-name(config-rule-255)#destination_mac any
device-name(config-rule-255)#vlan 10
device-name(config-rule-255)#vpt 5
device-name(config-rule-255)#commit
Commit complete.
device-name(config-rule-255)#
The following example applies the extended IP ACL 100 to the ingress traffic on port 1/1/1 with
single-type rate limit, Committed Information Rate (CIR) of 1000 Kbps, and Committed Burst Size
(CBS) of 16 KB:
device-name#config terminal
device-name(config)#port 1/1/3
device-name(config-port-1/1/3)#access-groups-rule-sequence 1 ether-type-access-
group 500 vlan
device-name(config-ether-type-access-group-500/vlan)#vlan 100
device-name(config-ether-type-access-group-500/vlan)#commit
Commit complete.
device-name(config-ether-type-access-group-500/vlan)#
Traffic Control
This section includes the PRVT-QOS-MIB MIB. For more information on the Traffic Control
feature, refer to the BiNOX User Guide.
PRVT-QOS-MIB
Examples:
VLANs
This section includes the following MIBs:
Q-BRIDGE-MIB
PRVT-SUPER-VLAN-MIB
Q-BRIDGE-MIB
The VLAN Bridge MIB used to manage VLAN networks. The Q-BRIDGE-MIB manages the
MAC address table and is also referred to as 8021Q_d6.mib.
NOTE
Configuration via SNMP uses only the dot1qVlanStaticTable.
Examples:
Configuration via CLI
1. Create a VLAN with the specified name vlan3 and ID 3:
device-name#config terminal
device-name(config)#vlan vlan3 3
Examples:
Configuration via CLI
1. Create a VLAN with the specified name vlan3 and ID 3:
device-name#config terminal
device-name(config)#vlan vlan3 3
PRVT-SUPER-VLAN-MIB
PRVT-SUPER-VLAN-MIB is a private MIB that provides complete SNMP management of Super
Virtual Local Area Network (VLAN).
Examples:
Configuration via CLI with target port
Create a Super-VLAN with the specified name vlan2:
device-name(config)#super-vlan 1/1/1
device-name(config-super-vlan-1/1/1)#target-port 1/1/2device-name(config-c-
vlan-2)#commit
Commit complete
PRVT-SPANNING-TREE-MIB
The private Spanning Tree MIB is used to manage spanning tree and fast ring protocols.
Examples:
Configuration via CLI
Pending Configuration
1. Enable MSTP:
device-name(config)#config
2. Configure parameters:
bridge priority: 4096
hello-time: 5 seconds
MaxAge time: 14 seconds
max-hop count: 23
device-name(config-spanning-tree)#priority 4096
device-name(config-spanning-tree)#hello-time 5
device-name(config-spanning-tree)#max-age 14
device-name(config-protocol-mstp)#max-hops 23
2. Set port priority 80 and path-cost 1000 on port 1/1/1 for MSTI0:
device-name(config-spanning-tree)#port 1/1/1 path-cost 1000
device-name(config-spanning-tree)#port 1/1/1 priority 80
3. Set port priority 0 and path-cost 300 on port 1/1/1 for MSTI1:
device-name(config-spanning-tree)#port 1/1/1 mstp instance-id 1 priority 0
device-name(config-spanning-tree)#port 1/1/1 mstp instance-id 1 path-cost
300
Pending Configuration
1. Enable MSTP:
prvtStMstpProtocolEnable.0 (integer) true(1)
2. Configure parameters:
bridge priority: 4096
hello-time: 5 seconds
MaxAge time: 14 seconds
max-hop count: 23
prvtStPriority.0 (gauge) 4096
prvtStHelloTime.0 (gauge) 5
prvtStMaxAge.0 (gauge) 14
prvtStMstpMaxHops.0 (gauge) 23
2. Set port priority 80 and path-cost 1000 on port 1/1/1 for MSTI 0:
prvtStPortPriority.1101 (gauge) 80
prvtStPortPathCost.1101 (gauge) 1000
3. Set port priority 0 and path-cost 300 on port 1/1/1 for MSTI 1:
prvtStMInstPortPriority.1.1101 (gauge) 0
prvtStMInstPortPathCost.1.1101 (gauge) 300
3. Enable RSTP:
prvtStRstpProtocolEnable.0 (integer) true(1)
4. Enable STP:
prvtStStpProtocolEnable.0 (integer) true(1)
Service Configuration
This section includes the PRVT-SERV- MIB.
PRVT-SERV-MIB
The private Service MIB manages and provides various services on the device.
Create and Configure a VPLS Service with Spoke SDPs and Unqualified SAPs
Configuration via CLI
1. Create VPLS on an MTU device:
device-name(config)#service vpls 1 mode mtu-s
device-name(config-vpls-1)#commit
device-name(config)#no service vpls 1 shutdown
device-name(config)#commit
device-name(config-sdp-1)#commit
device-name(config)#service sdp 2 far-end 113.113.113.113
device-name(config-sdp-2)#commit
2. Get the next free id value (Needed to configure the SDP port.):
sdpNextFreeId.0 (gauge)16
PRVT-ROUTE-MIB
The private MIB, PRVT-ROUTE-MIB, isused to manage static and dynamic IP routes.
Example
Configuration via CLI
1. Create Static Route to network 11.0.0.0/8 via next hop 5.0.0.1 and administrative distance 1:
device-name#config terminal
device-name(config)#router static-route 11.0.0.0/8 5.0.0.1 1
2. Delete Static Route to network 11.0.0.0/8 via next hop 5.0.0.1 and administrative distance 1:
device-name#config terminal
4. Delete Static Route to network 11.0.0.0/8 via next hop 5.0.0.1 and administrative distance 1:
set prvtCfgRouteRowStatus (integer) 11.0.0.0.8.5.0.0.1.1 destroy(6)
PRVT-OSPF-MIB
The private OSPF MIB, which enables the OSPF protocol, redistributes other routing protocols in
the OSPF and contains additional configuration not provided in the standard RFC 1850.
Examples:
PRVT-ISIS-MIB
This private MIB provides complete SNMP management of Intermediate System-to-
Intermediate System (IS-IS).
Example
Configuration via CLI
1. Set the ISIS router ID:
device-name(config)#router isis router-id 11:22:33:44:55:66
device-name(config-isis)#commit
PRVT-L2TUNNELING-MIB
The private Layer 2 Tunneling MIB manages the Layer 2 Protocol Tunneling feature designed for
service providers. L2 tunneling profile on SAP and SDP port is not supported.
Example
Configuration via CLI
device-name#config terminal
device-name(config)#l2-tunneling
device-name(config-l2-tunneling)#no shutdown
device-name(config-l2-tunneling)#commmit
Commit complete.
device-name(config-l2-tunneling)#exit
device-name(config)#service tls 1
device-name(config-tls-1)#sap 1/1/1
device-name(config-sap-1/1/1)#c-vlan 3
device-name(config-c-vlan-3)#tunnel-profile tunnel-all
device-name(config-c-vlan-3)#exit
device-name(config-sap-1/1/1)#exit
device-name(config-tls-1)#sdp s-vlan 10 port 1/1/2
device-name(config-interface-1/1/2)#tunnel-profile tunnel-bpdu
device-name(config-interface-1/1/2)#commit
Commit complete.
device-name(config-interface-1/1/2)#
PRVT-MPLS-TE-MIB
The private MPLS-TE MIB supports tables for configuring:
tunnels
tunnel hop
tunnel resources
differential Service
tunnel trap
Actual Route Hop
Calculated Hop
Creating a single tunnel is equivalent to creating a row in the Tunnel table. Path nodes are in the
Nodes table. The same table also provides a field to set the path name used to unite the nodes. The
same rules apply for two-phase setting: first create and configure the tunnel and then activate the
tunnel. Activating a tunnel works with all active nodes. You cannot create nodes that are intended
to belong to the same path but have different path names.
PRVT-TEMIB-ENTITY-MIB
The private TE Entity MIB is designed to list tunnel entities. Such entities are needed to use RSVP
tunnel router functionality and cannot be created manually. Using only one RSVP router means
only one tunnel entity is created when creating the router.
Examples:
Enable RSVP prior to configure MPLS (refer to Examples).
Configuration via CLI
1. Create the path:
device-name(config)#router rsvp-te path 1 hop 1 hop-type strict ip-address
100.0.0.2 true
device-name(config-hop-1)#commit
device-name(config-hop-1)#exit
2. Create the tunnel, assign a name to the tunnel, configure the tunnel attributes, and specify the
explicit route hops for this tunnel:
device-name(config)#router rsvp-te lsp 1 far-end 1.1.1.1 name 3_to_1 fast-
reroute-mode facility max-backup-hops 20 cspf path 1
device-name(config-lsp-1)#commit
PRVT-RSVP-MIB
The private MIB, PRVT-RSVP-MIB, provides configuration capabilities for RSVP functionality.
Examples:
Enable MPLS on software interfaces prior to configuring RSVP.
Configuration via CLI
1. Enable RSVP router:
device-name(config)#router rsvp-te
device-name(config-rsvp-te)#commit
2. Set RSVP-extensions:
device-name(config-rsvp-te)#bypass-fast-reroute true
device-name(config-rsvp-te)#commit
4. Set RSVP-extensions:
Set prvtRsvpProductProtocolExtensions.1 with value bypassFastReroute(0)
PRVT-MPLS-IF-MIB
The private MIB, PRVT-MPLS-IF-MIB, manages specific MPLS and RSVP interface parameters.
Examples:
Configuration via CLI
Enable MPLS on previously created IP interfaces lo1 and sw1.
device-name(config)#router mpls interface lo1
device-name(config)#router mpls interface sw1
device-name(config)#commit
PRVT-LMGR-MIB
The private LMGR MIB is designed to support Label Manager settings.
PRVT-MPLS-LDP-MIB
The private LDP MIB contains information about negotiated parameters when starting an LDP
router. The MIB configures remote peers to hear LDP multicast advertisements. This MIB
includes:
LDP entities
LDP peers
LDP sessions
FECs
PRVT-CR-LDP-MIB
This private CR LDP MIB contains two tables for viewing and configuring the path manager and
the session manager. Tables are read-only and cannot have multiple instances for either the path or
session manager. A single instance is created (with index 1) when activating the LDP entity in the
LDP entity table.
Examples:
Enable MPLS on software interfaces prior to configuring RSVP.
Configuration via CLI
1. Create LSR entity with LSR ID:
device-name(config)#router mpls lsr-id 10.10.10.10
device-name(config-mpls)#commit
device-name(config-mpls)#exit
PRVT-CFM-MIB
The private CFM MIB is an extension of the Connectivity Fault Management module for managing
IEEE 802.1ag connectivity. The MIB provides proactive and diagnostic connectivity fault
localization capabilities over SNMP for Ethernet Virtual Connections (EVC) that span one or more
links.
Example
In the following example, a domain MA is created for a VLAN and port 1/1/1 is added as a MEP
to the specified MA.
Configuration via CLI
1. Enable CFM:
device-name#config terminal
device-name(config)#oam cfm
device-name(config-cfm)#no shutdown
4. Create a MEP:
device-name(config-ma-ma_1)#mep 105 bind-to 1/1/1
device-name(config-mep-105/1/1/1)#direction down
device-name(config-mep-105/1/1/1)#ccm-enabled
device-name(config-mep-105/1/1/1)#no shutdown
device-name(config-mep-105/1/1/1)#commit
Commit complete.
device-name(config-mep-105/1/1/1)#
1: prvtCfmMepRowStatus.8.100.111.109.97.105.110.95.49.4.109.97.95.49.105 =
5
2:prvtCfmMepInterfaceIndex.8.100.111.109.97.105.110.95.49.4.109.97.95.49.10
5 (integer) 1101 [1101]
3: prvtCfmMepDirection.8.100.111.109.97.105.110.95.49.4.109.97.95.49.105
(integer) down(1)
4: prvtCfmMepShutdown.8.100.111.109.97.105.110.95.49.4.109.97.95.49.105
(integer) false(2)
5: prvtCfmMepCciEnabled.8.100.111.109.97.105.110.95.49.4.109.97.95.49.105
(integer) true(1)
6: prvtCfmMepRowStatus.8.100.111.109.97.105.110.95.49.4.109.97.95.49.105
(integer) active(1)
PRVT-SYS-MON-MIB
The MIB contains settings for system monitoring and periodic system self-tests.
Examples:
Status : PASSED
Measure : 39C
Status : PASSED
Measure : 4%
Status : PASSED
Measure : 51%
Fan Test
Status : PASSED
Status : PASSED
Measure : 0%
PRVT-ALARM-MIB
This private MIB provides information for the following alarms:
Temperature test fail
Power-supply test fail
Power-supply fan test fail
Onboard power test fail
Fan test fail
CPU-usage test fail
RAM-usage test fail
Port statistics test fail
Link Down
Lag Down
SyncE alarms
Event Alarm
lagLinkUp Clear
lagMemberLinkUp Clear
linkUp Clear
power supply fan test failed Raise "Power-supply fan test failed. PS1 fan
OK, PS2 fan FAILED."
Raise "Power-supply fan test failed. PS1 fan
FAILED, PS2 fan OK"
Raise "Power-supply fan test failed. PS1 fan
FAILED, PS2 fan FAILED"
Raise "Power-supply fan test failed. PS1 fan
FAILED, PS2 fan ABSENT"
Raise "Power-supply fan test failed. PS1 fan
ABSENT, PS2 fan FAILED"
Raise "Power-supply fan test failed. PS1 fan
ABSENT, PS2 fan OK"
Raise "Power-supply fan test failed. PS1 fan
ABSENT, PS2 fan ABSENT"
Raise "Power-supply fan test failed. PS1 fan
Event Alarm
The MIB contains list of predefined device alarms with index, time of occurrence and description.
Every time an alarm is triggered, a new row is added to the prvtAlarmCurrentTable.
Once the alarm goes off, the relevant row is removed from the prvtAlarmCurrentTable.
PRVT-LMM-MIB
This private MIB provides complete SNMP management of the Laser Management feature.
Example:
Configuration via CLI:
device-name(config)#system monitor
device-name(config-monitor)#laser
device-name(config-laser)#no shutdown
device-name(config-laser)#period 60
device-name(config-laser)#log
device-name(config-laser)#led
device-name(config-laser)#temperature low-threshold -10
device-name(config-laser)#temperature high-threshold 60
device-name(config-laser)#tx-power low-threshold -5
device-name(config-laser)#tx-power high-threshold 5
device-name(config-laser)#commit
Commit complete.
PRVT-STORM-CTL-MIB
This private MIB provides complete SNMP management of the Traffic Storm Control feature.
Example:
Configuration via CLI:
Device-name(config)#ethernet
Device-name(config-ethernet)#storm-control
Device-name(config-storm-control)#port 1/1/1
Device-name(config-port-1/1/1)#traffic-type unknown rate-threshold 100
Device-name(config-traffic-type-unknown)#exit
Device-name(config-port-1/1/1)#no shutdown
Device-name(config-port-1/1/1)#commit
Commit complete.
PRVT-EFM-OAM-MIB
This private MIB provides complete SNMP management of 802.3ah Ethernet in the First Mile
(EFM-OAM).
Examples:
Configuration via CLI:
Device-name#config terminal
Entering configuration mode terminal
Device-name(config)#port 1/1/1
Device-name(config-port-1/1/1)#efm role active
Device-name(config-port-1/1/1)#
Device-name(config-port-1/1/1)#efm event-return-shutdown 5
Device-name(config-port-1/1/1)#efm event-forward-status 1/1/2
Device-name(config-port-1/1/1)#commit
set prvtEfmOamInterfaceRole(1.3.6.1.4.1.738.10.5.133.1.23.1.3).1101
(integer) active(2)
or
set prvtEfmOamInterfaceRole.1101 (integer) active(2)
set prvtEfmOamInterfaceEventReturnShutdown(1.3.6.1.4.1.738.10.5.133.1.23.1.
12).1101 (gauge) 5
or
set prvtEfmOamInterfaceEventReturnShutdown.1101 (gauge) 5
set prvtEfmOamEventForwardStatusRowStatus(1.3.6.1.4.1.738.10.5.133.1.24.1.2
).1101.1102 createAndWait(5)
or
set prvtEfmOamEventForwardStatusRowStatus.1101.1102 (integer)
createAndWait(5)
set prvtEfmOamEventForwardStatusRowStatus(1.3.6.1.4.1.738.10.5.133.1.24.1.2
).1101.1102 active(1)
or
set prvtEfmOamEventForwardStatusRowStatus.1101.1102 (integer) active(1)
PRVT-RAPS-MIB
This private MIB provides complete SNMP management of ITU-T G.8032v2 Ring Automatic
Protection Switching (R-APS).
Example
Configuration via CLI:
Device-name(config)#ethernet ring-aps instance 1
Device-name(config-instance-1)#role simple-node
Device-name(config-instance-1)#control-vlan 2
Device-name(config-instance-1)#cfm-domain-level 2
Device-name(config-instance-1)#no shutdown
Device-name(config-instance-1)#monitor-vlan 4
Device-name(config-instance-1)#port 1
Device-name(config-instance-1)#port 1 port-id 1/1/1 mep 13
Device-name(config-port-1)#exit
Device-name(config-instance-1)#port 0 port-id 1/1/2 mep 14
Device-name(config-instance-1)#commit
PRVT-SAA-MIB
This private MIB provides complete SNMP management of SAA tests.
Examples:
prvtSaaProfileRowStatus.1.49 = 5
prvtSaaProfileType.1.49 = rfc2544
prvtSaaProfileRfc2544FrameLoss.1.49 = 100000
prvtSaaProfileRowStatus.1.49 = 1
prvtSaaTestRfc2544Domain.1.49.1.49 = "d2"
prvtSaaTestRfc2544MA.1.49.1.49 = "ma2"
prvtSaaTestRfc2544Mep.1.49.1.49 = 1001
prvtSaaTestRowStatus.1.49.1.49 = 1
Configure uni-test-Tail:
Configuration via CLI:
Device-name(config)#saa test 1 1 type rfc2544 profile 1 rfc2544 mode uni-
test-tail
prvtSaaTestDataSizeRowStatus.1.49.1.49.i64 = 1
prvtSaaTestDataSizeRowStatus.1.49.1.49.i128 = 1
prvtSaaTestDataSizeRowStatus.1.49.1.49.i256 = 1
prvtSaaTestDataSizeRowStatus.1.49.1.49.i512 = 1
PRVT-TWAMP-MIB
The TWAMP MIB includes objects describing features that support TWAMP testing facilities:
Traffic Engineering
This section presents the SNMP MIB, PRVT-TE-PARAM-MIB, used for the Multiprotocol Label
Switching (MPLS) feature:
PRVT-TE-PARAM-MIB
PRVT-TE-PARAM-MIB
The TE MIB includes objects describing features that support traffic engineering.
Examples:
Configuration via CLI:
Setting Admin Group 1 with the name "green":
device-name(config)#router rsvp-te admin-group 1 name green
device-name(config-admin-group-1)#commit
Configuration Example
The following example creates VPWS between two devices: Device1 and Device2.
Device1 Configuration:
1. Configure a VLAN with ID 10 and add port 1/1/5 as a tagged member of it:
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.51
dot1qVlanStaticRowStatus.10 i 5 Q-BRIDGE-MIB::dot1qVlanStaticRowStatus.10 =
INTEGER: createAndWait(5) snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.51
dot1qVlanStaticEgressPorts.10 x 08000000 Q-BRIDGE-
MIB::dot1qVlanStaticEgressPorts.10 = Hex-STRING: 08 00 00 00 snmpset -t 10
-L n -v2c -c user-v2c 10.3.155.51 dot1qVlanStaticName.10 s vlan10 Q-
BRIDGE-MIB::dot1qVlanStaticName.10 = STRING: vlan10 snmpset -t 10 -L n -
v2c -c user-v2c 10.3.155.51 dot1qVlanStaticRowStatus.10 i 1 Q-BRIDGE-
MIB::dot1qVlanStaticRowStatus.10 = INTEGER: active(1)
5. Enable OSPF. Interfaces lo1 and sw1 are configured in Area 0.0.0.0:
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.51 prvtOspfRouterId.0 a
1.1.155.51
PRVT-OSPF-MIB::prvtOspfRouterId.0 = IpAddress: 1.1.155.51 snmpset -t 10 -L
n -v2c -c user-v2c 10.3.155.51 prvtOspfAreaRowStatus.0.0.0.0 i 4 PRVT-
OSPF-MIB::prvtOspfAreaRowStatus.0.0.0.0 = INTEGER: createAndGo(4) snmpset
-t 10 -L n -v2c -c user-v2c 10.3.155.51
prvtOspfIfRowStatus.100.1.1.51 i 5
PRVT-OSPF-MIB::prvtOspfIfRowStatus.100.1.1.51 = INTEGER: createAndWait(5)
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.51
prvtOspfIfAreaId.100.1.1.51 a 0.0.0.0
PRVT-OSPF-MIB::prvtOspfIfAreaId.100.1.1.51 = IpAddress: 0.0.0.0 snmpset -t
10 -L n -v2c -c user-v2c 10.3.155.51
prvtOspfIfRowStatus.100.1.1.51 i 1
PRVT-OSPF-MIB::prvtOspfIfRowStatus.100.1.1.51 = INTEGER: active(1)
8. Enable LDP:
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.51 prvtcrldpPmRowStatus.1 i 4
Error in packet.
Reason: inconsistentValue (The set value is illegal or unsupported in some
way) Failed object: PRVT-CR-LDP-MIB::prvtcrldpPmRowStatus.1
createAndWait(5)
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.51
mplsTunnelManHopType.1.10.1.1 i 1
PRVT-MPLS-TE-MIB::mplsTunnelManHopType.1.10.1.1 = INTEGER: strict(1)
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.51
mplsTunnelManHopIpAddr.1.10.1.1 x 64010138
PRVT-MPLS-TE-MIB::mplsTunnelManHopIpAddr.1.10.1.1 = Hex-STRING: 64 01 01 38
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.51
mplsTunnelManHopRowStatus.1.10.1.1 i 1
PRVT-MPLS-TE-MIB::mplsTunnelManHopRowStatus.1.10.1.1 = INTEGER: active(1)
12. Create RSVP LSP 10 with ingress LSR ID 1.1.155.51 , egress LSR ID 1.1.155.56 :
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.51
mplsManTunnelRowStatus.1.10.1 i 5
PRVT-MPLS-TE-MIB::mplsManTunnelRowStatus.1.10.1 = INTEGER: createAndWait(5)
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.51
mplsManTunnelIngressLSRId.1.10.1 x 01019b33
PRVT-MPLS-TE-MIB::mplsManTunnelIngressLSRId.1.10.1 = STRING: 1.1.155.51
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.51
mplsManTunnelEgressLSRId.1.10.1 x 01019b38
PRVT-MPLS-TE-MIB::mplsManTunnelEgressLSRId.1.10.1 = STRING: 1.1.155.56
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.51 mplsManTunnelName.1.10.1 s
lsp10
PRVT-MPLS-TE-MIB::mplsManTunnelName.1.10.1 = STRING: "lsp10"
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.51
mplsManTunnelAdminStatus.1.10.1 i 1
PRVT-MPLS-TE-MIB::mplsManTunnelAdminStatus.1.10.1 = INTEGER: up(1) snmpset
-t 10 -L n -v2c -c user-v2c 10.3.155.51
mplsManTunnelRowStatus.1.10.1 i 1
PRVT-MPLS-TE-MIB::mplsManTunnelRowStatus.1.10.1 = INTEGER: active(1)
16. Configure SDP (SDP uses the configured LSP 10) for VPWS 10:
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.51 sdpRowStatus.10.1 i 5
PRVT-SERV-MIB::sdpRowStatus.10.1 = INTEGER: createAndWait(5) snmpset -t 10
-L n -v2c -c user-v2c 10.3.155.51 sdpFarEndIpAddress.10.1 a 1.1.155.56
PRVT-SERV-MIB::sdpFarEndIpAddress.10.1 = IpAddress: 1.1.155.56 snmpset -t
10 -L n -v2c -c user-v2c 10.3.155.51 sdpAdminStatus.10.1 i 1
PRVT-SERV-MIB::sdpAdminStatus.10.1 = INTEGER: up(1) snmpset -t 10 -L n -v2c
-c user-v2c 10.3.155.51
sdpTransportTunnelName.10.1 s lsp10
PRVT-SERV-MIB::sdpTransportTunnelName.10.1 = STRING: "lsp10"
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.51 sdpVCType.10.1 i 5
PRVT-SERV-MIB::sdpVCType.10.1 = INTEGER: ethernet(5) snmpset -t 10 -L n -
v2c -c user-v2c 10.3.155.51 sdpType.10.1 i 3
PRVT-SERV-MIB::sdpType.10.1 = INTEGER: mesh(3) snmpset -t 10 -L n -v2c -c
user-v2c 10.3.155.51 sdpMtu.10.1 i 9190
PRVT-SERV-MIB::sdpMtu.10.1 = INTEGER: 9190 snmpset -t 10 -L n -v2c -c user-
v2c 10.3.155.51 sdpRowStatus.10.1 i 1
PRVT-SERV-MIB::sdpRowStatus.10.1 = INTEGER: active(1)
Device2 Configuration:
18. Configure a VLAN with ID 10 and add port 1/1/5 as a tagged member of it:
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.56
dot1qVlanStaticRowStatus.10 i 5 Q-BRIDGE-MIB::dot1qVlanStaticRowStatus.10 =
INTEGER: createAndWait(5) snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.56
dot1qVlanStaticEgressPorts.10 x 08000000 Q-BRIDGE-
MIB::dot1qVlanStaticEgressPorts.10 = Hex-STRING: 08 00 00 00 snmpset -t 10
-L n -v2c -c user-v2c 10.3.155.56 dot1qVlanStaticName.10 s vlan10 Q-
BRIDGE-MIB::dot1qVlanStaticName.10 = STRING: vlan10 snmpset -t 10 -L n -
v2c -c user-v2c 10.3.155.56 dot1qVlanStaticRowStatus.10 i 1 Q-BRIDGE-
MIB::dot1qVlanStaticRowStatus.10 = INTEGER: active(1)
ipInterfaceRowStatus.4.115.119.49.48 i 1 PRVT-SWITCH-IPVLAN-
MIB::ipInterfaceRowStatus."sw10" = INTEGER: active(1)
22. Enable OSPF. Interfaces lo1 and sw10 are configured in Area 0.0.0.0:
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.56 prvtOspfRouterId.0 a
1.1.155.56
PRVT-OSPF-MIB::prvtOspfRouterId.0 = IpAddress: 1.1.155.56 snmpset -t 10 -L
n -v2c -c user-v2c 10.3.155.56 prvtOspfAreaRowStatus.0.0.0.0 i 4 PRVT-
OSPF-MIB::prvtOspfAreaRowStatus.0.0.0.0 = INTEGER: createAndGo(4) snmpset -
t 10 -L n -v2c -c user-v2c 10.3.155.56
prvtOspfIfRowStatus.100.1.1.56 i 5
PRVT-OSPF-MIB::prvtOspfIfRowStatus.100.1.1.56 = INTEGER: createAndWait(5)
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.56
prvtOspfIfAreaId.100.1.1.56 a 0.0.0.0
PRVT-OSPF-MIB::prvtOspfIfAreaId.100.1.1.56 = IpAddress: 0.0.0.0 snmpset -t
10 -L n -v2c -c user-v2c 10.3.155.56
prvtOspfIfRowStatus.100.1.1.56 i 1
PRVT-OSPF-MIB::prvtOspfIfRowStatus.100.1.1.56 = INTEGER: active(1)
prvtLmgrLsrEntityRowStatus.1 i 5
PRVT-LMGR-MIB::prvtLmgrLsrEntityRowStatus.1 = INTEGER: createAndWait(5)
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.56 prvtLmgrLsrEntityLsrId.1 u
16882488
PRVT-LMGR-MIB::prvtLmgrLsrEntityLsrId.1 = Gauge32: 16882488 snmpset -t 10 -
L n -v2c -c user-v2c 10.3.155.56
prvtLmgrLsrEntityTranAddr.1 x 01019B38
PRVT-LMGR-MIB::prvtLmgrLsrEntityTranAddr.1 = Hex-STRING: 01 01 9B 38
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.56
prvtLmgrLsrEntityRowStatus.1 i 1
PRVT-LMGR-MIB::prvtLmgrLsrEntityRowStatus.1 = INTEGER: active(1)
27. Configure LDP distribution policy with ingress OSPF and egress IP address 1.1.155.56:
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.56
prvtMplsRouteProtocolRowStatus.ingress.ospf i 4 PRVT-MPLS-IF-
MIB::prvtMplsRouteProtocolRowStatus.ingress.ospf = INTEGER:
createAndGo(4)
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.56
prvtMplsRouteAddressRowStatus.egress.1.1.155.56.32 i 4
PRVT-MPLS-IF-MIB::prvtMplsRouteAddressRowStatus.egress.'...8 ' =
INTEGER: createAndGo(4)
30. Configure RSVP LSP 20 with ingress IP address 1.1.155.56 and egress IP address 1.1.155.51:
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.56
mplsManTunnelRowStatus.1.20.1 i 5
PRVT-MPLS-TE-MIB::mplsManTunnelRowStatus.1.20.1 = INTEGER: createAndWait(5)
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.56
mplsManTunnelIngressLSRId.1.20.1 x 01019b38
PRVT-MPLS-TE-MIB::mplsManTunnelIngressLSRId.1.20.1 = STRING: 1.1.155.56
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.56
mplsManTunnelEgressLSRId.1.20.1 x 01019b33
PRVT-MPLS-TE-MIB::mplsManTunnelEgressLSRId.1.20.1 = STRING: 1.1.155.51
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.56 mplsManTunnelName.1.20.1 s
lsp20
PRVT-MPLS-TE-MIB::mplsManTunnelName.1.20.1 = STRING: "lsp20"
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.56
mplsManTunnelAdminStatus.1.20.1 i 1
PRVT-MPLS-TE-MIB::mplsManTunnelAdminStatus.1.20.1 = INTEGER: up(1) snmpset
-t 10 -L n -v2c -c user-v2c 10.3.155.56
mplsManTunnelRowStatus.1.20.1 i 1
PRVT-MPLS-TE-MIB::mplsManTunnelRowStatus.1.20.1 = INTEGER: active(1)
34. Configure SDP (SDP uses the configured LSP 20) for VPWS 10:
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.56 sdpRowStatus.10.1 i 5
PRVT-SERV-MIB::sdpRowStatus.10.1 = INTEGER: createAndWait(5)
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.56 sdpFarEndIpAddress.10.1
a 1.1.155.51
PRVT-SERV-MIB::sdpFarEndIpAddress.10.1 = IpAddress: 1.1.155.51
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.56 sdpAdminStatus.10.1 i 1
PRVT-SERV-MIB::sdpAdminStatus.10.1 = INTEGER: up(1)
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.56
sdpTransportTunnelName.10.1 s lsp20
PRVT-SERV-MIB::sdpTransportTunnelName.10.1 = STRING: "lsp20"
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.56 sdpVCType.10.1 i 5
PRVT-SERV-MIB::sdpVCType.10.1 = INTEGER: ethernet(5)
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.56 sdpType.10.1 i 3
PRVT-SERV-MIB::sdpType.10.1 = INTEGER: mesh(3)
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.56 sdpMtu.10.1 i 9190
PRVT-SERV-MIB::sdpMtu.10.1 = INTEGER: 9190
snmpset -t 10 -L n -v2c -c user-v2c 10.3.155.56 sdpRowStatus.10.1 i 1
PRVT-SERV-MIB::sdpRowStatus.10.1 = INTEGER: active(1)
Power Sources
Operating Conditions
Page 1
Appendix C: Acronyms Glossary (Rev 01)
Term Meaning
Page 2
Appendix C: Acronyms Glossary (Rev 01)
Term Meaning
Page 3
Appendix C: Acronyms Glossary (Rev 01)
Term Meaning
Page 4
Appendix C: Acronyms Glossary (Rev 01)
Term Meaning
Page 5
Appendix C: Acronyms Glossary (Rev 01)