Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Demarcation Device
User Guide
Release 10.1.Rx
May 2010
MN100168 Rev R
The information in this document is subject to change without notice and describes only the product defined in
the introduction of this document. This document is intended for the use of customers of Telco Systems only
for the purposes of the agreement under which the document is submitted, and no part of it may be reproduced
or transmitted in any form or means without the prior written permission of Telco Systems. The document is
intended for use by professional and properly trained personnel, and the customer assumes full responsibility
when using it. Telco Systems welcomes customer comments as part of the process of continuous development
and improvement of the documentation.
If the Release Notes that are shipped with the device contain information that conflicts with the information in
the user guide or supplements it, the customer should follow the Release Notes.
The information or statements given in this document concerning the suitability, capacity, or performance of the
relevant hardware or software products are for general informational purposes only and are not considered
binding. Only those statements and/or representations defined in the agreement executed between Telco
Systems and the customer shall bind and obligate Telco Systems. Telco Systems however has made all
reasonable efforts to ensure that the instructions contained in this document are adequate and free of material
errors and omissions. Telco Systems will, if necessary, explain issues which may not be covered by the
document.
Telco Systems’ sole and exclusive liability for any errors in the document is limited to the documentary
correction of errors. TELCO SYSTEMS IS NOT AND SHALL NOT BE RESPONSIBLE IN ANY EVENT
FOR ERRORS IN THIS DOCUMENT OR FOR ANY DAMAGES OR LOSS OF WHATSOEVER KIND,
WHETHER DIRECT, INCIDENTAL, OR CONSEQUENTIAL (INCLUDING MONETARY LOSSES),
that might arise from the use of this document or the information in it.
This document and the product it describes are the property of Telco Systems, which is the owner of all
intellectual property rights therein, and are protected by copyright according to the applicable laws.
Telco Systems logo is a registered trademark of Telco Systems, a BATM Company. BiNOS®, BiNOSCenter®,
T-Marc®, T5 Compact™, T5C-XG™, T-Metro®, EdgeLink®, EdgeGate®, Access60®, AccessIP™,
AccessMPLS®, AccessTDM™, AccessEthernet®, NetBeacon®, Metrobility®, and OutBurst® are trademarks
of Telco Systems.
Other product and company names mentioned in this document reserve their copyrights, trademarks, and
registrations; they are mentioned for identification purposes only.
Page 1
Introduction (Rev. 12)
T-Marc 300 Series User Guide
Intended Audience
This user guide is intended for network administrators responsible for installing and configuring
network equipment.
You have to be familiar with the concepts and terminology of Ethernet and local area networking
(LAN) to use this guide.
Documentation Suite
This document is just one part of the full documentation suite provided with this product.
You are: Document Function Function
Page 2
Introduction (Rev. 12)
T-Marc 300 Series User Guide
Conventions Used
The conventions below are used to inform important information:
NOTE
Indicating special information to which the user needs to pay special attention.
CAUTION
Indicating special instructions to avoid possible damage to the product.
DANGER
Indicating special instructions to avoid possible injury or death.
The table below explains the conventions used within the document text:
Conventions Description
Page 3
Introduction (Rev. 12)
T-Marc 300 Series User Guide
Organization
The T-Marc 300 Series User Guide comprises the below list of chapters, each focusing on a
different feature or set of features. Each chapter begins with a brief overview of the feature/s,
followed by the configuration flow and corresponding commands' configuration section.
Using the Command Line Basic information about the T-Marc 300 Series CLI, its modes, and
Interface (CLI) general usage details.
Device Setup and Accessing T-Marc 300 Series devices, login information, and the
Maintenance devices' reloading options.
Device Administration Administering T-Marc 300 Series devices and performing initial
device configuration (such as the device’s time and date, software
upgrade, and protecting the device from outside attacks).
Configuring Interfaces The device interface types and their configuration. The chapter
also offers information on static Link Aggregation Groups (LAGs),
establishing resilience across the network segments, and Alarm
Propagation.
Configuring VLANs and An overall understanding of VLANs and their configuration.
Super VLANs
Configuring Transparent The deployment of Transparent LAN Services.
LAN Services (TLS)
Configuring Spanning Tree The IEEE 802.1D STP standard and its configuration
Protocol (STP)
Configuring Rapid The IEEE 802.1W Rapid STP standard and its configuration.
Spanning Tree Protocol
(RSTP)
Configuring Multiple The IEEE 802.1S Multiple STP standard and its configuration.
Spanning Tree Protocol
(MSTP, IEEE 802.1s)
Configuring Access Control Creating ACLs, traffic rate-limit, and applying QoS using ACLs.
List (ACL)
DHCP Snooping DHCP Snooping security feature used to reinforce the client
network and create an environment resilient to outside attacks.
Configuring Quality of Configuring different service levels for traffic traversing the device,
Service (QoS) providing preferential treatment to specific traffic.
Operation Administration The different tools for monitoring and troubleshooting the network:
and Maintenance (OAM) • IEEE 802.3ah Ethernet in the First Mile (EFM)
• IEEE 802.1ag Connectivity Fault Management (CFM)
• SAA Test-Head and SAA Throughput Test
• ITU-T G.8031 Ethernet Protection Switching (EPS)
• Event Propagation (configuring automatic actions executed
upon the occurrence of specific events)
• Ethernet Local Management Interface (E-LMI), an OAM
protocol enabling the auto configuration of Metro Ethernet
services’ support
Page 4
Introduction (Rev. 12)
T-Marc 300 Series User Guide
Page 5
Introduction (Rev. 12)
T-Marc 300 Series User Guide
Technical Support
Telco Systems provides technical assistance for customers and partners. Users can obtain technical
assistance by any of the following phone, fax, and e-mail options:
Web Access: http://www.telco.com/
BATM Advanced Communications—Main Support Center in Israel
Tel: +972-4-993-5630
Fax: +972-4-993-7926
Email: mailto:support@batm.co.il
BATM/Telco Systems a BATM Company—for Americas
Tel: 1-800-227-0937 (U.S.), 1-781-255-2120 (Outside U.S.)
Fax: 1-781-255-2122
Email: techsupport@telco.com
BATM Germany—for Northern Europe
Tel: +49-241-463-5490
Fax: +49-241-463-5491
Email: info@batm.de
BATM France—for Southern Europe
Tel: +33-15-671-2773
Fax: +33-14-377-1780
Email: support@batm.fr
Telco Systems, a BATM Company Asia Pacific in Singapore
Tel: +65-6-725-9901
Fax: +65-6-725-9889
Email: enquiryapac@telco.com
Telco Systems Asia Pacific—Japan
Tel: +81-3-5215-5709
Fax: +81-3-5215-5704
Email: info.jp@telco.com
Page 6
Introduction (Rev. 12)
Using the Command Line Interface (CLI)
Table of Contents
Overview ······························································································· 2
Page 1
Using the Command Line Interface (CLI) (Rev. 07)
T-Marc 300 Series User Guide
Overview
CLI is a network management application operating through an ASCII terminal.
Using the CLI commands, users can configure the device parameters and maintain them, receiving
text output on the terminal monitor. These system parameters are stored in a non-volatile memory
and users have to set them up only once.
The device CLI is password protected.
Example:
User Access Verification
Password:batm
T-Marc_3X0>
For more information, refer to the Methods of Managing a Device section of the Device Setup and
Maintenance chapter.
Throughout this guide, we refer to the T-Marc 300 Series device prompt as device-name.
Page 2
Using the Command Line Interface (CLI) (Rev. 07)
T-Marc 300 Series User Guide
View Mode
This is the initial, user-level mode the CLI enters after successfully login on to the CLI. This mode’s
prompt is >:
device-name>
The Privileged (Enable) mode is not password protected by default. However you can configure
password protection by using the enable password command (for more information, refer to the
Device Setup and Maintenance chapter of the user guide).
Configuration Modes
To change the device configuarion, users need to access the Configuration mode. This mode’s
prompt is (config)#.
To access this mode from the Privileged (Enable) mode, use the configure terminal command.
device-name#configure terminal
device-name(config)#
The Configuration mode has various sub-modes for configuring the different device features, as
shown in the below table.
Example
To access the Protocol Configuration mode, use the protocol command in Global Configuration
mode:
device-name(config)#protocol
device-name(cfg protocol)#
Page 3
Using the Command Line Interface (CLI) (Rev. 07)
T-Marc 300 Series User Guide
Page 4
Using the Command Line Interface (CLI) (Rev. 07)
T-Marc 300 Series User Guide
In this format:
• device-name[(config ...)]# represents the prompt displayed by the device. This prompt
includes:
the user-defined device-name
the current CLI mode
• the command keywords and arguments typed by the user
Example:
In the command below:
device-name(config vlan)#create NAME <vlan-id>
Page 5
Using the Command Line Interface (CLI) (Rev. 07)
T-Marc 300 Series User Guide
A.B.C.D An IP address:
10.4.0.4
Minimum Abbreviation
The CLI accepts a minimum number of characters that uniquely identify a command. Therefore
you can abbreviate commands and parameters as long as they contain enough letters to differentiate
them from any other available commands or parameters on the specific CLI mode.
Example
You can type the config terminal command as config t.
device-name#config t
device-name(config)#
In case of an ambiguous entry (when the CLI mode includes more than once command matching
the characters typed), the system prompts for further input.
Example
device-name#con
[%Error] Command incomplete
Page 6
Using the Command Line Interface (CLI) (Rev. 07)
T-Marc 300 Series User Guide
Regular Expressions
Regular expressions are a subset of EGREP and AWK programming-language regular expressions.
Table 3: Common Regular Expressions
Key Function
Page 7
Using the Command Line Interface (CLI) (Rev. 07)
T-Marc 300 Series User Guide
Getting Help
To get specific help on a command mode, keyword, or argument, use one of the following
commands or characters:
Table 4: CLI Help Options
Command Purpose
device-name(config)#help
BiNOS CLID VTY provides advanced help feature.
When you need help,
anytime at the command line please press '?'.
device-name(config)#int
UU/SS/PP ag01 ag02 ag03 ag04
ag05 ag06 ag07 range sw0
Page 8
Using the Command Line Interface (CLI) (Rev. 07)
T-Marc 300 Series User Guide
Command Purpose
device-name(config)#?
aaa Authentication and accounting
method
access-list Set access list definition
alias Enable creating an alias of a
command. An alias is a short form of a command
banner Set the banner string
caps-lock Warn if passwords contains only
CAPITAL letters
cfm Connectivity Fault Management
cpu CPU utilization monitoring
--More—
Page 9
Using the Command Line Interface (CLI) (Rev. 07)
T-Marc 300 Series User Guide
Command Purpose
! The CLI ignores all the characters following ! and up to the next
new line.
Use this option when pasting a file that includes comments into
the CLI:
device-name#show running-config
Building the configuration ...
NOTE
To use ! as an argument, prefix it with \ or inside
double quotes (“).
Page 10
Using the Command Line Interface (CLI) (Rev. 07)
T-Marc 300 Series User Guide
Command Purpose
command | {include | Searches and filters the command output. Use this functionality to
exclude} regular- sort through a large output or to exclude irrelevant output.
expression
• include: displays output lines that contain the regular
expression
• exclude: displays output lines that do not contain the
regular expression
• any regular-expression (text string) found in the show
command output
Example 1
The example below displays only interface output lines:
device-name#show running-config | include interface
Building the configuration ...
interface sw0
interface 1/1/1
interface 1/1/2
interface 1/2/1
interface 1/2/2
interface 1/2/3
interface 1/2/4
interface 1/2/5
interface 1/2/6
interface 1/2/7
interface 1/2/8
interface ag01
interface ag02
interface ag03
interface ag04
interface ag05
interface ag06
interface ag07
Example 2
The example below displays only lines that contain 2:
device-name#show running-config | include 2
password
3090372e3f8bc00eeacc46219f7557485983251a994551f918e
04712f86c5818
ip address 10.4.4.210 255.255.0.0
interface 1/2/2
interface 1/2/3
interface 1/2/4
interface 1/2/5
interface 1/2/6
interface 1/2/7
interface 1/2/8
interface ag02
Page 11
Using the Command Line Interface (CLI) (Rev. 07)
T-Marc 300 Series User Guide
Page 12
Using the Command Line Interface (CLI) (Rev. 07)
T-Marc 300 Series User Guide
General Commands
You can use the following commands in all CLI modes:
Table 6: General Commands
Command Description
Once the alias is assigned, you can execute the command by typing the
alias (sint1) in the relevant mode (Privileged (Enable) mode):
device-name#sint1
Octets 212 In/OutPkts 64 383
Collisions 0 In/OutPkts 65-127 0
Broadcast 0 In/OutPkts 128-255 0
Multicast 0 In/OutPkts 256-511 0
CRCAlignErrors 0 In/OutPkts 512-1023 0
Undersize 0 In/OutPkts 1024-
MaxFrameSize 0
Oversize 0 TotalInPkts 383
Fragments 0 TotalIn/OutPkts 383
Jabbers 0 DropCount 0
DropEvents 0
Last5secInPkts 50 Last5secInBps 409
Last1minInPkts 353 Last1minInBps 408
Last5minInPkts 353 Last5minInBps 81
Last5secOutPkts 0 Last5secOutBps 0
Last1minOutPkts 0 Last1minOutBps 0
Last5minOutPkts 0 Last5minOutBps 0
exit Escapes the current mode and enters the previous mode:
device-name(config-if 1/1/1)#exit
device-name(config)#protocol
device-name(cfg protocol)#exit
device-name(config)#
Page 13
Using the Command Line Interface (CLI) (Rev. 07)
T-Marc 300 Series User Guide
Command Description
device-name(config-if 1/1/1)#quit
Connection to host lost
end Escapes the current mode and enters the Privileged (Enable) mode:
device-name(cfg protocol)#end
device-name#
CLI Messages
The CLI displays relevant messages in response to executed commands:
Table 7: CLI Messages
CLI Message Description
device-name(config)#w
% Ambiguous token : w
% It matches the following tokens : who write
Page 14
Using the Command Line Interface (CLI) (Rev. 07)
Device Setup and Maintenance
Table of Contents
Table of Figures ······················································································ 3
Overview ······························································································· 4
Page 1
Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Page 2
Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Table of Figures
Figure 1: Initial Device Configuration ·························································· 4
Figure 2: Management Methods································································· 5
Figure 3: A Telnet Server Example ····························································27
Page 3
Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Overview
This chapter provides the initial necessary information for accessing a T-Marc 300 Series device,
password configuration, saving new configuation parameters, and reload options.
To start a T-Marc 300 Series device, follow the installation guide instructions about installing, and
powering on the device.
Below are the first steps for initializing and configuring the T-Marc 300 Series device.
Start
End
Page 4
Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
2. Connect the other side of the cable to your PC’s serial port.
3. Set the PC port to 9600-N-8-1 or:
9600 bps
no parity
8 data bits
1 stop bit
no flow control
Page 5
Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
///////////////////////////////////////////////////////////////////////////
// //
// //
// B A T M A d v a n c e d C o m m u n i c a t i o n s //
// //
// T e l c o S y s t e m s //
// //
// Device model : T-Marc 380 //
// Product Category : AccessEthernet(TM) //
// SW version : 10.1 created Mar 17 2010 - 20:19:58 //
// //
// //
///////////////////////////////////////////////////////////////////////////
Password:
Page 6
Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
6. Configure the device IP address and subnet mask (the default IP address is 20.20.5.254/16):
device-name(config)#ip address <A.B.C.D/M>
7. Define the default gateway IP address (if the host is on a different subnet):
device-name(config)#ip route 0.0.0.0/0 <A.B.C.D>
10. Connect your PC to a device port that is in VLAN 1 (by default all the device ports are
members of this VLAN. For more information on VLANs, refer to the Configuring VLANs
and Super VLANs chapter of this User Guide).
11. Open a Telnet session and type the device IP address to connect to the device.
Page 7
Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Caution
To protect your device from unauthorized access, change all default passwords as
soon as possible.
Password Recovery
Password recovery techniques enable users to recover lost and forgotten passwords. There are two
available password-recovery methods:
Page 8
Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
password Configures the View mode password (see Configuring the View
Mode Password)
enable password Configures the Privileged (Enabled) mode password (see
Configuring the Privileged (Enabled) Mode Password)
password loader Configures the boot loader password (see Configuring the
Loader Mode Password)
caps-lock passwords Notifies the user when <Caps Lock> is activated, while changing
warning or typing a password (see Enabling/Disabling Caps Lock
Notification)
Command Syntax
device-name(config)#password PASSWORD CONFIRM-PASSWORD
Argument Description
PASSWORD An alphanumeric, case sensitive field of up to 64 characters (blank
spaces are not allowed)
batm
CONFIRM-PASSWORD Retype the password for confirmation
Example
The following example sets the View mode password to device12:
device-name(config)#password device12 device12
After setting the new password, use this password upon entering the device console:
Password:device12
device-name>
Page 9
Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#enable password PASSWORD CONFIRM-PASSWORD
device-name(config)#no enable password
Argument Description
PASSWORD An alphanumeric, case sensitive field of up to 64 characters (blank
spaces are not allowed)
The Privileged (Enabled) mode does not require a password. However,
once you define this password, users are required to type the password
to enter this mode.
CONFIRM-PASSWORD Retype the password for confirmation
no Removes the mode’s password
Example
The following example sets the Privileged (Enabled) password to device12:
device-name(config)#enable password device12 device12
After setting the new password, use this password upon entering the Privileged (Enable) mode:
device-name>enable
Password:device12
device-name#
Command Syntax
device-name(config)#password loader PASSWORD CONFIRM-PASSWORD
Argument Description
PASSWORD An alphanumeric, case sensitive field of up to 20 characters (blank
spaces are not allowed)
batm
CONFIRM-PASSWORD Retype the password for confirmation
Page 10
Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Example
The following command sets the Loader mode password to loaderp:
device-name(config)#password loader loaderp loaderp
After setting the new password, use this password upon entering the Loader mode:
User Access Verification
Password: loaderp
Loader>
Command Syntax
device-name(config)#caps-lock passwords warning {on | off}
Argument Description
on Enables caps lock notification
Caps lock notification is enabled
off Disables caps lock notification
Example
device-name(config)#caps-lock passwords warning on
device-name(config)#password batm batm
device-name(config)#password BATM BATM
% Warning! The password typed is all in uppercase characters. Please check if
your CapsLock key is not pressed by mistake.
Page 11
Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#ip address A.B.C.D [/M | A2.B2.C2.D2]
Argument Description
A.B.C.D The device’s primary IP address
20.20.5.254/16
/M (Optional) the IP address subnet-mask, in the range of <1–30>
A2.B2.C2.D2 (Optional) the IP address subnet-mask, in an IP format
Example
device-name(config)#ip address 100.1.2.3/16
Page 12
Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
NOTE
You have to configure the device’s primary IP address prior to configuring the
secondary one, otherwise the following prompt is displayed on the terminal:
% There is no primary address.
Command Syntax
device-name(config-if sw0)#ip address A.B.C.D [/M | A2.B2.C2.D2] secondary
device-name(config-if sw0)#no ip address A.B.C.D [/M | A2.B2.C2.D2] secondary
Argument Description
A.B.C.D The device’s secondary IP address
/M (Optional) the IP address subnet-mask, in the range of <1–30>
A2.B2.C2.D2 (Optional) the IP address subnet-mask, in an IP format
secondary Specifies that this is a secondary IP address
no Removes the secondary address (you cannot remove the primary IP
address)
Example
device-name(config)#interface sw0
device-name(config-if sw0)#ip address 100.1.2.3/16 secondary
Page 13
Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#[no] ip route A.B.C.D {/0 | 0.0.0.0} A2.B2.C2.D2
Argument Description
A.B.C.D The destination network IP-address
/0 The destination network subnet-mask (the only permitted destination
subnet-mask is 0)
0.0.0.0 The destination network mask, in an IP format
A2.B2.C2.D2 The gateway IP address
no Removes the specified destination network
Command Syntax
device-name#show ip
Example
device-name#show ip
IP-ADDR : 100.1.2.3 NET-MASK : 255.255.0.0
Page 14
Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Displaying Routes
The show ip route command displays the static and directly connected (via configured IP
interfaces) routes.
Command Syntax
device-name#show ip route
Example
device-name#show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, > - selected route, * - FIB route
Page 15
Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Telnet Commands
T-Marc 300 Series devices have an internal Telnet server and client:
• You can connec to the device with a Telnet client (up to five concurrent sessions)
• You can connect to a remote host using the device’s internal Telnet client
Page 16
Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Command Syntax
device-name#telnet A.B.C.D [<port-num>]
Argument Description
A.B.C.D The remote host’s IP address
port-num (Optional) specifies a port number for the service, in the range of
<1–65535>
port 23
Command Syntax
device-name(config)#telnet {start | stop}
Argument Description
start Enables the Telnet server, allowing remote hosts to connect the device via
Telnet
Telnet server is enabled
stop Disables the Telnet server. Executing this command terminates any open
Telnet connections immediately.
Page 17
Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Command Syntax
device-name>who
device-name#who
Example
device-name#who
Codes: > - current session, * - configuring
vty on console connected on console.
>vty on telnet [1] connected from 10.2.71.137.
Command Syntax
device-name#session
Example
device-name#session
your current session is: 2
Page 18
Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Command Syntax
device-name#session kill <session-number>
Argument Description
session-number The Telnet session number, in the range of <1–101>
Page 19
Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
or
<Ctrl+]>
Example
device-name#telnet 192.0.103.13
connecting to 192.0.103.13...
current session is 4.
...
device-name(config)#<ctrl+shift+6>
choose session to device to:
the current session is 4
your sessions are 0 4 > 0
current session is 0.
Page 20
Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Page 21
Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
line vty Enters the VTY Configuration mode (see Accessing the VTY
Configuration Mode)
hostname Configures the device’s hostname (see Configuring the Device
Name)
exec-timeout Defines the VTY connection timeout (see Defining the VTY
Connection Timeout)
access-list Creates ACLs to restrict device management for specific IP
addresses (see Creating ACLs for Restricting Telnet and SSH
Access to the Device)
access-class Filters Telnet and SSH connections to the device (see
Applying ACLs for Filtering Telnet/SSH Connections)
terminal length Defines the number of commands lines displayed on the
terminal screen (see Defining the Terminal Length)
service terminal-length
service advanced-vty Enables the advanced VTY mode (see Enabling the Advanced
VTY Mode)
show access-lists Displays the applied VTY ACLs (see Displaying Applied ACLs)
Command Syntax
device-name(config)#line vty
device-name(config-vty)#
Page 22
Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#hostname HOSTNAME
device-name(config)#no hostname
Argument Description
HOSTNAME An alphanumeric, case sensitive string of up to 30 characters (the string
must follow ARPANET rules for host names)
T-Marc
no Restores the default device name
Example
device-name(config)#hostname Demarc1
Demarc1(config)#
Command Syntax
device-name(config-vty)#exec-timeout [<minutes> [<seconds>] | unlimited]
device-name(config-vty)#no exec-timeout
Argument Description
minutes (Optional) the timeout, in the range of <0–35791> minutes (setting a
zero timeout means no timeout)
10 minutes
seconds (Optional) the timeout value in the range of <0–59> seconds
unlimited (Optional) unlimited timeout value
no Sets an unlimited timeout value
Page 23
Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Example
device-name(config-vty)#exec-timeout 3
device-name(config-vty)#exec-timeout
exec-timeout 3 min 0 sec
Command Syntax
device-name(config)#access-list <ACL-NAME> {deny | permit} {any | SOURCE-MASK
[exact-match]}
device-name(config)#no access-list <ACL-NAME> [deny | permit] [any | SOURCE-
MASK [exact-match]]
Argument Description
ACL-NAME The ACL name
deny Denies access if conditions are matched
permit Permits access if conditions are matched
any The ACL is relevant to any source address
SOURCE-MASK The management source mask-bits. You can specify the source mask in one
of the below options:
• An IP address format, place ones (1) in the bit positions that should be
ignored
• /M (the IP mask in the range of <1–30>)
exact-match (Optional) prefixes exact matching
no Clears the specified ACL
Example
device-name(config)#access-list batm1 deny 192.98.0.0/16
device-name(config)#access-list batm2 permit 192.0.0.0/8
Page 24
Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-vty)#access-class ACL-NAME
device-name(config-vty)#no access-class [ACL-NAME]
Argument Description
ACL-NAME Restricts the Telnet connections to the addresses specified in the ACL
no Removes access restrictions. If you do not specify an ACL-NAME, this
command removes all access classes
Command Syntax
device-name>terminal length <number-of-lines>
device-name>no terminal length
Argument Description
number-of-lines The number of lines displayed, in the range of <0–512>
A value of zero removes the limit.
25 lines
no Restores to default
Page 25
Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
To access the device View mode, type the disable command in Privileged mode.
Command Syntax
device-name(config)#service advanced-vty
device-name(config)#no service advanced-vty
Argument Description
no Disables the advanced VTY mode
VTY mode is disabled
Example
device-name(config)#service advanced-vty
...
User Access Verification
Password:
device-name#
Command Syntax
device-name#show access-lists
Example
device-name(config)#access-list batm1 deny 192.98.0.0/16
device-name(config)#access-list batm2 permit 192.0.0.0/8
device-name(config)#end
device-name#show ip access-lists
access-list batm1 deny 192.98.0.0/16
access-list batm2 permit 192.0.0.0/8
Page 26
Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Configuration Example
The following example shows how to restrict Telnet connections to one IP address:
1. Create an access list named Management to allow a Telnet connection only to management
station 212.192.50.2:
device-name(config)#access-list Management permit 212.192.50.2/32
Page 27
Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
banner motd default Enables the default MOTD string display (see Enabling/Disabling
the Default-MOTD)
banner set Enters a specified string to a single-line MOTD (see Configuring a
Single-line MOTD)
banner set multiline Enters a specified string to multi-line MOTD (see Configuring a
Multi-line MOTD)
Command Syntax
device-name(config)#banner motd default
device-name(config)#no banner
Argument Description
no Disables the default banner
MOTD is disabled
Page 28
Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Example
device-name(config)#banner motd default
device-name(config)#end
device-name#write
Building the configuration …
Configuration is successfully written to NVRAM
device-name#reload no-save
...
Hello, this is OS CLI
Password:
Command Syntax
device-name(config)#banner set MOTD-STRING
device-name(config)#no banner
Argument Description
MOTD-STRING An alphanumeric string of up to 1024 characters, including blank
spaces and other characters except for a question mark (?)
no Removes the configured MOTD
Example
device-name(config)#banner set DO NOT CHANGE CONFIGURATION WITHOUT NOTICING THE
SYSADMIN!
device-name(config)#end
device-name#write
Building the configuration ...
Configuration is successfully written to NVRAM
device-name#reload no-save
...
Page 29
Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#banner set multiline
> MOTD-STRING
device-name(config)#no banner
Argument Description
> MOTD-STRING An alphanumeric string of up to 1024 characters, including blank
spaces and other characters except for a question mark (?).
Type the caret (^) character on the last line to end the multi-line MOTD.
no Removes the banner
Example
device-name(config)#banner set multiline
% Enter a multiline text. Finish with '^' string at the beginning of a row
>this is
>multi-line
>text
^
device-name(config)#end
device-name#write
Building the configuration ...
Configuration is successfully written to NVRAM
device-name#reload no-save
...
this is
multi-line
text
Page 30
Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
write memory Saves the running configuration to the NVRAM (see Saving the Device’s
Running Configuration)
write erase Restoring the device configuration to factory defaults, erasing the
configuration stored on the NVRAM (see Restoring Factory Defaults’
Configuration)
write terminal Displays the current running configuration information (see Displaying
show running- the Device’s Running Configuration)
config
show startup- Displays the startup configuration (see Displaying the Device’s Start-up
config Configuration)
Command Syntax
device-name#write [memory]
Page 31
Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Command Syntax
device-name#write erase
Command Syntax
device-name#write terminal
device-name#show running-config [acl | cfm | dns | fpga | igmp | lag | log |
monitor-session | oam | port | protocol | ptp | qos | rmon | rtr | saa | snmp |
super-vlan | sw-watchdog | switch-monitoring | time-server | vlan]
Example 1
device-name#write terminal
Building the configuration ...
! Current Configuration:
!
! T-Marc 380
!
password 3090372e3f8bc00eeacc46219f7557485983251a994551f918e04712f86c5818
ip address 3.0.0.1 255.0.0.0 .
Example 3
device-name#show running-config port
Building the configuration ...
! Port Configuration:
!
interface 1/1/1
!
interface 1/1/2
!
interface 1/2/1
Page 32
Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
!
interface 1/2/2
!
interface 1/2/3
!
interface 1/2/4
!
interface 1/2/5
!
interface 1/2/6
!
interface 1/2/7
!
interface 1/2/8
...
Command Syntax
device-name#show startup-config
Page 33
Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
NOTE
The device’s running configuration stored on the device RAM is erased upon the
device reload, unless you save it to the device’s startup configuration.
To save the running configuration, refer to Saving the Device’s Running
Configuration.
Command Syntax
device-name#reload [save | no-save | to-defaults]
Argument Description
save (Optional) saves the running configuration to NVRAM and reloads the
device
save
no-save (Optional) does not save the running configuration to NVRAM and reloads
the device
to-defaults (Optional) reloads the device and resets the device configuration to its
factory defaults
Example 1
Saving the running configuration and reloading the device (the save keyword is optional):
device-name#reload save
save current configuration and reboot the switch ? [y/n]: y
Rebooting ...
Example 2
Reloading the device without saving the running configuration:
device-name#reload no-save
Proceed with reload ? [y/n] : y
Rebooting ...
Page 34
Device Setup and Maintenance (Rev. 09)
T-Marc 300 Series User Guide
Supported Platforms
Features T-Marc 340 T-Marc 380
Accessing the Device No standards are No MIBs are RFC 854, Telnet
using Telnet supported by this supported by this Protocol Specification
feature. feature.
VTY (Virtual Telnet No standards are No MIBs are RFC 791, Internet
Type) Commands supported by this supported by this Protocol DARPA
feature. feature. Internet Program
Protocol
Specifications
Configuring ACLs No standards are Private MIB, No RFCs are
supported by this prvt_switch_access_li supported by this
feature. st.mib feature.
Creating a Banner No standards are No MIBs are RFC 791, Internet
supported by this supported by this Protocol DARPA
feature. feature. Internet Program
Protocol
Specifications
Saving and Displaying No standards are No MIBs are RFC 1350, The TFTP
the Device supported by this supported by this Protocol (Revision 2)
Configuration feature. feature.
How to Reload the No standards are No MIBs are RFC 1350, The TFTP
Device supported by this supported by this Protocol (Revision 2)
feature. feature.
Page 35
Device Setup and Maintenance (Rev. 09)
Device Administration
Table of Figures ······················································································ 3
Page 1
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Page 2
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Table of Figures
Figure 1: Obtaining an IP Address from a DHCP Server ································· 106
Figure 2: Rate Limit Mechanism ····························································· 112
Page 3
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Page 4
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Whereas MAC addressing works at the data link layer (layer 2), IP addressing functions at the
network layer (layer 3). MAC addresses are also known as hardware or physical addresses.
The MAC Address table holds the source MAC address, VLAN ID, MAC address priority and
port number.
Page 5
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
• Multicast entries—Multicast entries are multicast MAC addresses that were created dynamically
by multicast protocol. The multicast entry is removed via the mac-address-table command,
multicast entries are added via the ip igmp snooping dynamic/static command.
For more information refer to the Configuring Multicast Layer 2 chapter of this User Guide.
NOTE
Only the dynamic MAC addresses age out.
You can remove MAC addresses (except Self) from the MAC Address table by using
one of the clear mac-address-table commands.
Page 6
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Page 7
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
clear mac-address-table Clears a specific entry from the MAC address table
(see Clearing a MAC Address Table)
no mac-address-table
Page 8
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#mac-address-table {static | dynamic | secure}
HH:HH:HH:HH:HH:HH interface {UU/SS/PP | ag0N} vlan <vlan-id>
Argument Description
static Adds a static entry.
dynamic Adds a dynamic entry.
secure Adds a secure entry for the secured port feature.
HH:HH:HH:HH:HH:HH Destination MAC address to be added to the MAC Address table.
Packets with this destination address received on a specific VLAN
are forwarded to the specified interface.
UU/SS/PP Port to which the received packets are forwarded.
ag0N The link aggregation ID (ag01, ag04–ag07). The allowed ID is in
the range of <1–7>.
vlan <vlan-id> Specifies a VLAN for which the packet with the desired MAC
address is received. The VLAN ID is in the range <2–4094>.
service <service ID> The service unique service identifier, in the range <1–
4294967295>.
sap SAPSTRING The SAPSTRING has the forms:
• UU/SS/PP:CVLANID:—use it if you configure the SAP on a
port
• AG0N:CVLANID:—use it if you configure the SAP on a link
aggregation
The C-VLAN ID is in the range of <1–4094>
Page 9
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#mac-address-table filtered HH:HH:HH:HH:HH:HH vlan <vlan-
id>
device-name(config)#no mac-address-table filtered HH:HH:HH:HH:HH:HH [interface
UU/SS/PP | vlan <vlan-id>]
Argument Description
HH:HH:HH:HH:HH:HH Destination MAC address to be filtered. Packets with this destination
address received on the specified VLAN are filtered.
vlan <vlan-id> Specifies the VLAN for which the packet with the specified MAC
address is filtered. The valid range is <2–4094>.
UU/SS/PP The interface's unit/slot/port.
no Removes entries from the MAC address table.
Example
device-name(config)#mac-address-table filtered 00:A0:12:02:03:04 vlan 2496
Page 10
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
NOTE
The actual aging time period of the MAC address table may be any time period
between the specified value and twice the specified value.
By default, the aging-time value is 300 seconds.
Command Syntax
device-name(config)#mac-address-table aging-time <time>
device-name(config)#no mac-address-table aging-time
Argument Description
time Specifies how many seconds the address of a learned device remains on the
list of stations connected to your device. The address is removed from the list of
stations if no frame is received from that device during the aging time interval.
If the value assigned to the aging time is too short, this may increase the
amount of packets received by the device with unknown destinations and cause
the device to flood such packets to all ports in the VLAN. If the value assigned
to the aging time is too long, the MAC Address table may be loaded with
addresses that are no longer in use.
MAC address table aging time is in the range <10–1000000> seconds.
no Restores to default
Example
The following example sets the MAC Address aging time to 1500 seconds (25 minutes):
device-name(config)#mac-address-table aging-time 1500
Page 11
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#learning new-address {enable | disable}
Argument Description
enable Enables new MAC address learning.
disable Disables new MAC address learning. When learning is disabled, no new MAC
addresses will be learned in the MAC address table and the unicast traffic will
be flooded to all the relevant ports (depending on the VLAN configuration).
When MAC address learning is disabled, no new MAC addresses are learned in the MAC address
table on the selected port.
The unicast traffic that is destined to devices connected to this port is flooded to the relevant ports.
By default, the learning is enabled.
NOTE
For the port limit feature to function correctly, enable first learning new-address per
port or globally.
Page 12
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-if UU/SS/PP)#port learning new-address {enable | disable}
Argument Description
enable Enables the MAC address learning.
disable Disables the MAC address learning.
Example 1
device-name(config)#interface range 1/1/1
device-name(config-if-group)#port learning new-address enable
Example 2
device-name(config)#interface range ag01
device-name(config-ag-group)#port learning new-address disable
Command Syntax
device-name#clear mac-address-table [dynamic | filtered | secure | static]
service <service ID> [sap SAPSTRING | sdp SDPSTRING]
Page 13
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Argument Description
dynamic (Optional). Only dynamic MAC address(es) are cleared.
filtered (Optional). Only filtered MAC address(es) are cleared.
secure (Optional). Only secure MAC address(es) are cleared.
static (Optional). Only static MAC address(es) are cleared.
multicast Only multicast MAC address(es) are cleared.
address (Optional in the clear mac-address-table command). MAC address
HH:HH:HH:HH:HH:HH to be cleared, if it complies with all other specified arguments.
interface UU/SS/PP (Optional). Removes the MAC address(es) on the specified
interface.
vlan <vlan-id> (Optional). Removes the MAC address(es) on the specified VLAN.
The VLAN ID is in the range <2–4094>.
service <service ID> The service unique service identifier, in the range <1–4294967295>.
sap SAPSTRING The SAPSTRING has the forms:
• UU/SS/PP:CVLANID: —use it if you configured the SAP on a
port
• ag0N:CVLANID:—use it if you configured the SAP on a link
aggregation
The C-VLAN ID is in the range of <1–4094>.
sdp SDPSTRING The SDPSTRING has the forms:
• UU/SS/PP:SVLANID:—use it if you configured the SDP on a
port
• ag0N:SVLANID:—use it if you configured the SDP on a link
aggregation
The S-VLAN ID is in the range of <1–4094>.
NOTE
If you do not specify an argument, all MAC addresses are removed (except for the
self entries).
Page 14
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax
device-name#show mac-address-table [dynamic | filtered | multicast | secure |
static | self] [address HH:HH:HH:HH:HH:HH] [vlan <vlan-id>] [interface
UU/SS/PP]
Argument Description
dynamic (Optional) information is displayed only about the dynamic MAC
address(es).
filtered (Optional) information is displayed only about the filtered MAC
address(es).
multicast (Optional) information is displayed only about the multicast MAC
address(es).
secure (Optional) information is displayed only about the secure MAC
address(es).
static (Optional) information is displayed only about the static MAC
address(es).
self (Optional) information is displayed only about the device MAC
address.
count Displays the number of MAC addresses in the MAC address table.
service <service ID> The service unique service identifier, in the range <1–4294967295>.
sap SAPSTRING The SAPSTRING has the forms:
• UU/SS/PP:CVLANID: —use it if you configured the SAP on a
port
• ag0N:CVLANID:—use it if you configured the SAP on a link
aggregation
The C-VLAN ID is in the range of <1–4094>.
Page 15
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
NOTE
If you do not specify any argument, the show mac-address-table command
displays the entire MAC address table.
Example
Display the entire MAC address table:
device-name#show mac-address-table
===+=======+===================+========+================+==========|
# | VID | Mac | PORT | STATUS | PRIORITY |
---+-------+-------------------+--------+----------------+----------+
1 | 0001 | 00:00:00:00:11:22 | 1/1/1 | static | 0 |
2 | 0001 | 00:40:95:30:0e:8f | 1/1/2 | dynamic | 0 |
3 | 0001 | 00:A0:12:05:36:80 | | self | 0 |
4 | 0001 | 01:00:5e:11:22:33 | | multicast | 0 |
5 | 0001 | 01:00:5e:11:22:44 | | multicast | 0 |
6 | 0001 | 01:00:5e:11:22:55 | | multicast | 0 |
Command Syntax
device-name(config)#mac-address-table learning-display interfaces PORT LIST
device-name(config)#no mac-address-table learning-display interfaces PORT LIST
Page 16
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Argument Description
vlan VLAN LIST List of source VLAN IDs. Use commas as separators and hyphens
to indicate sub-ranges (e.g. 2–4,8). The VLAN IDs are in the range
<2–4094>.
interface PORT LIST Port list, in the form u[[/s[/p]]][-u[[/s[/p]]][,u[[/s[/p]]]]], etc.
Use commas as separators and hyphens to indicate sub-ranges
(for example, 1/1/1,1/2/1–1/2/3). Blank spaces are not allowed.
vlan <vlan-id> Specifies the VLAN for which enables or disables displaying the
learned MAC addresses. The VLAN ID is in the range <2–4094>.
interface UU/SS/PP Specifies the interface for which enables or disables displaying the
learned MAC addresses.
Example 1
The following example shows the command that hides the MAC addresses that are learned on
interface 1/1/1:
device-name#show mac-address-table
===+========+====================+==========+===========+==========
# | VID | Mac | PORT | STATUS | PRIORITY|
---+--------+--------------------+----------+-----------+---------+
1 | 0001 | 00:80:00:00:03:01 | 1/1/1 | dynamic | 0 |
2 | 0001 | 00:80:1e:15:60:76 | 1/1/1 | dynamic | 0 |
3 | 0001 | 00:A0:12:00:00:02 | | self | 0 |
4 | 0010 | 00:A0:12:00:00:02 | | self | 0 |
Page 17
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Example 2
The following example shows the command that hides the MAC addresses that are learned on
VLANs 1 to 9:
device-name#show mac-address-table
===+========+======================+========+===========+===========
# | VID | Mac | PORT | STATUS | PRIORITY |
---+--------+----------------------+--------+-----------+----------+
1 | 0001 | 00:80:00:00:03:01 | 1/1/1 | dynamic | 0 |
2 | 0001 | 00:80:1e:15:60:76 | 1/1/1 | dynamic | 0 |
3 | 0001 | 00:A0:12:00:00:02 | | self | 0 |
4 | 0010 | 00:A0:12:00:00:02 | | self | 0 |
Example 3
The following example enables displaying the MAC addresses that are learned on VLANs 1 to 9:
device-name(config)#mac-address-table learning-display vlan 1-9
device-name(config)#exit
device-name#show mac-address-table
===+========+======================+=========+==========+===========
# | VID | Mac | PORT | STATUS | PRIORITY |
---+--------+----------------------+---------+----------+----------+
1 | 0001 | 00:80:00:00:03:01 | 1/1/1 | dynamic | 0 |
2 | 0001 | 00:80:1e:15:60:76 | 1/1/1 | dynamic | 0 |
3 | 0001 | 00:A0:12:00:00:02 | | self | 0 |
4 | 0010 | 00:A0:12:00:00:02 | | self | 0 |
Page 18
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax
device-name#show mac-address-table hash-depth
device-name(config)#mac-address-table hash-depth <value>
device-name(config)#no mac-address-table hash-depth
Argument Description
value The maximum lookup hash chain length in the range <2–16>. Only even values
are allowed.
no Sets default value of the MAC address table hash chain.
Example
device-name#show mac-address-table hash-depth
Max hash chain length is 14
Command Syntax
device-name#show mac-address-table aging-time
Example 1
The following example shows how to display the currently configured aging time:
device-name#show mac-address-table aging-time
aging time is 1500 seconds
Example 2
The following example shows how to display the currently configured no aging time:
device-name#show mac-address-table aging-time
Page 19
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
aging is off
Page 20
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
ARP Table
Overview
ARP table provides mapping between the IP address and the MAC address of the device. It is built
dynamically.
===+==================+=================+========+========+=========+
# | IP Address | MAC |Age(min)| if | Type |
---+------------------+-----------------+--------+--------+---------+
0 | 10.0.0.10 |00:00:00:00:00:10| 1 | sw0 | Static |
When you want to send a packet to a local host, the software looks the IP in the ARP cache. After
finding the IP address, the software gets the MAC address, constructs an Ethernet header with the
correct source/destination MAC addresses, and sends it.
If the MAC address is not found for a specific IP, the device broadcasts an ARP request to every
host on Ethernet in order to learn it.
clear ip arp Clears dynamic and static entries learned in the ARP table
(see Clearing the ARP Table)
show ip arp Displays IP addresses learned by ARP packets
(see Displaying the ARP Table)
Command Syntax
device-name#clear ip arp [dynamic | static]
Argument Description
dynamic (Optional) clears only dynamic learned entries in the ARP table.
static (Optional) clears only the static learned entries in the ARP table.
Page 21
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
NOTE
You can store static MAC entries if implementing a static CPU cache when using
the ip arp command. BiNOS first looks up in this static CPU cache before looking
up in the cache containing dynamic MAC entries.
Command Syntax
device-name#show ip arp
Example
device-name#show ip arp
===+==================+=================+========+========+=========+
# | IP Address | MAC |Age(min)| if | Type |
---+------------------+-----------------+--------+--------+---------+
0 | 10.0.0.10 |00:00:00:00:00:10| 2 | sw0 | Dynamic|
Page 22
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Page 23
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Page 24
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#script-file-system
device-name(config script-file-system)#
Command Syntax
device-name(config script-file-system)#copy running-config [FILE-NAME]
Argument Description
FILE-NAME (Optional) the name of the destination file, in the script-file system. If no file
name is specified, a default name (running_config.cfg.) is assigned.
Example
device-name(config script-file-system)#copy running-config
building the configuration ...
Saving script file "flash:/Usr/running_config.cfg" to file system...
Done
NOTE
To execute this command, the startup configuration should be stored on the device.
Command Syntax
device-name(config script-file-system)#copy startup-config [FILE-NAME]
Page 25
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Argument Description
FILE-NAME (Optional). The name of the destination file, in the script-file system. If no file
name is specified, a default name (startup_config.cfg.) is assigned.
Example
device-name(config script-file-system)#copy startup-config
Saving script file "flash:/Usr/startup_config.cfg" to file system...
Done
Copying a File
The copy command saves a copy of a file into the script file system.
Argument Description
device/ (Optional) the device from which the file is copied. It can be a TFTP server
(in format tftp://A.B.C.D ), the local Flash system (in format flash:/), or a
SFTP/FTP server (in format sftp://user:pass@A.B.C.D)
path (Optional) the path to the location where the file is copied.
protocol, Specifies the protocol type.
protocol1
user, user1 Optional) specifies the name of the user performing the operation.
pass, pass1 (Optional) specifies the password that authenticates the specified
username. Symbol (@) following the password is required.
• For the TFTP server, not need to specify the user, password and port
• For the FTP server, no need to specify the port number
host Specifies the server IP address in A.B.C.D format.
Page 26
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Example
The following command copies a file from a TFTP server to the local /Usr directory:
device-name(config script-file-system)#copy tftp://10.0.0.60/test usr/test1
The following command copies a file from the local Flash root directory to a remote TFTP server:
device-name(config script-file-system)#copy flash:/profile.cfg
tftp://10.0.0.60/profile.cfg
Command Syntax
device-name(config script-file-system)#run FILE-NAME
Argument Description
FILE-NAME The name of the script file, in the script-file system.
Example
device-name(config script-file-system)#run test1
Executing configuration script …
Configuration from file complete
Command Syntax
device-name(config script-file-system)#attrib FILE-NAME
Page 27
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Argument Description
FILE-NAME The name of the file, which attributes must be configured, in the script-file
system.
Example
device-name(config script-file-system)#attrib run1
Read-only : -
Hydden : -
System : -
Archive : -
Command Syntax
device-name(config script-file-system)#rename [[device/]path/]file-name new-
file-name
Argument Description
device/ (Optional) The device on which the file to be renamed is stored. Can
only be flash:/ (the local Flash system).
path (Optional) The device and the path to the file to be renamed. The
path should end with the name of the file.
file-name The original name of the file to be renamed.
new-file-name The new name assigned to the file.
Moving a File
The move command removes a file from its current location and places it at a new location. The
name of the file can be optionally changed.
Page 28
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Argument Description
device/ (Optional) the device from which the file is moved. It can be a TFTP/FTP
server (in format tftp://A.B.C.D, or ftp://user:pass@A.B.C.D),, or the local
Flash system (in format flash:/)
path (Optional) the path to the location where the file is moved.
protocol, Specifies the protocol type.
protocol1
user, user1 Optional) specifies the name of the user performing the operation.
pass, pass1 (Optional) specifies the password that authenticates the specified
username. Symbol (@) following the password is required.
• For the TFTP server, not need to specify the user, password and port
• For the FTP server, no need to specify the port number
host Specifies the server IP address in A.B.C.D format.
port, port1 (Optional) specifies the port number.
file-name The source file name.
device1/ (Optional) the device to which the file is moved. It can be a TFTP/FTP
server (in format tftp://A.B.C.D, or ftp://user:pass@A.B.C.D),, or the local
Flash system (in format flash:/)
path1 (Optional) the path to the location where the file is moved.
file-name1 The destination file name.
NOTE
The specified file is removed without requesting your confirmation.
Page 29
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Argument Description
device/ (Optional) the device from which the file is removed. It can be a SFTP
server (in format sftp://user:pass@A.B.C.D), or the local Flash system (in
format flash:/)
path (Optional) the path to the location where the file is removed.
user Optional) specifies the name of the user performing the operation.
pass (Optional) specifies the password that authenticates the specified
username. Symbol (@) following the password is required.
host Specifies the server IP address in A.B.C.D format.
file-name The name of the file to be removed.
Argument Description
device/ (Optional) the device from which the file content is displayed. It can be the
Flash local system (in format flash:/)
path (Optional) the path to the location where the file content is displayed.
file-name The name of the file which content is displayed.
dump (Optional) hex format.
START (Optional) start offset.
Example
device-name(config script-file-system)#display test1
*********** FILE START *********
! T-Marc-380 Version 10.1.TMC3
!
password 3090372e3f8bc00eeacc46219f7557485983251a994551f918e04712f86c5818
ip address 1.0.0.1 255.0.0.0
interface sw0
!
…
!
! Technical Support Information Configuration:
!
Page 30
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax
device-name(config script-file-system)#dir
device-name>show script-file-system
device-name#show script-file-system
Example 1
device-name(config script-file-system)#dir
Example 2
device-name(config script-file-system)#show script-file-system
flash:/Usr/.
flash:/Usr/..
flash:/Usr/test1.cfg
flash:/Usr/running_config.cfg
Listing Files
The ls command lists files in Flash memory file system.
Command Syntax
device-name(config script-file-system)#ls
Page 31
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Example
device-name(config script-file-system)#ls
Listing Directory flash:/Usr:
d S 2048 Jan 1 1993 00:59 ./
d 2048 Jan 1 1993 00:00 ../
- 176 Jan 1 1993 03:18 profile.cfg
- 5804 Jan 1 1993 00:12 acl.cfg
- 7069 Jan 1 1993 00:29 snmp.cfg
Command Syntax
device-name(config script-file-system)#help
Page 32
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
File System
Overview
The Flash file system (also called Flash:) provides commands for defining, downloading, and
deleting software images and configuration files stored in a Flash memory. In addition, users can
define the different Loader parameters using the Flash file system.
NOTE
The system directories are locked for editing.
Page 33
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
copy Copies a file from a TFTP server or from the local Flash system to the
specified path (see Copying a File)
rename Renames a file (see Renaming a File)
move Removes a file from its current location and places it at a new location
(see Moving a File)
del Deletes a specified file (see Deleting a File)
display Displays the contents of a text file (see Displaying the File Contents)
Page 34
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax
Loader>format [DEVICE-NAME]
device-name#format [DEVICE-NAME]
Argument Description
DEVICE-NAME The device name, valid device can be flash:/
Command Syntax
Loader>mkdir PATH
device-name#mkdir PATH
Argument Description
PATH The destination path (directory) ends with the new directory that is created. The
directory name is a case insensitive string.
Deleting a Directory
The rmdir command deletes a directory.
Command Syntax
Loader>rmdir [PATH]
device-name#rmdir [PATH]
Argument Description
PATH The path ends with the directory to be deleted. The directory name is a case
insensitive string.
Page 35
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
NOTE
Non-empty and system directories cannot be removed.
Command Syntax
Loader>dir [PATH]
device-name>dir [PATH]
device-name#dir [PATH]
Argument Description
PATH (Optional) the name of a selected directory, which contents is displayed. The
directory name is a case insensitive string.
Command Syntax
Loader>pwd
device-name#pwd
Copying a File
The copy command copies a file from a TFTP/FTP/SFTP server or from the local Flash system
to another location. The name of the file can be optionally changed.
Page 36
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
device-name#copy protocol://[user[:pass]@]host[:port]/file-name
protocol1://[user1[:pass1]@]host1[:port1]/file-name1
Argument Description
device (Optional) the device from which the file is copied. It can be a TFTP server
(in format tftp://A.B.C.D ), the local Flash system (in format flash:/), or a
SFTP/FTP server (in format sftp://user:pass@A.B.C.D)
dath (Optional) the path to the location where the file is copied.
protocol, Specifies the protocol type.
protocol1
user, user1 Optional) specifies the name of the user performing the operation.
pass, pass1 (Optional) specifies the password that authenticates the specified
username. Symbol (@) following the password is required.
• For the TFTP server, not need to specify the user, password and port
• For the FTP server, no need to specify the port number
host Specifies the server IP address in A.B.C.D format.
port, port1 (Optional) specifies the port number.
file-name The source file name.
device1/ (Optional) the device to which the file is copied. It can be a TFTP server (in
format tftp://A.B.C.D ), the local Flash system (in format flash:/), or a
SFTP/FTP server (in format sftp://user:pass@A.B.C.D)
path1 (Optional) the path to the location where the file is copied.
file-name1 The destination file name.
Examples
• The following command copies a file from a TFTP server to the local /Usr directory:
device-name#copy tftp://10.0.0.60/test usr/test1
• The following command copies a file from the local Flash root directory to a remote TFTP
server:
device-name#copy flash://profile.cfg tftp://10.0.0.60/profile.cfg
Page 37
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Renaming a File
The rename command renames a file.
Argument Description
device (Optional) the device on which the file to be renamed is stored. It can be a
SFTP server (in format sftp://user:pass@A.B.C.D), or the local Flash
system (in format flash:/)
path (Optional) the path to the file to be renamed.
user Optional) specifies the name of the user performing the operation.
pass (Optional) specifies the password that authenticates the specified
username. Symbol (@) following the password is required.
host Specifies the server IP address in A.B.C.D format.
file-name The original name of the file to be renamed.
NEW-FILE-NAME The new name assigned to the file.
Moving a File
The move command removes a file from its current location and places it at a new location. The
name of the file can be optionally changed.
Page 38
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Argument Description
device/ (Optional) the device from which the file is moved. It can be a TFTP/FTP
server (in format tftp://A.B.C.D, or ftp://user:pass@A.B.C.D), or the local
Flash system (in format flash:/)
path (Optional) the path to the location where the file is moved.
protocol, Specifies the protocol type.
protocol1
user, user1 Optional) specifies the name of the user performing the operation.
pass, pass1 (Optional) specifies the password that authenticates the specified
username. Symbol (@) following the password is required.
• For the TFTP server, not need to specify the user, password and port
• For the FTP server, no need to specify the port number
host Specifies the server IP address in A.B.C.D format.
port, port1 (Optional) specifies the port number.
file-name The source file name.
device1/ (Optional) the device to which the file is moved. It can be a TFTP server
(in format tftp://A.B.C.D, or ftp://user:pass@A.B.C.D), or the local Flash
system (in format flash:/)
path1 (Optional) the path to the location where the file is moved.
file-name1 The destination file name.
Deleting a File
The del command deletes the specified file.
Argument Description
device/ (Optional) the device from which the file is removed. It can be a SFTP
server (in format sftp://user:pass@A.B.C.D), or the local Flash system (in
format flash:/)
path (Optional) the path to the location where the file is removed.
user Optional) specifies the name of the user performing the operation.
pass (Optional) specifies the password that authenticates the specified
username. Symbol (@) following the password is required.
Page 39
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax
Loader>display {[path/] | [device://[path/]]}file-name [dump][START]
device-name>display {[path/] | [device://[path/]]}file-name [dump]
device-name#display {[path/] | [device://[path/]]}file-name [dump]
Argument Description
path (Optional). The path to the file to be displayed. The path should end with
the name of the file.
device: (Optional). The device on which the file to be displayed is stored. Can only
be flash:/ meaning the local Flash system.
device:path (Optional). The device and the path to the file to be displayed. The path
should end with the name of the file.
file-name The name of the file.
dump (Optional). HEX format.
START (Optional). Start offset.
NOTE
The dump option is mandatory to display binary files.
Page 40
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Page 41
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax
device-name#copy running-config default-config
Command Syntax
device-name#copy default-config [<device>:[<server IP>/]][<path>]<file name>
Argument Description
device/ (Optional) the device to which the file is copied. It can be a TFTP server (in
format tftp://A.B.C.D), a FTP server (in format ftp://user:pass@A.B.C.D), or the
local Flash system (in format flash:/):
• user—specifies the name of the user performing the operation
• pass—specifies the password that authenticates the specified username.
Symbol (@) following the password is required.
• For the TFTP server, no need to specify the user, password and port
• For the FTP server, no need to specify the port number
path (Optional) the exact location path to which the file is copied. The path should
end with the name of the file.
server IP Specifies the TFTP/FTP server IP Address, in A.B.C.D format.
file-name The original file name.
Command Syntax
device-name#copy [[<device>:[<server IP>/]][<path>]<file name> default-config
Page 42
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Argument Description
device/ (Optional) the device from which the file is copied. It can be a TFTP server (in
format tftp://A.B.C.D), a FTP server (in format ftp://user:pass@A.B.C.D), or
the local Flash system (in format flash:/):
• user—specifies the name of the user performing the operation
• pass—specifies the password that authenticates the specified username.
Symbol (@) following the password is required
• For the TFTP server, no need to specify the user, password and port
• For the FTP server, no need to specify the port number
path (Optional) the exact location path from which the file is copied. The path should
end with the name of the file.
server IP Specifies the TFTP/FTP server IP Address, in A.B.C.D format.
file-name The original file name.
Command Syntax
device-name#write erase default
Command Syntax
device-name#show default-config
Example
device-name#show default-config
! Default Configuration:
!
. . .
Page 43
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Zero-Touch Configuration
Overview
Zero-touch configuration is a set of operations that provides two options for automatically
configuring the device:
• Via IP address that is assigned manually (static IP address).
• Via IP address that is obtained from a DHCP server (dynamic IP address).
The BiNOS configuration file is downloaded from a TFTP server after the device reloads to
defaults. The configuration details are stored in NVRAM.
In case of a zero-touch configuration failure, the factory default configuration is executed.
NOTE
When using a DHCP client, the system administrator has to configure a TFTP
server IP address (the siaddr field as specified in RFC 2131) and a Boot filename (the
filename field as specified in RFC 2131) on the DHCP server.
The example displays part of the DHCP server configuration file:
next-server X.X.X.X;
filename “configfile.cfg”
Page 44
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Page 45
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax
device-name#configure zero-touch
device-name(zero-touch)#
Command Syntax
device-name(zero-touch)#zero-touch
device-name(zero-touch)#no zero-touch
Argument Description
no Restores to default
Command Syntax
device-name(zero-touch)#ip-address A.B.C.D/M
device-name(zero-touch)#no ip-address
Argument Description
A.B.C.D/M Specifies the device IP address and mask manually
no Obtains the device IP address via DHCP
Page 46
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax
device-name(zero-touch)#tftp-server A.B.C.D
device-name(zero-touch)#no tftp-server
Argument Description
A.B.C.D Specifies the TFTP IP address
no Restores to default
Command Syntax
device-name(zero-touch)#config-file [<path>]<file name>
device-name(zero-touch)#no config-file
Argument Description
[<path>]<file name> Specifies the original path to the configuration file. The path
should end with the name of the file. The maximum length of the
path is 20 symbols.
no Removes the necessity of obtaining the configuration file from
the TFTP server
Command Syntax
device-name(zero-touch)#save-configuration
device-name(zero-touch)#no save-configuration
Page 47
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Argument Description
no Restores to default
Command Syntax
device-name(zero-touch)#retry-max <1-10>
Argument Description
1-10 Specifies the number of retries.
Command Syntax
device-name(zero-touch)#execute
Command Syntax
device-name#show zero-touch
device-name(zero-touch)#show
Page 48
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Example 1
device-name(zero-touch)#show
State = disabled
IP address = 9.0.0.1/8
TFTP server = 9.0.0.34
Configuration file = dirname/device.cfg
Save file to NVRAM = Disabled
Number of retries = 3
Status =
Example 2
device-name#show zero-touch
State = disabled
Ip address = 0.0.0.0/0
TFTP server = 0.0.0.0
Configuration file =
Save file to NVRAM = Disabled
Number of retries = 3
Status =
Page 49
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
device-name#dir
Listing Directory flash:/:
d S 2048 Jan 1 1993 01:37 Boot/
d S 2048 Jan 1 1980 00:00 Etc/
d S 2048 Jan 1 1980 00:00 Java/
d S 2048 Jan 1 1980 00:00 Log/
d S 2048 Jan 1 1993 00:59 Usr/
d SH 2048 Jan 1 1993 00:00 Hidden/
- 43796 Jan 1 1993 00:00 dflt_startup_bin.cfg
- 217 Jan 1 1993 03:12 profile.cfg
- 2483 Jan 1 1993 03:37 start.cfg-
Free disk space 4511744
Example:
device-name#del boot/T-Marc 380_bm_fisw_7_1_TMC3.Z
Page 50
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Example 1:
device-name#upgrade boot-profile tftp://9.0.0.7/BiNOS-v9.4.Z BiNOS-
v9.4.Z
TFTP receiving application.................................................
Application upgrade completed
An alternative method to upgrade the software image in two steps is by using the copy
application command and then the application command:
device-name#copy application tftp://<TFTP_server_IP_adress>/
<software_image filename>
device-name#configure boot-param
device-name(boot param)#application <local_software_image filename>
Example 2:
device-name#copy application tftp://9.0.0.7/BiNOS-v9.4.Z
TFTP receiving file ... 5300324
device-name#configure boot-param
device-name(boot param)#application BiNOS-v9.4.Z
Page 51
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
upgrade boot-profile Downloads a new software image and sets boot statements to
load the new image on startup.
(see Upgrading the BiNOS Software Image)
copy application Downloads a new software image to the device
(see Downloading a New BiNOS Software Image)
application Boots the device with the new image
(see Applying the New Boot Statement)
device Displays the current software image location (see Displaying and
Specifying the Software Image Location)
ftp-password Displays the FTP connection password (see Displaying and
Specifying the FTP Password)
ftp-server Displays the FTP server IP-address (see Displaying and
Specifying the FTP Server IP-Address)
ftp-user Displays the FTP username (see Displaying and Specifying the
FTP Username)
startup-config Specifies which startup configuration file is loaded on startup (see
Specifying the Startup Configuration File)
show Displays the current boot statement (see Displaying Boot
Statements)
show version Displays the inventory information regarding the software versions
of the device
(see Displaying the Information Regarding the Software Versions)
show manufacturing- Displays detailed hardware information
details (see Displaying Hardware Information)
show uptime Displays how long the selected device has been operational
(see Displaying the Device Uptime)
Page 52
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Argument Description
device (Optional) the device from which the file is copied. It can be a TFTP/FTP
server (in format tftp://A.B.C.D, ftp://user:pass@A.B.C.D) or as the local
Flash system (in format flash:/).
path (Optional) the path where the file is located
protocol Specifies the protocol type.
user Optional) specifies the name of the user performing the operation.
pass (Optional) specifies the password that authenticates the specified
username. Symbol (@) following the password is required.
• For the TFTP server, not need to specify the user, password and port
• For the FTP server, no need to specify the port number
host Specifies the server IP address in A.B.C.D format.
port (Optional) specifies the port number.
file-name The original name of the file.
DESTINATION- The destination file name as it appears on the local Flash system.
FILE-NAME
apply Applies directly the new boot statement.
PARAMS Specifies the parameters to be applied in the following format:
• [[device/]path/]file-name, when flash:/ system is used.
• protocol//[user[:pass]@]host[:port]/file-name, when TFTP or FTP
server is used.
Page 53
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Example
The example specifies that the new application image is downloaded via TFTP from server with IP
10.3.71.101. It is searched in a directory called /MyApps/ under the TFTP server root directory.
The application filename on the TFTP server is Imagev1.5.Z; it is stored under the /Boot
directory on the local file system as BootAppv1.5.Z after it is validated; the boot parameters device
and Application are set to local and BootAppv1.5.Z.
device-name#upgrade boot-profile tftp://10.3.71.101/MyApps/Imagev1.5.Z
flash://Boot/BootAppv1.5.Z
Argument Description
device (Optional) the device from which the file is copied. It can be a
TFTP/FTP server (in format tftp://A.B.C.D, ftp://user:pass@A.B.C.D)
or as the local Flash system (in format flash:/).
path (Optional) the path where the file is located
protocol Specifies the protocol type.
user Optional) specifies the name of the user performing the operation.
pass (Optional) specifies the password that authenticates the specified
username. Symbol (@) following the password is required.
• For the TFTP server, not need to specify the user, password and
port
• For the FTP server, no need to specify the port number
host Specifies the server IP address in A.B.C.D format.
file-name The original name of the file.
DESTINATION-FILE- The destination file name as it will appear on the local Flash system.
NAME
no-validation (Optional) skips the image validation check.
Example
device-name#copy application tftp://192.168.0.2/image.Z
Page 54
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax
device-name(boot param)#application FILE-NAME
Argument Description
FILE-NAME The name of the image file, a case-sensitive string.
Command Syntax
device-name(boot param)#device [local | network]
Argument Description
local (Optional). The device boots from the local software image
Local Flash file system
network (Optional). The device boots from a remote software image, using an FTP
server. Currently this option is not supported because an OutBound interface is
not available.
Command Syntax
device-name(boot param)#ftp-password [PASSWORD]
Argument Description
PASSWORD (Optional) specifies the password used for the FTP connection
Page 55
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax
device-name(boot param)#ftp-server [A.B.C.D]
Argument Description
A.B.C.D (Optional) specifies the FTP server IP-address
Command Syntax
device-name(boot param)#ftp-user [NAME]
Argument Description
NAME (Optional) specifies the FTP username
Command Syntax
device-name(boot param)#startup-config {FILE | binary {FILE | default} |
default}
Argument Description
FILE The startup configuration filename
binary Loads the startup configuration file in a binary format
default Loads the default startup configuration file
Page 56
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax
device-name(boot param)#show
device-name(boot param)#application
Example 1
device-name(boot param)#show
IP address = 2.2.2.2:ffffff00
Device = local
Application = BiNOS-TMarc_3X0-9.4.3.TMC3-pre3.Z
Startup configuration =
Statup binary config =
FTP server = 2.2.2.1
FTP user = mark3
FTP password = mark3
Boot flags =
Example 2
device-name(boot param)#application
BiNOS-TMarc_3X0-9.4.3.TMC3-pre3.Z
Command Syntax
device-name>show version
device-name#show version
Page 57
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Example
device-name#show version
BATM Advanced Communications
Command Syntax
device-name#show manufacturing-details
Example
device-name#show manufacturing-details
Serial number : 8807340077
Assembly No : AL001350
HW revision : 05
HW subrevision : 02
Command Syntax
device-name#show uptime
Example:
Page 58
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
device-name#show uptime
Up time : 0 days, 4 hours, 1 min, 52 sec.
Page 59
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
copy FILE-NAME Loads a start-up configuration with a specified file name from a
startup-config remote server (see Downloading the Startup Configuration)
copy FILE-NAME Loads a running-configuration with a specified file name, from a
running-config remote server (see Downloading the Running Configuration)
copy startup-config Saves a copy of the start-up configuration on a remote server
(see Copying the Start-up Configuration)
copy running-config Saves a copy of the running configuration on a remote server
(see Copying the Running Configuration)
copy running-config Saves the current running-configuration to the start-up configuration
startup-config file in NVRAM (see Saving the Device Configuration)
reload Reloads the device (see Reloading the Operating System)
NOTE
After using this command, use the reload no-save command. Otherwise, the
downloaded configuration is removed.
Page 60
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Argument Description
device (Optional) the device from which the file is copied. It can be a TFTP server
(in format tftp://A.B.C.D ), the local Flash system (in format flash:/), or a
SFTP/FTP server (in format sftp://user:pass@A.B.C.D)
user (Optional) specifies the name of the user performing the operation.
pass (Optional) specifies the password that authenticates the specified username.
Symbol (@) following the password is required.
• For the TFTP server, not need to specify the user, password and port
• For the FTP server, no need to specify the port number
path (Optional) the exact location path from which the file is copied. The path
ends with the name of the file.
file-name The original file name.
Example
The following command downloads the start-up configuration file named START001 located on
the TFTP server at IP address 192.192.54.1:
device-name#copy tftp://192.192.54.1/START001 startup-config
Page 61
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Argument Description
device/ (Optional) the device from which the file is copied. It can be a TFTP server
(in format tftp://A.B.C.D),as the local Flash system (in format flash:/), or a
SFTP/FTP server (in format sftp://user:pass@A.B.C.D).
protocol Specifies the protocol type.
user Optional) specifies the name of the user performing the operation.
pass (Optional) specifies the password that authenticates the specified username.
Symbol (@) following the password is required.
• For the TFTP server, not need to specify the user, password and port
• For the FTP server, no need to specify the port number
host Specifies the server IP address in A.B.C.D format.
path (Optional) the exact location path from which the file is copied. The path
should end with the name of the file.
file-name The original file name.
Example
The following command downloads the running-configuration file named RUN001 located on the
TFTP server at IP address 192.192.54.1:
device-name#copy tftp://192.192.54.1/RUN001 running-config
Argument Description
device/ (Optional) the device to which the file is copied. It can be a TFTP server (in
format tftp://:A.B.C.D), the local Flash system (in format flash:/), or a
SFTP/FTP server (in format sftp://user:pass@A.B.C.D).
server IP Server IP address.
Page 62
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
user Optional) specifies the name of the user performing the operation.
pass (Optional) specifies the password that authenticates the specified username.
Symbol (@) following the password is required.
• For the TFTP server, not need to specify the user, password and port
• For the FTP server, no need to specify the port number
path (Optional) the exact location path where the file is copied.
file-name The original file name.
Example
The following command uploads the start-up configuration under a file named START002 located
on the TFTP server at IP address 192.192.54.1:
device-name#copy startup-config tftp://192.192.54.1/START002
Argument Description
device/ (Optional). The device to which the file is to be copied. It can be a TFTP
server (in format tftp://:A.B.C.D), the local flash system (in format flash:/), or
a SFTP server (in format sftp://A.B.C.D).
server IP (Optional). Server IP address.
path (Optional). The exact location path where the file is to be copied.
file-name The original file name.
Example
The following command uploads the running-configuration under a new file named RUN002 on
the TFTP server at IP address 192.192.54.1:
device-name#copy running-config tftp://192.192.54.1/RUN002
Page 63
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax
device-name#copy running-config startup-config
NOTE
Use the reload command after configuration information is entered into a file and
saved to the startup configuration.
The reload command requires confirmation before reloading!
NOTE
The reload to-defaults command does not affect the contents of the file system.
Command Syntax
device-name#reload [save | no-save | to-defaults]
Argument Description
save (Optional). Saves the running configuration to NVRAM and restart the
device. This is the default status.
no-save (Optional). Does not save the current running configuration and restart the
device.
to-defaults (Optional). Sets the device configuration to its factory defaults and restart.
Example 1
Saving the current configuration and reloading the device:
device-name#reload save
Save current configuration and reboot the device ? [y/n]: y
Rebooting ...
Page 64
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Example 2
Reloading the device without saving the current configuration:
device-name#reload no-save
Proceed with reload ? [y/n] : y
Rebooting ...
Page 65
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Boot Loader
Overview
The boot process performs low-level CPU initialization, and loads a default operating system
software image into memory and boots the device.
When starting, the loader counts down a few seconds, allowing you an entry point into the loader’
CLI. The loader then passes to interactive mode, requests a login password, and starts a CLI
session. If no key is pressed, the device initiates the auto-startup application is started.
Initially the device expects the default password batm. This password may be changed by using the
password loader command (refer to the Device Setup and Maintenance chapter of the BiNOS User
Guide).
While the device reboots, numbers appear on the console terminal following the line Press any key to
stop auto-boot.... To enter the Loader mode, press <Enter> while the numbers are running.
device-name#reload no-save
Proceed with reload ? [y/n] : y
Rebooting ...
usrBootLineInit finish OK
Password: batm
Loader>
Page 66
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Password batm
Block start address 0
Block length 256
Simulation of CPM redundancy Disabled
start application Exits the loader and starts using the BiNOS software image
(see Starting the BiNOS Software Image)
copy application Downloads the software image to the device by using TFTP
server
(see Downloading the Application Software by using TFTP)
download application Downloads the BiNOS application using X-modem (see
Downloading the BiNOS Application by Using X-modem)
ip-address Displays the OutBand port IP address
(see Displaying the Device IP Address and Mask)
version Displays the device model type and the loader version
(see Displaying the Loader Version)
manufacturing-details Displays detailed hardware information of the board
(see Displaying Hardware Details)
Page 67
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Command Description
contents (see Making a Backup Copy)
refresh flash Rewrites the Flash memory (see Rewriting the Flash Memory)
restore flash Restores the Flash memory
(see Restoring the Flash Memory)
NOTE
Currently these commands are not supported because the OutBound interface is not
available.
Command Description
CAUTION
The commands in the following table can be used only by Telco Systems Technical
Support.
Command Description
Page 68
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Command Description
Page 69
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax
Loader>start application
Example
Loader>start application
auto-booting...
///////////////////////////////////////////////////////////////////////////
// //
// //
// B A T M A d v a n c e d C o m m u n i c a t i o n s //
// //
// T e l c o S y s t e m s //
// //
// Device model : T-Marc 380 //
// Product Category : AccessEthernet(TM) //
// SW version : 10.1 created Mar 17 2010 - 20:19:58 //
// //
// //
///////////////////////////////////////////////////////////////////////////
Password:
Page 70
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax
Loader>copy application [[[device/]path]file-name [DESTINATION FILE-NAME]
[no-validation]
Argument Description
device/ (Optional) the device to which the file is copied (in format tftp://A.B.C.D)
path (Optional) the path to the location where the file is copied
file-name The original name of the file
DESTINATION-FILE- The destination file name as it will appear on the local flash system
NAME
no-validation (Optional) skips the image validation check
Example
The following command downloads the new software-version file named VERxxx that is located
in the Root directory on the TFTP server at IP address 192.192.54.1:
Loader>copy application tftp://192.192.54.1/VERxxx.Z
Command Syntax
Loader>download application
Example
Loader>download application
XMODEM application download to flash 0
XMODEM Receive: Waiting for Sender
Image Size = 0xBD552 CRC Value = 0x691181F3
Saving application code to FLASH bank 0....Success.
Loader>
Page 71
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax
Loader>ip-address
Example
Loader>ip-address
Loader IP address = 10.2.111.111, subnet mask = ffff0000
Command Syntax
Loader>version
Example
Loader>version
BATM Telco Boot Loader
Device model : T-Marc 380
Loader version : 8.0.0 created Oct 29 2007 - 21:59:11
Command Syntax
Loader>manufacturing-details
Example
Loader>manufacturing-details
Device model : T-Marc 380
Serial number : 8807340077
Assembly No : AL001350
Part number : Not Available
CLEI : Not Available
HW revision : 05
HW subrevision : 02
Page 72
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax
Loader>config
Loader(config)#
Command Syntax
Loader(config)#ip-address [A.B.C.D/M | A1.B1.C1.D1 M1.M2.M3.M4]
Argument Description
A.B.C.D/M (Optional). Specifies the new IP address with mask by number of bits.
A1.B1.C1.D1 (Optional). Specifies the new IP address with mask in dotted decimal
M1.M2.M3.M4 notation.
Example
The following example displays the Loader current IP address:
Loader(config)#ip-address
Loader IP address = 10.2.111.111, subnet mask = ffff0000
Command Syntax
Loader(config)#mac-address [HH:HH:HH:HH:HH:HH]
Argument Description
Page 73
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Example 1
The following example displays the device current MAC address:
Loader(config)#mac-address
Current base MAC Address of device = 00:A0:12:CE:10:61
OutBand MAC Address (base + 1) = 00:A0:12:CE:10:62
Example 2
The following example assigns a new MAC address to the device. The response indicates that the
new MAC address is accepted and stored in the device memory.
Loader(config)#mac-address 00:A0:12:07:0f:78
New MAC Address of device = 00:A0:12:07:0F:78
Command Syntax
Loader(config)#clean startup-config [all]
Argument Description
all (Optional). Cleans the startup configuration and all system settings like
authentication data and configuration profiles.
Example
Loader(config)#clean startup-configuration all
Warning: IP address will be lost.
CAUTION
This command should be used only by Telco Systems Technical Support.
Command Syntax
Loader(config)#clean boot-config {remove-board-data | remove-all}
Page 74
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Argument Description
remove-board- Clears the NVRAM board configuration, keeping the management IP
data address, boot profile and manufacturing details.
remove-all Clears all settings in non-volatile memory, including all above.
Command Syntax
Loader(config)#clean log-history
Command Syntax
Loader(config)#clean flash all
Command Syntax
Loader(config)#backup eeprom A.B.C.D FILE-NAME
Loader(config)#backup flash {1 | 2 | boot} A.B.C.D FILE-NAME
Argument Description
eeprom Specifies that a backup copy of the EEPROM memory contents is made.
flash Specifies that a backup copy of the Flash memory contents is made.
A.B.C.D Specifies the IP address of the TFTP server where the backup copy is
written.
FILE-NAME Specifies the name of the backup file to be copied.
1 Makes a backup of the primary Flash.
2 Makes a backup of the secondary Flash.
boot Makes a backup of the boot Flash.
Page 75
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax
Loader(config)#refresh flash {1 | 2 | all}
Argument Description
1 Rewrites the primary Flash memory.
2 Rewrites the secondary Flash memory.
all Rewrites all Flash memory.
Command Syntax
Loader(config)#restore flash {1 | 2} A.B.C.D FILE-NAME
Argument Description
1 Restores the primary Flash.
2 Restores the secondary Flash.
A.B.C.D Specifies the IP address of the TFTP server where the Flash memory will
be restored.
FILE-NAME The name of the backup file.
Command Syntax
Loader(config)#boot-param device
Loader(config)#boot-param device [local | network]
Page 76
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Argument Description
local (Optional). The device boots from the local software image
network (Optional). The device boots from a remote software image, using an FTP
server
Command Syntax
Loader#boot-param application
Loader(config)#boot-param application [FILE-NAME]
Argument Description
FILE-NAME The name of the image file, a case-sensitive string.
Command Syntax
Loader#boot-param ftp-server
Loader(config)#boot-param ftp-server [A.B.C.D]
Argument Description
A.B.C.D (Optional) specifies the FTP server IP-address
Command Syntax
Loader#boot-param ftp-user
Loader(config)#boot-param ftp-user [NAME]
Page 77
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Argument Description
NAME (Optional). The FTP access user name.
Command Syntax
Loader#boot-param ftp-password
Loader(config)#boot-param ftp-password [PASSWORD]
Argument Description
PASSWORD (Optional). The FTP authentication password for the configured FTP user name.
Command Syntax
Loader#boot-param startup-config [binary]
Loader(config)#boot-param startup-config [FILE-NAME | binary [FILE-NAME |
default] | default]
Argument Description
FILE-NAME (Optional). The name of the startup-configuration
default (Optional). Sets the default name of the startup configuration
binary (Optional). Sets the binary startup configuration.
Command Syntax
Loader>boot-param
Loader(config)#boot-param
Page 78
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Example
Loader>boot-param
IP address = 10.0.0.1:ffffff00
Device = local
Application = BiNOS-TMarc_3X0-9.4.3.TMC3-pre3.Z
Startup configuration =
Statup binary config =
FTP server =
FTP user =
FTP password =
Boot flags =
Command Syntax
Loader>memory
Loader(memory)#
Command Syntax
Loader(memory)#copy <src-addr> <dst-addr> <blk-len>
Argument Description
src-addr Hexadecimal source address (optionally prefixed with 0x).
dst-addr Hexadecimal destination address (optionally prefixed with 0x).
blk-len Hexadecimal or decimal block length (use 0x prefix for hexadecimal
number).
Page 79
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax
Loader(config)#check-device flash:
Example
Loader(config)#check-device flash:
flash:/ - disk check in progress ...
dosChkLib : CLOCK_REALTIME is being reset to THU DEC 27 00:00:00 1990
Value obtained from file system volume descriptor pointer: 0xfffdd38
The old setting was THU JAN 01 00:16:22 1970
Accepted system dates are greater than THU DEC 27 00:00:00 1990
flash:/ - Volume is OK
Change volume Id from 0x0 to 0xe696
total # of clusters: 15,237
# of free clusters: 12,042
# of bad clusters: 0
total free space: 24,084 Kb
max contiguous free space: 24,659,968 bytes
# of files: 8
# of folders: 9
total bytes in files: 6,360 Kb
# of lost chains: 0
total bytes in lost chains: 0
Command Syntax
Loader(memory)#display [<st-addr> [<blk-len>]]
Argument Description
st-addr (Optional). Hexadecimal start address (optionally prefixed with 0x). If only
the start address is specified, the previous or default block length is
repeated.
blk-len (Optional). Hexadecimal or decimal block length (use 0x prefix for
hexadecimal number).
Page 80
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax
Loader(memory)#fill <st-addr> <blk-len> <value>
Argument Description
st-addr Hexadecimal start address (optionally prefixed with 0x).
blk-len Hexadecimal or decimal block length (use 0x prefix for hexadecimal
number).
value Hexadecimal byte value to fill (optionally prefixed with 0x).
Command Syntax
Loader(memory)#list
Configuration Example
Updating the Application Software from Loader:
1. Configure boot parameters in profile (to configure any application file as a default one, the file
must be downloaded first):
Loader>config
Loader(config)#boot-param device local
2. Download the application by TFTP (it is stored with the source name. To change the target
name, specify the name as an additional command argument). If an application file with the
specified target name exists, it is overwritten.
Loader(config)#exit
Loader>copy application tftp:10.4.0.4/BiNOS-sfm880.Z
TFTP receiving file ... 3385202
3. Set the default application (when the file is already stored in FS):
Loader>config
Loader(config)#boot-param application BiNOS-sfm880.Z
Page 81
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Daytime Protocol
The Daytime protocol is defined in RFC 867. A host connects to a server that supports the
Daytime protocol, on either TCP or UDP port 13. The server then returns the current date and
time as an ASCII string with an unspecified format.
Time Protocol
The Time protocol is defined in RFC 868. This protocol provides a site-independent, machine
readable date and time.
The Time protocol operates over either TCP or UDP. A host connects to a server that supports
the Time protocol, on port 37. The server then sends the time as a 32-bit unsigned binary number
in network byte order representing a number of seconds since 00:00 (midnight) 1 January, 1900
GMT and closes the connection. The host receives the time and closes the connection.
NOTE
In BiNOS, the Daytime protocol and the Time protocol use TCP.
Page 82
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
PTP Disabled
Page 83
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Page 84
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Page 85
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Page 86
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#date hh:mm:ss <day> MONTH <year>
Argument Description
hh:mm:ss Specifies the time (24-hour format) in hours and minutes.
day Day in month, in the range <1–31>.
MONTH Specifies the month: January, February, March, April, May, June, July,
August, September, October, November, and December.
year Year in four digits, in the range <1993–2035>.
Example
The following example sets system time to 12:30:00 and date 1 April 2008:
device-name(config)#date 12:30:00 1 april 2008
Command Syntax
device-name(config)#time-server daytime swap
device-name(config)#time-server {daytime | time} A.B.C.D <refresh-time>
[<zone> [timeout <timeout>]] [timeout <timeout>]
device-name(config)#time-server {daytime | time} A.B.C.D <refresh-time>
timezone <zone> {<1-59> timeout <timeout> | timeout <timeout>}
device-name(config)#no time-server [daytime swap]
Page 87
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
NOTE
The old style of this command, wherein the IP address argument precedes the
daytime protocol, is supported for backward compatibility. However, Telco Systems
strongly recommends using only the new style of the command for setting up time
synchronization clients.
Argument Description
time Specifies Time Protocol (RFC868).
daytime Specifies Daytime Protocol (RFC867).
swap Swaps day and month (for daytime format). This would be required if the
positions of day and month are interchanged in the daytime server’s
format, to prevent the device from interpreting the day value as the
month and the month value as the day.
A.B.C.D IP address of the time-server.
refresh-time Synchronization polling interval, in the range of <10–44640> minutes.
timezone Specifies the time zone.
zone Shifts of local hour relative to the server (positive East, negative West of
server’s time zone). The range is <-12–12>.
timeout <timeout> Specifies the Time server session timeout in seconds. The range is <2–
20> seconds.
1-59 Specifies a number of minutes to synchronize accurately the system time
to the time server.
no Removes the Time server definitions.
Example 1
The following command synchronizes the system time with host 192.168.0.1, using the Time
Protocol. Synchronization is performed every 10 minutes. Local time is two hours behind the GMT
.
device-name(config)#time-server time 192.168.0.1 10 -2
Example 2
The following command synchronizes the system time with host 192.168.0.1, using the Daytime
Protocol. Synchronization is performed every 10 minutes. Local time is two hours ahead of the
GMT.
device-name(config)#time-server daytime 192.168.0.1 10 2
Page 88
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#time-server ntp add A.B.C.D
Argument Description
A.B.C.D Specifies the IP address of the Time server to be added.
Example
The following example adds the NTP server with IP address 186.102.20.11:
device-name(config)#time-server ntp add 186.102.20.11
NOTE
To end the NTP server polling use the no time-server command.
Command Syntax
device-name(config)#time-server ntp start <polling-interval> {<zone> |
timezone <zone> <1-59>}
Argument Description
polling-interval The synchronization refresh period in minutes, in the range <10–
44640> (the upper limit is equivalent to 31 days).
zone Shift of local hour relative to GMT (positive East, negative West of
Greenwich). The range is <-12–12>.
timezone Specifies the time zone.
1-59 Specifies a number of minutes to synchronize accurately the system
time to the time server.
Page 89
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#time-server ntp key {add | delete} <key-id> KEY [A.B.C.D]
Argument Description
add Defines the MD5 authentication key.
delete Removes the existing MD5 authentication key.
key-id The key number in the range <1–65535>.
KEY String up to 20 non-blank characters. The string is case-sensitive. Some special
characters, such as question marks, are not allowed.
A.B.C.D (Optional). NTP server address.
Example
The following example adds an MD5 authentication key with key ID of 27 and plain-text key qwerty:
device-name(config)#time-server ntp key add 27 qwerty
Configuration changes will take effect after ntp client is restarted
Command Syntax
device-name(config)#time-server summer-time date <day> MONTH <year> HH:MM:SS
<day> MONTH <year> HH:MM:SS <shift>
device-name(config)#no time-server summer-time
Page 90
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Argument Description
day The start day of the month, in range <1–31>.
MONTH The start summer-time month: January, February, March, April, May, June,
July, August, September, October, November and December.
year The start summer-time year, in range <1993–2035>.
HH:MM:SS Specify the start summer-time time.
day The end day of the month, in range <1–31>.
MONTH The end summer-time month: January, February, March, April, May, June,
July, August, September, October, November and December.
year The end summer-time year, in range <1993–2035>.
HH:MM:SS Specify the end summer-time time.
shift The number of minutes to add during summer time, in range <1–1440>.
no Remove the summer time settings.
Example
The following example demonstrates advancing the system time 1 hour on May 1st, 2004, at
02:00:00 and shifting it back on December 3rd, 2004, at 02:00:00:
device-name(config)#time-server summer-time date 1 May 2004 02:00:00 3 Dec
2004 02:00:00 60
Command Syntax
device-name(config)#time-server summer-time recurring {first | <week> | last}
<day> MONTH HH:MM:SS {first | <week> | last) <day> MONTH HH:MM:SS <shift>
device-name(config)#no time-server summer-time
Argument Description
first The first week of the month to start.
week Specify the week of the month to start in, the range <1–4>.
last The last week of the month to start.
day The start summer-time day in the week: Sunday, Monday, Tuesday,
Wednesday, Thursday, Friday and Saturday.
MONTH The start summer-time month: January, February, March, April, May,
June, July, August, September, October, November, and December.
Page 91
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Example
The following example shows how to advance the system time automatically by one hour every
year, starting on the second Monday of April at 01:00:00 this year and move the system time back
on the second Tuesday of October at 01:00:00:
device-name(config)#time-server summer-time recurring 2 mon apr 01:00:00 2
tue oct 01:00:00 60
Command Syntax
device-name(config)#time-server ntp delete A.B.C.D
Argument Description
A.B.C.D Specify the IP address of the Time server to be deleted.
Example
The following example removes the NTP server with IP address 186.102.20.11:
device-name(config)#time-server ntp delete 186.102.20.11
Page 92
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#time-server ntp show
Example
The following example displays the three existing NTP servers:
device-name(config)#time-server ntp show
186.102.20.11
182.21.2.31
128.11.24.6
Command Syntax
device-name(config)#time-server ntp key show
Example
device-name(config)#time-server ntp key show
192.168.0.40:
1 key1
2 key2
192.168.0.32:
1 key1
Command Syntax
device-name#show time-server
Page 93
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Example
device-name#show time-server
Current system time MON OCT 13 19:00:25 2003
Time server protocol : NTP
Refresh : 23 min
Time zone : 2h:10m
Command Syntax
device-name#show date
device-name#show clock [detail]
Argument Description
detail (Optional). The command also displays the type of the currently used
synchronization client and the time zone indication. If detail is not specified, the
command displays the current system time.
Example 1
device-name#show date
Current system time TUE APR 10 13:45:04 2001
Example 2
The following example displays the date and time:
device-name#show clock
Current system time TUE APR 10 13:45:04 2008
Example 3
The following example displays the date and time, and the currently used synchronization client (if
available):
device-name#show clock detail
Current system time THU JAN 01 00:01:02 1998
Time client is running with following peers:
Time server: 192.168.0.4
Refresh time: 10 minutes
Time zone shift: 2 hour(s)
Page 94
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Configuration Example
The following example demonstrates how the device uses an NTP server.
1. Add the NTP server located in IP address 212.90.11.2:
device-name(config)#time-server ntp add 212.90.11.2
2. Add an MD5 authentication key with key ID of 27 and plain-text key qwerty:
device-name(config)#time-server ntp key add 27 qwerty
3. Start the NTP server polling with refresh period of 10 minutes and time zone 2:
device-name(config)#time-server ntp start 10 2
Page 95
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Page 96
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
ptp Configures PTP on the local device and enters the PTP
Configuration mode (see Configuring PTP)
encapsulation all-ports Defines the network technology used to transport PTP
messages (see Defining the Packet Encapsulation
Type)
priority1 Defines the 1588v2 primary priority of the master clock
(see Defining a Master Clock's 1588v2 Primary Priority)
priority2 Defines the 1588v2 secondary priority of the master
clock (see Defining a Master Clock's 1588v2 Secondary
Priority)
domain-number Defines the PTP domain the device belongs to (see
Assigning the Device to a PTP Domain)
ptp-mode Defines whether the device is a slave or a master (see
Defining the PTP Mode)
master-address Defines a static master's MAC address for a slave
device (see Selecting a Static Master Clock)
announce-interval Defines the interval the master sends announce
messages (see Defining the Interval for Sending
Announce Messages)
sync-interval Defines the interval the master sends announce
messages (see Defining the Interval for Sending
Synchronization Messages)
master-vlan Defines a VLAN used for sending master clock
messages or sync messages (Defining the Master
VLAN)
ptp enable Enables PTP on port/s (see Enabling PTP on a Port)
ptp-announce-receipt-timeout Defines the number of announce intervals to pass
without receiving an announce message before
dropping the current master and selecting a different
one (see Defining the Announce-Receipt Timeout)
ptp-sync-receipt-timeout Defines the number of synchronization intervals to pass
without receiving a synchronization message before the
slave becomes unsynchronized with the master (see
Defining the Synchronization-Receipt Timeout)
show ptp Displays the PTP state (see Displaying the PTP Status)
Page 97
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Configuring PTP
The ptp command configures PTP on the local device and enters the PTP Configuration mode.
Enable this protocol for accurate SAA one-way delay measurement (refer to the Service Assurance
Application section of the Operation, Administration, and Maintenance chapter of BiNOS User Guide).
Command Syntax
device-name(config)#ptp [enable]
device-name(config-ptp)#
device-name(config)#no ptp
Argument Description
enable Enters the PTP Configuration mode
no Disables PTP
Command Syntax
device-name(config-ptp)#encapsulation all-ports {ipv4 | ieee8023}
device-name(config-ptp)#no encapsulation all-ports
Argument Description
ipv4 PTP over UDP/IPv4. When carried over UDP, the first byte of the PTP
message immediately follows the final byte of the UDP header.
ieee8023 PTP over IEEE 802.3/ Ethernet. When carried over Ethernet, the first byte
of the PTP message occupies the first byte of the data field of the Ethernet
frame.
Page 98
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-ptp)#priority1 <priority1>
device-name(config-ptp)#no priority1
Argument Description
priority1 The priority1 value, in the range of <0–255>
no Restores to default
Command Syntax
device-name(config-ptp)#priority2 <priority2>
device-name(config-ptp)#no priority2
Argument Description
priority2 The priority2 value, in the range of <0–255>
no Restores to default
Command Syntax
device-name(config-ptp)#domain-number <domain_number>
device-name(config-ptp)#no domain-number
Argument Description
domain-number The PTP domain number, in the range of <0–255>
Page 99
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
no Restores to default
NOTE
If the master device receives announce messages from a different PTP master device
with a higher 1588v2 priority and quality, it automatically switches to a slave mode
without any warnings.
Command Syntax
device-name(config-ptp)#ptp-mode {master | slave}
Argument Description
master Defines the device as a master clock
slave Defines the device as a slave clock
Command Syntax
device-name(config-ptp)#master-address <XX:XX:XX:XX:XX:XX>
device-name(config-ptp)#no master-address
Argument Description
XX:XX:XX:XX:XX:XX The static master's MAC address
no Restores to default
Page 100
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-ptp)#announce-interval <announce interval>
device-name(config-ptp)#no announce-interval
Argument Description
announce interval The interval between two consecutive announce messages, in
the range of {1 | 2 | 4 | 8 | 16 | 32 | 64 | 128} seconds.
no Restores to default
Command Syntax
device-name(config-ptp)#sync-interval <synch interval>
device-name(config-ptp)#no sync-interval
Argument Description
synch interval Specifies the interval between two consecutive synchronization
messages, in the range of {1 | 2 | 4 | 8 | 16 | 32 | 64 | 128}
seconds.
no Restores to default
Command Syntax
device-name(config-ptp)#master-vlan <master-vlan-id>
device-name(config-ptp)#no master-vlan
Argument Description
master-vlan-id The master VLAN ID, in the range of <1–4094>.The VLAN must
be already configured (see the Configuring VLANs and Super
VLANs chapter of the current User Guide).
no Removes the VLAN from being a master VLAN.
Page 101
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-if UU/SS/PP)#ptp {enable | disable}
Argument Description
enable Enables PTP
disable Disables PTP
Command Syntax
device-name(config-if UU/SS/PP)#ptp-announce-receipt-timeout
<announce_receipt_timeout>
device-name(config-if UU/SS/PP)#no ptp-announce-receipt-timeout
Argument Description
announce_receipt The number of announce-receipt intervals, in the range of <2–
_timeout 255>
no Restores to default
Page 102
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-if UU/SS/PP)#ptp-sync-receipt-timeout
<sync_receipt_timeout>
device-name(config-if UU/SS/PP)#no ptp-sync-receipt-timeout
Argument Description
synch_receipt The number of the synchronization-receipt intervals, in the range
_timeout of <2–255>
no Restores to default
Command Syntax
device-name#show ptp [interface [UU/SS/PP | AG0N]
Argument Description
UU/SS/PP The interface displayed
AG0N The aggregated interface displayed
Example 1
device-name#show ptp
PTP Configuration (slave):
Number of PTP enabled ports: 1
Domain Number: 0
Master Address: 00:A0:12:27:0E:40
Mean path delay : 5 usec
Offset from master: 1 usec
Example 2
device-name#show ptp interface 1/1/1
This port is PTP Enabled
Port State: Master
Page 103
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Mean Path Delay The average between the delay from the master to slave and the
delay from the slave to master
Offset from Master The offset between the slave and the master calculated by the slave
Configuration Example
Below is an example of configuring a master device.
1. Enable PTP on the device:
device-name(config)#ptp enable
Page 104
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
DHCP Client
Overview
DHCP (Dynamic Host Configuration Protocol) is a TCP/IP protocol for dynamically assigning IP
addresses to devices on a network. DHCP is built on a client-server model, in which designated
DHCP servers allocate network addresses and deliver configuration parameters to dynamically
configured devices (DHCP clients).
The DHCP client use DHCP to reacquire or verify its IP address and network parameters
whenever the local network parameters may have changed (e.g. at the device boot time or after a
disconnection from the local network), as the local network configuration may change without the
client’s or user’s knowledge.
If a DHCP client has knowledge of a previous network address and is unable to contact a local
DHCP server, the DHCP client may continue to use the previous network address until the lease
for that address expires. If the lease expires before the client can contact a DHCP server, the
DHCP client must immediately discontinue use of the previous network address and may inform
local users of the problem.
DHCP consists of two components:
• mechanism for delivering configuration parameters from a DHCP server to a device
• mechanism for allocating network addresses to devices
DHCP supports three mechanisms for IP address allocation:
• Automatic allocation—DHCP assigns a permanent IP address to the user
• Dynamic allocation—DHCP assigns an IP address to the user for a limited period of time.
Dynamic allocation allows automatic reuse of an address that is no longer needed by the user
to which it is assigned. Thus, dynamic allocation is particularly useful for assigning an address
to the user that connected to the network only temporarily or for sharing a limited pool of IP
addresses among a group of users that do not need permanent IP addresses.
• Manual allocation—the system administrator assigns to the user an IP address, and DHCP is
used simply to convey the assigned address. A particular network uses one or more of these
mechanisms, depending on the policies of the network administrator. Manual allocation allows
DHCP to be used to eliminate the error-prone process of manually configuring hosts with IP
addresses in environments where it is desirable to manage IP address assignment outside of
the DHCP mechanisms.
Page 105
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
The client may suggest values for the IP address and lease time in the DHCPDISCOVER message.
The client may include the requested IP address option to suggest that a particular IP address can be
assigned, and may include the IP address lease time option to suggest the lease time it would like to
have it. The requested IP address option is filled in a DHCPREQUEST message only when the client
is verifying network parameters obtained previously.
If a server receives a DHCPREQUEST message with an invalid requested IP address, the server
should respond to the client with a DHCPNAK message and may choose to report the problem to
the system administrator. The server may include an error message in the message option.
Page 106
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Page 107
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
dhcp-client security enable Enables the DHCP client security feature (see Enabling
the DHCP Client Security (Authentication Option 90))
dhcp-client security accept Permits the DHCP client to receive unauthenticated
packets
(see Controlling the Unauthenticated Packets Flow)
dhcp-client security attempts Specifying DHCP server discover attempts (see
Specifying DHCP Server Discover Attempts)
dhcp-client discover-rto Configures the maximum time that the DHCP Client is
allowed to be active (see Changing the
DHCPDISCOVER Messages Retransmission Timeout)
ip address dhcp Provides the device its IP configuration information
dynamically and configures the DHCP lease period
(see Configuring the DHCP Client)
show dhcp-client Displays the DHCP Client status and the DISCOVER
message timeout
(see Displaying the DHCP Client Configuration)
Page 108
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#dhcp-client security enable
device-name(config)#no dhcp-client security
Argument Description
no Disables the DHCP client security feature.
Command Syntax
device-name(config)#dhcp-client security accept {all | authenticated-only}
Argument Description
all Permits all unauthenticated packets.
authenticated-only Permits only authenticated packets.
Command Syntax
device-name(config)#dhcp-client security attempts (<1-512> | infinitely)
Page 109
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Argument Description
1-512 Specifies the number of attempts.
infinitely Sets the number of attempts to infinitely.
Command Syntax
device-name(config)#dhcp-client discover-rto <time>
device-name(config)#no dhcp-client discover-rto
Argument Description
time The DHCPDISCOVER message retransmission timeout, in the range <1–32>
minutes.
no Disables the retransmission timeout, i.e. the DHCP client keeps sending requests
until it negotiates an IP address.
Command Syntax
device-name(config)#ip address dhcp [A.B.C.D | renew]
device-name(config)#ip address dhcp lease {<1-10080> | infinite} [A.B.C.D |
renew]
device-name(config)#no ip address dhcp
Argument Description
1-10080 Specifies a value for the lease period, in minutes.
infinite Sets the lease period to be an infinite period. This is the default value.
Page 110
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
A.B.C.D (Optional). The requested IP address. The DHCP Client is initiated with
DHCP negotiation. If the IP address is specified, the DHCP Client sends a
request for this address, and if the requested IP address is not available the
server returns another IP address. To see the IP address provided by the
DHCP server, use the show ip command in Privileged (Enable) mode (refer
to the Device Setup and Maintenance chapter of the BiNOS User Guide).
renew (Optional). Restarts the DHCP client, freeing the IP address previously
allocated.
no Stops the DHCP Client and restores the IP address, subnet mask and IP
gateway to their default values.
Command Syntax
device-name#show dhcp-client
Example
device-name(config)#ip address dhcp lease infinite
device-name(config)#exit
device-name#show dhcp-client
DHCP client is active
IP address is acquired by DHCP
DISCOVER messages retransmission timeout - 8 minute(s)
Lease time left: 86394
Page 111
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Page 112
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Rate limit for learning new addresses for 1500 packets per second
the entire device
Rate limit to the CPU for the entire device 1500 packets per second
Low packet-rate threshold 200 packets per second
High packet-rate threshold 5000 packets per second
Command Syntax
device-name(config)#set packets_threshold <low> <high>
Argument Description
low Low packet rate threshold in packets per second. The range is <50–10000>.
high High packet rate threshold in packets per second. The range is <100–
10000>.
Page 113
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Example
The following example sets the threshold levels to:
• Accept all packets if the rate is less or equal to 300 packets per second
• Accept only high-priority packets if the rate is higher than 300 packets per second, but not
more than 4000 packets per second
• Reject all packets if the rate exceeds 4000 packets per second
device-name(config)#set packets_threshold 300 4000
Command Syntax
device-name#reset packets_threshold statistics
Command Syntax
device-name#show packets_threshold
Example
device-name#show packets_threshold
Low packet rate threshold is 200 pps
High packet rate threshold is 5000 pps
Packets rate per sec: 6 In packets: 1425 Drop packets: 0
Low packet rate threshold Low packet rate threshold in packets per second.
High packet rate threshold High packet rate threshold in packets per second.
In packets The number of packets accepted (within the threshold limits)
in the current session.
Drop packets The number of packets rejected (beyond the threshold
limits) in the current session.
Page 114
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Parameter Description
Packets rate per sec The current rate of information flows to the CPU, in terms of
packets-per-second.
Page 115
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
LACP LACPDU 7
MEF8 Ethernet 0–7
CFM BPDU 6
EFM OAM BPDU 6
DHCP IP 6
ICMP IP 6
ARP Ethernet 6
SNMP UDP 6
Telnet TCP 6
SSH TCP 6
TFTP UDP 6
DHCP Client UDP 6
RADIUS UDP 6
TACAS + TCP 6
SYSLOG messages UDP 6
Page 116
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Supported Platforms
Features T-Marc 340 T-Marc 380
Page 117
Device Administration (Rev. 11)
T-Marc 300 Series User Guide
Script Files System No standards are No MIBs are supported No RFCs are
supported by this by this feature. supported by this
feature. feature
Configuring Default No standards are No MIBs are supported No RFCs are
Settings supported by this by this feature. supported by this
feature. feature
Zero Configuration No standards are No MIBs are supported RFC 2131, Dynamic
Networking supported by this by this feature. Host Configuration
feature. Protocol
RFC 2132, DHCP
Options and BOOTP
Vendor Extensions
Software Upgrade and No standards are No MIBs are supported No RFCs are
Boot Options supported by this by this feature. supported by this
feature. feature.
Boot Loader No Standards are No MIBs are supported No RFCs are
supported by this by this feature. supported by this
feature. feature.
Managing the System No standards are No MIBs are supported RFC 867, Daytime
Time and Date supported by this by this feature. Protocol
feature. RFC 868, Time
Protocol
DHCP Client No standards are No MIBs are supported RFC 951, Bootstrap
supported by this by this feature. Protocol (BOOTP)
feature. RFC 1542,
Clarifications and
Extensions for the
Bootstrap Protocol
RFC 2131, Dynamic
Host Configuration
Protocol
RFC 2132, DHCP
Options and BOOTP
Vendor Extensions
CPU Resource No standards are Private MIB, No RFCs are
Control supported by this prvt_bist.mib supported by this
feature. feature.
Page 118
Device Administration (Rev. 11)
Configuring Interfaces
Table of Figures ······················································································ 3
Resilient Links·······················································································43
Overview ·························································································43
Resilient Links Default Configuration ·························································43
Resilient Links Configuration Flow ····························································44
Resilient Links Configuration Commands ····················································45
Configuration Example ·········································································50
Page 1
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Interfaces Management············································································65
Overview ·························································································65
Interfaces Management Commands ···························································65
Page 2
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Table of Figures
Figure 1: Four Ports Combined into a Link Aggregation Group ···························24
Figure 2: Example of LAG Containing Two Ports···········································34
Figure 3: Example of Two LAGs Configured on the Same Device ························35
Figure 4: Example of Two Static LAGs with RSTP··········································40
Figure 5: Example of a Resilient Link Topology··············································50
Figure 6: Alarm Propagation Configuration Example········································69
Page 3
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Page 4
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Page 5
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Page 6
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Page 7
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Table 4: Commands for Displaying and Clearing Interface Settings and Statistics
Command Description
show Display the status and configuration of all interfaces or for the
specified interface (see Displaying Interface Configuration
and
Settings).
show interface
show interface Displays interface statistics and packet counters (see Displaying
statistics Interface Statistics)
reset Clear all current statistics from a specific physical interface or a
group of interfaces (see Clearing Interface Statistics)
and
clear interface
statistics
Command Syntax
device-name(config)#interface {UU/SS/PP | ag0N | range PORT-LIST | range
PORT-AG-LIST}
device-name(config-if UU/SS/PP)#
device-name(config-if AG0N)#
Argument Description
UU/SS/PP Represents the unit, slot, and port numbers of the configured interface.
ag0N Represents a LAG ID in the range of <1–7>.
range PORT- Specifies one or more port numbers. Use commas as separators and
LIST hyphens to indicate sub-ranges (for example, 1/2/1–1/2/8, 1/1/2).
Page 8
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
range PORT- Specifies a LAG names’ list (for example AG01, AG04–AG07), in the range
AG-LIST <01–07>.
Example 1
device-name(config)#interface 1/1/1
device-name(config-if 1/1/1)#interface 1/1/2
device-name(config-if 1/1/2)#
Example 2
device-name(config)#interface ag01
device-name(config-if AG01)#interface 1/1/2
device-name(config-if 1/1/2)#
Example 3
device-name(config)#interface range ag01
device-name(config-ag-group)#interface 1/1/1
device-name(config-if 1/1/1)#
Command Syntax
device-name(config-if UU/SS/PP)#name NAME
device-name(config-if UU/SS/PP)#no name
device-name(config-if-group)#name NAME
device-name(config-if-group)#no name
Argument Description
NAME An alphanumeric name of up to 256 characters. Spaces are allowed.
no Removes the port name.
Page 9
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-if UU/SS/PP)#speed {auto | 10 | 100 | 1000}
device-name(config-if-group)#speed {auto | 10 | 100 | 1000}
Argument Description
auto The port automatically finds the highest speed supported on the link.
10 Sets the duplex speed type to 10Mbps.
100 Sets the duplex speed type to 100Mbps.
1000 Sets the duplex speed type to 1Gbps.
By default, the device is configured to use auto-negotiation to determine the port speed and duplex
setting.
Page 10
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-if UU/SS/PP)#duplex {auto | full | half}
device-name(config-if-group)#duplex {auto | full | half}
Argument Description
auto Enables the auto detect mode.
full Enables the full duplex mode.
half Enables the half duplex mode.
NOTE
Backpressure functions only if the port operates in half-duplex mode.
By default, backpressure is disabled.
Command Syntax
device-name(config-if UU/SS/PP)#backpressure {enable | disable}
device-name(config-if-group)#backpressure {enable | disable}
Argument Description
enable Enables backpressure mode.
disable Disables backpressure mode.
Page 11
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-if UU/SS/PP)#flow-control {enable | disable | autonegotiate}
device-name(config-if-group)#flow-control {enable | disable | autonegotiate}
Argument Description
enable Enables flow control.
disable Disables flow control.
autonegotiate Enables flow control autonegotiation.
Command Syntax
device-name(config-if UU/SS/PP)#default vlan <vlan-id>
device-name(config-if UU/SS/PP)#no default vlan
Argument Description
vlan-id The interface’s default VLAN, in the range of <1–4094>.
no Restores the default VLAN to VLAN 1.
Command Syntax
device-name(config-if UU/SS/PP)#packet-size-limit {NUMBER | default}
device-name(config-if-group)#packet-size-limit {NUMBER | default}
Page 12
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Argument Description
NUMBER Specifies the maximum allowed packet size on the port, <512–9216> bytes.
default Restores the default value of the packet size to 1632 bytes.
Example
device-name(config-if 1/1/1)#packet-size-limit 1522
device-name(config-if 1/1/1)#show
...
...
Maximum Packet Size (MTU) = 1522
Command Syntax
device-name(config-if UU/SS/PP)#remote-fault-detect {on | off}
device-name(config-if-group)#remote-fault-detect {on | off}
Argument Description
on Enables the remote fault detection.
off Disables the remote fault detection.
Disabling an Interface
The shutdown command disables all functions of a specific port (receive, forward, and learn).
Command Syntax
device-name(config-if UU/SS/PP)#shutdown
device-name(config-if UU/SS/PP)#no shutdown
device-name(config-if-group)#shutdown
device-name(config-if-group)#no shutdown
Page 13
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Argument Description
no Enables the interface.
Command Syntax
device-name(config)#interface sw0
device-name(config-if sw0)#
Command Syntax
device-name#show ip interface [brief | sw0 | lo0]
Argument Description
brief (Optional). Displays brief information of all the defined IP interfaces.
sw0 (Optional). Specifies the number of the IP interface.
lo0 (Optional). Specifies the loopback interface.
Example 1
device-name#show ip interface sw0
Interface sw0
index 3 metric 1 mtu 1500
directed-broadcast disabled
Flags : <UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST>
inet 1.1.1.1/8 broadcast 1.255.255.255
Secondary inet 2.1.1.1/8 broadcast 2.255.255.255
239538 packets received; 15206 packets sent
3617 multicast packets received
56 multicast packets sent
0 input errors; 0 output errors
0 collisions; 0 dropped
0 down count
Page 14
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Example 2
device-name#show ip interface brief
Interface lo0
index 2 metric 1 mtu 32767
directed-broadcast disabled
Flags : <UP,LOOPBACK,NOTRAILERS,RUNNING,MULTICAST>
inet 127.0.0.1/8
Interface sw0
index 3 metric 1 mtu 1500
directed-broadcast disabled
Flags : <UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST>
inet 1.1.1.1/8 broadcast 1.255.255.255
Secondary inet 2.1.1.1/8 broadcast 2.255.255.255
Page 15
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Command Syntax
device-name#show interface [UU/SS/PP]
device-name(config-if UU/SS/PP)#show
Argument Description
UU/SS/PP (Optional). Selects a specific port to display.
Example 1
The following example displays the settings of all the device interfaces:
device-name#show interface
==========================================================================
|Port |Name |Type |State |Link|DuplSpeed |Flow |Backpres|Default
+-----+--------+--------+-------+----+----------+-------+--------+--------
1/1/1 DUAL disable down unknown disable disable 0001
1/1/2 DUAL enable up full-100 disable disable 0001
1/2/1 DUAL enable down unknown disable disable 0001
1/2/2 DUAL enable down unknown disable disable 0001
1/2/3 DUAL enable down unknown disable disable 0001
1/2/4 DUAL enable down unknown disable disable 0001
1/2/5 DUAL enable down unknown disable disable 0001
1/2/6 DUAL enable down unknown disable disable 0001
1/2/7 DUAL enable down unknown disable disable 0001
1/2/8 DUAL enable down unknown disable disable 0001
Page 16
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Example 2
The following example displays the settings of a specific interface:
device-name#show interface 1/1/2
Name =
Type = DUAL (10/100/1000BaseT,MEDIA not installed)
EnableState = enable
Link = up (TX)
Duplex mode = autonegotiate
Speed = autonegotiate
Duplex speed status = full-100
Flow control mode = disable
Flow control status = disable
Backpressure = disable
Broadcast limit = unlimited
Default VLAN = 1
Super VLAN Port = No
Learning new address = Enabled
Max Packet Size (MRU)= 1632
NOTE
The MaxPacketSize refers to the maximum supported packet size depending on the
configuration (512 bytes or 9216 Kbytes).
Command Syntax
device-name#show interface [UU/SS/PP | ag0N] statistics [extended]
device-name(config-if AG0N)#show statistics [extended]
Argument Description
UU/SS/PP (Optional). Displays statistics information of a specified interface.
ag0N (Optional). N, the LAG ID number, in the range <1–7>.
extended (Optional). Displays additional packet counters.
Page 17
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Example 1
The following example display various packet counters for 1/2/1 interface:
device-name#show interface 1/2/1 statistics
Octets 24512 In/OutPkts 64 383
Collisions 0 In/OutPkts 65-127 0
Broadcast 0 In/OutPkts 128-255 0
Multicast 0 In/OutPkts 256-511 0
CRCAlignErrors 0 In/OutPkts 512-1023 0
Undersize 0 In/OutPkts 1024-MaxFrameSize 0
Oversize 0 TotalInPkts 383
Fragments 0 TotalIn/OutPkts 383
Jabbers 0 DownCount 0
DropEvents 0
Last5secInPkts 50 Last5secInBps 409
Last1minInPkts 353 Last1minInBps 408
Last5minInPkts 353 Last5minInBps 81
Last5secOutPkts 0 Last5secOutBps 0
Last1minOutPkts 0 Last1minOutBps 0
Last5minOutPkts 0 Last5minOutBps 0
Page 18
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Counter Description
Oversize The number of received packets that meet all the following conditions:
• data length is greater than MRU
• have valid CRC
NOTE
When the maximum packet size is below 1632,
oversized packets are counted as FCS errored bytes.
The default MRU size is 1632 bytes.
Fragments The number of received packets that meet all the following conditions:
• data length is less than 64 bytes, or the packet does not have a Start
Frame Delimiter (SFD) and is less than 64 bytes
• not detected a collision event
• not detected a late collision event
• have an invalid CRC
Jabbers The number of packets that meet one of the following conditions:
• data length is greater than MaxFrameSize and CRC is invalid
• packet length is greater than MaxPacketSize
DropEvents Not supported.
Down Count The number of port disconnections.
The counter is initialized in the following cases:
• When the device starts running (provided that the link to the port is
connected), the counter is zeroed
• When the module is inserted at run-time (hot-swapped), the counter
is initialized to one
• When the link to the port is connected for the first time during run-
time, the counter is initialized to one
TotalInPkts The number of received packets received on the line. This includes
rejected and local packets that are not forwarded to the switching core for
transmission.
In/OutPkts 64 The number of 64 bytes received and transmitted packets including
rejected, received, and transmitted packets.
In/OutPkts 65-127 The number of received and transmitted packets in the range of
<65–127> bytes including rejected, received, and transmitted packets.
In/OutPkts 128- The number of received and transmitted packets in the range of
255 <128–255> bytes including rejected, received, and transmitted packets.
In/OutPkts 256- The number of received and transmitted packets in the range of
511 <256–511> bytes, including rejected, received, and transmitted packets.
In/OutPkts 512- The number of received and transmitted packets in the range of
1023 <512–1023> bytes including rejected, received, and transmitted packets.
In/OutPkts 1024- The number of received and transmitted packets in the range of
MaxFrameSize <1024–MaxFrameSize> bytes including rejected, received, and
transmitted packets. The default MaxFrameSize is 1632 bytes.
TotalIn/OutPkts The number of received and transmitted packets in the range of <64–
MaxFrameSize> bytes including rejected, received, and transmitted
packets.
Page 19
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Counter Description
Last5secInPkts The number of packets received during the five seconds before executing
the command.
Last1minInPkts The number of packets received during the minute before executing the
command.
Last5minInPkts The number of packets received during the five minutes before executing
the command.
Last5secOutPkts The number of packets transmitted during the five seconds before
executing the command.
Last1minOutPkts The number of packets transmitted during the minute before executing
the command.
Last5minOutPkts The number of packets transmitted during the five minutes before
executing the command.
Last5secInBps The rate of packets received, in bits per second, during the five seconds
before executing the command.
Last1minInBps The rate of packets received, in bits per second, during the minute before
executing the command.
Last5minInBps The rate of packets received, in bits per second, during the five minutes
before executing the command.
Last5secOutBps The rate of packets transmitted, in bits per second, during the five
seconds before executing the command.
Last1minOutBps The rate of packets transmitted, in bits per second, during the minute
before executing the command.
Last5minOutBps The rate of packets transmitted, in bits per second, during the five
minutes before executing the command.
NOTE
The Last5secInBps, Last1minInBps, Last5minInBps, Last5secOutBps,
Last1minOutBps, and Last5minOutBps counters are updated every 5 seconds. After
receiving/transmitting the packets, you must wait for 10 seconds to pass in order to
receive a correct value of the corresponding statistics.
Example 2
The following example uses the extended keyword to display additional packet counters:
device-name#show interface 1/1/1 statistics extended
InOctets 41061272 OutOctets 7948538
InUcastPkts 73572 OutUcastPkts 73825
InNUcastPkts 3873 OutNUcastPkts 28439
InDiscards 0 OutDiscards N/A
InErrors 1 OutErrors N/A
InUnknownProtos N/A
Page 20
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
InOctets The number of data octets of all the received packets on the line. This
includes data octets of rejected and local packets that are not forwarded
to the switching core for transmission.
In case of oversized packets that exceed the allocated buffer-size, only
buffer-size bytes are counted.
InUcastPkts The number of good unicast packets (not including Multicast and
Broadcast packets) received.
InNUcastPkts The number of good Broadcast and Multicast packets received.
InDiscards The number of incoming packets dropped due to lack of receive buffers or
due to exceeding the interface’s Rx buffer threshold.
InErrors This counter is incremented when any of the following events occurs:
• Undersized frames (less than 64 bytes) that are correctly aligned and
well formed without Frame Check Sequence (FCS) Errors
• Fragments (less than 64 bytes) that are misaligned and/or with
Frame Check Sequence (FCS) Errors
• Oversized frames (frames with size bigger than the MTU value) that
are without FCS errors
• Jabber frames (frames with size bigger than the MTU value) that
have FCS errors
• CRC errors
• Fragments and Runts—when the interface goes down while
receiving traffic
• Increment in InDiscards counter
InUnknownProtos Not supported.
OutOctets The number of data octets of good packets transmitted.
OutUcastPkts The number of good Unicast packets transmitted (not including Multicast
and Broadcast packets).
OutNUcastPkts The number of good Broadcast and Multicast packets transmitted.
OutDiscards Not supported.
OutErrors Not supported.
Page 21
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-if UU/SS/PP)#reset [all]
device-name(config-if-group)#reset [all]
device-name(config-if AG0N)#reset [all]
Argument Description
all (Optional). Clear the statistics of all ports.
Page 22
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
LACP Modes
There are two LACP operation modes:
• Active—an interface in active mode can start LACP negotiation and thus form a link with
another device (whether active or passive).
• Passive—does not start LACP negotiation; thus cannot form a link with another device.
LACP Parameters
A port’s ability to aggregate with other ports is determined by the following factors:
• The port physical characteristics such as, data transfer rate, duplex capability, and medium type
• User defined configuration constraints
To use LACP, you need to define the following parameters:
1. System ID: the ID identifying an LACP system negotiating with other LACP systems. The
device uses its MAC address as a unique system ID.
2. System priority: the system priority along with the port priority allows connected LACP ports to
determine their exchange policy dynamically.
3. Administrative key: define the port’s ability to aggregate with other ports.
4. Port priority: the port priority and the system priority allow connected LACP ports to determine
their exchange policy dynamically.
When enabled, LACP attempts to group the maximum of eight compatible ports in a LAG.
However, if LACP is unable to aggregate compatible ports (for example, due to limitations of the
remote device), it leaves these ports in a hot standby state and uses them when one of the
channeled ports fails.
Page 23
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
NOTE
The LAGs are numbered from 1 to 7.
Each LAG can consist of up to eight compatibly configured interfaces.
Page 24
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
You can configure both static and dynamic LAGs simultaneously, assuming the following
restrictions:
• LAG IDs of both static and dynamic LAGs occupy the same available LAG IDs’ space
• You cannot define a static LAG and a dynamic LAG with the same LAG ID number
• You can include each port in a single LAG that is either static or dynamic
Prerequisites
Follow the below guidelines for LAG configuration:
• You do not need to modify existing higher-layer protocols or applications in order to use
LACP
• Some links cannot participate in LAGs due to inherent capabilities, capabilities of the devices
they are connected to, or management configuration. These links operate as individual links.
• LACP supports only point-to-point full-duplex links. You cannot aggregate links among more
than two devices (multipoint aggregations) and half-duplex operation.
• When the device is connected to a LAN and Spanning Tree protocol (STP) is not active, you
need to physically attach the aggregated ports only after completing the LAG configuration.
Page 25
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Page 26
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Table 11: Commands for Displaying the Static LAG and LACP Configuration
Command Description
show interface link- Displays all static and dynamic LAGs (see Displaying
aggregation LAGs)
show link-aggregation lacp Displays a list of all LACP enabled interfaces (see
Displaying LACP Interfaces)
show link-aggregation Displays the LAG packet distribution configuration (see
distribute Displaying the LAG Distribution)
Page 27
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
NOTE
The link-aggregation static command replaces the trunk command.
Command Syntax
device-name(config-if UU/SS/PP)#link-aggregation static id <id-number>
device-name(config-if UU/SS/PP)#no link-aggregation
Argument Description
id <id-number> LAG ID in the range <1–7>.
no Removes the configured interface or a group of interface from the static
LAG.
Command Syntax
device-name(config)#link-aggregation static id <id-number> name NAME
device-name(config)#no link-aggregation static id <id-number> name
Argument Description
id-number LAG ID in the range <1–7>.
NAME Alphanumeric string up to 32 characters.
no Removes the user-defined name.
Page 28
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Enabling LACP
The link-aggregation lacp enable/disable command enables LACP.
Command Syntax
device-name(cfg protocol)#link-aggregation lacp {enable | disable}
Argument Description
enable Enables LACP.
disable Disables LACP.
Command Syntax
device-name(config-if UU/SS/PP)#link-aggregation lacp [active | passive] [port-
priority [<priority>] key <number>]]
device-name(config-if UU/SS/PP)#no link-aggregation lacp port-priority
device-name(config-if UU/SS/PP)#no link-aggregation
Argument Description
active (Optional). Enables LACP in active mode.
passive (Optional). Enables LACP in passive mode.
port-priority The port priority value, in the range <1–65535>.
<priority>
key <number> (Optional). Number of the LACP administrative key, in the range <1–
65535>.
Page 29
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Command Syntax
device-name(cfg protocol)#link-aggregation lacp system-priority [<priority>]
device-name(cfg protocol)#no link-aggregation lacp system-priority
Argument Description
priority (Optional). Priority value, in the range of 1 (highest priority) to 65535 (lowest
priority).
no Restores to default.
Command Syntax
device-name(config–if UU/SS/PP)#link-aggregation lacp key <number>
device-name(config–if-group)#link-aggregation lacp key <number>
Argument Description
number LACP administrative key in the range <1–65535>.
Page 30
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Example
The following example shows how to set the LACP key to 65535:
device-name#configure terminal
device-name(config)#interface 1/1/1
device-name(config-if 1/1/1)#link-aggregation lacp
device-name(config–if 1/1/1)#link-aggregation lacp key 65535
Value is displayed in the output issued by the show link-aggregation lacp command:
device-name#show link-aggregation lacp
System ID = 00 a0 12 17 01 00
System priority = 32768
========+========+=======+=========
Port | Mode | Key | Prty |
--------+--------+-------+--------+
1/1/1 | active | 65535| 32768 |
========+========+=======+=========
Command Syntax
device-name(config–if UU/SS/PP)#link-aggregation lacp marker {enable | disable}
device-name(config–if-group)#link-aggregation lacp marker {enable | disable}
Argument Description
enable Enables the processing of LACP PDU marker.
disable Disables the processing of LACP PDU marker.
Example
device-name(config-if 1/1/1)#link-aggregation lacp marker enable
Page 31
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Command Syntax
device-name(cfg protocol)#link-aggregation distribute {layer3 | layer4}
device-name(cfg protocol)#no link-aggregation distribute
Argument Description
layer3 Distributes packets based on the packets’ source and destination IP addresses.
layer4 Distributes packets based on the TCP/UDP ports and the source and destination IP
addresses for the TCP and UDP packets.
no Restores to the default settings.
Displaying LAGs
The show interface link-aggregation command displays all static and dynamic LAGs.
NOTE
The show link aggregation command replaces the show trunk command.
The show trunk command is also supported.
Command Syntax
device-name#show interface link-aggregation [static | dynamic | id <id-number>]
Argument Description
static (Optional) displays static LAGs only.
dynamic (Optional) displays dynamic LAGs only.
id <id-number> (Optional) displays the LAG specified.
Page 32
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Example
device-name#show interface link-aggregation
==========+========+=================+=====================
Agg# |Type | Management Name | Ports |
----------+--------+-----------------+--------------------+
AG01 | static | TRUNK1 | 1/1/1,1/1/2,1/2/5 |
|=========+========+=================+=====================
Command Syntax
device-name#show link-aggregation lacp
Example
device-name#show link-aggregation lacp
System ID = 00 a0 12 02 02 02
System priority = 32768
========+========+=======+=======+
Port | Mode | Key | Prty |
--------+--------+-------+-------+
1/2/1 | active | 1 | 32768 |
1/2/2 | active | 1 | 32768 |
========+========+=======+=======+
Command Syntax
device-name#show link-aggregation distribute
Example
device-name#show link-aggregation distribute
Link aggregation distribution mode is Layer 2
Page 33
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Configuration Examples
Simple LACP Configuration
The following example establishes dynamic link aggregation between two devices, as shown in
Figure 2.
On each of the two devices, LACP is enabled in active mode on interfaces 1/1/1 and 1/1/2 as an
aggregated link. The configuration of Device2 is identical to that of Device1.
4. Display the LACP status:
device-name#show link-aggregation lacp
LACP disabled on the system
Page 34
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
10. If there is a link between the devices, the following results on each device are displayed:
device-name#show interface link-aggregation
==========+========+=================+=====================
Agg# |Type | Management Name | Ports |
----------+--------+-----------------+--------------------+
AG01 | LACP | LACP1 | 1/1/1,1/1/2 |
==========+========+=================+=====================
Page 35
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Configuring Device 1:
On Device1, LACP is enabled in active mode on the following interfaces:
• 1/1/1, 1/1/2, 1/2/1 and 1/2/2, as an aggregated link to Device2
• 1/2/3 and 1/2/4, as an aggregated link to Device3
1. Enter Protocol Configuration mode and enable the LACP on Device1:
Device1#configure terminal
Device1(config)#protocol
Device1(cfg protocol)#link-aggregation lacp enable
Device1(cfg protocol)#end
3. Enable LACP on interfaces 1/1/1, 1/1/2, 1/2/1, 1/2/2, 1/2/3 and 1/2/5:
Device1(config)#interface range 1/1/1-1/2/5
Device1(config-if-group)#link-aggregation lacp
Device1(config-if-group)#end
Page 36
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Configuring Device 2:
On Device2, LACP is enabled in active mode on interfaces 1/1/1, 1/1/2, 1/2/1 and 1/2/2, as an
aggregated link to Device1.
1. Enter Protocol Configuration mode and enable the LACP on Device2:
Device2#configure terminal
Device2(config)#protocol
Device2(cfg protocol)#link-aggregation lacp enable
Device2(cfg protocol)#end
Page 37
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Configuring Device 3:
On Device3, LACP is enabled in active mode on interfaces 1/2/3 and 1/2/4, as an aggregated link
to Device 1.
1. Enter Protocol Configuration mode and enable the LACP on Device3:
Device3#configure terminal
Device3(config)#protocol
Device3(cfg protocol)#link-aggregation lacp enable
Device3(cfg protocol)#end
Page 38
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
After the LACP operation the following results on each device are displayed:
Page 39
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Configuring Device 1:
1. Enable RSTP:
Device1#configure terminal
Device1(config)#protocol
Device1(cfg protocol)#rapid-spanning-tree enable
Device1(cfg protocol)#end
NOTE
Repeat the above steps on device 2
Page 40
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
===============================================================================
Port |Pri|Prt role|State|PCost |DCost |Designated bridge |DPrt |FwrdT
--------+---+--------+-----+---------+---------+------------------+------+-----
AG01 128 Designat frwrd 10000 0 32768.00A0121102A3 128.88 1
AG02 128 Designat frwrd 10000 0 32768.00A0121102A3 128.90 1
Page 41
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
===============================================================================
Port |Pri|Prt role|State|PCost |DCost |Designated bridge |DPrt |FwrdT
--------+---+--------+-----+---------+---------+------------------+------+-----
AG01 128 Root frwrd 10000 0 32768.00A0121102A3 128.88 1
AG02 128 Altern discr 10000 0 32768.00A0121102A3 128.90 1
Page 42
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Resilient Links
Overview
Resilient links allows protecting critical links and preventing network downtime. A resilient link
consists of a main link and a standby (backup) link together forming a resilient-link pair. Under
normal network conditions, the main link carries network traffic. In case of signal loss, the device
immediately enables the standby link which takes over the main link’s task. Since the switchover
time to the standby link is less than 1 second, there is no session timeout.
If the main link has a higher bandwidth than its standby or if the main link is configured as a
preferred one, traffic is switched back to the main link as soon as its connection is recovered.
Otherwise, you must manually switch traffic back to the main link.
Page 43
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Page 44
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
prefer port Specifies one of the ports of the resilient link as preferred (see
Selecting a Preferred Port)
active port Changes the active port of the selected resilient link (see Switching
the Active Port)
backup-link shut- Specifies the backup link behavior (see Specifying the Backup Link
down Behavior)
Page 45
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#resilient-link <N>
device-name(config-resil-link N)#
Argument Description
N The resilient link’s number in the range of <1–32>.
no Removes the specified resilient link.
Example
device-name(config)#resilient-link 1
device-name(config-resil-link 1)#
Command Syntax
device-name(config-resil-link N)#ports UU1/SS1/PP1 UU2/SS2/PP2
Argument Description
UU1/SS1/PP1 The first resilient link port number.
UU2/SS2/PP2 The second resilient link port number.
Page 46
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
The preferred port is the active port as long as it has a link and traffic is switched back to this port
when its connection is recovered.
Command Syntax
device-name(config-resil-link N)#prefer port UU/SS/PP
device-name(config-resil-link N)#no prefer port
Argument Description
UU/SS/PP The preferred port number.
no Cancels the port preference.
NOTE
You can use this command only if you did not define a preferred port.
Command Syntax
device-name(config-resil-link N)#active port UU/SS/PP
Argument Description
UU/SS/PP The active port number.
Page 47
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-resil-link N)#backup-link shut-down
device-name(config-resil-link N)#no backup-link shut-down
Argument Description
no Powers on the standby port.
The command output displays the resilient-link ID, the resilient link’s ports, the preferred port (if
defined), the standby link behavior, and the current active link.
Command Syntax
device-name(config-resil-link N)#show [N1 | N1 N2]
device-name#show resilient-links [N1 | N1 N2]
Argument Description
N1 (Optional). The resilient link’s ID number.
N1 N2 (Optional). A range of resilient link ID numbers.
Example 1
Displaying information on all currently configured resilient links:
device-name(config-resil-link 1)#show
=====================================================
| RLink | Port1 | Port2 | Prefer | Backup | Active |
+-------+-------+-------+--------+---------+--------+
| 1 | 1/2/1 | 1/2/2 | 1/2/1 |shut down| 1/2/1 |
| 2 | 1/2/3 | 1/2/4 | | standby | 1/2/4 |
=====================================================
Page 48
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-resil-link N)#show counter [N1 | N1 N2]
Argument Description
N1 (Optional). The resilient link’s ID number.
N1 N2 (Optional). A range of resilient link ID numbers.
Example 1
Displaying information on all currently configured resilient links:
device-name(config-resil-link 1)#show
=====================================================
| RLink | Port1 | Port2 | Prefer | Backup | Active |
+-------+-------+-------+--------+---------+--------+
| 1 | 1/1/1 | 1/1/2 | 1/1/1 |shut down| 1/1/1 |
| 2 | 1/2/5 | 1/2/6 | | standby | 1/2/5 |
| 3 | 1/2/3 | 1/2/4 | | standby | 1/2/3 |
=====================================================
Example 2
Displaying information on specific resilient link #3:
device-name(config-resil-link 1)#show 3
=====================================================
| RLink | Port1 | Port2 | Prefer | Backup | Active |
+-------+-------+-------+--------+---------+--------+
| 3 | 1/2/3 | 1/2/4 | | standby | |
=====================================================
Example 3
Displaying information on the configured resilient links in the range #1 to #2:
device-name#show resilient-links 1 2
=====================================================
| RLink | Port1 | Port2 | Prefer | Backup | Active |
+-------+-------+-------+--------+---------+--------+
| 1 | 1/1/1 | 1/1/2 | 1/1/1 | standby | 1/1/1 |
| 2 | 1/2/5 | 1/2/6 | | standby | 1/2/5 |
=====================================================
Page 49
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Configuration Example
The following figure shows a simple network diagram of the resilient link on an Ethernet LAN.
Page 50
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Page 51
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
show port security Displays the security status of a specific port (see Displaying the
Port Security Configuration)
Page 52
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
NOTE
When configuring port security on a port, the initial frame is lost since the first
packet received from any source is used solely for learning its MAC address.
NOTE
When a packet with a secured source MAC address matches more than one port
security setting, the port security per port and VLAN has precedence over the port
security per port.
By default:
• filtered MAC addresses are learned in the MAC address table
• SNMP trap and a log message are generated when a security violation occurs
• all MAC addresses are learned as secured
Command Syntax
device-name(config-if UU/SS/PP)#port security [max-mac-count <number-of-
addresses> [filter-learn-disable]] [vlan <vlan-id>]
Page 53
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Argument Description
The arguments are mutually exclusive. You can specify an action (shutdown or trap) in one port
security command and specify the maximum number of secured MAC addresses (max-mac-
count) in a second port security command for the same port. Both settings are effective.
Example 1
The following example disables learning of the violating MAC address in the MAC address table:
device-name(config)#interface 1/2/3
device-name(config-if 1/2/3)#port security max-mac-count 15 filter-learn-
disable
Example 2
The following example displays how to secure port 1/2/3 for VLAN 5 with a maximum of 5
secured MAC addresses:
device-name(config)#interface 1/2/3
device-name(config-if 1/2/3)#port security max-mac-count 5 vlan 5
Page 54
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-if UU/SS/PP)#port security enable-shutdown-port [vlan <vlan-
id>]
device-name(config-if-group)#port security enable-shutdown-port [vlan <vlan-
id>]
Argument Description
vlan <vlan-id> (Optional). Re-enables the port also on the VLAN this port is a member of.
The VLAN ID number is in the range of <1–4094>.
Command Syntax
device-name#show port security [UU/SS/PP] [vlan <vlan-id>]
Argument Description
UU/SS/PP (Optional). Displays the port security configuration of a specified port.
vlan <vlan-id> (Optional). Displays the port security configuration of a specified VLAN.
Example 1
The following example shows the port security configuration on port 1/1/1 and VLAN 5 when
the allowed numbers of secured MAC addresses is 5:
device-name(config-if 1/1/1)#port security max-mac-count 5 vlan 5
device-name(config-if 1/1/1)#end
device-name#show port security
|===================================================================|
| port #| vid | action | max addr |secure addr|filtered addr|status |
|-------+-----+--------+----------+-----------+-------------+-------|
| 1/1/1 | 5 | trap | 5 | 0 | 0 |enabled|
Page 55
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Example 2
The following example details how to enable port security on port 1/1/1 per VLAN 5, set a
maximum of 5 MAC addresses, and set the action to shutdown:
device-name(config-if 1/1/1)#port security max-mac-count 5 vlan 5
device-name(config-if 1/1/1)#port security action shutdown vlan 5
device-name(config-if 1/1/1)#end
device-name#show port security
|===================================================================|
|port # | vid | action | max addr |secure addr|filtered addr|status |
|-------+-----+--------+----------+-----------+-------------+-------|
| 1/1/1 | 5 |shutdown| 5 | 0 | 0 |enabled|
After sending traffic with tag 5 on port 1/1/1 with more than 5 source MAC addresses, only 5
MAC addresses are learned and the port is disabled:
device-name#show port security
|===================================================================|
|port # | vid | action | max addr|secure addr|filtered addr| status |
|-------+-----+--------+---------+-----------+-------------+--------|
| 1/1/1 | 5 |shutdown| 5 | 5 | 0 |disabled|
Example 3
The following example details how to set the port security on port 1/2/4 with a maximum of 20
secured MAC addresses. The example also details how to set a maximum of 10 secured MAC
addresses per port and VLAN:
device-name(config-if 1/2/4)#port security max-mac-count 20
device-name(config-if 1/2/4)#port security max-mac-count 10 vlan 100
device-name(config-if 1/2/4)#end
device-name#show port security
|===================================================================|
|port # | vid |action|max addr|secure addr|filtered addr|status |
|-------+---------+------+--------+-----------+-------------+-------|
| 1/2/4 |all vlans| trap | 20 | 0 | 0 |enabled|
| 1/2/4 | 100 | trap | 10 | 0 | 0 |enabled|
Page 56
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Configuration Examples
Defining Port Security with Dynamic Learned MAC Addresses
The following example configures various port security settings for ports 1/1/2, 1/1/3, and 1/1/4
for all VLANs.
1. Enable port security with default settings on port 1/2/2. All the MAC addresses are learned as
secure.
device-name#configure terminal
device-name(config)#interface 1/2/2
device-name(config-if 1/2/2)#port security
2. Enable port security on port 1/2/3 with action shutdown and a maximum of six MAC
addresses. After six MAC addresses are learned as secure, any additional MAC address sent to
this interface causes the interface to shut down:
device-name(config-if 1/2/2)#interface 1/2/3
device-name(config-if 1/2/3)#port security max-mac-count 6
device-name(config-if 1/2/3)#port security action shutdown
3. Enable port security on port 1/2/4 with a maximum of six MAC addresses. After six MAC
addresses are learned as secure, the following MAC addresses are learned as filtered and a
security violation trap is generated:
device-name(config-if 1/2/3)#interface 1/2/4
device-name(config-if 1/2/4)#port security max-mac-count 6
device-name(config-if 1/2/4)#end
4. The configured settings are displayed by the show command in Privileged mode as follows:
device-name#show port security
|======================================================================|
|port#| vid |action | max addr |secure addr|filtered addr|status |
|-----+---------+--------+-----------+-----------+-------------|-------|
|1/2/2|all vlans|trap | unlimited | 0 | 0 |enabled|
|1/2/3|all vlans|shutdown| 6 | 0 | 0 |enabled|
|1/2/4|all vlans|trap | 6 | 0 | 0 |enabled|
Page 57
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
3. Return to Global Configuration mode and define three MAC addresses to be learned:
device-name(config)#mac-address-table secure 00:02:4b:82:60:e2 interface
1/2/2 vlan 2
device-name(config)#mac-address-table secure 00:02:55:58:0d:8c interface
1/2/2 vlan 2
device-name(config)#mac-address-table secure 00:02:55:98:52:f4 interface
1/2/2 vlan 2
4. In Privileged (Enable) mode, check that the MAC addresses are learned:
device-name(config)#exit
device-name#show mac-address-table
+===========+===================+=========+===========+==========
| vid | mac | port | status | priority
+-----------+-------------------+---------+-----------+----------
| 0000 | 00:a0:12:07:13:29| | self | 0
| 0001 | 00:a0:12:07:13:29| | self | 0
| 0002 | 00:02:4b:82:60:e2| 1/2/2 | secure | 0
| 0002 | 00:02:55:58:0d:8c| 1/2/2 | secure | 0
| 0002 | 00:02:55:98:52:f4| 1/2/2 | secure | 0
| 0002 | 00:40:95:30:0b:f8| 1/2/3 | dynamic | 0
Page 58
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
2. Allow the port to learn 10 addresses and inspect what show port security displays. The
port has learned 5 addresses as secure and the rest as filtered. The port’s current state is
disabled (shut down):
device-name#show port security
|====================================================================|
|port#| vid |action |max addr|secure addr|filtered addr|status |
|-----+---------+--------+--------+-----------+-------------+--------|
|1/2/4|all vlans|shutdown| 5 | 5 | 5 |disabled|
Page 59
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Page 60
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
show port limit Displays the port limit configuration for all device ports (see
Displaying the Port Limit Configuration)
Page 61
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
NOTE
When configuring port limit on a port, the initial frame is lost since the first packet
received from any source is used solely for learning its MAC address.
NOTE
A secured port does not support the port limit functionality.
By default, the port limit feature is disabled.
Command Syntax
device-name(config-if UU/SS/PP)#port limit max-mac-count <max-count> [filter-
learn-disable] [vlan <vlan-id>]
device-name(config-if UU/SS/PP)#no port limit [max-mac-count filter-learn-
disable] [vlan <vlan-id>]
device-name(config-if UU/SS/PP)#no port limit all
Argument Description
max-mac-count <max- The number of MAC addresses the port is allowed to learn, in the
count> range of <1–2048>.
NOTE
Enable new MAC address learning prior to using this
argument to ensure its proper function (see the
Device Administration chapter of this User Guide).
When MAC address learning is not enabled the
following warning message is displayed: “Warning!
Port limit may not work correctly since
learning is disabled on the port.”
filter-learn- (Optional). The filtered MAC addresses are not learned in the MAC
disable address table.
Page 62
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Example
The following example disables learning of the violating MAC address in the MAC address table.
The filtered MAC addresses corresponding to VLAN 20 are not learned on port 1/2/3.
device-name(config)#interface 1/2/3
device-name(config-if 1/2/3)#port limit max-mac-count 15 filter-learn-disable
vlan 20
Command Syntax
device-name#show port limit [UU/SS/PP] [vlan <vlan-id>]
Argument Description
UU/SS/PP (Optional). Displays the port limit configuration of a specified port.
vlan <vlan-id> (Optional). Displays the port limit configuration of a specified VLAN.
Example 1
device-name#show port limit
===========================================================
|port num | vlan | max-mac-count |current mac-count
-------------+--------+-----------------+------------------
1/2/3 20 15 0
Example 2
device-name#show port limit 1/2/3
VLAN 20:
The port/vlan is : limited
Limit type : learn as filtered
Max limited addresses = 15
Page 63
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Page 64
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Interfaces Management
Overview
The interface management feature allows system administrators to isolate the device’s management
traffic from the normal data traffic. This way they can eliminate unauthorized users and malicious
attacks to the device.
Disabling port management disallows:
• Telnet to the device
• SSH to the device
• SNMP management
• SNMP traps and informs
• Ping to the device
• TFTP download or upload
• Outgoing Syslog messages
port management Limits the device management access only to ports that you
specify in the PORT LIST (see Setting Management Ports)
show port management Displays which ports provide management access (see Displaying
Management Ports)
NOTE
You can also disable management on a VLAN (refer to the Configuring VLANs and
Super VLANs chapter of this User Guide). Management traffic on a VLAN is
allowed on a member port only if management is enabled both on the port and the
VLAN.
Page 65
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#port management PORT-LIST
device-name(config)#no port management PORT-LIST
Argument Description
PORT-LIST Specifies one or more port numbers. Use commas as separators and hyphens
to indicate sub-ranges (for example, 1/2/1–1/2/8, 1/1/2).
no Specifies a list of ports prohibited from management access.
Command Syntax
device-name#show port management
Example
device-name#show port management
Management ports: 1/2/1,1/2/2
Page 66
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
NOTE
Notes and limitations:
If all alarm-inherit configurations on a port are either a user (downlink) or
uplink, for example a port cannot be uplink in part of the configurations and
user in the rest of them.
An alarm-inheriting (user) port cannot be part of a resilient link nor can port
security with shutdown-violation-action be configured on it.
Command Syntax
device-name(config-if UU/SS/PP)#alarm-status-inherit source-port {PORT-LIST |
PORT-AG-LIST}
device-name(config-if UU/SS/PP)#no alarm-inherit
Page 67
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Argument Description
PORT-LIST Specifies one or more port numbers. Use commas as separators and
hyphens to indicate sub-ranges (for example, 1/2/1–1/2/8, 1/1/2).
PORT-AG-LIST Specifies the list of LAG names (for example AG01, AG04–AG06).
The LAG ID is in the range <1–7>.
no Disables the Alarm Propagation.
Command Syntax
device-name#show alarm-inherit
Example
device-name#show alarm-inherit
|==================================================|
| port # | propagating alarm for uplink ports |
|--------------------------------------------------|
| 1/2/1 | 1/1/2
Page 68
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Configuration Example
The following example (Figure 6) shows how to the set alarm propagation feature:
1. Set user port 1/2/1 link state to be dependent upon the state of uplink port 1/1/2 (inherit
alarm on the uplink port):
DeviceC#configure terminal
DeviceC(config)#interface 1/2/1
DeviceC(config-if 1/2/1)#alarm-status-inherit source-port 1/1/2
DeviceC(config-if 1/2/1)#end
DeviceC#show alarm-inherit
|==================================================|
| port # | propagating alarm for uplink ports |
|--------------------------------------------------|
| 1/2/1 | 1/1/2
Page 69
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
2. Verify the port states and configuration. Port 1/2/1 inherits on the state of port 1/1/2.Initially
the two ports are up:
DeviceC#show interface 1/1/2
Name =
Type = DUAL (10/100/1000BaseT,MEDIA not installed)
EnableState = enable
Link = up
Duplex mode = autonegotiate
Speed = autonegotiate
Duplex speed status = full-10000
Flow control mode = disable
Flow control status = disable
Backpressure = disable
Broadcast limit = unlimited
Default VLAN = 1
Super VLAN Port = No
Learning new address = Enabled
Max Packet Size (MRU)= 1632
Page 70
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
3. Disconnect port 1/1/2 forces port link state 1/2/1 to go also down:
DeviceC#show interface 1/1/2
Name =
Type = DUAL (10/100/1000BaseT,MEDIA not installed)
EnableState = enable
Link = down
Duplex mode = autonegotiate
Speed = autonegotiate
Duplex speed status = unknown
Flow control mode = disable
Flow control status = disable
Backpressure = disable
Broadcast limit = unlimited
Default VLAN = 1
Super VLAN Port = No
Learning new address = Enabled
Max Packet Size (MRU)= 1632
Page 71
Configuring Interfaces (Rev. 08)
T-Marc 300 Series User Guide
Supported Platforms
Features T-Marc 340 T-Marc 380
Fast Ethernet IEEE 802.3 Ethernet Public MIBs: RFC 2863 The
and Giga IEEE 802.3u Fast • RFC 1213, Management Interfaces Group
Ethernet Port Ethernet Information Base for MIB
Network Management of (configL2IfaceTable
IEEE 802.3x Flow
TCP/IP-based and interface table)
Control
IEEE 802.3z Gigabit internets:MIB-II
Ethernet (qwerinterface table and
onfigL2IfaceTable)
• RMON MIB
Private MIB, prvt_switch.mib
Link Aggregation IEEE 802.3ad Private MIB, No RFCs are
Groups (LAGs) prvt_Ports_Aggregation.mib supported by this
feature.
Resilience Links No standards are Private MIB, No RFCs are
supported by this prvt_resilient_link.mib supported by this
feature. feature.
Port Security No standards are No MIBs are supported by No RFCs are
Techniques supported by this this feature. supported by this
feature. feature.
Alarm IEEE 802.3 Ethernet Public MIBs: RFC 2863 The
Propagation IEEE 802.3u Fast • RFC 1213, Management Interfaces Group
Ethernet Information Base for MIB
Network Management of (configL2IfaceTable
IEEE 802.3x Flow
TCP/IP-based and interface table)
Control
IEEE 802.3z Gigabit internets:MIB-II
Ethernet (qwerinterface table and
onfigL2IfaceTable)
• RMON MIB
Private MIB, prvt_switch.mib
Page 72
Configuring Interfaces (Rev. 08)
Configuring VLANs and Super VLANs
Table of Figures ······················································································ 3
Page 1
Configuring VLANs and Super VLANs (Rev. 07)
T-Marc 300 Series User Guide
Page 2
Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Table of Figures
Figure 1: IEEE 802.1Q Frame Tag Structure·················································· 6
Figure 2: VLANs in Ingress Traffic····························································· 7
Figure 3: VLANs in Egress Traffic ····························································· 7
Figure 4: VLAN Configuration Flow ··························································· 9
Figure 5: VLAN Configuration Example······················································21
Figure 6: Management VLAN Configuration Example ······································31
Figure 7: Switching Decisions without the Super VLAN Agent ····························33
Figure 8: Switching Decisions with the Super VLAN Agent ································33
Figure 9: Super VLAN Ring Mode Configuration Example ································34
Figure 10: Super VLAN Configuration························································37
Figure 11: Super VLAN Configuration with LAG Uplink···································39
Figure 12: Super VLAN Ring Topology Example············································41
Page 3
Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Page 4
Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Virtual LANs
Overview
VLAN tagging is a standard designed for grouping hosts with common requirements, allowing
them to communicate as if they were on the same LAN regardless of their physical location. This
allows a logical partition of a physical LAN into different broadcast domains.
This standard also ensures that VLAN traffic is isolated from hosts that are not members of the
VLAN.
This technology is based on tagging Ethernet frames with VLAN IDs, assigning each user to a
specific VLAN. This prohibits Layer 2 mutual access between workgroups with different VLAN
IDs.
Page 5
Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
A port can be a member of one or more VLANs. However, only one of these VLANs can be the
port’s default VLAN. Initially all the device ports are members of a VLAN named Default (VLAN
ID 1).
Ports assigned to different VLANs can communicate only through routing (and not on Layer 2).
Page 6
Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Page 7
Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Page 8
Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Create a VLAN
Configure a Yes
Default VLAN
Modify Yes
Management
VLANs
Secure management access
Remove CPU from VLAN
No
No
End
Page 9
Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
vlan Enters the VLAN Configuration mode (see Entering the VLAN
Configuration Mode)
create Creates a VLAN with a specific name and ID number (see Creating
a New VLAN)
config Enters a specific VLAN Configuration mode (see Entering an
Existing VLAN Configuration Mode)
add ports Adds specified ports as either tagged or untagged ports (see Adding
Ports to a Default VLAN)
add ports default Specifies a default VLAN for a group of ports (see Adding Ports to a
Default VLAN)
create range Creates a range of VLANs (see Creating a Range of VLANs)
management Limits the device management access to VLANs that you specify by
a list of VLAN ID numbers (see Securing Management Access
Based on VLAN ID)
add cpu-port Enables the device to receive broadcast and multicast traffic in the
specified VLAN (see Modifying the CPU Port Membership)
remove cpu-port Protects the device from receiving broadcast and multicast traffic in
the specified VLAN (see Removing the CPU Port)
delete Deletes a VLAN, specified by its name (see Deleting a VLAN (by
VLAN Name))
delete id Deletes a VLAN, specified by its VLAN ID (see Deleting a VLAN (by
VLAN ID))
delete range Deletes a range of VLANs (see Deleting a Range of VLANs)
remove ports Removes ports from a VLAN (see Removing Ports from a VLAN)
remove ports default Removes ports from the default VLAN (see Removing Ports from a
Default VLAN)
Page 10
Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
show, show vlan Displays the static VLAN configuration (see Displaying the VLAN
Configuration)
show vlan Display VLAN management access information (see Displaying
management VLAN Management Information)
Page 11
Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#vlan
device-name(config vlan)#
NOTE
vlan_ and default are reserved names and you cannot use them as VLAN names.
Attempting to do so generates the following message (vlan-id represents the VLAN
ID that the user is attempting to create): “% VLAN <vlan-id> system name“
Command Syntax
device-name(config vlan)#create NAME <vlan-id>
Argument Description
NAME The VLAN name.
vlan-id The VLAN tag number, in the range <2–4094>.
Example
Use the following example to create a VLAN named accounting with tag number 2:
device-name(config vlan)#create accounting 2
Page 12
Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Command Syntax
device-name(config vlan)#config NAME1
device-name(config-vlan NAME1)#
Argument Description
NAME1, NAME2 The names of existing VLANs.
Examples
• Access vlan_52 configuration from Global VLAN Configuration mode, as indicated by the
prompt-line:
device-name(config vlan)#config vlan_52
device-name(config-vlan vlan_52)#
• Switch from vlan_52 Configuration mode to XYZ Configuration mode, as indicated by the
prompt-line:
device-name(config-vlan vlan_52)#config XYZ
device-name(config-vlan XYZ)#
Command Syntax
device-name(config-vlan VLAN-NAME)#add ports PORT-LIST {tagged | untagged}
Argument Description
PORT-LIST • (Optional) specifies one or more port numbers. Use commas as separators
and hyphens to indicate sub-ranges (for example, 1/2/1–1/2/8, 1/1/2).
•
NOTE
Do not leave blank spaces before or after the comma separating
sequential lists.
tagged (Optional) the specified ports are tagged.
untagged (Optional) the specified ports are untagged
Page 13
Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-vlan VLAN-NAME)#add ports default PORT-LIST
Argument Description
See the Argument Description table above.
Command Syntax
device-name(config vlan)#create range <vlan-id1> <vlan-id2> [PORT-LIST tagged
[PORT-LIST untagged]] [remove cpu-port]
device-name(config vlan)#create range <vlan-id1> <vlan-id2> [PORT-LIST untagged
[PORT-LIST tagged]] [remove cpu-port]
Argument Description
vlan-id1 The first VLAN ID, in the range of <2–4094>
vlan-id2 The last VLAN ID, in the range of <2–4094>
PORT-LIST (Optional) one or more port numbers, specified by the following options:
• UU/SS/PP—a single port specified by unit, slot, and port number
• UU—all ports on the specified unit
• UU/SS—all ports on the specified slot that
• A hyphenated range of ports
(for example: 1/2/1–1/2/8 or 1/1–1/2)
• Several port numbers and/or ranges, separated by commas (for
example: 1/1/1, 1/1/2, 1/2/1–1/2/8).
NOTE
Do not leave blank spaces before or after the comma separating
sequential lists.
tagged (Optional) the specified ports are tagged
untagged (Optional) the specified ports are untagged
Page 14
Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
remove cpu- (Optional) prevents the device from receiving broadcast and multicast traffic
port in the specified VLAN (see the remove cpu-port command)
Example
Use the following example to create a sequence of VLANs and then to display the results:
device-name(config vlan)#create range 15 21 1/1/1-1/1/2 untagged 1/2/2 tagged
device-name(config vlan)#show
==================================================================
Name |VTag| Rout If | Tagged ports | Untagged ports
-----------------+----+---------+-----------------+---------------
default |1 | sw0 | |1/1/1-1/2/8
Vlan_15 |15 | | 1/2/2 |1/1/1,1/1/2
Vlan_16 |16 | | 1/2/2 |1/1/1,1/1/2
Vlan_17 |17 | | 1/2/2 |1/1/1,1/1/2
Vlan_18 |18 | | 1/2/2 |1/1/1,1/1/2
Vlan_19 |19 | | 1/2/2 |1/1/1,1/1/2
Vlan_20 |20 | | 1/2/2 |1/1/1,1/1/2
Vlan_21 |21 | | 1/2/2 |1/1/1,1/1/2
Page 15
Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Command Syntax
device-name(config vlan)#management VLAN-LIST
device-name(config vlan)#no management VLAN-LIST
Argument Description
VLAN-LIST A list of VLAN IDs in the below format:
• A hyphenated range of VLANs (for example: 8–32)
• Several VLAN numbers and/or ranges, separated by commas (for example:
2,4,8–32)
no The list of VLANs with no management access.
Command Syntax
device-name(config-vlan VLAN-NAME)#add cpu-port
NOTE
The device performs switching even if its CPU is not a member of the VLAN.
Enabling this feature does not block unicast traffic to the CPU.
Command Syntax
device-name(config-vlan VLAN-NAME)#remove cpu-port
Page 16
Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
NOTE
The VLAN named default (VLAN ID 1) is part of the default configuration and you
cannot delete it.
Command Syntax
device-name(config vlan)#delete NAME
Argument Description
NAME The name of an existing VLAN
Example
The following example deletes the VLAN named accounting:
device-name(config vlan)#delete accounting
Command Syntax
device-name(config vlan)#delete id <vlan-id>
Argument Description
vlan-id An existing VLAN ID
Example
This following example deletes the VLAN with ID 10:
device-name(config vlan)#delete id 10
Page 17
Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Command Syntax
device-name(config vlan)#delete range <vlan-id1> <vlan-id2>
Argument Description
vlan-id1 The first VLAN ID in the range (must be smaller than vlan-id2).
The valid range is <2–4094>.
vlan-id2 The last VLAN ID (must be greater than vlan-id1).
The valid range is <2–4094>.
Example
device-name(config vlan)#show
===================================================================
Name |VTag| Rout If | Tagged ports | Untagged ports
-----------------+----+---------+-----------------+----------------
default |1 | sw0 | |1/1/1-1/2/8
Vlan_15 |15 | | 1/2/2 |1/1/1,1/1/2
Vlan_16 |16 | | 1/2/2 |1/1/1,1/1/2
Vlan_17 |17 | | 1/2/2 |1/1/1,1/1/2
Vlan_18 |18 | | 1/2/2 |1/1/1,1/1/2
Vlan_19 |19 | | 1/2/2 |1/1/1,1/1/2
Vlan_20 |20 | | 1/2/2 |1/1/1,1/1/2
Vlan_21 |21 | | 1/2/2 |1/1/1,1/1/2
Page 18
Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-vlan VLAN-NAME)#remove ports PORT-LIST
Argument Description
PORT- (Optional) one or more port numbers assigned to the VLANs, specified by the
LIST following options:
• UU/SS/PP—a single port specified by unit, slot, and port number
• UU—all ports on the specified unit
• UU/SS—all ports on the specified slot that
• A hyphenated range of ports
(for example: 1/2/1–1/2/8 or 1/1–1/2)
• Several port numbers and/or ranges, separated by commas (for example: 1/1/1,
1/1/2, 1/2/1–1/2/8).
NOTE
Do not leave blank spaces before or after the comma separating
sequential lists.
Example
The example shows how to remove ports from the VLAN named xxx. The result displayed by the
show command that can be applied in any Specific or Global VLAN Configuration mode:
device-name(config-vlan xxx)#remove ports 1/2/2-1/2/4
device-name(config-vlan xxx)#show
==================================================================
Name |VTag| Rout If | Tagged ports | Untagged ports
-------------+----+---------+---------------------+---------------
default |1 | sw0 | |1/1/1-1/2/8
xxx |9 | |1/1/1,1/2/1, |1/2/1,1/2/5
| | |1/2/5-1/2/7 |
Page 19
Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-vlan VLAN-NAME)#remove ports default PORT-LIST
Argument Description
See the argument table above.
Command Syntax
device-name#show vlan
device-name(config vlan)#show
device-name(config-vlan VLAN-NAME)#show
Command Syntax
device-name#show vlan management
Example
The following example shows that by default, management is accessible on all VLANs.
device-name#show vlan management
Management VLANs: 1-4094
Page 20
Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Configuration Examples
VLAN Configuration Example
The figure below represents an example of a simple VLAN configuration.
Configuring Device 1:
1. Create VLAN user_100 with VLAN ID 100:
device-name#configure terminal
device-name(config)#vlan
device-name(config vlan)#create user_100 100
2. Remove port 1/1/1 from Default VLAN, add port 1/1/1 as untagged (connected to a user) to
VLAN user_100 and add VLAN user_100 as PVID to port 1/1/1. Add port 1/2/1 as
tagged (connected to Device 4):
device-name(config vlan)#config default
device-name(config-vlan default)#remove ports 1/1/1
device-name(config-vlan default)#exit
device-name(config vlan)#config user_100
device-name(config-vlan user_100)#add ports 1/1/1 untagged
device-name(config-vlan user_100)#add ports default 1/1/1
device-name(config-vlan user_100)#add ports 1/2/1 tagged
device-name(config-vlan user_100)#exit
Page 21
Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
4. Remove port 1/1/2 from Default VLAN, add port 1/1/2 as untagged (connected to a user) to
VLAN user_101, and add VLAN user_101 as PVID to port 1/1/2. Add port 1/2/1 as
tagged (connected to Device 4):
device-name(config vlan)#config default
device-name(config-vlan default)#remove ports 1/1/2
device-name(config-vlan default)#exit
device-name(config vlan)#config user_101
device-name(config-vlan user_101)#add ports 1/1/2 untagged
device-name(config-vlan user_101)#add ports default 1/1/2
device-name(config-vlan user_101)#add ports 1/2/1 tagged
device-name(config-vlan user_101)#exit
6. Remove port 1/2/3 from Default VLAN, add port 1/2/3 as untagged (connected to a user) to
VLAN user_102, and add VLAN user_102 as PVID to port 1/2/3. Add port 1/2/1 as
tagged (connected to Device 4):
device-name(config vlan)#config default
device-name(config-vlan default)#remove ports 1/2/3
device-name(config-vlan default)#exit
device-name(config vlan)#config user_102
device-name(config-vlan user_102)#add ports 1/2/3 untagged
device-name(config-vlan user_102)#add ports default 1/2/3
device-name(config-vlan user_102)#add ports 1/2/1 tagged
device-name(config-vlan user_102)#end
device-name#show running-config port
...
! Port configuration:
!
interface 1/1/1
default vlan 100
!
interface 1/1/2
default vlan 101
!
Page 22
Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
interface 1/2/3
default vlan 102
!
...
! VLAN configuration:
!
vlan
create user_100 100
config user_100
add ports 1/2/1 tagged
add ports 1/1/1 untagged
!
vlan
create user_101 101
config user_101
add ports 1/2/1 tagged
add ports 1/1/2 untagged
!
vlan
create user_102 102
config user_102
add ports 1/2/1 tagged
add ports 1/2/3 untagged
!
...
Configuring Device 2:
1. Create VLAN user_200 with VLAN ID 200:
device-name#configure terminal
device-name(config)#vlan
device-name(config vlan)#create user_200 200
2. Remove port 1/1/1 from Default VLAN, add port 1/1/1 as untagged (connected to a user)
to VLAN user_200, and add VLAN user_200 as PVID to port 1/1/1. Add port 1/2/1 as
tagged (connected to Device 4):
device-name(config vlan)#config default
device-name(config-vlan default)#remove ports 1/1/1
device-name(config-vlan default)#exit
device-name(config vlan)#config user_200
device-name(config-vlan user_200)#add ports 1/1/1 untagged
device-name(config-vlan user_200)#add ports default 1/1/1
device-name(config-vlan user_200)#add ports 1/2/1 tagged
device-name(config-vlan user_200)#exit
Page 23
Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
4. Remove port 1/1/2 from Default VLAN add port 1/1/2 as untagged (connected to a user) to
VLAN user_201 and add VLAN user_201 as PVID to port 1/1/2. Add port 1/2/1 as
tagged (connected to Device 4):
device-name(config vlan)#config default
device-name(config-vlan default)#remove ports 1/1/2
device-name(config-vlan default)#exit
device-name(config vlan)#config user_201
device-name(config-vlan user_201)#add ports 1/1/2 untagged
device-name(config-vlan user_201)#add ports default 1/1/2
device-name(config-vlan user_201)#add ports 1/2/1 tagged
device-name(config-vlan user_201)#exit
6. Remove port 1/2/3 from Default VLAN, add port 1/2/3 as untagged (connected to a user) to
VLAN user_202, and add VLAN user_202 as PVID to port 1/2/3. Add port 1/2/1 as
tagged (connected to Device 4)
device-name(config vlan)#config default
device-name(config-vlan default)#remove ports 1/2/3
device-name(config-vlan default)#exit
device-name(config vlan)#config user_202
device-name(config-vlan user_202)#add ports 1/2/3 untagged
device-name(config-vlan user_202)#add ports default 1/2/3
device-name(config-vlan user_202)#add ports 1/2/1 tagged
device-name(config-vlan user_202)#exit
device-name(config-vlan user_202)#end
device-name#show running-config port
...
! Port configuration:
!
interface 1/1/1
default vlan 200
!
interface 1/1/2
default vlan 201
!
interface 1/2/3
default vlan 202
!
Page 24
Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
...
! VLAN configuration:
!
vlan
create user_200 200
config user_200
add ports 1/2/1 tagged
add ports 1/1/1 untagged
!
vlan
create user_201 201
config user_201
add ports 1/2/1 tagged
add ports 1/1/2 untagged
!
vlan
create user_202 202
config user_202
add ports 1/2/1 tagged
add ports 1/2/3 untagged
!
...
Configuring Device 3:
1. Create VLAN user_300 with VLAN ID 300:
device-name#configure terminal
device-name(config)#vlan
device-name(config vlan)#create user_300 300
2. Remove port 1/1/1 from Default VLAN, add port 1/1/1 as untagged (connected to a user) to
VLAN user_300, and add VLAN user_300 as PVID to port 1/1/1. Add port 1/2/1 as
tagged (connected to Device 4):
device-name(config vlan)#config default
device-name(config-vlan default)#remove ports 1/1/1
device-name(config-vlan default)#exit
device-name(config vlan)#config user_300
device-name(config-vlan user_300)#add ports 1/1/1 untagged
device-name(config-vlan user_300)#add ports default 1/1/1
device-name(config-vlan user_300)#add ports 1/2/1 tagged
device-name(config-vlan user_300)#exit
Page 25
Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
4. Remove port 1/1/2 from Default VLAN, add port 1/1/2 as untagged (connected to a user) to
VLAN user_301 and add VLAN user_301 as PVID to port 1/1/2. Add port 1/2/1 as
tagged (connected to Device 4):
device-name(config vlan)#config default
device-name(config-vlan default)#remove ports 1/1/2
device-name(config-vlan default)#exit
device-name(config vlan)#config user_301
device-name(config-vlan user_301)#add ports 1/1/2 untagged
device-name(config-vlan user_301)#add ports default 1/1/2
device-name(config-vlan user_301)#add ports 1/2/1 tagged
device-name(config-vlan user_301)#exit
6. Remove port 1/2/3 from Default VLAN, add port 1/2/3 as untagged (connected to a user) to
VLAN user_302, and add VLAN user_302 as PVID to port 1/2/3. Add port 1/2/1 as
tagged (connected to Device 4)
device-name(config vlan)#config default
device-name(config-vlan default)#remove ports 1/2/3
device-name(config-vlan default)#exit
device-name(config vlan)#config user_302
device-name(config-vlan user_302)#add ports 1/2/3 untagged
device-name(config-vlan user_302)#add ports default 1/2/3
device-name(config-vlan user_302)#add ports 1/2/1 tagged
device-name(config-vlan user_302)#exit
device-name(config-vlan user_302)#end
device-name#show running-config port
...
! Port configuration:
!
interface 1/1/1
default vlan 300
!
interface 1/1/2
default vlan 301
!
interface 1/2/3
default vlan 302
!
Page 26
Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
...
! VLAN configuration:
!
vlan
create user_300 300
config user_300
add ports 1/2/1 tagged
add ports 1/1/1 untagged
!
vlan
create user_301 301
config user_301
add ports 1/2/1 tagged
add ports 1/1/2 untagged
!
vlan
create user_302 302
config user_302
add ports 1/2/1 tagged
add ports 1/2/3 untagged
!
...
Configuring Device 4:
1. Create VLAN user_100 with VLAN ID 100:
device-name#configure terminal
device-name(config)#vlan
device-name(config vlan)#create user_100 100
2. Add ports 1/1/1, 1/2/1 as tagged (1/1/1 is connected to the users on Device 1 and 1/2/1 is
connected to the router) to VLAN user_100:
device-name(config vlan)#config user_100
device-name(config-vlan user_100)#add ports 1/1/1,1/2/1 tagged
device-name(config-vlan user_100)#exit
4. Add ports 1/1/1, 1/2/1 as tagged (1/1/1 is connected to the users on Device 1 and 1/2/1
is connected to the router) to VLAN user_101:
device-name(config vlan)#config user_101
device-name(config-vlan user_101)#add ports 1/1/1,1/2/1 tagged
device-name(config-vlan user_101)#exit
Page 27
Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
6. Add ports 1/1/1, 1/2/1 as tagged (1/1/1 is connected to the users on Device 1 and 1/2/1
is connected to the router) to VLAN user_102:
device-name(config vlan)#config user_102
device-name(config-vlan user_102)#add ports 1/1/1,1/2/1 tagged
device-name(config-vlan user_102)#exit
8. Add ports 1/1/2, 1/2/1 as tagged (1/1/2 is connected to the users on Device 2 and 1/2/1 is
connected to the router) to VLAN user_200:
device-name(config vlan)#config user_200
device-name(config-vlan user_200)#add ports 1/1/2,1/2/1 tagged
device-name(config-vlan user_200)#exit
10. Add ports 1/1/2, 1/2/1 as tagged (1/1/2 is connected to the users on Device 2 and 1/2/1 is
connected to the router) to VLAN user_201:
device-name(config vlan)#config user_201
device-name(config-vlan user_201)#add ports 1/1/2,1/2/1 tagged
device-name(config-vlan user_201)#exit
12. Add ports 1/1/2, 1/2/1 as tagged (1/1/2 is connected to the users on Device 2 and 1/2/1 is
connected to the router) to VLAN user_202:
device-name(config vlan)#config user_202
device-name(config-vlan user_202)#add ports 1/1/2,1/2/1 tagged
device-name(config-vlan user_202)#exit
14. Add ports 1/2/3, 1/2/1 as tagged (1/2/3 is connected to the users on Device 3 and 1/2/1 is
connected to the router) to VLAN user_300:
device-name(config vlan)#config user_300
device-name(config-vlan user_300)#add ports 1/2/3,1/2/1 tagged
device-name(config-vlan user_300)#exit
16. Add ports 1/2/3, 1/2/1 as tagged (1/2/3 is connected to the users on Device 3 and 1/2/1 is
connected to the router) to VLAN user_301:
device-name(config vlan)#config user_301
device-name(config-vlan user_301)#add ports 1/2/3,1/2/1 tagged
device-name(config-vlan user_301)#exit
Page 28
Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
18. Add ports 1/2/3, 1/2/1 as tagged (1/2/3 is connected to the users on Device 3 and 1/2/1 is
connected to the router) to VLAN user_302:
device-name(config vlan)#config user_302
device-name(config-vlan user_302)#add ports 1/2/3,1/2/1 tagged
device-name(config-vlan user_302)#exit
Page 29
Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Page 30
Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
2. Remove management from VLANs 1, 3–4094 (only ports configured with VLAN ID 2 can
be use to manage the device):
device-name(config vlan)#no management 1,3-4094
4. Add port 1/1/2 as untagged to VLAN manage and add VLAN manage as PVID to port
1/1/2:
device-name(config vlan)#config manage
device-name(config-vlan manage)#add ports 1/1/2 untagged
device-name(config-vlan manage)#add ports default 1/1/2
device-name(config-vlan manage)#exit
Page 31
Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
6. Add port 1/2/3 as untagged to VLAN v100 and add VLAN v100 as PVID to port 1/2/3.
Add port 1/2/7 as tagged to VLAN v100:
device-name(config vlan)#config v100
device-name(config-vlan v100)#add ports 1/2/3 untagged
device-name(config-vlan v100)#add ports default 1/2/3
device-name(config-vlan v100)#add ports 1/2/7 tagged
device-name(config-vlan v100)#exit
8. Add port 1/2/4 as untagged to VLAN v101 and set VLAN v101 as PVID. Add port 1/2/7
as tagged to VLAN v101:
device-name(config vlan)#config v101
device-name(config-vlan v101)#add ports 1/2/4 untagged
device-name(config-vlan v101)#add ports default 1/2/4
device-name(config-vlan v101)#add ports 1/2/7 tagged
device-name(config-vlan v101)#exit
10. Add port 1/2/5 as untagged to VLAN v102 and set VLAN v102 as PVID. Add port 1/2/7 as
tagged to VLAN v102:
device-name(config vlan)#config v102
device-name(config-vlan v102)#add ports 1/2/5 untagged
device-name(config-vlan v102)#add ports default 1/2/5
device-name(config-vlan v102)#add ports 1/2/7 tagged
device-name(config-vlan v102)#exit
Page 32
Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Super VLANs
Overview
Super VLAN is a mechanism used to separate users which reside in the same VLAN into multiple
virtual broadcast domains.
With Super VLAN, systems administrators can use the same IPv4 subnet and default gateway IP
address for users residing in the same switched infrastructure. This helps in decreasing IPv4 address
consumption and the need for dedicated IP subnet for each VLAN.
VLANs that are members of a Super VLAN are called sub-VLANs. Each sub-VLAN is a
broadcast domain isolated at Layer 2. When users in different sub-VLANs need to communicate
with each other, they use the IP address of the virtual interface of the Super VLAN as the IP
address of the gateway. The virtual interface IP address is shared by multiple VLANs. This
minimizes the number of required IP addresses.
In case a sub VLAN needs to communicate with a sub VLAN in a different sub VLAN at Layer 3,
or in case a sub-VLAN communicates with other networks, you need to enable ARP proxy (for
more information, refer to the Device Administration chapter of this User Guide).
The below example illustrates the traffic flow in case Super VLAN is not configured: traffic
entering the user device port is not restricted to the uplink port; therefore, all the broadcast,
unknown, and multicast packets are spread over the entire device VLANs.
As oppose to the above, the below example illustrates the traffic flow in case Super VLAN is
configured: once switching decisions are done, the Super VLAN agent overrules these decisions
and directs the traffic to the Super VLAN uplink port.
Page 33
Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Page 34
Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-if UU1/SS1/PP1)#super-vlan {UU2/SS2/PP2 | ag0N}
device-name(config-if UU1/SS1/PP1)#no super-vlan
Argument Description
UU2/SS2/PP2 The Unit, slot, and port number of the uplink port.
ag0N The LAG interface name, where N represents the LAG ID number in the range of
<01–07>.
For detailed information, refer to the Configuring Interfaces chapter of this User
Guide.
Page 35
Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
NOTE
You can enable the Super VLAN for a ring topology only if the MSTP (Multiple
Spanning Tree Protocol) is enabled.
By default, the Super VLAN ring topology is disabled.
Command Syntax
device-name(config-if UU/SS/PP)#super-vlan ring-topology UU1/SS1/PP1
UU2/SS2/PP2 [vlan <vlan-id>]
device-name(config-if UU/SS/PP)#no super-vlan
Argument Description
UU1/SS1/PP1 The first ring-port of the Super VLAN.
UU2/SS2/PP2 The second ring-port of the Super VLAN.
vlan <vlan-id> (Optional) an existing VLAN ID in the range <2–4094>. When you
specify this argument, only the corresponding MSTP instance root
decision is taken. If you do not use this argument, the MSTP instance
zero root decision is taken.
no Removes Super VLAN from the configured user port.
Command Syntax
device-name#show super-vlan
Example
device-name#show super-vlan
===========================================================
User Interface | Super VLAN Type | Uplink
-----------------+-----------------+-----------------------
1/1/1 | regular | 1/2/2
1/2/2 | regular | 1/2/4
Page 36
Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Configuration Examples
Super VLAN Configuration Example
In the figure below three users are connected to one uplink port. The users can connect only to this
uplink port.
Page 37
Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Page 38
Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Configuring Device 1:
Configure static link aggregation on ports 1/1/1 and 1/1/2:
device-name#configure terminal
device-name(config)#interface 1/1/1
device-name(config-if 1/1/1)#link-aggregation static id 1
device-name(config-if 1/1/1)#interface 1/1/2
device-name(config-if 1/1/2)#link-aggregation static id 1
Page 39
Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Configuring Device 2:
1. Configure static link aggregation on ports 1/2/1 and 1/2/2:
device-name#configure terminal
device-name(config)#interface 1/2/1
device-name(config-if 1/2/1)#link-aggregation static id 7
device-name(config-if 1/2/1)#interface 1/2/2
device-name(config-if 1/2/2)#link-aggregation static id 7
2. Enable Super VLAN on ports 1/1/1 and 1/1/2 with uplink ag07:
device-name(config-if 1/2/2)#interface 1/1/1
device-name(config-if 1/1/1)#super-vlan ag07
device-name(config-if 1/1/1)#interface 1/1/2
device-name(config-if 1/1/2)#super-vlan ag07
device-name(config-if 1/1/2)#end
Page 40
Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Configuring Device 1
1. Configure Device 1 as MSTP Root and the bridge priority 0 for MST instance 0:
Device1#configure terminal
Device1(config)#protocol
Device1(cfg protocol)#mstp 0 priority 0
Device1(cfg protocol)#exit
Page 41
Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Configuring Device 2
1. Enable MSTP and MSTP fast ring:
Device2#configure terminal
Device2(config)#protocol
Device2(cfg protocol)#mstp enable
Device2(cfg protocol)#mstp fast-ring enable
Configuring Device 3
1. Enable MSTP and MSTP fast ring:
Device3#configure terminal
Device3(config)#protocol
Device3(cfg protocol)#mstp enable
Device3(cfg protocol)#mstp fast-ring enable
Device3(cfg protocol)#mstp fast-ring ring-ports 1/1/1 1/1/2
Page 42
Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Configuring Device 4
1. Enable MSTP and MSTP fast ring:
Device4#configure terminal
Device4(config)#protocol
Device4(cfg protocol)#mstp enable
Device4(cfg protocol)#mstp fast-ring enable
Device4(cfg protocol)#mstp fast-ring ring-ports 1/2/7 1/2/8
Device3(cfg protocol)#end
Page 43
Configuring VLANs and Super VLANs (Rev. 08)
T-Marc 300 Series User Guide
Supported Platforms
Features T-Marc 340 T-Marc 380
Virtual LANs + +
Super VLANs + +
Page 44
Configuring VLANs and Super VLANs (Rev. 08)
Configuring Transparent LAN Services (TLS)
Table of Figures ······················································································ 3
TLS Overview························································································· 4
802.1Q Tunneling ················································································ 4
Layer-2 Protocol Tunneling (L2PT) ···························································· 5
Page 1
Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
Example 1 ························································································27
Example 2 ························································································28
Page 2
Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
Table of Figures
Figure 1: 802.1Q Tunneling Configuration····················································· 4
Figure 2: TLS Configuration Flow ······························································ 7
Figure 3: TLS Interface Example ······························································27
Figure 4: TLS Tunneling Example ·····························································28
Page 3
Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
Overview
Deploying the Transparent LAN Services (TLS) requires network operators to transport a large
number of customers’ virtual LANs (VLANs) while keeping traffic secured in each VLAN. This
mechanism establishes Layer-2 tunnels inside the service provider network where traffic from
different customers is segregated and where it is marked with an appropriate tunnel name.
802.1Q Tunneling
802.1Q tunneling allows the deployment of secure TLS, using IEEE 802.1Q standard tags. The
main advantage of 802.1Q tunneling is that it enables service providers to use a separate VLAN
(service VLAN, S-VLAN) to support the customers who have multiple VLANs, while preserving
the customer VLAN IDs and keeping traffic in the different customer’s VLANs (C-VLAN)
segregated.
802.1Q tunneling expands the VLAN space by adding an additional 802.1Q tag (the tunnel ID) to
all previously-tagged packets when they enter the service provider infrastructure, as illustrated in
below figure.
The new frame contains the original C-VLAN tag and the new S-VLAN tag.
A port that is configured to support 802.1Q tunneling is called a tunnel port. When you configure
tunneling, you assign a tunnel port to a VLAN that you dedicate to tunneling. To keep the
customer traffic segregated, each customer requires a separate VLAN, but that one VLAN
supports all of the customer’s VLANs.
Page 4
Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
Three types of ports are defined in the network devices deployed by the service provider:
• Residential port—a port that is connected to a user and does not participate in the TLS. Packets
that are transmitted through this port have no added tag
• Access (SAP) ports—a port that is connected to a user. Packets that are transmitted through this
port have no added tag (see Configuring TLS Service Access Point (SAP))
• Core (SDP) port—a port that is connected to the service provider’s network. All packets that are
transmitted through this port are either control packets or packets with an additional tag. If the
packets arrive from an access (user) port the additional tag header will be added. If the packets
arrive from a residential port the additional tag header will not be added (see Configuring TLS
Service Distribution Paths (SDP))
When a access port (SAP) receives tagged customer traffic from an 802.1Q-port on the customer
device, it does not strip the received 802.1Q tag from the frame header; instead, the access port
(SAP) leaves the 802.1Q tag intact, adds a 2-byte EtherType field (0x8100) followed by a 2-byte
field containing the priority (CoS) and the VLAN (see Configuring the TLS EtherType Value).
An egress core port (SDP) strips the 2-byte EtherType field (0x8100) and the 2-byte length field
and transmits the traffic with the 802.1Q tag still intact to the customer device. The 802.1Q-port on
the customer device strips the 802.1Q tag and puts the traffic into the appropriate customer
VLAN.
Page 5
Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
Page 6
Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
Enable/disable
the Layer 2 Yes
Protocol
Tunneling
No Configure the
Yes
TLS tunnel
profile
Set the TLS Configure the TLS
EtherType Yes
tunnel profile
value
No
Specify the TLS
EtherType value
Configure
Create TLS service Custom MAC Yes
Address for
Tunneled
Packets
Create SDP
Define Tunnel MAC
Addresses for
Predefined Protocols
Create SAP No
End Enable
Tunneling of Yes
IEEE Control
Packets
Page 7
Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
The following table lists the command for configuring L2PT. The whole L2PT configuration is
optional.
NOTE
For the tls tunneled-ieee-pdu command to take effect, first enable TLS
tunneling globally by the tls tunneled-ieee-pdu enable command.
Page 8
Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
Command Description
tls tunneled-ieee-pdu Defines a multicast tunnel MAC address that rewrites the
HH:HH:HH:HH:HH:HH original multicast destination MAC address (see Defining
Tunnel MAC Addresses for Predefined Protocols )
tls tunneled-ieee-pdu add Defines a multicast tunnel MAC address that rewrites the
original multicast destination MAC address (Defining
Tunnel MAC Addresses for User-Defined Protocols)
tls tunneled-ieee-pdu Enables tunneling of IEEE control packets for SDP (see
(in SDP Service Configuration) Tunneling of Layer-2 Protocol PDUs for SDP)
tls tunneled-ieee-pdu Enables tunneling of IEEE control packets for SAP (see
(in SAP Service Configuration) Tunneling of Layer-2 Protocol PDUs for SAP)
show tls Displays the global TLS configuration (see Displaying the
TLS Configuration)
show tls tunneled-ieee-pdu Displays the L2PT encapsulation information (see
Displaying the L2PT Encapsulation Information)
show tls tunneled-ieee-pdu Displays the L2PT configuration information (see
service Displaying the L2PT Configuration Information)
show tls tunneled-ieee-pdu Displays Layer-2 protocol tunneling statistics (see
statistics Displaying Layer-2 Protocol Tunneling Statistics)
show tls tunnel-profile Displays the specified custom profile name (see
Displaying TLS Profile Names)
show tls-services Displays information about all currently configured TLS
services (see Displaying TLS Services)
Page 9
Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#tls SERVICE-NAME [<service ID>]
device-name(config)#no tls SERVICE-NAME
device-name(config)#no tls id <service ID>
Argument Description
SERVICE-NAME A unique alpha-numeric string service name. When defining the service
via SNMP, it generates dynamically
service ID (Optional) the unique service identifier, in the range <1–4294967295>
no Removes the defined TLS instance
Example
device-name(config)#tls serv 5
device-name(config-tls serv)
NOTE
Create the SDP VLAN and add ports as tagged to this VLAN before creating the
SDP, see Example 1.
Command Syntax
device-name(config-tls SERVICE-NAME)#sdp {UU/SS/PP | ag0N} s-vlan <SVLAN-ID>
[primary | secondary]
device-name(config-tls SERVICE-NAME)#sdp {UU/SS/PP | ag0N} s-vlan <SVLAN-ID>
[option]
device-name(config-tls-sdp UU/SS/PP:SVLAN-ID:)#
device-name(config-tls-sdp AG0N:SVLAN-ID:)#
device-name(config-tls SERVICE-NAME)#no sdp {UU/SS/PP | ag0N}
Page 10
Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
Argument Description
UU/SS/PP The SDP port. The SDP port has to be a tagged member of the S-
VLAN
ag0N The SDP aggregation port. N in the range <1–7>
s-vlan <SVLAN-ID> The SDP Service VLAN ID, in the range of <1–4094>
primary (Optional) SDP EPS primary
secondary (Optional) SDP EPS secondary
option (Optional) changes the mode to SDP Service Configuration mode (see
Example 2)
no Removes the defined SDP
For detailed information about EPS, refer to the ITU-T G.8031 Ethernet Protection Switching (EPS)
section of Operations, Administration and Maintenance (OAM) chapter.
Examples
1. Create the SDP VLAN and add ports as tagged to this VLAN before creating the SDP:
device-name#configure terminal
device-name(config)#vlan
device-name(config vlan)#create v5 5
device-name(config vlan)#config v5
device-name(config-vlan v5)#add ports 1/2/1 tagged
device-name(config-vlan v5)#exit
device-name(config vlan)#exit
device-name(config)#tls tunneled-ieee-pdu enable
device-name(config)#tls serv 5
device-name(config-tls serv)#sdp 1/2/1 s-vlan 5
device-name(config-tls serv)#
Page 11
Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-tls SERVICE-NAME)#sap UU/SS/PP {c-vlans <CVLAN-ID> | c-
vlans VLAN-LIST | c-vlan-wildcard 0xffff 0xffff | c-vlan-wildcard all}
[option | untagged]
Argument Description
UU/SS/PP The SAP port. The SAP port has to be an untagged member of the S-
VLAN. Default VLAN for SAP port is the S-VLAN
CVLAN-ID The SAP Customer VLAN ID, in the range of <1–4094>
VLAN-LIST The SAP Customer VLAN ID list (for example 2–4,8) defining the
number of SAPs
c-vlan-wildcard A group of Customer VLANs, identified by matching mask
0xffff 0xffff
c-vlan-wildcard Tunnels the tagged traffic only
all
option (Optional) changes the mode to SAP Service Configuration mode (see
Example 2)
untagged (Optional) tunnels untagged traffic only
no Removes the defined SAP
Examples
1. Configure SAP:
device-name(config-tls serv)#sap 1/1/1 c-vlan-wildcard all
device-name(config-tls serv)#sap 1/2/2 c-vlans 4,7-9
device-name(config-tls serv)#sap 1/2/3 c-vlans 5 untagged
Page 12
Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
Configuring TLS
The tls command enables/disables the TLS.
Command Syntax
device-name(config)#tls {enable | disable}
Argument Description
enable Enables TLS
disable Disables TLS
Command Syntax
device-name(config)#tls ethertype <number>
Argument Description
number Hexadecimal VLAN EtherType value (for example 0x9000)
NOTE
For the tls uplink command to take effect, first enable TLS by using the tls
enable command.
Page 13
Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
NOTE
For TLS to be successfully enabled on an uplink, which is a port aggregation (LAG),
the tls uplink command should be executed in Interface LAG Configuration
mode. Enabling TLS on a single port of the LAG will have no effect on the
aggregation.
By default, all ports are residential.
Command Syntax
device-name(config-if UU/SS/PP)#[no] tls uplink
device-name(config-if AG0N)#[no] tls uplink
device-name(config-if-group)#[no] tls uplink
device-name(config-ag-group)#[no] tls uplink
Argument Description
no Configures the selected port or link aggregation to a residential port/group of ports
Command Syntax
device-name(config-if UU/SS/PP)#[no] tls user
device-name(config-if AG0N)#[no] tls user
device-name(config-if-group)#[no] tls user
device-name(config-ag-group)#[no] tls user
Argument Description
no Configures the selected port or link aggregation to a residential port/group of ports
Page 14
Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-tls SERVICE-NAME)#management c-vlan <CVLAN-ID>
Argument Description
CVLAN-ID The C-VLAN ID, in the range of <1–4094> (CVLAN-ID)
Command Syntax
device-name(config)#tls tunneled-ieee-pdu {enable | disable}
Page 15
Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
Argument Description
enable Enables the Layer-2 protocol tunneling
disable Disables the Layer-2 protocol tunneling
NOTE
Use this command in a Specific TLS Tunnel Profile Configuration mode to switch to
the Configuration mode of another TLS tunnel profile; see Example.
Command Syntax
device-name(config)#tls tunnel-profile TLS-PROFILE-NAME
device-name(tls-profile TLS-PROFILE-NAME)#
Argument Description
TLS-PROFILE-NAME The TLS profile name
Example
device-name(config)#tls tunnel-profile system
device-name(tls-profile system)#tls tunnel-profile p5
device-name(tls-profile p5)#tls tunnel stp
Command Syntax
device-name(tls-profile PROFILE-NAME)#tls {tunnel | discard} {all-brs | other
| dot1x | efm-oam | e-lmi | garp | lacp | lldp | pvst | pb-stp | stp}
Page 16
Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
Argument Description
tunnel Specifies one of the allowed Layer-2 Protocol PDUs to be tunneled
discard Specifies one of the allowed Layer-2 Protocol PDUs to be discarded
all-brs Specifies that the PDUs intended for the MAC address that is reserved
for the exclusive use by the All Bridges are tunneled
other Specifies that the PDUs intended for the MAC addresses from the bridge
block but are not PDUs of any of the specified protocols are tunneled
dot1x IEEE 802.1x standard
efm-oam Ethernet in the First Mile-Operations, Administration and Maintenance
standard
e-lmi Enhanced Local Management Interface
garp Generic Attribute Registration Protocol
lacp Link Aggregation Protocol
lldp Link Layer Discovery Protocol
pvst Per-VLAN Spanning Tree (PVST) maintains a spanning tree instance for
each VLAN configured in the network. Since PVST treats each VLAN as
a separate network, it has the ability to load balance traffic (at layer-2) by
forwarding some VLANs on one link and other VLANs on another link
without causing a spanning tree loop.
pb-stp Provider Bridge Spanning Tree Protocol
stp Spanning Tree Protocol
Command Syntax
device-name(config)#tls tunneled-ieee-pdu {all-brs | other | dot1x | efm-oam |
e-lmi | garp | lacp | lldp | pvst | pb-stp | stp} HH:HH:HH:HH:HH:HH
Page 17
Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
Argument Description
all-brs Specifies that PDUs intended for the MAC address that is reserved for
the exclusive use by the All Bridges are tunneled
other Specifies that PDUs intended for the MAC addresses from the bridge
block but are not PDUs of any of the specified protocols are tunneled
dot1x IEEE 802.1x standard
efm-oam Ethernet in the First Mile-Operations, Administration and Maintenance
standard
e-lmi Enhanced Local Management Interface
garp Generic Attribute Registration Protocol
lacp Link Aggregation Protocol
lldp Link Layer Discovery Protocol
pvst Per-VLAN Spanning Tree (PVST) maintains a spanning tree instance
for each VLAN configured in the network. Since PVST treats each
VLAN as a separate network, it has the ability to load balance traffic
(at layer-2) by forwarding some VLANs on one link and other VLANs
on another link without causing a spanning tree loop.
pb-stp Provider Bridge Spanning Tree Protocol
stp Spanning Tree Protocol
HH:HH:HH:HH:HH:HH Multicast tunnel MAC address, in hexadecimal format
Refer to Table 6 for default multicast tunnel MAC addresses
NOTE
If you do not specify a MAC address, the default
replacement MAC address for each of the specified
protocols is used.
xSTP 01-A0-12-FF-FF-00
LACP/LAMP 01-A0-12-FF-FF-02
Link OAM (802.3ah) 01-A0-12-FF-FF-02
Port Authentication (802.1x) 01-A0-12-FF-FF-03
E-LMI 01-A0-12-FF-FF-07
LLDP (802.1AB) 01-A0-12-FF-FF-0E
Bridge block of protocols 01-A0-12-FF-FF-0X
NOTE
X denotes a random digit from 0 to F. When it
is found in the original MAC, is preserved in
the replacement MAC.
All Bridges 01-A0-12-FF-FF-10
Page 18
Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
NOTE
X denotes a random digit from 0 to F. When it
is found in the original MAC, is preserved in
the replacement MAC.
Provider bridge STP 01-A0-12-FF-FF-08
PVST 01-A0-12-CC-CC-CD
When you configure the destination MAC address for encapsulated PDUs, you must leave the last
byte of the MAC address for protocols Bridge block of protocols and GARP Block of protocols as default
values:
• 00—for Bridge block of protocols
• 20—for GARP Block of protocols
Command Syntax
device-name(config)#tls tunneled-ieee-pdu add L2TUN-PROTOCOL-NAME
ORIGINAL_HH:HH:HH:HH:HH:HH [TUNNEL_HH:HH:HH:HH:HH:HH] [ETHERTYPE]
device-name(config)#no tls tunneled-ieee-pdu L2TUN-PROTOCOL-NAME
Argument Description
L2TUN-PROTOCOL-NAME A text string of <1–16> characters
ORIGINAL_HH:HH:HH:HH:HH:HH Original multicast destination MAC address of the specified
protocol
TUNNEL_HH:HH:HH:HH:HH:HH (Optional) multicast tunnel MAC address used for the
replacement
ETHERTYPE (Optional) indicates which protocol is encapsulated in the
payload of the Ethernet frame
no Restores the original multicast destination MAC address
Page 19
Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-tls-sdp UU/SS/PP:SVLAN-ID:)#tls tunneled-ieee-pdu [discard-
all | tunnel-all | tunnel-bpdu | TLS-PROFILE-NAME]
device-name(config-tls-sdp UU/SS/PP:SVLAN-ID:)#no tls tunneled-ieee-pdu
Argument Description
discard-all (Optional) specifies a policy of discarding only Layer-2 protocol PDUs
tunnel-all (Optional) specifies a policy of tunneling only Layer-2 protocol PDUs
tunnel-bpdu (Optional) specifies a policy of tunneling only xSTP packets. When the
tunneling of xSTP protocols is enabled, it allows tunneling BPDUs
between the TLS access (user) ports over the TLS core (uplink) ports.
The tunneling is done for packets with Multicast DA of 01-80-c2-00-00-
00 (STP).
TLS-PROFILE-NAME (Optional) specifies the custom profile name used to define the tunneling
policy on the specified SDP
no Disables tunneling of IEEE Control packets
Example
device-name(config-tls-sdp 1/1/1:4:)#tls tunneled-ieee-pdu tunnel-bpdu
Page 20
Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
NOTE
In SAP Service Configuration mode also exist:
the apply-qos-service-policy command. For more information, refer to the
Applying the Service Policy on a SAP section of the Configuring Quality of
Service (QoS) chapter.
the mac access-group and ip access-group commands. For more
information, refer to the Configuring Access Control Lists (ACLs) chapter.
the event-propagation profile command. For more information, refer to
the Applying a Profile to a SAP or a Port section of the Operations,
Administration & Maintenance (OAM) chapter.
By default, TLS tunneling is disabled. When TLS tunneling is enabled on a TLS service, the default
policy is Discard-all.
Command Syntax
device-name(config-tls-sap UU/SS/PP:CVLAN-ID:)#tls tunneled-ieee-pdu [discard-
all | tunnel-all | tunnel-bpdu | TLS-PROFILE-NAME]
device-name(config-tls-sap UU/SS/PP:CVLAN-ID:)#no tls tunneled-ieee-pdu
Argument Description
discard-all (Optional) specifies a policy of discarding only Layer-2 protocol PDUs
tunnel-all (Optional) specifies a policy of tunneling only Layer-2 protocol PDUs
tunnel-bpdu (Optional) specifies a policy of tunneling only xSTP packets. When the
tunneling of xSTP protocols is enabled, it allows tunneling the BPDUs
between the TLS access (user) ports over the TLS core (uplink) ports.
The tunneling is done for packets with Multicast DA of 01-80-c2-00-00-
00 (STP).
TLS-PROFILE-NAME (Optional) specifies the custom profile name used to define the
tunneling policy on the specified SAP
no Disables tunneling of IEEE Control packets
Example
device-name(config-tls-sap 1/1/1:5:)#tls tunneled-ieee-pdu tunnel-all
Page 21
Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
Command Syntax
device-name#show tls
Example
device-name#show tls
TLS is enabled
TLS EtherType 0x8100
==============================+
|Interface |Mode |
-------------+----------------+
|1/2/1 | User |
|1/3/1 | Uplink |
|AG01 | Residential |
|AG02 | Residential |
|AG03 | Residential |
|AG04 | Residential |
|AG05 | Residential |
|AG06 | Residential |
|AG07 | Residential |
Command Syntax
device-name#show tls tunneled-ieee-pdu
Page 22
Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
Example
device-name#show tls tunneled-ieee-pdu
+-----------------+------------------+------------------+----------+
|Protocol |Protocol MAC |Encapsulation MAC |EtherType |
+-----------------+------------------+------------------+----------+
|stp |01:80:c2:00:00:00 |01:a0:12:ff:ff:00 |N/A |
|lacp |01:80:c2:00:00:02 |01:a0:12:ff:ff:02 |0x8809 |
|efm-oam |01:80:c2:00:00:02 |01:a0:12:ff:ff:02 |0x8809 |
|dot1x |01:80:c2:00:00:03 |01:a0:12:ff:ff:03 |N/A |
|e-lmi |01:80:c2:00:00:07 |01:a0:12:ff:ff:07 |N/A |
|lldp |01:80:c2:00:00:0e |01:a0:12:ff:ff:0e |N/A |
|other |01:80:c2:00:00:0X |01:a0:12:ff:ff:0X |N/A |
|all-brs |01:80:c2:00:00:10 |01:a0:12:ff:ff:10 |N/A |
|garp |01:80:c2:00:00:2X |01:a0:12:ff:ff:2X |N/A |
|pb-stp |01:80:c2:00:00:08 |01:a0:12:ff:ff:08 |N/A |
|pvst |01:00:0c:cc:cc:cd |01:a0:12:cc:cc:cd |N/A |
|protocol_name |01:80:c2:00:00:02 |01:a0:12:ff:ff:02 |0x9530 |
+-----------------+------------------+------------------+----------+
Command Syntax
device-name#show tls tunneled-ieee-pdu service <service ID> {sap SAPSTRING |
sdp SDPSTRING}
Argument Description
service ID The unique service identifier, in the range of <1–4294967295>
sap SAPSTRING The SAPSTRING has the form UU/SS/PP:CVLANID:
The C-VLAN ID is in the range of <1–4094>.
sdp SDPSTRING The SDPSTRING has the forms:
• UU/SS/PP:SVLANID:—use it if you configured the SDP on a port
• ag0N:SVLANID:—use it if you configured the SDP on a link
aggregation
The S-VLAN ID is in the range of <1–4094>
Page 23
Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
Example
device-name(config)#tls serv 5
device-name(config-tls serv)#sdp 1/2/1 s-vlan 5
device-name(config-tls serv)#sdp 1/2/1 s-vlan 5 option
device-name(config-tls-sdp 1/2/1:5:)#tls tunneled-ieee-pdu tunnel-bpdu
device-name(config-tls-sdp 1/2/1:5:)#end
device-name#show tls tunneled-ieee-pdu service 5 sdp 1/2/1:5:
+--------------------------------+--------------------------------+
|Vi Id |Profile Applied |
+--------------------------------+--------------------------------+
|1/2/1:5: |tunnel-bpdu |
Command Syntax
device-name#show tls tunneled-ieee-pdu statistics
Example
device-name#show tls tunneled-ieee-pdu statistics
+--------------------------------------------------------------------------+
| SVC_ID|SAP/SDP_STRING|PROTO_NAME| ACTION| RX| TX|
+--------------------------------------------------------------------------+
| 7268| 1/1/2:5| stp| tunnel| 0| 0|
| 7268| 1/1/2:5| lacp|discard| 0| 0|
| 7268| 1/1/2:5| efm-oam|discard| 0| 0|
| 7268| 1/1/2:5| dot1x|discard| 0| 0|
| 7268| 1/1/2:5| e-lmi|discard| 0| 0|
| 7268| 1/1/2:5| lldp|discard| 0| 0|
| 7268| 1/1/2:5| other|discard| 0| 0|
| 7268| 1/1/2:5| all-brs|discard| 0| 0|
| 7268| 1/1/2:5| garp|discard| 0| 0|
| 7268| 1/1/2:5| pb-stp|discard| 0| 0|
| 7268| 1/1/2:5| pvst|discard| 0| 0|
+--------------------------------------------------------------------------+
Page 24
Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
Command Syntax
device-name#show tls tunnel-profile [TLS-PROFILE-NAME]
Argument Description
TLS-PROFILE-NAME (Optional) displays the specified custom profile name used to define
the tunneling policy on a specified port
Example
device-name#show tls tunnel-profile
ProfileName: my_tunnel
+-----------------+-----------+
|Protocol |Action |
+-----------------+-----------+
|stp |tunnel |
|lacp |tunnel |
|efm-oam |discard |
|dot1x |discard |
|e-lmi |discard |
|lldp |discard |
|other |discard |
|all-brs |tunnel |
|garp |discard |
|pb-stp |discard |
|pvst |discard |
+-----------------+-----------+
ProfileName: lacp_tunnel
+-----------------+-----------+
|Protocol |Action |
+-----------------+-----------+
|stp |discard |
|lacp |tunnel |
|efm-oam |discard |
|dot1x |discard |
|e-lmi |discard |
|lldp |discard |
|other |discard |
|all-brs |discard |
|garp |discard |
|pb-stp |discard |
Page 25
Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
|pvst |discard |
+-----------------+-----------+
Command Syntax
device-name#show tls-services
device-name(config-tls SERVICE-NAME)#show tls-services
Example
device-name#show tls-services
+---------+--------------------------------+------+-----+-----+
| Idx | Service Name |S-VLAN|Encap|State|
+---------+--------------------------------+------+-----+-----+
|00007615 |test | 0002 |QinQ |Up |
Page 26
Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
1. Enable TLS:
device-name#configure terminal
device-name(config)#tls enable
4. Add the TLS core (uplink) port as a tagged member to VLAN 10. Also add access (user) port
as an untagged member to that VLAN.
device-name(config)#vlan
device-name(config vlan)#create v10 10
device-name(config vlan)#config v10
device-name(config-vlan v10)#add ports 1/2/1 tagged
device-name(config-vlan v10)#add ports 1/2/8 untagged
device-name(config-vlan v10)#add ports default 1/2/8
device-name(config-vlan v10)#end
Page 27
Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
+===========+================+
| Interface | Mode |
+-----------+----------------+
| 1/2/1 | uplink |
| 1/2/8 | user |
|AG01 | Residential |
…
|AG07 | Residential |
Example 2
Figure 4 shows an example of a TLS tunneling configuration.
1. Create the VLAN vl5 with ID 5 and add to it the 1/2/1 port (SDP port) as tagged and 1/2/2
port (SAP port) as untagged:
device-name#configure terminal
device-name(config)#vlan
device-name(config vlan)#create v5 5
device-name(config vlan)#config v5
device-name(config-vlan v5)#add ports 1/2/1 tagged
device-name(config-vlan v5)#add ports 1/2/2 untagged
device-name(config-vlan v5)#add ports default 1/2/2
device-name(config-vlan v5)#exit
device-name(config vlan)#exit
3. Define SDP:
device-name(config-tls serv)#sdp 1/2/1 s-vlan 5
device-name(config-tls serv)#sdp 1/2/1 s-vlan 5 option
device-name(config-tls-sdp 1/2/1:5:)#tls tunneled-ieee-pdu tunnel-bpdu
device-name(config-tls-sdp 1/2/1:5:)#exit
Page 28
Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
Page 29
Configuring Transparent LAN Services (TLS) (Rev. 10)
T-Marc 300 Series User Guide
Supported Platforms
Feature T-Marc 340 T-Marc 380
Page 30
Configuring Transparent LAN Services (TLS) (Rev. 10)
Configuring Spanning Tree Protocol (STP)
Table of Figures ······················································································ 3
Overview ······························································································· 4
Architecture ··························································································· 4
Page 1
Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series User Guide
Page 2
Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series User Guide
Table of Figures
Figure 1: The Spanning Tree Port States ······················································· 7
Figure 2: Topology Change ······································································ 8
Figure 3: Topology Change with TC Message ················································· 9
Figure 4: BPDU Age Parameter ································································10
Figure 5: Calculating the Diameter ·····························································11
Figure 6: Spanning Tree IGMP Configuration················································13
Figure 7: Spanning Tree IGMP Fast Recovery Configuration ······························14
Figure 8: STP Configuration Flow ·····························································16
Figure 9: Spanning Tree Configuration Example·············································34
Page 3
Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Overview
Spanning Tree Protocol (STP, IEEE 802.1d) is a Layer 2 protocol that provides path redundancy,
ensuring a loop-free topology for bridged LANs.
Using this protocol, a network can include redundant links that provide automatic backup paths in
case of an active link failure. It controls the links, leaving only a single active path between any two
network nodes.
Architecture
The STP algorithm calculates each path cost throughout all the devices within the network’s
spanning tree, remaining the paths with the lower cost as active paths and blocking others. It
activates the blocked paths in case the active link fails or if the path cost changes.
Page 4
Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Page 5
Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Blocking The port does not forward frames. It moves to this state after the initialization
phase, when a different device/port was elected as Root.
If there is only one device in the network, no exchange occurs, the forward-
delay timer expires, and the ports move to Listening state.
A port in blocking state:
• discards frames
• discards frames switched from another port for forwarding
• does not learn MAC addresses
• receives BPDUs
A Blocking port can enter Listening or Disabled states.
Listening This is the first state a Blocking port transitions to when STP determines that
the port should participate in frame forwarding. The device processes
BPDUs and waits for possible new information that might cause it to return to
the Blocking state.
A port in Listening state performs the same steps as Blocking state.
From this state the port can enter Learning or Disabled states.
Page 6
Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Learning This is the second state the port enters when preparing to participate in
frame-forwarding.
The port does not yet forward frames. However it learns source addresses
from received frames, adding them to the filtering database.
A port in Learning state:
• discards frames
• discards frames switched from another port for forwarding
• learns MAC addresses
• receives BPDUs
From this state the port can enter Forwarding or Disabled states.
Forwarding The port forwards frames. The device processes BPDUs and waits for
possible new information that might cause it to return to Blocking state to
prevent a loop.
A port in Forwarding state:
• receives and forwards frames
• forwards frames switched from other ports
• learns MAC addresses
• receives BPDUs
From this state the port can enter Disabled state.
Disabled A port in this state does not participate in frame forwarding and spanning
tree.
The port performs the same steps as Blocking state, except it does not
receive BPDUs.
The following figure illustrates how a port moves through the above states.
Page 7
Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
After a topology change the new data path becomes Device A→Device D→Device C.
During the topology-change period, devices C and D are not aware of the topology change. During
this period frames sent from Computer 1 are forwarded to Device B and there is no connection
between the Computer 1 and Computer 2 until the address table ages out.
To avoid connection loss caused by a topology change, STP implements a mechanism called
Topology Change Notification (TCN). This mechanism flushes the devices’ MAC addresses upon a
topology change.
Page 8
Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Hello timer The interval between two consecutive BPDUs a device sends to other
devices.
Forward-delay timer The time a port is in Listening and Learning states before the port begins
forwarding.
Maximum-age timer The time the device stores protocol information received on a port.
(MaxAge)
Message Age How far a device is from the Root when it receives a BDPU
Page 9
Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Message Age
The message age value of all BPDUs the Root sends are zero. Each subsequent device increments
the message age value by one, as illustrated in the below figure:
After receiving a new BPDU equal to or greater than the recorded information on the port, all
BPDU information is stored, and the age timer begins to run, starting at the message age. If this age
timer reaches MaxAge before receiving another BPDU, the information ages out for that port.
For example, in the above figure:
• Device B and C receive a BPDU from Device A with message age value zero. On the port
going to Device A, it takes MaxAge seconds before the information ages out.
• Device D and E receive a BPDU from Device B with message age value one. On the port
going to Device A, it takes MaxAge-1 seconds before the information ages out.
• Device F receives a BPDU from Device E with message age value two. On the port going to
Device E, it takes MaxAge-2 seconds before the information ages out.
Page 10
Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Based on the above formulas, lowering the hello-timer value decreases the other STP parameters.
However, it doubles the amount of BPDUs sent/received by each bridge, causing additional load
on the CPU.
Page 11
Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Page 12
Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
2. The Multicast Router sends an IGMP query to the clients for their multicast group
memberships.
3. The client(s) reply with IGMP Reports. The traffic flows from the Multicast Router, through
Device D and Device A, to Device C. All ports between the devices and the Multicast Router
are mrouter ports. Device C’s mrouter port that links to Device B is blocked. If a topology
change occurs and the link between Device C and Device A goes down, the Device C’s
blocked port transitions into Forwarding state.
4. If you configure IGMP Fast Recovery on Device C, the device reacts to the topology change
by sending an IGMP General Query to all its non-mrouter ports.
Page 13
Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
5. The client(s) respond to the General IGMP Query with an IGMP report.
6. Device C forwards the IGMP report to its mrouter ports and the report is then sent to the
Multicast Router through Device B and Device D.
7. Client(s) traffic connected to Device C is transmitted through Device B instead of Device A,
as shown on the figure below.
Page 14
Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Page 15
Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Enable STP
End
Page 16
Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Page 17
Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
debug stp Enables the debugging STP information (see Enabling STP
Debug Information)
show debug stp Displays the STP debug status (see Displaying the STP
Debug Status)
Page 18
Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Enabling/Disabling STP
The spanning-tree command enables/disables STP on the device.
Command Syntax
device-name(cfg protocol)#spanning-tree [enable | disable]
device-name(cfg protocol)#no spanning-tree
Argument Description
enable (Optional) enables STP, the device becoming a node in the tree
disable (Optional) disables STP
no Restores to default
Command Syntax
device-name(config-if UU/SS/PP)#spanning-tree [enable | disable | all]
device-name(config-if-group)#spanning-tree [enable | disable]
Argument Description
enable (Optional) enables STP on the specified port
disable (Optional) disables STP on the specified port
all (Optional) enables STP on all ports
Page 19
Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Command Syntax
device-name(cfg protocol)#spanning-tree priority <bridge-priority>
device-name(cfg protocol)#no spanning-tree priority
Argument Description
bridge-priority The bridge priority, in the range of <0–65535>. The bridge with the highest
bridge priority (the lowest numerical priority value) is selected as Root
device
no Restores to default
Command Syntax
device-name(config-if UU/SS/PP)#spanning-tree priority <priority>
device-name(config-if UU/SS/PP)#no spanning-tree priority
Argument Description
priority The port STP priority, in the range of <0–240>. This value is a multiple of 16.
Assign lower values (higher priorities) to preferred ports.
If all the ports have the same priority value, STP selects the port with the lowest
number in Forwarding state and blocks other ports.
no Restores to default
Page 20
Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Command Syntax
device-name(cfg protocol)#spanning-tree hello-time <hello-time>
device-name(cfg protocol)#no spanning-tree hello-time
Argument Description
hello-time The interval between transmitting BPDUs, in the range of <1–9> seconds.
This value must be less than MaxAge/2-1 (refer to the Defining the Maximum
Aging Timer section).
no Configures the hello-time interval to its default value.
Command Syntax
device-name(cfg protocol)#spanning-tree max-age <max-age>
device-name(cfg protocol)#no spanning-tree max-age
Argument Description
max-age The maximum aging time, in the range of <6–28> seconds.
The MaxAge value must be greater than 2*(hello-time+1) and less than 2*(forward-
delay-1).
no Restores to default
Page 21
Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
NOTE
The forward-delay value must be greater than MaxAge/2+1.
Command Syntax
device-name(cfg protocol)#spanning-tree forward-delay <forward-delay>
device-name(cfg protocol)#no spanning-tree forward-delay
Argument Description
forward-delay The interval before transitioning from Listening and Learning states to
Forwarding State, in the range of <11–30> seconds.
This value must be greater than MaxAge/2+1.
When a topology change is underway and is detected, use this parameter to
age all dynamic entries in the Forwarding database.
no Restores to default
Command Syntax
device-name(config-if UU/SS/PP)#spanning-tree path-cost <path-cost>
device-name(config-if UU/SS/PP)#no spanning-tree path-cost
Argument Description
path-cost The path cost value, in the range of <1–200000000>.
Assign lower cost values to ports that you want to select first. If all ports have
the same cost value, STP selects the port with the lowest number in
Forwarding state and blocks other ports.
no Restores to default
Page 22
Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Command Syntax
device-name(config-if UU/SS/PP)#spanning-tree detect-tc
device-name(config-if UU/SS/PP)#no spanning-tree detect-tc
device-name(config-if-group)#spanning-tree detect-tc
device-name(config-if-group)#no spanning-tree detect-tc
Argument Description
no Disables topology change detection on specified ports, preventing the switch from
detecting and propagating topology changes on the specified port/s.
Command Syntax
device-name(cfg protocol)#spanning-tree line-error-detect {enable | disable}
Argument Description
enable Enables line error detection
disable Disables line error detection
Page 23
Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Command Syntax
device-name(cfg protocol)#spanning-tree line-flapping-detect {enable | disable}
Argument Description
enable Enables line flapping detection
disable Disables line flapping detection
Command Syntax
device-name(config-if UU/SS/PP)#spanning-tree bpdu-rx {discard | disable-port
| standard}
device-name(config-if-group)#spanning-tree bpdu-rx {discard | disable-port |
standard}
Argument Description
discard The device drops received BPDUs (ignores the BPDU information)
disable-port Receiving a BPDU disables the port
standard BPDUs are processed according to standard STP mechanisms (default)
Page 24
Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Command Syntax
device-name(config-if UU/SS/PP)#spanning-tree detect-bpdu-loss {enable |
disable}
device-name(config-if-group)#spanning-tree detect-bpdu-loss {enable | disable}
Argument Description
enable Enables BPDU loss detection (Loop Guard is disabled).
disable Disables BPDU loss detection (Enables Loop Guard on the port).
This parameter does not change the port’s state, if the port is not a
Designated port, even if the port stops receiving BPDUs from its peer port.
Disables Loop Guard on the specified port: the port state does not change,
even if stops receiving BPDUs.
Command Syntax
device-name(config-if UU/SS/PP)#spanning-tree restrict-root {enable |
disable}
device-name(config-if-group)#spanning-tree restrict-root {enable | disable}
Argument Description
enable Enables root restriction on the specified port (the port is not selected as Root
port)
disable Disables root restriction
Page 25
Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Command Syntax
device-name(cfg protocol)#spanning-tree destination {customer | provider}
Argument Description
customer Customer mode 802.1D compliant
provider Provider mode 802.1ad compliant
Command Syntax
device-name(config-if UU/SS/PP)#spanning-tree defaults
device-name(config-if-group)#spanning-tree defaults
Command Syntax
device-name(cfg protocol)#spanning-tree igmp-fast-recovery {enable | disable |
vlan VLAN-LIST ports PORT-LIST}
device-name(cfg protocol)#no spanning-tree igmp-fast-recovery vlan VLAN-LIST
ports PORT-LIST
Page 26
Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Argument Description
enable Globally enables the fast recovery
disable Globally disables the fast recovery
Disabled
vlan VLAN-LIST A list of VLAN IDs, in the range of <1–4094>, in the below format:
• A hyphenated range of VLANs (for example: 8–32)
• Several VLAN numbers and/or ranges, separated by commas (for
example: 2,4,8–32)
ports PORT-LIST Specifies one or more port numbers. Use commas as separators and
hyphens to indicate sub-ranges (for example: 1/1/1, 1/2/1–1/2/8)
no Disables the fast recovery on specified VLAN and port lists.
NOTE
You can also display the current STP configuration using the show spanning-tree
command.
Command Syntax
device-name(cfg protocol)#spanning-tree
Example
device-name(cfg protocol)#spanning-tree
Spanning tree enabled
ProtocolSpecification = ieee8021d
Priority = 32768
TimeSinceTopologyChange = 372 (Sec)
TopChanges = 3
DesignatedRoot = This bridge is the root
MaxAge = 20 (Sec)
HelloTime = 2 (Sec)
ForwardDelay = 15 (Sec)
HoldTime = 1 (Sec)
BridgeMaxAge = 20 (Sec)
BridgeHelloTime = 2 (Sec)
BridgeForwardDelay = 15 (Sec)
DetectLineCRCReconfig = disabled
DetectLineFlapping = disabled
SpanIgmpFastRecovery = disabled
Page 27
Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Page 28
Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Command Syntax
device-name(cfg protocol)#spanning-tree interface UU/SS/PP
device-name(config-if UU/SS/PP)#
device-name#show spanning-tree
Argument Description
UU/SS/PP The port number, in a unit, slot, and port number format
all Displays the STP settings for all ports
Example 1
Display the STP settings for port 1/1/1:
device-name(cfg protocol)#spanning-tree interface 1/1/1
PortPriority = 128
PortState = disabled
PortEnable = disabled
PortPathCost = 10
DesignatedRoot = 08192.00:A0:12:00:00:03
DesignatedCost = 19
DesignatedBridge = 32768.00:A0:12:11:29:82
DesignatedPort = 128.1
FrwrdTransitions = 0
TopChangeDetection = Enabled
Example 2
Display the STP topology for all ports:
device-name(cfg protocol)#spanning-tree interface all
========================================================================
Port |Pri|State|PCost| DCost |Designated bridge |DPrt |FwrdT|DtctTc
--------+---+-----+-----+-------+------------------+------+-----+-------
01/02/01 128 listn 19 19 32768.00A012000003 128.01 2 Disabled
01/02/02 128 block 19 0 32768.000002030405 128.63 0 Enabled
01/02/03 128 listn 19 0 32768.000002030405 128.62 2 Enabled
Page 29
Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Example 3
Display the STP settings and topology for all ports:
device-name#show spanning-tree
Spanning tree enabled
ProtocolSpecification = ieee8021d
Priority = 32768
TimeSinceTopologyChange = 0 (Sec)
TopChanges = 0
DesignatedRoot = This bridge is the root
MaxAge = 20 (Sec)
HelloTime = 2 (Sec)
ForwardDelay = 15 (Sec)
HoldTime = 1 (Sec)
BridgeMaxAge = 20 (Sec)
BridgeHelloTime = 2 (Sec)
BridgeForwardDelay = 15 (Sec)
DetectLineCRCReconfig = disabled
DetectLineFlapping = disabled
SpanIgmpFastRecovery = disabled
Port |Pri|State|PCost | DCost |Designated bridge |DPrt |FwrdT|DtctTc
--------+---+-----+------+-------------+------------------+------+-----+--------
01/02/01 128 listn 19 19 32768.00A012000003 128.02 2 Disabled
01/02/02 128 block 19 0 32768.000002030405 128.03 0 Enabled
01/02/03 128 listn 19 0 32768.000002030405 128.04 2 Enabled
Page 30
Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Parameter Description
Parameter Description
Page 31
Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Command Syntax
device-name#show spanning-tree interface UU/SS/PP
Example 1
Display the STP topology when the bridge is not the root bridge:
device-name#show spanning-tree interface 1/1/1
PortPriority = 128
PortState = disabled
PortEnable = disabled
PortPathCost = 10
DesignatedRoot = 08192.00:A0:12:00:00:03
DesignatedCost = 19
DesignatedBridge = 32768.00:A0:12:11:29:82
DesignatedPort = 128.1
FrwrdTransitions = 0
TopChangeDetection = Enabled
Example 2
Display the STP topology when the bridge is the root bridge:
device-name#show spanning-tree interface 1/1/1
PortPriority = 128
PortState = disabled
PortEnable = disabled
PortPathCost = 10
DesignatedRoot = This bridge is the root
DesignatedCost = 0
DesignatedBridge = This bridge
DesignatedPort = 128.1
FrwrdTransitions = 0
TopChangeDetection = Enabled
Page 32
Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Command Syntax
device-name#debug stp {all | flush | tc | tcn}
device-name#no debug stp {all | flush | tc | tcn}
Argument Description
all Activates all STP debug options
flush Activates MAC address table flush debugging
tc Activates debugging when the device receives or transmits BPDUs with topology
changes
tcn Activates debugging when the device receives TCNs or transmits BPDUs with
topology change acknowledgment
no Disables the debug information display
Command Syntax
device-name#show debug stp
Example
device-name#show debug stp
STP debugging status:
STP debug TNC is on
STP debug flush is on
STP debug TC is on
Page 33
Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Configuring Device A:
1. Enable STP:
DeviceA#configure terminal
DeviceA(config)#protocol
DeviceA(cfg protocol)#spanning-tree enable
2. Set the STP bridge priority to 4096, to make Device A the Bridge Root.
DeviceA(cfg protocol)#spanning-tree priority 4096
3. Set the STP MaxAge timer to 10. Calculate the timer according to the following formula:
Max_age = (4 x hello) + (2 x dia) - 2, when the hello-time is 2 and the diameter is 2 (based on
the figure above):
DeviceA(cfg protocol)#spanning-tree max-age 10
Page 34
Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
4. Set the STP forward-delay timer to 7. Calculate this timer according to the following formula:
Forward_delay = ((4 x hello) + (3 x dia)) / 2, when the hello-time is 2 and the diameter is 2
(based on the figure above):
DeviceA(cfg protocol)#spanning-tree forward-delay 7
Configuring Device B:
1. Enable STP:
DeviceB#configure terminal
DeviceB(config)#protocol
DeviceB(cfg protocol)#spanning-tree enable
Configuring Device C:
Enable STP:
DeviceC#configure terminal
DeviceC(config)#protocol
DeviceC(cfg protocol)#spanning-tree enable
Configuring Device D:
1. Enable STP:
DeviceD#configure terminal
DeviceD(config)#protocol
DeviceD(cfg protocol)#spanning-tree enable
DeviceD(cfg protocol)#exit
3. Disable topology change detection on ports 1/2/3 and 1/2/4 (these ports are attached to
PCs):
DeviceD(config-if 1/2/1)#interface 1/2/3
DeviceD(config-if 1/2/3)#no spanning-tree detect-tc
DeviceD(config-if 1/2/3)#interface 1/2/4
DeviceD(config-if 1/2/4)#no spanning-tree detect-tc
DeviceD(config-if 1/2/4)#end
Page 35
Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Configuring Device E:
1. Enable STP:
DeviceE#configure terminal
DeviceE(config)#protocol
DeviceE(cfg protocol)#spanning-tree enable
DeviceE(cfg protocol)#exit
2. Disable topology change detection on ports 1/2/3 and 1/2/4 (these ports are attached to
PCs):
DeviceE(config)#interface 1/2/3
DeviceE(config-if 1/2/3)#no spanning-tree detect-tc
DeviceE(config-if 1/2/3)#interface 1/2/4
DeviceE(config-if 1/2/4)#no spanning-tree detect-tc
DeviceE(config-if 1/2/4)#end
===============================================================================
Port |Pri|State|PCost |DCost |Designated bridge |DPrt |FwrdT|DtctTc
--------+---+-----+---------+---------+------------------+------+-----+--------
01/01/01 128 frwrd 4 8 32768.00A012271420 128.01 1 Enabled
01/02/01 128 frwrd 4 4 32768.00A012270080 128.03 1 Enabled
01/02/02 128 block 19 4 32768.00A012270080 128.04 1 Enabled
01/02/03 128 frwrd 19 8 32768.00A012010101 128.05 1 Disabled
01/02/04 128 frwrd 19 8 32768.00A012010101 128.06 1 Disabled
Page 36
Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
===============================================================================
Port |Pri|State|PCost |DCost |Designated bridge |DPrt |FwrdT|DtctTc
--------+---+-----+---------+---------+------------------+------+-----+--------
01/01/01 128 frwrd 4 8 32768.00A012271420 128.01 2 Enabled
01/02/02 128 block 19 1 32768.00A012271240 128.01 2 Enabled
01/02/03 128 frwrd 19 38 32768.00A012270120 128.03 1 Disabled
01/02/04 128 frwrd 19 38 32768.00A012270120 128.04 1 Disabled
Page 37
Configuring Spanning Tree Protocol (STP) (Rev. 06)
T-Marc 300 Series Series User Guide
Supported Platforms
Feature T-Marc 340 T-Marc 380
Spanning Tree Protocol (STP) IEEE 802.1d-1998 Public MIBs: RFC 1493,
• bridge.mib Definitions of
Managed Objects for
• rstp.mib Bridges
Private MIB, RFC 2863, Interfaces
prvt_switch.mib Group MIB
(configL2IfaceTable)
Page 38
Configuring Spanning Tree Protocol (STP) (Rev. 06)
Configuring Rapid Spanning Tree Protocol
(RSTP)
Table of Figures ······················································································ 3
Architecture ··························································································· 4
RSTP Port States ················································································· 4
RSTP Port Roles·················································································· 5
Rapid Recovery and Convergence ······························································ 6
Determining the Port Link-Type································································ 7
Synchronization of Port Roles··································································· 7
RSTP BPDU Format and Processing··························································· 8
Line Error Detection ············································································· 9
Page 1
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)
T-Marc 300 Series User Guide
Displaying the RSTP Configuration and Topology for All Ports ···························29
Enabling RSTP Debug Information ···························································30
Displaying the RSTP Debug Status ····························································31
Page 2
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)
T-Marc 300 Series User Guide
Table of Figures
Figure 1: Proposal and Agreement Handshaking for Rapid Convergence ·················· 6
Figure 2: Sequence of Events during Rapid Convergence ···································· 8
Figure 3: RSTP BPDU Flags ···································································· 8
Figure 4: RSTP Configuration Flow ···························································11
Figure 5: Point-to-point MAC··································································21
Figure 6: Rapid Spanning Tree Configuration Example ·····································32
Page 3
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)
T-Marc 300 Series User Guide
Overview
Rapid Spanning Tree Protocol (RSTP) is an evolution of STP providing faster convergence (less
than one second) upon a network topology change. This is critical in networks that carry voice,
video, and other delay-sensitive traffic.
The RSTP algorithm dynamically creates a tree through the network, used to efficiently direct
packets to their destinations. It reduces the bridged network to a single spanning tree topology in
order to eliminate packet loops (multiple paths linking one device to another, resulting in an infinite
loop situation).
The RSTP algorithm reactivates redundant connections in the event of a link or device failure.
Architecture
RSTP distinguishes between the port state and the port role:
• The port state describes the relationship of that port to the frame processing (filtering and
forwarding) and learning functions.
• The port role describes the role of the port in the spanning tree function.
Page 4
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)
T-Marc 300 Series User Guide
Root port Provides the best path (lowest cost) for packets forwarded from a device
to the root device.
A Root port is in Forwarding state.
Designated port Connects to the designated device that provides the best path for packets
forwarded from that LAN to the root device.
A Designated port is in Forwarding state.
Alternate port Offers an alternative path to the one provided by the current Root port.
Alternate ports are in Discarding state.
This role is equivalent to the STP Blocking state.
Backup port Acts as a backup for the path provided by a Designated port in the
direction of the spanning tree leaves (end nodes).
A Backup port exists only when two ports are connected together in a
loopback by a point-to-point link or when a device has two or more
connections to a shared LAN segment.
Backup ports are in Discarding state.
This role is equivalent to the STP Blocking state.
Disabled port Disabled ports do not participate in frame forwarding and are not
operational. These ports:
• discard frames
• discard frames switched from another port for forwarding
• do not learn MAC addresses
• do not receive BPDUs
Page 5
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)
T-Marc 300 Series User Guide
Edge ports Edge ports are configured by users on RSTP enables devices. Once
configured, these ports immediately transit to Forwarding state.
NOTE
You should configure Edge ports only on ports
connected to end devices (such as hosts and printers).
Root ports When RSTP selects a new Root port, it blocks the old Root port and
immediately transitions the new Root port to Forwarding state.
Point-to-point links Point-to-point links are links directly connecting two devices.
When you connect two devices using a point-to-point link the
Designated port negotiates rapid transition with the remote port by using
the proposal-agreement handshake to ensure a loop-free topology.
The figure below shows a rapid convergence example. In this example, Devices A and B are
connected through a point-to-point link and all the ports are in blocking state. Assume that Device
A’s priority is higher than Device B’s.
The proposal-agreement handshaking proceeds as follows:
1. Device A proposes itself as the designated device by sending a proposal message (a
configuration BPDU with the proposal flag set).
2. Device B reacts to Device A’s proposal message as follows:
1.1. It assigns the port on which the proposal message was received as its new Root port.
1.2. It forces all non-edge ports to Discarding state to avoid loops.
1.3. It sends an agreement message to Device A (a BPDU with the agreement flag set)
through its new Root port.
Page 6
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)
T-Marc 300 Series User Guide
Page 7
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)
T-Marc 300 Series User Guide
Page 8
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)
T-Marc 300 Series User Guide
RSTP uses the Topology Change (TC) flag to indicate topology changes. Unlike STP, the RSTP
does not have a separate topology change notification (TCN) BPDU. However, for interoperability
with STP devices, the RSTP device processes and generates TCN BPDUs.
The Learning and Forwarding flags (bits 4 and 5) are determined according to the sending port
state.
Page 9
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)
T-Marc 300 Series User Guide
Page 10
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)
T-Marc 300 Series User Guide
Start
Enable RSTP
End
Page 11
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)
T-Marc 300 Series User Guide
Page 12
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)
T-Marc 300 Series User Guide
Page 13
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)
T-Marc 300 Series User Guide
Command Syntax
device-name(cfg protocol)#rapid-spanning-tree [enable | disable]
device-name(cfg protocol)#no rapid-spanning-tree
Argument Description
enable (Optional) enables RSTP. When enabling RSTP, the device acts as a node in
the tree.
disable (Optional) disables RSTP.
no Removes the RSTP configuration.
Example 1
device-name(cfg protocol)#rapid-spanning-tree
% Rstp is disabled
device-name(cfg protocol)#rapid-spanning-tree enable
Example 2
device-name(cfg protocol)#rapid-spanning-tree
Rapid spanning tree = enabled
ProtocolSpecification = ieee8021w
Priority = 32768
TimeSinceTopologyChange = 102 (Sec)
TopChanges = 4
DesignatedRoot = 04096.00:A0:12:00:00:03
MaxAge = 20 (Sec)
HelloTime = 2 (Sec)
ForwardDelay = 15 (Sec)
BridgeMaxAge = 20 (Sec)
BridgeHelloTime = 3 (Sec)
BridgeForwardDelay = 11 (Sec)
TxHoldCount = 3
MigrationTimer = 3 (Sec)
DetectLineCRCReconfig = disabled
DetectLineFlapping = disabled
SpanIgmpFastRecovery = disabled
Page 14
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)
T-Marc 300 Series User Guide
NOTE
You can enable/disable RSTP per port only if RSTP is enabled globally.
By default, when enabling RSTP in Protocol Configuration mode, it is enabled on all ports and
when disabling RSTP in Protocol Configuration mode, it is disabled on all ports.
Command Syntax
device-name(config-if UU/SS/PP)#rapid-spanning-tree [enable | disable | all]
device-name(config-if-group)#rapid-spanning-tree [enable | disable]
device-name(config-ag-group)#rapid-spanning-tree [enable | disable]
device-name(config-if AG0N)#rapid-spanning-tree [enable | disable]
Argument Description
enable (Optional) enables RSTP on the specified port.
disable (Optional) disables RSTP on the specified port.
all (Optional) displays RSTP on all ports.
Command Syntax
device-name(cfg protocol)#rapid-spanning-tree priority [<bridge-priority>]
device-name(cfg protocol)#no rapid-spanning-tree priority
Page 15
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)
T-Marc 300 Series User Guide
Argument Description
bridge- (Optional) specifies the RSTP bridge priority in increments of 4096.
priority
The valid priority values are: 0, 4096, 8192, 12288, 16384, 20480, 24576,
28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440.
no Restores to default.
Example
device-name(cfg protocol)#rapid-spanning-tree priority
Rapid-spanning-tree bridge priority is 32768
CLI Mode: Interface Configuration, Interface Range Configuration, LAG Configuration, and
LAG Range Configuration
By default, the priority value is 128.
Command Syntax
device-name(config-if UU/SS/PP)#rapid-spanning-tree priority <priority>
device-name(config-if UU/SS/PP)#no rapid-spanning-tree priority
Argument Description
priority Specifies the RSTP priority value in the range of 0 (highest priority) to 240
(lowest priority) in increments of 16.
Assign high-priority values (low numerical values) to ports that you want to
select first and low-priority values to ports that you want to select last.
If all ports that connect to the root-bridge’s redundant paths have the same
priority, RSTP puts the port with the lowest port number in Forwarding state
and blocks all other ports.
no Restores to default.
Page 16
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)
T-Marc 300 Series User Guide
Command Syntax
device-name(cfg protocol)#rapid-spanning-tree hello-time <hello-time>
device-name(cfg protocol)#no rapid-spanning-tree hello-time
Argument Description
hello-time The hello-time interval in the range of <1–9> seconds.
NOTE
Define a value that is less than MaxAge/2-1 (see below command)
no Restores to default.
Command Syntax
device-name(cfg protocol)#rapid-spanning-tree max-age <max-age>
device-name(cfg protocol)#no rapid-spanning-tree max-age
Argument Description
max-age The MaxAge time in the range of <4–60> seconds.
NOTE
The value must be greater than 2*(hello-time+1) and less
than 2*(forward-delay-1).
no Restores to default.
Page 17
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)
T-Marc 300 Series User Guide
Command Syntax
device-name(cfg protocol)#rapid-spanning-tree forward-delay <forward-delay>
device-name(cfg protocol)#no rapid-spanning-tree forward-delay
Argument Description
forward-delay The forward-delay time, in the range of <4–60> seconds).
NOTE
The value must be greater than MaxAge/2+1.
no Restores to default.
NOTES
If the device receives a BPDU on a port configured as an edge port, the port
automatically changes its operational state to operate as a non-Edge Port. After a
link up/down, the port returns to the Edge port administrative status.
By default, the Admin status is disabled.
Page 18
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)
T-Marc 300 Series User Guide
The EdgePort parameter is controlled by the RSTP state machine and CLI:
Table 10: RSTP Edge Port
Type Description
Admin Configuring a port as an Edge port is known as Administrative Edge Port. This
EdgePort indicates that the port is permitted to transition directly to Forwarding state when
it becomes designated.
Configure Edge ports on ports that are known to be at the edge of the bridged
LAN in order to transition to Forwarding without delay.
EdgePort The port’s actual status is known as its operational state. This indicates whether
the port operates as an Edge Port or not.
When a port that was configured as Administrative Edge Port receives a BPDU,
it automatically changes its operational state to operate as a non-Edge Port, in
order to prevent loops in the network.
Therefore, if a port marked as an edge port proves not to be one (due to the
presence of another bridge), it ceases to behave like an edge port until it is
reinitialized (either by a link up/down event or by reissuing the CLI command).
Command Syntax
device-name(config-if UU/SS/PP)#rapid-spanning-tree edge-port
device-name(config-if UU/SS/PP)#no rapid-spanning-tree edge-port
device-name(config-if-group)#rapid-spanning-tree edge-port
device-name(config-if-group)#no rapid-spanning-tree edge-port
device-name(config-ag-group)#rapid-spanning-tree edge-port
device-name(config-ag-group)#no rapid-spanning-tree edge-port
Argument Description
no Restores to default.
Page 19
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-if UU/SS/PP)#rapid-spanning-tree path-cost <path-cost>
device-name(config-if UU/SS/PP)#no rapid-spanning-tree path-cost
Argument Description
path-cost The RSTP path cost value, in the range of <1–200000000>.
You can use the path cost value to give priority to preferred links (for
example physical speed and bandwidth). When building the active
spanning tree, the port path-cost determines which port is included in the
active topology. Ports with lower-cost values are preferred to ports with
higher cost values. If all ports that provide redundant paths to the root
bridge have the same path-cost value, RSTP puts the port with the lowest
number in Forwarding state and blocks the other ports.
no Restores to default.
4 Mbps 5,000,000
10 Mbps 2,000,000
16 Mbps 1,250,000
100 Mbps 200,000
1 Gbps 20,000
2 Gbps 10,000
10 Gbps 2,000
Page 20
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)
T-Marc 300 Series User Guide
Admin Link-Type auto The device automatically manages the port's link-type.
The device considers the port connected to a point-to-
point LAN segment if any of the following conditions
are met:
Page 21
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-if UU/SS/PP)#rapid-spanning-tree link-type {auto | point-
to-point | shared}
device-name(config-if UU/SS/PP)#no rapid-spanning-tree link-type
Argument Description
auto Sets the RSTP link-type to auto.
point-to-point Sets the RSTP link-type to point-to-point.
shared Sets the RSTP link-type to share.
no Restores to default.
CLI Mode: Interface Configuration, Interface Range Configuration, LAG Configuration, and
LAG Range Configuration
Command Syntax
device-name(config-if UU/SS/PP)#rapid-spanning-tree detect-protocols
device-name(config-if-group)#rapid-spanning-tree detect-protocols
device-name(config-ag-group)#rapid-spanning-tree detect-protocols
device-name(config-if AG0N)#rapid-spanning-tree detect-protocols
Page 22
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-if UU/SS/PP)#rapid-spanning-tree defaults
device-name(config-if-group)#rapid-spanning-tree defaults
Command Syntax
device-name(cfg protocol)#rapid-spanning-tree
Example
device-name(cfg protocol)#rapid-spanning-tree
Rapid spanning tree = enabled
ProtocolSpecification = ieee8021w
Priority = 32768
TimeSinceTopologyChange = 102 (Sec)
TopChanges = 4
DesignatedRoot = 04096.00:A0:12:00:00:03
MaxAge = 20 (Sec)
HelloTime = 2 (Sec)
ForwardDelay = 15 (Sec)
BridgeMaxAge = 20 (Sec)
BridgeHelloTime = 3 (Sec)
BridgeForwardDelay = 11 (Sec)
TxHoldCount = 3
MigrationTimer = 3 (Sec)
DetectLineCRCReconfig = disabled
DetectLineFlapping = disabled
SpanIgmpFastRecovery = disabled
Page 23
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)
T-Marc 300 Series User Guide
Page 24
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)
T-Marc 300 Series User Guide
Command Syntax
device-name(cfg protocol)#rapid-spanning-tree interface UU/SS/PP
device-name(config-if UU/SS/PP)#
Argument Description
UU/SS/PP Specifies the unit, slot, and port number
all Displays the RSTP settings for all ports. The configuration mode does not
change.
Example 1
Display the output of the RSTP configuration for port 1/1/1 with link enabled:
device-name(cfg protocol)#rapid-spanning-tree interface 1/1/1
PortPriority = 128
PortState = forwarding
PortRole = Designated Port
PortEnable = enabled
PortPathCost = 20000
DesignatedRoot = This bridge is the root
DesignatedCost = 0
DesignatedBridge = This bridge
DesignatedPort = 128.62
FrwrdTransitions = 1
Admin EdgePort = disabled
EdgePort = disabled
AdminLink-Type = Auto
Link-Type = P2P
MigrationTimer = 3
Detected Protocol = RSTP
Page 25
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)
T-Marc 300 Series User Guide
Example 2
Display the RSTP topology for all ports:
device-name(cfg protocol)#rapid-spanning-tree interface all
============================================================================
Port |Pri|Prt role|State |PCost |DCost |Designated bridge |DPrt |FwrdT
--------+---+--------+-------+-------+-------+------------------+------+-
01/01/01 128 Designat frwrd 40000 400000 32768.00A012010101 128.01 2
01/01/02 128 Designat frwrd 200000 400000 32768.00A012010101 128.03 1
01/02/01 128 Designat frwrd 200000 400000 32768.00A012010101 128.04 1
01/02/02 128 Altern discr 200000 200000 32768.00A012112990 128.20 1
01/02/03 128 Root frwrd 200000 200000 32768.00A012112990 064.21 3
Example 3
Display the RSTP topology for all ports from Interface Configuration mode:
device-name(config-if 1/1/1)#rapid-spanning-tree all
============================================================================
Port |Pri|Prt role|State |PCost |DCost |Designated bridge |DPrt |FwrdT
--------+---+--------+-------+-------+-------+------------------+------+-
01/01/01 128 Designat frwrd 40000 400000 32768.00A012010101 128.01 2
01/01/02 128 Designat frwrd 200000 400000 32768.00A012010101 128.03 1
01/02/01 128 Designat frwrd 200000 400000 32768.00A012010101 128.04 1
01/02/02 128 Altern discr 200000 200000 32768.00A012112990 128.20 1
01/02/03 128 Root frwrd 200000 200000 32768.00A012112990 064.21 3
Page 26
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)
T-Marc 300 Series User Guide
Parameter Description
Page 27
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)
T-Marc 300 Series User Guide
Command Syntax
device-name#show rapid-spanning-tree interface UU/SS/PP
Example
In the following example the DesignatedRoot value indicates that the bridge is the root:
device-name#show rapid-spanning-tree interface 1/1/1
PortPriority = 128
PortState = forwarding
PortRole = Designated Port
PortEnable = enabled
PortPathCost = 200000
DesignatedRoot = This bridge is the root
DesignatedCost = 0
DesignatedRoot = This bridge
DesignatedPort = 128.62
FrwrdTransitions = 1
Admin EdgePort = disabled
EdgePort = disabled
AdminLink-Type = Auto
Link-Type = P2P
MigrationTimer = 3
Page 28
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)
T-Marc 300 Series User Guide
Command Syntax
device-name#show rapid-spanning-tree
Example
device-name#show rapid-spanning-tree
Rapid spanning tree = enabled
ProtocolSpecification = ieee8021w
Priority = 32768
TimeSinceTopologyChange = 4 (Sec)
TopChanges = 5
DesignatedRoot = 04096.00:A0:12:11:29:92
RootPort = 1/1/1
RootCost = 400000
MaxAge = 20 (Sec)
HelloTime = 2 (Sec)
ForwardDelay = 15 (Sec)
BridgeMaxAge = 20 (Sec)
BridgeHelloTime = 2 (Sec)
BridgeForwardDelay = 15 (Sec)
TxHoldCount = 3
MigrationTimer = 3 (Sec)
DetectLineCRCReconfig = disabled
DetectLineFlapping = disabled
SpanIgmpFastRecovery = disabled
===================================================================
Port |Pri|Prt role|State |PCost |DCost |Designated bridge |DPrt FwrdT
--------+---+--------+-------+-------+--------+------------------+----------
01/01/01 128 Designat frwrd 40000 400000 32768.00A012010101 128.01 2
01/02/01 128 Designat frwrd 200000 400000 32768.00A012010101 128.03 1
01/02/02 128 Designat frwrd 200000 400000 32768.00A012010101 128.04 1
01/02/03 128 Altern discr 200000 200000 32768.00A012112990 128.20 1
01/02/04 128 Root frwrd 200000 200000 32768.00A012112990 064.21 3
Page 29
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)
T-Marc 300 Series User Guide
Command Syntax
device-name#debug rstp {all | hand-shake | roles | flush}
device-name#no debug rstp {all | hand-shake | roles | flush}
Argument Description
all Activates all RSTP debug options.
hand-shake Activates Hand Shake protocol debugging (IEEE 802.1w).
roles Activates port-role selection debugging
flush Activates debugging of port table flushing (MAC addresses).
no Disables the RSTP-related debug information display.
Example:
Below is an example of the debug output after a link failure:
tSpanRecv: 2008/01/01 04:11:03 : link down on port 1/2/4
0xa1391880 (tSpanPRS):
0xa1391880 (tSpanPRS): Select-Port-Roles
0xa1391880 (tSpanPRS):
=================
0xa1391880 (tSpanPRS):
0xa1391880 (tSpanPRS): Port 1/2/1 Is DesignatedPort
0xa1391880 (tSpanPRS):
0xa1391880 (tSpanPRS):
0xa1391880 (tSpanPRS): End-Roles-Selection
0xa1391880 (tSpanPRS):
0xa1391880 (tSpanPRS): Select-Port-Roles
0xa1391880 (tSpanPRS):
=================
0xa1391880 (tSpanPRS):
0xa1391880 (tSpanPRS): Port 1/2/1 Is DesignatedPort
0xa1391880 (tSpanPRS): Port 1/2/4 Is DesignatedPort
0xa1391880 (tSpanPRS):
Page 30
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)
T-Marc 300 Series User Guide
0xa1391880 (tSpanPRS):
0xa1391880 (tSpanPRS): End-Roles-Selection
0xa1391880 (tSpanPRS):
0xa1391880 (tSpanPRS): Select-Port-Roles
0xa1391880 (tSpanPRS):
=================
0xa1391880 (tSpanPRS):
0xa1391880 (tSpanPRS): Port 1/2/1 Is DesignatedPort
0xa1391880 (tSpanPRS): Port 1/2/4 Is BackupPort
0xa1391880 (tSpanPRS):
0xa1391880 (tSpanPRS):
0xa1391880 (tSpanPRS): End-Roles-Selection
Command Syntax
device-name#show debug rstp
Example
device-name#show debug rstp
RSTP debugging status:
RSTP debug roles is on
RSTP debug flush is on
RSTP debug handshake is on
Page 31
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)
T-Marc 300 Series User Guide
Configuring Device A:
1. Enable RSTP:
DeviceA#configure terminal
DeviceA(config)#protocol
DeviceA(cfg protocol)#rapid-spanning-tree enable
2. Set the RSTP bridge priority to 4096, As a result the Device A becomes the Root Bridge:
DeviceA(cfg protocol)#rapid-spanning-tree priority 4096
3. Set the RSTP MaxAge timer to 10, due to the following calculation: Max_age = (4 x hello) +
(2 x dia) - 2, where the hello-time is 2 and the diameter is 2, according to the above figure:
DeviceA(cfg protocol)#rapid-spanning-tree max-age 10
Page 32
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)
T-Marc 300 Series User Guide
4. Set the RSTP forward-delay timer to 7, due to the following calculation: Forward_delay = ((4 x
hello) + (3 x dia)) / 2, where the hello-time is 2 and the diameter is 2, according to the above
figure:
DeviceA(cfg protocol)#rapid-spanning-tree forward-delay 7
Configuring Device B:
Enable RSTP:
DeviceB#configure terminal
DeviceB(config)#protocol
DeviceB(cfg protocol)#rapid-spanning-tree enable
Configuring Device C:
1. Enable RSTP:
DeviceC#configure terminal
DeviceC(config)#protocol
DeviceC(cfg protocol)#rapid-spanning-tree enable
DeviceC(cfg protocol)#exit
Configuring Device D:
1. Enable RSTP:
DeviceD#configure terminal
DeviceD(config)#protocol
DeviceD(cfg protocol)#rapid-spanning-tree enable
DeviceD(cfg protocol)#exit
3. Configure ports 1/2/3 and 1/2/4 on Device D as edge ports, since they are attached to PCs.
This disables the topology change detection on these ports:
DeviceD(config-if 1/1/1)#interface 1/2/3
DeviceD(config-if 1/2/3)#rapid-spanning-tree edge-port
DeviceD(config-if 1/2/3)#interface 1/2/4
DeviceD(config-if 1/2/4)#rapid-spanning-tree edge-port
DeviceD(config-if 1/2/4)#end
Page 33
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)
T-Marc 300 Series User Guide
Configuring Device E:
1. Enable RSTP:
DeviceE#configure terminal
DeviceE(config)#protocol
DeviceE(cfg protocol)#rapid-spanning-tree enable
DeviceE(cfg protocol)#exit
2. Configure ports 1/2/3 and 1/2/4 on Device E as edge ports, since they are attached to PCs:
DeviceE(config)#interface 1/2/3
DeviceE(config-if 1/2/3)#rapid-spanning-tree edge-port
DeviceE(config-if 1/2/3)#interface 1/2/4
DeviceE(config-if 1/2/4)#rapid-spanning-tree edge-port
DeviceE(config-if 1/2/4)#end
NOTE
Port 1/2/2 is the Alternate port since the value of DPrt (the port Identifier of
the bridge port) for 1/2/1 is better than 1/2/2. Device A is the root since its
bridge priority has the lowest value (4096).
Page 34
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)
T-Marc 300 Series User Guide
===============================================================================
Port |Pri|Prt role|State|PCost |DCost |Designated bridge |DPrt |FwrdT
--------+---+--------+-----+---------+---------+------------------+------+-----
01/01/01 128 Root frwrd 20000 220000 32768.00A012271420 128.01 2
01/02/02 128 Altern discr 200000 200000 32768.00A012271240 128.03 1
01/02/03 128 Designat frwrd 200000 240000 32768.00A012270120 128.04 2
01/02/04 128 Designat frwrd 200000 240000 32768.00A012270120 128.04 2
NOTE
Select port 1/2/2 (connected to Device D) as alternate since the cost to the
root via this port is higher than via port 1/1/1.
Page 35
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)
T-Marc 300 Series User Guide
Supported Platforms
Feature T-Marc 340 T-Marc 380
RSTP + +
Page 36
Configuring Rapid Spanning Tree Protocol (RSTP) (Rev. 04)
Configuring Multiple Spanning Tree Protocol
(MSTP, IEEE 802.1s)
Table of Figures ······················································································ 3
Overview ······························································································· 4
MSTP Regions························································································ 4
MST Instances (MSTI) ··········································································· 4
MST-to-Single Spanning Tree (SST) Interoperability ········································· 5
Cisco Compliance···················································································12
IEEE 802.1s-Compliant vs. Cisco-Compliant BPDUs ······································12
Page 1
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Page 2
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Table of Figures
Figure 1: MSTP within a Region ································································ 5
Figure 3: MSTP in Ring Topology in a Link-Down Event ··································· 9
Figure 4: MSTP in Ring Topology with a Device in Link-Down Event ···················10
Figure 5: MSTP Configuration Flow···························································19
Figure 6: Schematic MSTI Configuration ·····················································50
Figure 7: Link Failure between Two Devicees ················································58
Figure 8: Spanning Tree IGMP Fast Recovery Configuration Example ···················61
Figure 9: BPDU Guard, Loop Guard, Restricted Root and Restricted TCN ··············63
Figure 10: Fast Ring Topology ·································································65
Page 3
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Overview
Based on RSTP, MSTP allows using multiple spanning tree instances (MSTI) while mapping each
VLAN or VLAN group to the most appropriate instance. Each MSTI is an RSTP instance that has
its own independent topology, thus improving network fault tolerance.
This protocol provides a faster convergence-time and load balancing. Telco Systems’ recovery time
for link or device failure is less than 50 milliseconds and can be tuned to as low as 15 milliseconds
(in a ring of up to 14 devices).
MSTP includes all its spanning tree information in a single BPDU format. This reduces the number
of BPDUs required on a LAN to communicate spanning tree information for each VLAN and
ensures backward compatibility with RSTP and STP.
For more information regarding VLANs, refer to the Configuring VLANs and Super VLANs
chapter of this User Guide.
MSTP Regions
An MSTP region is a collection of interconnected bridges that share the same MSTP configuration.
Devices in the same MST region share the following attributes:
• region name
• the region’s revision number
• the MST instance-to-VLAN assignment map (each VLAN can be maped only to one instance)
Page 4
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Page 5
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Boundary Ports Connect the designated bridge (an SST bridge or a bridge with a
different MST configuration) to a LAN.
A designated port identifies itself as a boundary port (the boundary flag
set) if it detects an STP bridge or receives an agreement message from
an RST or MST bridge with a different configuration.
The MST port’s role at the boundary is not important; since they are
forced the same state as the IST port state. The IST port at the
boundary can take any port role except a backup port role.
IST Master The IST master of an MST region is the bridge with the lowest bridge
identifier and the lowest path cost to the CST root.
• If an MST bridge is the root bridge of the CIST in a region, then it is
the IST master of that MST region.
• If the CST root is outside the MST region, then one of the MST
bridges at the boundary is selected as the IST master. Other
bridges on the boundary that belong to the same region eventually
block the boundary ports that lead to the root.
• If two or more bridges have an identical path to the root, you can
set a lower bridge priority value to make a specific bridge the IST
master.
The root path-cost and message age inside a region stay constant.
However the IST path cost is incremented and the IST remaining hops
are decremented at each hop.
Regional Root The MSTI Regional root is the root bridge of each MSTI within a region.
In case of IST, it is the CIST Regional root. Therefore, the terms “IST
Master” and “CIST Regional root” are interchangeable.
Edge Ports A port connected to a non-bridging device (for example, a host or a
device). A port that connects to a hub is also an edge port if the hub or
any LAN that is connected to it does not have a bridge.
An edge port can start forwarding as soon as its link is up.
Link-Type Rapid connectivity is established only on point-to-point links.
When connecting a port to another port through a point-to-point link and
the local port becomes a designated port, RSTP negotiates a rapid
transition with the other port, using the proposal-agreement handshake
to ensure a loop-free topology.
By default, the link-type is automatically determined by the port’s duplex
state. However in case of a half-duplex link physically connected point-
to-point to a single port on a remote device running RSTP, you can
override the link-type default setting and enable rapid transitions to
Forwarding state.
Page 6
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Parameter Description
Message Age and IST and MSTIs use a hop count mechanism similar to the IP time-to live
Hop Count (TTL) mechanism. Users can configure the maximum MST bridge hop
count.
The MSTI root bridge sends a BPDU (or M-record) with the remaining
hop count. The bridge receiving the BPDU (or M-record) decrements the
remaining hop count by one.
If after decrementing, the hop count reaches zero, the bridge discards
the BPDU and ages out the port information. Non-root bridges propagate
the decremented count as the remaining hop count in the BPDUs they
generate.
Port Priority The port priority determines the port’s Forwarding state in case of a loop.
MSTP selects the port with the highest priority (lower priority value) first.
In case all ports have the same priority, MSTP selects the port with the
lowest number and blocks all other ports.
Path Cost MSTP uses the path cost when selecting the forwarding port in case of a
loop.
The port’s default path-cost derives from its link speed. However, you
can define lower cost values to ports you want selected first and higher
cost values to ports you want selected last.
In case all ports have the same path cost value, MSTP selects the port
with the lowest number and blocks all other ports.
Page 7
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Fast Ring
Use this solution when all the devices in the ring are Telco Systems devices.
To use Fast Ring:
1. Select one bridge to be the root bridge: set this bridge’s priority to the lowest value (0) and do
not enable the Fast Ring feature on this bridge (to avoid instability).
2. Configure all the user ports as MSTP edge ports.
3. To optimize network performance, increment the bridges priority value as you draw away
from the root bridge.
Page 8
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Page 9
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Page 10
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
3. Increment the bridges priority value as you draw away from the root bridge, starting with
priority value 8192.
4. Configure all the user ports as MSTP edge ports.
Page 11
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Cisco Compliance
Cisco compliance is a feature that enables the Cisco-compliant mode, changing the BPDU format
to conform to the standard adopted in Cisco devices.
When the device is not in Cisco-compliant mode, the root port is synchronized only if it receives an
agreement together with the proposal flag from the designated port.
Page 12
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Cisco-Compliant Dump
01 80 c2 00 00 00 00 08 a3 37 f1 c1 00 84 42 42
03 00 00 03 02 68 60 00 00 07 eb d5 a2 00 00 00
00 00 60 00 00 07 eb d5 a2 00 80 01 00 00 14 00
02 00 0f 00 00 00 00 5a 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 64 b1 f4 bb 1f 3c
6d 4d a3 00 94 c1 11 b7 c0 92 60 00 00 07 eb d5
a2 00 00 00 00 00 14 00 01 69 60 01 00 07 eb d5
a2 00 00 00 00 00 60 01 00 07 eb d5 a2 00 80 01
14 00
ETH Dest. 01 80 c2 00 00 00
ETH Src 00 a0 12 11 29 92
ETH Len 00 89
LLC 42 42 03
Protocol Identifier 00 00
Protocol version Identifier 03
BPDU type 02
CIST Flags 4e
CIST Root Identifier 80 00 00 a0 12 11 29 92
CIST Ext. Path Cost 00 00 00 00
CIST Regional Root Identifier 80 00 00 a0 12 11 29 92
CIST Port Identifier 80 0b
Message age 00 00
MaxAge 14 00
Hello-time 02 00
Forward-delay 0f 00
Page 13
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Page 14
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Message age 00 00
MaxAge 14 00
Hello-time 02 00
Forward-delay 0f 00
Version 1 length (must be 00
0)
Extra byte 00 If the Cisco BPDUs are parsed
as specified in the IEEE 802.1s
standard, some offsets and
shifts may cause wrong values
for the M-records and for the
matching fields that are located
after the version 3 length—
CIST Internal root path cost,
CIST Bridge identifier, CIST
remaining hops.
Version 3 length (Mrecords 00 5a
total length)
MSTI configuration 00 00 00 00 00 00 00 00 00 00 The first byte of the
Identifier (Key, Revision, 00 00 00 00 00 00 00 00 00 00 configuration is called selector,
Name) 50 Bytes. 00 00 00 00 00 00 00 00 00 00 and is omitted (or over-ridden
00 00 00 00 64 b1 f4 bb 1f 3c by the version 3 length field).
6d 4d a3 00 94 c1 11 b7 c0 92
CIST Regional Root 60 00 00 07 eb d5 a2 00 Fields’ order is flipped.
Identifier
CIST Remaining hops—2 14 00 Extra byte-Cisco BPDU with no
bytes instead of 1. MSTIs ends here and contains
the extra byte.
MSTI1 The whole M-Record structure
is different. In the 802.1s there
is no MSTID field. The priority
of the sending bridge and the
port priority are sent without
bridge ID and port ID of the
sending bridge.
MSTID 01 The whole M-Record structure
is different. In the 802.1s there
is no MSTID field. The priority
of the sending bridge and the
port priority are sent without
bridge ID and port ID of the
sending bridge.
Flags 69 The whole M-Record structure
is different. In the 802.1s there
is no MSTID field. The priority
of the sending bridge and the
port priority are sent without
bridge ID and port ID of the
sending bridge.
Page 15
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Page 16
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
MSTP Disabled
MSTP port priority 128
Hello-time 2 seconds
Forward-delay time 15 seconds
Maximum aging time 20 seconds
Maximum hop count 40 hops
Revision number 1
Default MST Instance 0
Bridge priority 32768
Path cost See Table 5
Edge port Disabled
Flush edge port Disabled
Link-type Auto
MSTP Link Flapping feature Disabled
Cisco MSTP compliance Disabled (IEE 802.1s-2002 compliance is enabled)
Fast Ring mode Disabled
Fast Ring Border Bridge mode Disabled
Learn mode Standard
BPDU guard Disabled
Loop guard Disabled
Restricted root Disabled
Restricted TCN Disabled
MSTP debug Disabled
Page 17
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Page 18
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
End
Page 19
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Page 20
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
show pending Displays the temporary MSTP configuration (see Displaying the
MSTP Temporary Configuration)
show Displays the MSTP configuration (see Displaying the Current
MSTP Configuration)
show mstp configuration Displays the MSTP configuration in the current region (see
Displaying the MSTP Region Configuration)
show mstp Displays the whole MSTP configuration (see Displaying the
MSTP Configuration)
show mstp instance Displays the configured instances (see Displaying the MST
Instances Configuration)
debug mstp Debugs the port roles and port handshaking (see Enabling
MSTP Debug Information)
show debug mstp Displays the debug MSTP logs (see Displaying the MSTP
Debug)
Page 21
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Enabling/Disabling MSTP
The mstp command enables/disables the MSTP and enters MSTP Protocol Configuration mode.
Command Syntax
device-name(cfg protocol)#mstp [enable | disable]
Argument Description
enable (Optional) enables MSTP
disable (Optional) disables MSTP
NOTE
Do not define any bridge priority to 0 or 4096 when using Fast Ring Border Bridge
mode.
Command Syntax
device-name(cfg protocol)#mstp <instance-id> priority <priority>
device-name(cfg protocol)#no mstp <instance-id> priority
Argument Description
instance-id The MSTP instance ID, in the range of <1–15>
priority The bridge priority values: 0, 4096, 8192, 12288, 16384, 20480, 24576,
<priority> 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440.
The bridge with the highest bridge priority (the lowest numerical priority
value) is selected as Root device.
no Restored to default
Page 22
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-if UU/SS/PP)#mstp <instance-id> port-priority <priority>
device-name(config-if UU/SS/PP)#no mstp <instance-id> port-priority
Argument Description
instance-id The MSTP instance ID, in the range of <1–15>
priority The port priority value, in the range of <0–240>, in multiple of 16 (for
<priority> example: 0, 16, 32)
Assign higher priority (lower values) to ports you want selected first
no Restores to default
Command Syntax
device-name(config-if UU/SS/PP)#mstp <instance-id> {enable | disable}
device-name(config-if-group)#mstp <instance-id> {enable | disable}
Argument Description
enable Enables MSTP on the specified port
disable Disables MSTP on the specified port
instance-id The MSTP instance ID, in the range of <1–15>
If you specify this option, the selected MSTP instance is disabled and the
MSTP port role in that instance is disabled.
Page 23
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Command Syntax
device-name(cfg protocol mstp)#instance <instance-id> vlan VLAN-LIST
device-name(cfg protocol mstp)#no instance <instance-id>
Argument Description
instance-id The MSTP instance ID, in the range of <1–15>. Instance 0 is mandatory while
others are optional.
VLAN-LIST The list of VLANs mapped to this instance, in the range of <2–4094>.
• To specify a VLAN rane, use a hyphen, for example:
instance 1 vlan 1-63
• To specify a VLAN list, type the VLAN numbers in an increasing order,
separating them with commas, for example:
instance 1 vlan 10, 20, 30
no Restores to default
Command Syntax
device-name(cfg protocol mstp)#name NAME
device-name(cfg protocol mstp)#no name
Argument Description
NAME The MSTP region name, a case-sensitive string of up to 31 characters
no Removes the name
Example
device-name(cfg protocol mstp)#name region1
Page 24
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Command Syntax
device-name(cfg protocol mstp)#revision <revision-number>
device-name(cfg protocol mstp)#no revision
Argument Description
revision-number The revision number, in the range of <0–65535>
no Restores to default
Example
device-name(cfg protocol mstp)#revision 1
Command Syntax
device-name(cfg protocol mstp)#apply
Command Syntax
device-name(cfg protocol mstp)#abort
Page 25
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Command Syntax
device-name(cfg protocol)#mstp hello-time <seconds>
device-name(cfg protocol)#no mstp hello-time
Argument Description
seconds The MSTP hello-time, in the range of <1–10> seconds
no Restores to default
Command Syntax
device-name(cfg protocol)#mstp forward-delay <seconds>
device-name(cfg protocol)#no mstp forward-delay
Argument Description
seconds The MSTP forward-delay time, in the range of <4–30> seconds
no Restores to default
Page 26
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Command Syntax
device-name(cfg protocol)#mstp max-age <seconds>
device-name(cfg protocol)#no mstp max-age
Argument Description
seconds The MSTP MaxAge time, in the range of <6–40> seconds
no Restores to default
Command Syntax
device-name(cfg protocol)#mstp max-hops <hops-count>
device-name(cfg protocol)#no mstp max-hops
Argument Description
hops-count The number of hops in a region, in the range of <1–40>
no Restores to default
Page 27
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
NOTE
Avoid using this command for any topology other than a ring topology.
Command Syntax
device-name(cfg protocol)#mstp fast-ring ring-ports UU1/SS1/PP1 UU2/SS2/PP2
device-name(cfg protocol)#no mstp fast-ring
Argument Description
UU1/SS1/PP1 Specifies the first ring port
UU2/SS2/PP2 Specifies the second ring port
no Restores to default
Command Syntax
device-name(cfg protocol)#mstp fast-ring <instance-id> border-bridge
preferred-link UU/SS/PP
device-name(cfg protocol)#no mstp fast-ring <instance-id> border-bridge
Argument Description
instance-id The instance ID the Ring Border Bridge functionality operates.
NOTE
Uou can use the MSTP Fast Ring solution only in instance 0
(CIST).
preferred-link The preferred MSTP Fast Ring physical port that connects the ring
topology to the network gateway.
Configure the preferred Fast Ring physical using the mstp fast-ring
ring-ports command.
Page 28
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Command Syntax
device-name(cfg protocol)#mstp learn-mode {none | temporary-disabled [<2-100>]
| standard}
Argument Description
none Permanently disables learning on non-edge/ring ports
temporary- Enables learning, except for cases where an MSTP topology change occurs
disabled and learning is temporarily disabled
2-100 (Optional) defines the time period learning is disabled after a topology change
occurred, in the range of <2–100> seconds
standard Permanently enables learning on non-edge/ring ports
NOTE
If the device receives a BPDU on a port configured as an edge port, the port
automatically reverts to Disabled status. After a link up/down, the port returns to the
Edge port administrative status.
Page 29
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
The EdgePort parameter is controlled by the MSTP state machine and the CLI.
Table 10: MSTP Edge Port
Type Description
Admin Configuring a port as an Edge port is known as Administrative Edge Port. This
EdgePort indicates that the port is permitted to transition directly to Forwarding state when
it becomes designated.
Configure Edge ports on ports that are known to be at the edge of the bridged
LAN in order to transition to Forwarding without delay.
EdgePort The port’s actual status is known as its operational state. This indicates whether
the port operates as an Edge Port or not.
When a port that was configured as Administrative Edge Port receives a BPDU,
it automatically changes its operational state to operate as a non-Edge Port, in
order to prevent loops in the network.
Therefore, if a port marked as an edge port proves not to be one (due to the
presence of another bridge), it ceases to behave like an edge port until it is
reinitialized (either by a link up/down event or by reissuing the CLI command).
By default, the port is not an edge port. If you set the port as an edge port, the Flush Port option is
disabled by default.
Command Syntax
device-name(config-if UU/SS/PP)#mstp edge-port [flush-port]
device-name(config-if UU/SS/PP)#no mstp edge-port [flush-port]
Argument Description
flush-port (Optional) MSTP flushes the edge port it is configured on, when the link on
the port is down.
Use the MSTP edge port when neither the device connected to the port nor
the network connected to this device is MSTP enabled (configure an MSTP
edge port only if there is no possibility that BPDUs are received on the
connected port). If you connect a network (not a single device) to the port,
use the Flush Port option to prevent sending packets to unconnected links.
no Configures the edge port value to its default settings. Also it disables the
admin status.
Page 30
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-if UU/SS/PP)#mstp <instance-id> path-cost <cost>
device-name(config-if UU/SS/PP)#no mstp <instance-id> path-cost
Argument Description
instance-id The MSTP instance ID, in the range of <1–15>
cost The path cost value, in the range of <1–200000000>. Assign lower cost
values to ports you want to select first and higher-cost values to other
ports.
no Restores to default
NOTE
This command takes effect only if the port is an MSTP edge port.
Command Syntax
device-name(config-if UU/SS/PP)#mstp bpdu-rx {discard | disable-port |
standard}
device-name(config-if-group)#mstp bpdu-rx {discard | disable-port | standard}
Argument Description
discard The port drops BPDUs received on it and continues to operate as an edge
port.
NOTE
Use this option to prevent receiving unwanted BPDU packets
from user ports.
disable-port Disables the port when it receives
standard Processes received BPDUs and invalidates the edge port’s operational status
Page 31
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Example
Configure the device to disable port 1/2/3 if a BPDU is received on it:
device-name(config)#interface 1/2/3
device-name(config-if 1/2/3)#mstp bpdu-rx disable-port
Command Syntax
device-name(config-if UU/SS/PP)#mstp bpdu-tx {enable | disable}
device-name(config-if-group)#mstp bpdu-tx {enable | disable}
Argument Description
enable Enables the BPDU transmission
disable Disables the BPDU transmission
For more information regarding this feature, refer to the STP Loop Guard section of Configuring
Spanning Tree Protocol (STP) chapter.
Command Syntax
device-name(config-if UU/SS/PP)#mstp detect-bpdu-loss {enable | disable}
device-name(config-if-group)#mstp detect-bpdu-loss {enable | disable}
Argument Description
enable Enables Loop Guard on the port
disable Disables Loop Guard on the port
This parameter does not change the port’s state, if the port is not a Designated
port, even if the port stops receiving BPDUs from its peer port.
Page 32
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Example
device-name(config)#interface 1/2/2
device-name(config-if 1/2/2)#mstp detect-bpdu-loss disable
Command Syntax
device-name(config-if UU/SS/PP)#mstp detect-protocols
device-name(config-if-group)#mstp detect-protocols
Command Syntax
device-name(config-if UU/SS/PP)#mstp link-flapping <period>
device-name(config-if UU/SS/PP)#no mstp link-flapping
Argument Description
period The flapping interval (the time between a LinkDown and LinkUp status), in the range
of <200–10000> milliseconds (recommended interval is 2000 ms). The link shuts
down if the flapping interval is lower than the time defined.
no Restores to default.
Example 1
Set the MSTP Link Flapping control period to 1.5 seconds on port 1/1/1:
device-name(config)#interface 1/1/1
device-name(config-if 1/1/1)#mstp link-flapping 1500
Page 33
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Example 2
Disable MSTP Link Flapping on ports 1/2/1–1/2/4:
device-name(config)#interface range 1/2/1-1/2/4
device-name(config-if-group)#no mstp link-flapping
Admin Link-Type auto The device automatically manages the port's link-type. The
device considers the port connected to a point-to-point LAN
segment if any of the following conditions are met:
• The MST algorithm determines that the LAN segment
operates in full duplex mode.
• If you configure the port by management means to a
full duplex operation. Otherwise, consider the MAC to
be connected to a LAN segment that is not point-to-
point (shared media).
point-to-point Consider the device connected to a point-to-point LAN
segment that forces the operational link-type to be point-to-
point.
shared Consider the device connected to a shared media LAN
segment that forces the operational link-type to be shared.
Operational Link- If you configure Admin link-type to auto, then you can determine the value of
Type Operational link-type in accordance with the specific procedures defined for
the device entity, as defined in Admin link-type (auto).
If the port is connected to a point-to-point LAN segment, then Operational
link-type is set to point-to-point, otherwise it is set to shared.
In the absence of a specific definition of how to determine whether the
device is connected to a point-to-point LAN segment or not, the value of link-
type is shared.
Command Syntax
device-name(config-if UU/SS/PP)#mstp link-type {auto | point-to-point |
shared}
device-name(config-if UU/SS/PP)#no mstp link-type {auto | point-to-point |
shared}
Page 34
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Argument Description
auto Sets the RSTP link-type to auto.
point-to-point Sets the RSTP link-type to point-to-point.
shared Sets the RSTP link-type to share.
no Restores to default
Command Syntax
device-name(config-if UU/SS/PP)#mstp restrict-root {enable | disable}
device-name(config-if-group)#mstp restrict-root {enable | disable}
Argument Description
enable Enables root restriction on the specified port (the port is not selected as Root
port)
disable Disables root restriction
Command Syntax
device-name(config-if UU/SS/PP)#mstp restrict-tcn {enable | disable}
device-name(config-if-group)#mstp restrict-tcn {enable | disable}
Argument Description
enable Enables TCN restriction: the port does not propagate detected topology
changes to other ports on the bridge and other bridges in the topology. This
prevents the unnecessary update of learnt devices locations.
disable Disables TCN restriction.
Page 35
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-if UU/SS/PP)#mstp cisco-compliant
device-name(config-if UU/SS/PP)#no mstp cisco-compliant
device-name(config-if-group)#mstp cisco-compliant
device-name(config-if-group)#no mstp cisco-compliant
Argument Description
no Restores to default
Command Syntax
device-name(config-if UU/SS/PP)#mstp default
device-name(config-if-group)#mstp default
Command Syntax
device-name(cfg protocol mstp)#show pending
Page 36
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Example
device-name(cfg protocol mstp)#show pending
Pending MST configuration
Name region 1
Revision 1
Instance Vlans mapped
--------- ----------------------------------------------------
0 1-4094
--------------------------------------------------------------
Command Syntax
device-name(cfg protocol mstp)#show
Example
device-name(cfg protocol mstp)#show
Pending MST configuration
Name []
Revision 1
Instance Vlans mapped
--------- ------------------
0 1-10,12-13
1 14-4094
6 11
----------------------------
Page 37
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Command Syntax
device-name(cfg protocol mstp)#show mstp configuration
device-name#show mstp configuration
Example
device-name(cfg protocol mstp)#show mstp configuration
Name [man]
Revision 56
Instance Vlans mapped
--------- --------------
0 1-10,12-13
1 14-4094
6 11
------------------------
Command Syntax
device-name#show mstp
Page 38
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Example
device-name#show mstp
Multiple spanning trees = enabled
ProtocolSpecification = ieee8021s
Priority = 32768
TimeSinceTopologyChange = 9 (Sec)
TopChanges = 1
CIST Root = 32768.00:A0:12:0A:01:B6
CIST Port = 01/02/01
CIST External Path Cost = 200000
MaxAge = 20 (Sec)
HelloTime = 2 (Sec)
ForwardDelay = 15 (Sec)
BridgeMaxAge = 0 (Sec)
BridgeHelloTime = 2 (Sec)
BridgeForwardDelay = 15 (Sec)
ProtoMigratioDelay = 3 (Sec)
MaxHopCount = 40
TxHoldCount = 3
SpanIgmpFastRecovery = disabled
FastRing = disabled
LearnMode = Standard
MST00
VLAN mapped = 1-4094
Priority = 32768
Regional Root = This bridge is the root
RemainingHopCount = 40
TimeSinceTopologyChange = 9 (Sec)
TopChanges = 1
Border Bridge = disabled
=====================================================================
Port |Pri|Prt role|State|PCost |DCost |Designated bridge |DPrt
--------+---+--------+-----+------+-------+------------------+-------
01/02/02 128 Root frwrd 200000 0 00000.00A0120F2F27 128.006
MST01
VLAN mapped = 3
Priority = 32768
Regional Root = This bridge is the root
RemainingHopCount = 40
TimeSinceTopologyChange = 3039 (Sec)
TopChanges = 0
Border Bridge = disabled
========================================================================
Port |Pri|Prt role |State|PCost |DCost |Designated bridge |DPrt
---------+---+-----------+-----+------+-------+------------------+-------
01/02/01 128 Designated frwrd 200000 200000 32768.00A012270120 128.002
01/02/02 128 Root frwrd 200000 200000 32768.00A0120A01B6 128.024
01/02/03 128 Alternate block 200000 200000 32768.00A012270120 128.007
Page 39
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Multiple spanning trees Indicates whether MSTP is enabled or disabled on the device
ProtocolSpecification Displays the supported IEEE standard
Priority The bridge priority
TimeSinceTopologyChange The time since the last topology change, in seconds
TopChanges The number of topology changes detected for all the MSTIs
CIST Root The CIST regional root Identifier (the bridge Identifier of the
current CIST regional root)
CIST Port The port from which traffic flows to the CIST root
CIST Cost The CIST path cost from the transmitting bridge to the CIST
regional root
MaxAge The maximum age of received protocol information before it is
discarded, in seconds
HelloTime The hello-time time interval in seconds
ForwardDelay The forward-delay time in seconds
BridgeMaxAge The Max Age time in seconds
BridgeHelloTime The value of the hello-time parameter in seconds determining
the interval between transmissions of the following BPDUs:
• BPDUs to all designated ports of the root device
• BPDUs to designated ports of all devices in the topology
that have the same root
• BPDUs to the root port during TCN
BridgeForwardDelay The forward-delay time in seconds, when the bridge is the root
or is attempting to become the root
ProtoMigratioDelay This value is used by the Protocol Migration Machine to limit the
transition between port states
MaxHopCount The maximum number of hops in a region before the BPDU is
discarded
TxHoldCount The value used to limit the rate of at which packets are sent
(relates to the port transmit state machine)
SpanIgmpFastRecovery Indicates whether the IGMP Fast Recovery feature is enabled
on the device
FastRing Indicates whether the Fast Ring feature is enabled on the device
MST00 Indicates MST instance 0
VLAN mapped The MSTI VLAN mapping
Regional Root The MSTI regional root
RemainingHopCount The value that determines the scope of an MSTP region
TopChanges The number of the topology changes occurred in the specified
MSTI
Border Bridge The MSTP ring border bridge status
Page 40
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Page 41
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Command Syntax
device-name#show mstp instance {<instance-id> | all} [interface UU/SS/PP]
Argument Description
instance-id The MST instance ID, in the range of <0–15>
all Displays all instances
interface UU/SS/PP (Optional) specifies a port to display
Example
device-name#show mstp instance 0 interface 1/1/1
MST instance 0
Port Enable = enabled
Port Priority = 128
Port State = forwarding
Forward Transitions = 34
Port Role = Root
Port Path Cost = 200000
CIST Root = 24576.0009B7990300
ExternalPortPathCost= 200000
Designated Root = This bridge is the regional root
Designated Bridge = 24576.0009B7990300
Designated Port Id = 96.1
Designated Path Cost= 200000
AdminEdgePort = disabled
OperEdgePort = disabled
BPDU processing = Standard
AdminLink-Type = PointToPoint
Link-Type = PointToPoint
RestrictRoot = enabled
RestrictTCN = disabled
Detect lost BPDUs = enabled
Running Version = RSTP
Link flapping = disabled
Page 42
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Page 43
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Command Syntax
device-name#debug mstp {roles | handshake} {all | <instance-id>}
device-name#no debug mstp {roles | handshake} {all | <instance-id>}
Argument Description
roles The port roles to debug
handshake Specifies the mechanism of proposals and agreements
all Debugs all instances
instance-id The MST instance ID, in the range of <0–15>
no Disables the debug information display
Example
Below is a debug output:
mstp:Port 1/1/1 msti 1 Synced
Page 44
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Command Syntax
device-name#show debug mstp
Example
device-name#show debug mstp
MSTP debugging status:
|MSTI |Dbg Role|Dbg Handshake|
|0 |ON |ON |
|10 |ON |ON |
|11 |ON |ON |
Page 45
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
2. Assign the name region1 and the revision number 1 to the MSTP region:
device-name(cfg protocol mstp)#name region1
device-name(cfg protocol mstp)#revision 1
Page 46
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
2. Assign port priority 16 to instance 0, and path cost 22 to instance 1. Enable BPDU guard,
restrict root, and restrict TCN on port 1/1/1:
device-name(config)#interface 1/1/1
device-name(config-if 1/1/1)#mstp 0 port-priority 16
device-name(config-if 1/1/1)#mstp 1 path-cost 22
device-name(config-if 1/1/1)#mstp detect-bpdu-loss enable
device-name(config-if 1/1/1)#mstp restrict-root enable
device-name(config-if 1/1/1)#mstp restrict-tcn enable
device-name(config-if 1/1/1)#end
Page 47
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
2. Configure the following parameters: hello-time to 4 seconds, MaxAge time to 34 seconds, and
max-hop count to 23.
device-name(cfg protocol)#mstp hello-time 4
device-name(cfg protocol)#mstp max-age 34
device-name(cfg protocol)#mstp max-hops 23
device-name(cfg protocol)#end
Page 48
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
MST00
VLAN mapped = 2-4094
Priority = 32768
Regional Root = This bridge is the root
RemainingHopCount = 23
TimeSinceTopologyChange = 3039 (Sec)
TopChanges = 8
Border Bridge = Disabled
====================================================================
Port |Pri|Prt role|State|PCost |DCost |Designated bridge | Prt
--------+---+--------+-----+-----+-------+------------------+-------
01/01/01 128 Designat frwrd 200000 200000 32768.00A01211227A 128.001
01/02/01 128 Root frwrd 200000 200000 00000.00A0120F2F27 128.006
01/02/03 128 Designat frwrd 200000 200000 32768.00A01211227A 128.013
MST01
VLAN mapped = 1
Priority = 32768
Regional Root = 32769.00:A0:12:11:07:08
RemainingHopCount = 39
TimeSinceTopologyChange = 3039 (Sec)
TopChanges = 4
Border Bridge = Disabled
====================================================================
Port |Pri|Prt role|State|PCost |DCost |Designated bridge |DPrt
--------+---+--------+-----+------+------+------------------+-------
01/01/01 0 Root frwrd 200000 0 32768.00A01211227A 128.001
Page 49
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Network Configuration
In the following example, four devices are connected via VLANs V100 and V200 that are mapped
to two MST instances on each device. The example shows the redundancy achieved with MSTP.
After configuring the network, use the show mstp command on each device to verify that the MST
instances are configured correctly.
Configuring Device 1:
1. Create VLANs V100 and V200 and add the appropriate ports to each VLAN:
Device1#configure terminal
Device1(config)#vlan
Device1(config vlan)#config default
Device1(config-vlan default)# remove ports 1/2/1-1/2/3
Device1(config-vlan default)#exit
Device1(config vlan)#create v100 100
Device1(config vlan)#config v100
Device1(config-vlan v100)#add ports 1/2/1,1/2/3 tagged
Device1(config-vlan v100)#add ports 1/2/4 untagged
Device1(config-vlan default)#exit
Device1(config vlan)#create v200 200
Device1(config vlan)#config v200
Device1(config-vlan v200)#add ports 1/2/2,1/2/3 tagged
Device1(config-vlan v200)#exit
Device1(config vlan)#exit
2. Enable MSTP:
Device1(config)#protocol
Device1(cfg protocol)#mstp enable
Page 50
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Configuring Device 2:
1. Create VLANs V100 and V200 and add the appropriate ports to each VLAN:
Device2#configure terminal
Device2(config)#vlan
Device2(config vlan)#config default
Device2(config-vlan default)# remove ports 1/2/1-1/2/3
Device2(config-vlan default)#exit
Device2(config vlan)#create v100 100
Device2(config vlan)#config v100
Device2(config-vlan v100)#add ports 1/2/1,1/2/3 tagged
Device2(config-vlan default)#exit
Device2(config vlan)#create v200 200
Device2(config vlan)#config v200
Device2(config-vlan v200)#add ports 1/2/2,1/2/3 tagged
Device2(config-vlan v200)#add ports 1/2/4 untagged
Device2(config-vlan v200)#exit
Device2(config vlan)#exit
2. Enable MSTP:
Device2(config)#protocol
Device2(cfg protocol)#mstp enable
Page 51
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Configuring Device 3:
1. Create VLANs V100 and V200 and add the appropriate ports to each VLAN:
Device3#configure terminal
Device3(config)#vlan
Device3(config vlan)#config default
Device3(config-vlan default)#remove ports 1/2/1,1/2/2,1/2/4
Device3(config-vlan default)#exit
Device3(config vlan)#create v100 100
Device3(config vlan)#config v100
Device3(config-vlan v100)#add ports 1/2/1,1/2/2 tagged
Device3(config-vlan v100)#add ports 1/2/4 untagged
Device3(config-vlan v100)#exit
Device3(config vlan)#exit
2. Enable MSTP:
Device3(config)#protocol
Device3(cfg protocol)#mstp enable
Configuring Device 4:
1. Create VLAN V200 and add the appropriate ports to each VLAN:
Device4#configure terminal
Device4(config)#vlan
Device4(config vlan)#config default
Device4(config-vlan default)#remove ports 1/2/1,1/2/2
Device4(config-vlan default)#exit
Device4(config vlan)#create v200 200
Device4(config vlan)#config v200
Device4(config-vlan v200)#add ports 1/2/1,1/2/2 tagged
Device4(config-vlan v200)#add ports 1/2/4 untagged
Device4(config-vlan v200)#exit
Device4(config vlan)#exit
2. Enable MSTP:
Device4(config)#protocol
Device4(cfg protocol)#mstp enable
Page 52
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
MST00
VLAN mapped = 1-99,101-199,201-4094
Priority = 32768
Regional Root = 32768.00:A0:12:27:00:80
RemainingHopCount = 39
TimeSinceTopologyChange = 3039 (Sec)
TopChanges = 6
Border Bridge = Disabled
No active ports are mapped to the msti
MST01
VLAN mapped = 100
Priority = 32768
Regional Root = This bridge is the root
RemainingHopCount = 40
TimeSinceTopologyChange = 3039 (Sec)
TopChanges = 5
Border Bridge = Disabled
==========================================================================
Port |Pri|Prt role|State|PCost |DCost |Designated bridge |DPrt
Page 53
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
--------+---+--------+-----+---------+---------+------------------+-------
01/02/01 128 Designat frwrd 200000 0 00000.00A0122700C0 128.003
01/02/03 128 Designat frwrd 200000 0 00000.00A0122700C0 128.005
01/02/04 128 Designat frwrd 200000 0 00000.00A0120A0168 128.006
MST02
VLAN mapped = 200
Priority = 32768
Regional Root = 00002.00:A0:12:27:14:20
RemainingHopCount = 39
TimeSinceTopologyChange = 3039 (Sec)
TopChanges = 7
Border Bridge = Disabled
==========================================================================
Port |Pri|Prt role|State|PCost |DCost |Designated bridge |DPrt
--------+---+--------+-----+---------+---------+------------------+-------
01/02/02 128 Designat frwrd 200000 0 32768.00A0122700C0 128.004
01/02/03 128 Root frwrd 200000 0 00000.00A012271420 128.005
MST00
VLAN mapped = 1-99,101-199,201-4094
Priority = 32768
Regional Root = 32768.00:A0:12:27:00:80
RemainingHopCount = 39
TimeSinceTopologyChange = 3039 (Sec)
TopChanges = 4
Border Bridge = Disabled
==========================================================================
Page 54
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
MST01
VLAN mapped = 100
Priority = 32768
Regional Root = 00001.00:A0:12:27:00:C0
RemainingHopCount = 39
TimeSinceTopologyChange = 3039 (Sec)
TopChanges = 4
Border Bridge = Disabled
==========================================================================
Port |Pri|Prt role|State|PCost |DCost |Designated bridge |DPrt
--------+---+--------+-----+---------+---------+------------------+-------
01/02/01 128 Alternat block 200000 200000 32768.00A012270080 128.004
01/02/03 128 Root frwrd 200000 200000 00000.00A0122700C0 128.005
MST02
VLAN mapped = 200
Priority = 32768
Regional Root = This bridge is the root
RemainingHopCount = 40
TimeSinceTopologyChange = 3039 (Sec)
TopChanges = 4
Border Bridge = Disabled
==========================================================================
Port |Pri|Prt role|State|PCost |DCost |Designated bridge |DPrt
--------+---+--------+-----+---------+---------+------------------+-------
01/02/02 128 Designat frwrd 200000 0 00000.00A012271420 128.002
01/02/03 128 Designat frwrd 200000 0 00000.00A012271420 128.003
01/02/04 128 Designat frwrd 200000 0 00000.00A012271420 128.005
Page 55
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
FastRing = disabled
LearnMode = Standard
MST00
VLAN mapped = 1-99,101-199,201-4094
Priority = 32768
Regional Root = This bridge is the root
RemainingHopCount = 39
TimeSinceTopologyChange = 3039 (Sec)
TopChanges = 3
Border Bridge = Disabled
No active ports are mapped to the msti
MST01
VLAN mapped = 100
Priority = 32768
Regional Root = 0001.00:A0:12:27:00:C0
RemainingHopCount = 39
TimeSinceTopologyChange = 3039 (Sec)
TopChanges = 2
Border Bridge = Disabled
==========================================================================
Port |Pri|Prt role|State|PCost |DCost |Designated bridge |DPrt
--------+---+--------+-----+---------+---------+------------------+-------
01/02/01 128 Root frwrd 200000 0 00000.00A012270080 128.003
01/02/02 128 Designat frwrd 200000 0 32768.00A012270080 128.004
01/02/04 128 Designat frwrd 200000 0 32768.00A012270080 128.006
MST02
VLAN mapped = 200
Priority = 32768
Regional Root = 00002.00:A0:12:27:14:20
RemainingHopCount = 39
TimeSinceTopologyChange = 3039 (Sec)
TopChanges = 3
Border Bridge = Disabled
No active ports are mapped to the msti
Page 56
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
MST00
VLAN mapped = 1-99,101-199,201-4094
Priority = 32768
Regional Root = 32768.00:A0:12:27:00:80
RemainingHopCount = 38
TimeSinceTopologyChange = 3039 (Sec)
TopChanges = 2
Border Bridge = Disabled
==========================================================================
Port |Pri|Prt role|State|PCost |DCost |Designated bridge |DPrt
--------+---+--------+-----+---------+---------+------------------+-------
01/02/01 128 Alternat frwrd 200000 0 32768.00A012271420 128.003
01/02/02 128 Root frwrd 200000 0 32768.00A0122700C0 128.004
01/02/04 128 Designat frwrd 200000 0 32768.00A012271420 128.006
MST01
VLAN mapped = 100
Priority = 32768
Regional Root = 00001.00:A0:12:27:00:C0
RemainingHopCount = 39
TimeSinceTopologyChange = 3039 (Sec)
TopChanges = 5
Border Bridge = Disabled
No active ports are mapped to the msti
MST02
VLAN mapped = 200
Page 57
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Priority = 32768
Regional Root = 00002.00:A0:12:27:14:20
RemainingHopCount = 39
TimeSinceTopologyChange = 3039 (Sec)
TopChanges = 2
Border Bridge = Disabled
No active ports are mapped to the msti
In this example if the direct link between Device 1 and Device 3 fails. MSTI01 is recalculated and
port 1/2/2 in Device 3 changes its role from alternate to root.
MST00
VLAN mapped = 1-99,101-199,201-4094
Priority = 32768
Regional Root = 32768.00:A0:12:27:00:80
Page 58
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
RemainingHopCount = 38
TimeSinceTopologyChange = 3039 (Sec)
TopChanges = 6
Border Bridge = Disabled
No active ports are mapped to the msti
MST01
VLAN mapped = 100
Priority = 32768
Regional Root = This bridge is the root
RemainingHopCount = 40
TimeSinceTopologyChange = 3039 (Sec)
TopChanges = 5
Border Bridge = Disabled
==========================================================================
Port |Pri|Prt role|State|PCost |DCost |Designated bridge |DPrt
--------+---+--------+-----+---------+---------+------------------+-------
01/02/03 128 Designat frwrd 200000 0 00000.00A0122700C0 128.005
MST02
VLAN mapped = 200
Priority = 32768
Regional Root = 00002.00:A0:12:27:14:20
RemainingHopCount = 39
TimeSinceTopologyChange = 3039 (Sec)
TopChanges = 7
Border Bridge = Disabled
==========================================================================
Port |Pri|Prt role|State|PCost |DCost |Designated bridge |DPrt
--------+---+--------+-----+---------+---------+------------------+-------
01/02/02 128 Designat frwrd 200000 0 32768.00A0122700C0 128.002
01/02/03 128 Root frwrd 200000 0 00000.00A012271420 128.003
01/02/04 128 Designat frwrd 200000 0 32768.00A0122700C0 128.006
Page 59
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
SpanIgmpFastRecovery = disabled
FastRing = disabled
LearnMode = Standard
MST00
VLAN mapped = 1-99,101-199,201-4094
Priority = 32768
Regional Root = This bridge is the root
RemainingHopCount = 39
TimeSinceTopologyChange = 3039 (Sec)
TopChanges = 3
Border Bridge = Disabled
No active ports are mapped to the msti
MST01
VLAN mapped = 100
Priority = 32768
Regional Root = 00001.00:A0:12:0A:01:68
RemainingHopCount = 38
TimeSinceTopologyChange = 3039 (Sec)
TopChanges = 3
Border Bridge = Disabled
==========================================================================
Port |Pri|Prt role|State|PCost |DCost |Designated bridge |DPrt
--------+---+--------+-----+---------+---------+------------------+-------
01/02/02 128 Root frwrd 200000 400000 32768.00A00001090B 128.002
01/02/04 128 Designat frwrd 200000 400000 32768.00A012BBBBBB 128.006
MST02
VLAN mapped = 200
Priority = 32768
Regional Root = 00002.00:A0:12:27:14:20
RemainingHopCount = 39
TimeSinceTopologyChange = 3039 (Sec)
TopChanges = 3
Border Bridge = Disabled
No active ports are mapped to the msti
Page 60
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Configuring Device 1:
1. Enable MSTP:
Device1#configure terminal
Device1(config)#protocol
Device1(cfg protocol)#mstp enable
5. Enable IGMP snooping and configure ports 1/1/1 and 1/1/2 as mrouter ports:
Device1(config)#ip igmp snooping
Device1(config)#ip igmp snooping vlan 1 mrouter interface 1/1/1
Device1(config)#ip igmp snooping vlan 1 mrouter interface 1/1/2
Page 61
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Configuring Device 2:
1. Enable MSTP:
Device2#configure terminal
Device2(config)#protocol
Device2(cfg protocol)#mstp enable
2. Enable MSTP fast ring for accelerating its operation in a ring topology:
Device2(cfg protocol)#mstp fast-ring ring-ports 1/2/6 1/2/7
Device2(cfg protocol)#mstp learn-mode temporary-disabled 2
5. Enable IGMP snooping and configure ports 1/2/6 and 1/2/7 as mrouter ports:
Device2(config)#ip igmp snooping
Device2(config)#ip igmp snooping vlan 1 mrouter interface 1/2/6
Device2(config)#ip igmp snooping vlan 1 mrouter interface 1/2/7
Configuring Device 3:
1. Enable MSTP:
Device3#configure terminal
Device3(config)#protocol
Device3(cfg protocol)#mstp enable
2. Enable MSTP fast ring for accelerating its operation in a ring topology:
Device3(cfg protocol)#mstp fast-ring ring-ports 1/1/1 1/1/2
Device3(cfg protocol)#mstp learn-mode temporary-disabled 2
Device3(cfg protocol)#exit
4. Enable IGMP snooping and configure ports 1/1/1 and 1/1/2 as mrouter ports:
Device3(config)#ip igmp snooping
Device3(config)#ip igmp snooping vlan 1 mrouter interface 1/1/1
Device3(config)#ip igmp snooping vlan 1 mrouter interface 1/1/2
Page 62
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Figure 8: BPDU Guard, Loop Guard, Restricted Root and Restricted TCN
Configuring Device 1:
1. Enable MSTP:
Device1#configure terminal
Device1(config)#protocol
Device1(cfg protocol)#mstp enable
3. Configure port 1/2/4 as an edge port. Enable BPDU guard, restricted root and restricted
TCN on this port:
Device1(config)#interface 1/2/4
Device1(config-if 1/2/4)#mstp edge-port
Device1(config-if 1/2/4)#mstp bpdu-rx discard
Device1(config-if 1/2/4)#mstp restrict-root enable
Device1(config-if 1/2/4)#mstp restrict-tcn enable
Device1(config-if 1/2/4)#exit
Page 63
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Configuring Device 2:
1. Enable MSTP:
Device2#configure terminal
Device2(config)#protocol
Device2(cfg protocol)#mstp enable
Device2(cfg protocol)#exit
2. Configure port 1/2/4 as an edge port. Enable BPDU guard, restricted root and restricted
TCN on this port:
Device2(config)#interface 1/2/4
Device2(config-if 1/2/4)#mstp edge-port
Device2(config-if 1/2/4)#mstp bpdu-rx discard
Device2(config-if 1/2/4)#mstp restrict-root enable
Device2(config-if 1/2/4)#mstp restrict-tcn enable
Device2(config-if 1/2/4)#exit
Configuring Device 3:
1. Enable MSTP:
Device3#configure terminal
Device3(config)#protocol
Device3(cfg protocol)#mstp enable
Device3(cfg protocol)#exit
2. Configure port 1/2/4 as an edge port. Enable BPDU guard, restricted root and restricted
TCN on this port:
Device3(config)#interface 1/2/4
Device3(config-if 1/2/4)#mstp edge-port
Device3(config-if 1/2/4)#mstp bpdu-rx discard
Device3(config-if 1/2/4)#mstp restrict-root enable
Device3(config-if 1/2/4)#mstp restrict-tcn enable
Device3(config-if 1/2/4)#exit
Page 64
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Configuring Device 1:
1. Enable MSTP, disable learning, and configure Device 1 to be the root device:
Device1#configure terminal
Device1(config)#protocol
Device1(cfg protocol)#mstp enable
Device1(cfg protocol)#mstp learn-mode none
Device1(cfg protocol)#mstp 0 priority 8192
Device1(cfg protocol)#exit
2. Create VLAN V10, V20, and V30. Add the appropriate ports to each VLAN:
Device1(config)#vlan
Device1(config vlan)#create v10 10
Device1(config vlan)#create v20 20
Device1(config vlan)#create v30 30
Device1(config vlan)#config default
Device1(config-vlan default)#remove ports 1/1/1-1/2/2
Device1(config-vlan default)#config v10
Device1(config-vlan v10)#add ports 1/2/1,1/2/2 tagged
Page 65
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Configuring Device 2:
1. Enable MSTP, disable learning, and configure fast ring ports:
Device2#configure terminal
Device2(config)#protocol
Device2(cfg protocol)#mstp enable
Device2(cfg protocol)#mstp learn-mode none
Device2(cfg protocol)#mstp fast-ring ring-ports 1/2/1 1/2/2
Device2(cfg protocol)#exit
2. Configure an edge port and enable port security on the client port:
Device2(config)#interface 1/1/1
Device2(config-if 1/1/1)#mstp edge-port
Device2(config-if 1/1/1)#port security
Device2(config-if 1/1/1)#interface 1/2/3
Device2(config-if 1/2/3)#mstp edge-port
Device2(config-if 1/2/3)#port security
Device2(config-if 1/2/3)#interface 1/2/4
Device2(config-if 1/2/4)#mstp edge-port
Device2(config-if 1/2/4)#port security
Device2(cfg protocol)#exit
3. Create VLAN V10, V20, and V30. Add the appropriate ports to each VLAN:
Device2(config)#vlan
Device2(config vlan)#create v10 10
Device2(config vlan)#create v20 20
Device2(config vlan)#create v30 30
Device2(config vlan)#config default
Device2(config-vlan default)#remove ports 1/1/1-1/2/2
Device2(config-vlan default)#config v10
Device2(config-vlan v10)#add ports 1/1/1 untagged
Device2(config-vlan v10)#add ports default 1/1/1
Device2(config-vlan v10)#add ports 1/2/1,1/2/2 tagged
Device2(config-vlan v10)#config v20
Device2(config-vlan v20)#add ports 1/2/3 untagged
Device2(config-vlan v20)#add ports default 1/2/3
Device2(config-vlan v20)#add ports 1/2/1,1/2/2 tagged
Device2(config-vlan v20)#config v30
Device2(config-vlan v30)#add ports 1/2/4 untagged
Device2(config-vlan v30)#add ports default 1/2/4
Device2(config-vlan v30)#add ports 1/2/1,1/2/2 tagged
Device2(config-vlan v30)#end
Page 66
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Configuring Device 3:
1. Enable MSTP, disable learning, and configure fast ring ports:
Device3#configure terminal
Device3(config)#protocol
Device3(cfg protocol)#mstp enable
Device3(cfg protocol)#mstp learn-mode none
Device3(cfg protocol)#mstp fast-ring ring-ports 1/2/1 1/2/2
Device3(cfg protocol)#exit
2. Create VLAN V10, V20, and V30. Add the appropriate ports to each VLAN:
Device3(config)#vlan
Device3(config vlan)#create v10 10
Device3(config vlan)#create v20 20
Device3(config vlan)#create v30 30
Device3(config vlan)#config default
Device3(config-vlan default)#remove ports 1/1/1-1/2/2
Device3(config-vlan default)#config v10
Device3(config-vlan v10)#add ports 1/2/1,1/2/2 tagged
Device3(config-vlan v10)#config v20
Device3(config-vlan v20)#add ports 1/2/1,1/2/2 tagged
Device3(config-vlan v20)#config v30
Device3(config-vlan v30)#add ports 1/2/1,1/2/2 tagged
Device3(config-vlan v30)#end
Configuring Device 4:
1. Enable MSTP, disable learning, and configure fast ring ports:
Device4#configure terminal
Device4(config)#protocol
Device4(cfg protocol)#mstp enable
Device4(cfg protocol)#mstp learn-mode none
Device4(cfg protocol)#mstp fast-ring ring-ports 1/2/1 1/2/2
Device4(cfg protocol)#exit
2. Configure an edge port and enable port security on the client port:
Device4(config)#interface 1/1/1
Device4(config-if 1/1/1)#mstp edge-port
Device4(config-if 1/1/1)#port security
Device4(config-if 1/1/1)#interface 1/2/3
Device4(config-if 1/2/3)#mstp edge-port
Device4(config-if 1/2/3)#port security
Device4(config-if 1/2/3)#interface 1/2/4
Device4(config-if 1/2/4)#mstp edge-port
Device4(config-if 1/2/4)#port security
Device4(config-if 1/2/4)#exit
Page 67
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
3. Create VLAN V10, V20, and V30. Add the appropriate ports to each VLAN:
Device4(config)#vlan
Device4(config vlan)#create v10 10
Device4(config vlan)#create v20 20
Device4(config vlan)#create v30 30
Device4(config vlan)#config default
Device4(config-vlan default)#remove ports 1/1/1-1/2/2
Device4(config-vlan default)#config v10
Device4(config-vlan v10)#add ports 1/1/1 untagged
Device4(config-vlan v10)#add ports default 1/1/1
Device4(config-vlan v10)#add ports 1/2/1,1/2/2 tagged
Device4(config-vlan v10)#config v20
Device4(config-vlan v20)#add ports 1/2/3 untagged
Device4(config-vlan v20)#add ports default 1/2/3
Device4(config-vlan v20)#add ports 1/2/1,1/2/2 tagged
Device4(config-vlan v20)#config v30
Device4(config-vlan v30)#add ports 1/2/4 untagged
Device4(config-vlan v30)#add ports default 1/2/4
Device4(config-vlan v30)#add ports 1/2/1,1/2/2 tagged
Device4(config-vlan v30)#end
Configuring Device 5:
1. Enable MSTP, disable learning, and configure fast ring ports:
Device5#configure terminal
Device5(config)#protocol
Device5(cfg protocol)#mstp enable
Device5(cfg protocol)#mstp learn-mode none
Device5(cfg protocol)#mstp fast-ring ring-ports 1/2/1 1/2/2
2. Configure an edge port and enable port security on the client port:
Device5#configure terminal
Device5(config)#interface 1/1/1
Device5(config-if 1/1/1)#mstp edge-port
Device5(config-if 1/1/1)#port security
Device5(config-if 1/1/1)#interface 1/2/3
Device5(config-if 1/2/3)#mstp edge-port
Device5(config-if 1/2/33)#port security
Device5(config-if 1/2/3)#interface 1/2/4
Device5(config-if 1/2/4)#mstp edge-port
Device5(config-if 1/2/4)#port security
Device5(config-if 1/2/4)#exit
Page 68
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
3. Create VLAN V10, V20, and V30. Add the appropriate ports to each VLAN:
Device5(config)#vlan
Device5(config vlan)#create v10 10
Device5(config vlan)#create v20 20
Device5(config vlan)#create v30 30
Device5(config vlan)#config default
Device5(config-vlan default)#remove ports 1/1/1-1/2/2
Device5(config-vlan default)#config v10
Device5(config-vlan v10)#add ports 1/1/1 untagged
Device5(config-vlan v10)#add ports default 1/1/1
Device5(config-vlan v10)#add ports 1/2/1,1/2/2 tagged
Device5(config-vlan v10)#config v20
Device5(config-vlan v20)#add ports 1/2/3 untagged
Device5(config-vlan v20)#add ports default 1/2/3
Device5(config-vlan v20)#add ports 1/2/1,1/2/2 tagged
Device5(config-vlan v20)#config v30
Device5(config-vlan v30)#add ports 1/2/4 untagged
Device5(config-vlan v30)#add ports default 1/2/4
Device5(config-vlan v30)#add ports 1/2/1,1/2/2 tagged
Device5(config-vlan v30)#end
Page 69
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
T-Marc 300 Series User Guide
Supported Platforms
Feature T-Marc 340 T-Marc 380
Multiple Spanning Tree IEEE 802.1d-1998 Private MIBs: RFC 2863, Interfaces
Protocol (MSTP) IEEE 802.1t-2001 • prvt_mst.mib Group MIB
(configL2IfaceTable)
IEEE 802.1w-2001 • prvt_switch.mib
IEEE 802.1s-2002
Page 70
Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) (Rev. 04)
Configuring Access Control Lists (ACLs)
Table of Figures ······················································································ 3
Overview ······························································································· 4
Page 1
Configuring Access Control Lists (ACLs) (Rev. 09)
T-Marc 300 Series User Guide
Configuration Examples···········································································37
Configuring IP ACLs············································································37
Configuring MAC ACLs ········································································39
Creating ACLs per SAP ·········································································41
Configuring an ACG per Egress ·······························································42
Configuring Rate Limit with DSCP Mapping·················································42
Configuring Rate Limit with Priority Remarking ·············································44
Page 2
Configuring Access Control Lists (ACLs) (Rev 09)
T-Marc 300 Series User Guide
Table of Figures
Figure 1: Configuration Flow for ACL ························································· 9
Figure 2: MAC ACG over Port Configuration Example·····································23
Figure 3: Creating Standard and Extended IP ACLs ·········································37
Figure 4: Rate Limit over Port Configuration·················································39
Page 3
Configuring Access Control Lists (ACLs) (Rev 09)
T-Marc 300 Series User Guide
Overview
Access Control Lists (ACLs) are sets of numbered rules that process packets going through the
device and provide the ability to control network traffic. Using ACLs, system administrators can
filter packets that pass through a port by defining different criteria, in order to ensure the network's
security, Quality of Service (QoS), traffic control, and traffic rate-limitation.
These rules are processed in a sequential order, either permitting or denying the traffic, based on the
specified ACL conditions. The hardware tests the packets’ parameters against the ACLs and acts
upon the first condition matched.
The main advantages in using ACLs are:
• Security—by forwarding or dropping ingress traffic, ACLs aid administrators in managing
network security policies.
• Traffic Control—by enforcing redirection rules, administrators can manipulate network traffic
flow, thus reducing bottlenecks and congestions.
• Traffic Rate Limitation—using ACLs, administrators can control traffic rate per port, or SAP
port according to user defined criteria.
• Quality of Service (QoS)—administrators can assign packet-handling priority to data flow,
sorting the flow into eight priority queues, based on the ACL criteria. You can also use ACLs
to re-mark ToS/DSCP values.
ACL Types
There are three basic ACL types, in predefined range of numbers. Each type matches specific fields
in the packets:
• Standard IP ACLs (#1–99, or #1000–2999): match the packets’ source IP address.
• Extended IP ACLs (#100–199, or #10000–11999): match both the source and destination IP
addresses. In addition, these ACLs can also match protocol types and optional DSCP values
for finer granularity of control.
• Extended MAC ACLs (#400–499, or #40000–41999): match both the source and
destination MAC addresses. In addition, these ACLs can also match VPT, ToS, and other
Layer 2 header fields for finer granularity of control.
Page 4
Configuring Access Control Lists (ACLs) (Rev 09)
T-Marc 300 Series User Guide
Page 5
Configuring Access Control Lists (ACLs) (Rev 09)
T-Marc 300 Series User Guide
Traffic Remarking
ACLs allow users to impact QoS and its various aspects such as, bandwidth limitation, latency,
traffic prioritization, and drop precedence.
Users can also use ACLs to remark the ToS field values by defining a new ToS/DSCP value, and to
perform rate control and priority assignment per flow.
Page 6
Configuring Access Control Lists (ACLs) (Rev 09)
T-Marc 300 Series User Guide
Exceed Action
Once the packet is classified as exceeding a particular rate limit, the device:
• either drops the packet
• mark the packet with a yellow color and continue
Page 7
Configuring Access Control Lists (ACLs) (Rev 09)
T-Marc 300 Series User Guide
Page 8
Configuring Access Control Lists (ACLs) (Rev 09)
T-Marc 300 Series User Guide
End
Page 9
Configuring Access Control Lists (ACLs) (Rev 09)
T-Marc 300 Series User Guide
rate-limit single-rate Applies a single rate-limit (RFC 2697) on the ACG for the
specified port, LAG or SAP port (see Applying Rate
Limiting by ACGs)
rate-limit dual-rate Applies a dual rate-limit (RFC 2698) on the ACG for the
specified port, LAG or SAP port (see Applying Rate
Limiting by ACGs)
set vlan Changes the VLAN ID in the packet header (see Adding a
new VLAN Tag in Frames)
set txq Applies QoS on packets matching the ACG (see Applying
QoS Settings on an ACG)
set dscp Changes the DSCP field value of the packets on egress
interfaces (Changing the DSCP Value)
set vpt Changes the VPT field value of the packets on egress
interfaces (Changing the VPT Value)
apply Saves the ACG options and exits the ACG Configuration
mode (see Saving the ACG Configuration)
statistics Enables match statistics on a port, LAG or SAP port (see
Enabling Match Statistics)
Page 10
Configuring Access Control Lists (ACLs) (Rev 09)
T-Marc 300 Series User Guide
clear ip access-groups Clears the IP ACG statistics (see Clearing the IP ACG
statistics Statistics)
clear mac access-groups Clears the MAC ACG statistics (see Clearing the MAC
statistics ACG Statistics)
Page 11
Configuring Access Control Lists (ACLs) (Rev 09)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#access-list <acl-number> {deny | permit} SOURCE [SOURCE-
MASK] [fc FC-TYPE drop-level {green | yellow}]
device-name(config)#no access-list <acl-number>
Argument Description
acl-number The standard IP ACL number is in the range of <1-99>, or
<1000-2999>
{deny | permit} Specifies whether this is a permit or deny rule
SOURCE The packet’s source-address (network or host) specified as:
• IP address in dotted-decimal notation (A.B.C.D)
• the keyword any as an abbreviation for a source of 0.0.0.0 and
source-mask of 255.255.255.255
• the keyword host source as an abbreviation for a source of 0.0.0.0
and source-mask of 0.0.0.0
SOURCE-MASK (Optional) mask bits applied to source, specified as:
• dotted-decimal notation (A.B.C.D). Place one in the bit positions
you want to ignore
• CIDR notation (/M)
Page 12
Configuring Access Control Lists (ACLs) (Rev 09)
T-Marc 300 Series User Guide
fc FC-TYPE Specifies a forwarding class traffic (FC) that match the ACL
(only for egress ACL)
FC Type Description
Examples
1. The IP address 192.98.2.1 is permitted, subnet 192.98.0.0/16 except for this address is denied,
but the entire subnet 192.0.0.0/8 is permitted. All other traffic is denied:
device-name(config)#access-list 1 permit host 192.98.2.1
device-name(config)#access-list 1 deny 192.98.0.0/16
device-name(config)#access-list 1 permit 192.0.0.0/8
Page 13
Configuring Access Control Lists (ACLs) (Rev 09)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#access-list <acl-number> {deny | permit} {ip | icmp | igmp
| tcp | udp | <protocol-number>} SOURCE [SOURCE-MASK] DESTINATION
[DESTINATION-MASK] [dscp <dscp>] [fc FC-TYPE drop-level {green |
yellow}]
device-name(config)#no access-list <acl-number>
Argument Description
acl-number The extended IP ACL number in the range of <100-199>, or
<10000-11999>.
{deny | permit} Specifies whether this is a permit or deny rule
protocol-number Specifies the name or number of an IP protocol:
• Valid IP protocol names are: tcp, udp, ip, igmp, icmp
• Valid IP protocol numbers are integers in the range of <0–255>
representing an IP protocol number
(http://www.iana.org/assignments/protocol-numbers (RFC5237))
• To match any Internet protocol, use the keyword ip
• Some protocols allow further qualifiers, as described below
SOURCE The packet’s source-address (network or host) specified as:
• IP address in dotted-decimal notation (A.B.C.D)
• the keyword any as an abbreviation for a source of 0.0.0.0 and
source-mask of 255.255.255.255.
• the keyword host source as an abbreviation for a source of 0.0.0.0
and source-mask of 0.0.0.0.
SOURCE-MASK (Optional) mask bits applied to source, specified as:
• dotted-decimal notation (A.B.C.D). Place one in the bit positions you
want to ignore
• CIDR notation (/M)
Page 14
Configuring Access Control Lists (ACLs) (Rev 09)
T-Marc 300 Series User Guide
FC Type Description
Page 15
Configuring Access Control Lists (ACLs) (Rev 09)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#access-list <acl-number> {deny | permit} {SOURCE-MAC
SOURCE-MAC-MASK | host SOURCE-MAC | any} {DESTINATION-MAC DESTINATION-
MAC-MASK | host DESTINATION-MAC | any} {unicast | multicast | broadcast}
[vlan <vlan-id> <VLAN mask>] [vpt <priority>] [inner-vlan <vlan-id>
<VLAN mask>] [inner-vpt <priority>] [untagged] [ether-type <ether-type>]
[dscp <dscp>] [tos <tos>] [precedence <precedence>] [fc FC-TYPE drop-
level {green | yellow}]
Argument Description
acl-number The extended MAC ACL number in the range of <400-499>, or
<40000-41999>.
{deny | permit} Specifies whether this is a permit or deny rule
SOURCE-MAC The packet’s source MAC-address. Valid values are:
• HH:HH:HH:HH:HH:HH notation
• the keyword any representing all MAC addresses
• the keyword host representing an abbreviation for a source-
mask of 00:00:00:00:00:00
SOURCE-MAC-MASK The source MAC address mask in HH:HH:HH:HH:HH:HH notation.
Use 0 for meaningful bits (exact-match) and 1 for meaningless bits
(any).
Examples:
• permit 00:aa:bb:cc:dd:ee 00:00:00:00:00:00 equals
permit host 00:aa:bb:cc:dd:ee
• permit 00:aa:bb:cc:dd:ee FF:FF:FF:FF:FF:FF equals
permit any
• permit 00:aa:bb:cc:dd:ee 00:00:00:FF:FF:FF permits
the range <00:aa:bb:00:00:00–00:aa:bb:ff:ff:ff>
DESTINATION-MAC The destination MAC address the packet is sent to. Valid values are:
• HH:HH:HH:HH:HH:HH notation
• the keyword any representing all MAC addresses
• the keyword host representing as an abbreviation for a
destination-mask of 00:00:00:00:00:00
DESTINATION-MAC-MASK The destination MAC address mask in HH:HH:HH:HH:HH:HH
notation.
Use 0 for meaningful bits (exact-match), and 1 for meaningless bits
(any).
unicast (Optional) matches the unicast traffic
Page 16
Configuring Access Control Lists (ACLs) (Rev 09)
T-Marc 300 Series User Guide
vlan <vlan-id> (Optional) the VLAN ID in the outer VLAN tag header.
The valid range is <1–4092>.
VLAN mask (Optional) matches the VLAN mask in hexadecimal format, 1 to 3
hexadecimal digits, prefixed with "0x".
Use 0 for meaningful bits (exact-match) and 1 for meaningless bits
(any).
vpt <priority> (Optional) the VPT in the outer VLAN tag header.
The valid range is <0–7>.
inner-vlan <vlan-id> (Optional) matches the VLAN ID number in the inner VLAN tag
header. The valid range is <1-4092>.
inner-vpt <priority> (Optional) matches packets by the VPT in the VLAN inner tag
header.
The valid range is <0–7>.
untagged (Optional) matches untagged packets only.
If you do not specify the untagged option, all tagged and untagged
frames are matched.
ether-type <ether- (Optional) the EtherType filed in the Ethernet header of a packet.
type> The field is matched for non-IP and non-ARP traffic only.
Table 9 lists the valid EtherType known values.
dscp <dscp> (Optional) the DiffServ Code Point (DSCP) value from IP header of a
packet. The valid range is <0–63>.
tos <tos> (Optional) matches packets by the service level type, in the range of
<0–7> or by any of the valid literal ToS values listed below (see
Table 8).
precedence (Optional) matches packets by the precedence level, in the range of
<precedence> <0–7> or by any of the valid literal precedence values listed below
(see Table 7).
Page 17
Configuring Access Control Lists (ACLs) (Rev 09)
T-Marc 300 Series User Guide
fc FC-TYPE Specifies a forwarding class traffic (FC) that match the ACL
(only for egress ACL)
FC Type Description
drop-level Specifies the color of packets for which the following ACL takes
effect
green Match the traffic with the above FC value with color green.
yellow Match the traffic with the above FC value with color yellow.
no Removes the specified ACL
Critical precedence 5
critical
Flash precedence 3
flash
Flash override precedence 4
flash-override
Immediate precedence 2
immediate
Internetwork control precedence 6
internet
Network control precedence 7
network
Priority precedence 1
priority
Routine precedence 0
routine
Page 18
Configuring Access Control Lists (ACLs) (Rev 09)
T-Marc 300 Series User Guide
Examples
• Create extended MAC ACLs:
device-name(config)#access-list 404 permit host 00:00:0a:00:00:01 any
unicast
device-name(config)#access-list 405 permit host 00:00:09:00:00:01 any
unicast
device-name(config)#access-list 406 permit host 00:00:09:00:00:4e any
multicast
device-name(config)#access-list 407 permit host 00:00:0A:00:00:6e any
broadcast
• Here, any tagged traffic is denied. Only the untagged traffic that ingresses a port, with the
default VLAN 20, is accepted:
device-name(config)#access-list 433 permit any any vlan 20 0x000 untagged
Page 19
Configuring Access Control Lists (ACLs) (Rev 09)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#access-list <acl-number> remark REMARK
device-name(config)#no access-list <acl-number> [remark REMARK]
Argument Description
acl-number The number of an existing ACL.
Valid values are:
• <1–99> or <1000-2999>—the ID for the standard ACL
• <100–199> or <10000-11999>—the ID for the extended ACL
• <400–499> or <40000-41999>—the ID for the MAC extended ACL
REMARK A string of up to 40 characters
no Removes the remark.
CAUTION
Using the no form of the command without specifying a remark
removes the ACL.
Example
Add the remark test-acl to the ACL with number 401:
device-name(config)#access-list 401 remark test-acl
device-name(config)#access-list 401 permit host 00:a0:12:02:43:32 any
Page 20
Configuring Access Control Lists (ACLs) (Rev 09)
T-Marc 300 Series User Guide
Assigning an IP ACG
The ip access-group command assigns an IP ACG to a port, LAG or SAP port.
CLI Mode: Interface Configuration, LAG Interface Configuration and SAP Service
Configuration
Command Syntax
device-name(config-if UU/SS/PP)#ip access-group [in | out] <acl-number>
[option]
device-name(config-if UU/SS/PP acg ACL-NUMBER)#
device-name(config-if UU/SS/PP)#no ip access-group [in | out] <acl-number>
Argument Description
acl-number The number of an existing ACL. Valid values are:
• <1–99> or <1000-2999>—the ID for the standard ACL
• <100–199> or <10000-11999>—the ID for the extended ACL
in (Optional) applies the ACL on the ingress traffic. If no keyword is specified, the
ACL is applied only on incoming traffic.
out
(Optional) applies the ACL on the egress traffic.
option (Optional) defines an action applied on matching traffic and changes the CLI
mode to the specified ACG configuration mode
no Removes the specified IP ACG.
Example
device-name(config)#tls serv 2
device-name(config-tls serv)#sap 1/1/1 c-vlans 10 option
device-name(config-tls-sap 1/1/1:10:)ip access-group 100 option
device-name(config-tls-sap 1/1/1:10: acg 100)#
Page 21
Configuring Access Control Lists (ACLs) (Rev 09)
T-Marc 300 Series User Guide
CLI Mode: Interface Configuration, LAG Interface Configuration, and SAP Service
Configuration
Command Syntax
device-name(config-if UU/SS/PP)#mac access-group [in | out] <acl-number>
[option]
device-name(config-if UU/SS/PP acg ACL-NUMBER)#
device-name(config-if UU/SS/PP)#no mac access-group [in | out] <acl-number>
Argument Description
acl-number The number of an existing ACL. Valid values are in the range of <400–499>, or
<40000–41999>.
in (Optional) applies the ACL on the ingress traffic. If no keyword is specified, the
ACL is applied only on incoming traffic.
out (Optional) applies the ACL on the egress traffic.
option (Optional) defines an action applied on matching traffic and changes the CLI
mode to the specified ACG configuration mode
no Removes the specified MAC ACG
Page 22
Configuring Access Control Lists (ACLs) (Rev 09)
T-Marc 300 Series User Guide
Examples
In the following example:
1. Port 1/1/1 is connected to a group of users. ACL 400 permits access to the server only for
users with MAC addresses 00:00:5a:63:56:78 (PC1) and 00:00:54:67:f5:61 (PC2).
2. Port 1/1/2 is connected to a server.
device-name#configure terminal
device-name(config)#access-list 400 permit 00:00:5a:63:56:78
00:00:00:00:00:00 00:a0:cc:d6:b0:fa 00:00:00:00:00:00
device-name(config)#access-list 400 permit 00:00:54:67:f5:61
00:00:00:00:00:00 00:a0:cc:d6:b0:fa 00:00:00:00:00:00
device-name(config)#interface 1/1/1
device-name(config-if 1/1/1)#mac access-group 400 option
device-name(config-if 1/1/1 acg 400)#end
Page 23
Configuring Access Control Lists (ACLs) (Rev 09)
T-Marc 300 Series User Guide
NOTE
The real values for CIR, CBS, PIR, and PBS may be different than the configured
ones, due to granularity limitations. After configuring these values, a warning
message appears:
[Warning] Rate can be rounded to the next supported value!
NOTE
You cannot configure the dual-rate on uplink ports for the T-Marc 340.
Command Syntax
device-name(config-if UU/SS/PP acg ACL-NUMBER)#rate-limit single-rate <cir>
<cbs> [color-aware | [exceed-action mark-yellow] | [statistics]
device-name(config-if UU/SS/PP acg ACL-NUMBER)#rate-limit dual-rate <cir>
<cbs> <pir> <pbs> [statistics]
device-name(config-if UU/SS/PP acg ACL-NUMBER)#no rate-limit
Argument Description
single-rate The Single Rate Three Color Marker (RFC 2697).
dual-rate The Two Rate Three Color Marker (RFC 2698).
cir The CIR in K, M or G (in bps). The valid range is <64K–1G> with 64 kbps
granularity.
cbs The CBS in K, M or G (in bytes). The valid range is <4K–16384K>.
pir The PIR in K, M or G (in bytes). The valid range is <64K–1G> with 64 kbps
granularity.
Page 24
Configuring Access Control Lists (ACLs) (Rev 09)
T-Marc 300 Series User Guide
Example
• Configure the single rate limit:
device-name(config)#interface 1/1/1
device-name(config-if 1/1/1)#mac access-group 410 option
device-name(config-if 1/1/1 acg 410)#rate-limit single-rate 100k 128k
exceed-action mark-yellow
[Warning] Rate can be rounded to the next supported value!
device-name(config-if 1/1/1 acg 410)#apply
Page 25
Configuring Access Control Lists (ACLs) (Rev 09)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-if UU/SS/PP acg ACL-NUMBER)#set vlan {<vlan-id> | tls
<vlan-id>}
device-name(config-if UU/SS/PP acg ACL-NUMBER)#no set vlan [tls]
Argument Description
vlan-id The new VLAN ID in the range of <1–4094>.
tls The egress port treats the matching packets as untagged (like they are
received), regardless of whether packets are received tagged or not. If the
egress port is a tagged to VLAN port member, a new VLAN tag is added to the
packet based on the device VLAN ID assignment.
This parameter is optional for the no form of the command.
no Cancels this action for the configured ACG.
Example
Redirect traffic that matches ACL 410 on port 1/1/1 to VLAN ID 300:
device-name(config)#interface 1/1/1
device-name(config-if 1/1/1)#mac access-group 410 option
device-name(config-if 1/1/1 acg 410)#set vlan tls 300
Page 26
Configuring Access Control Lists (ACLs) (Rev 09)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-if UU/SS/PP acg ACL-NUMBER)#set txq <txq> drop-level
{green | yellow}
device-name(config-if UU/SS/PP acg ACL-NUMBER)#no set txq
Argument Description
txq Specifies to which txq matching traffic is mapped. The valid range is <0–7>
queues.
green The packet’s DP level is green.
yellow The packet’s DP level is yellow.
no Cancels this action for the configured ACG.
CLI Mode: Interface ACG Configuration, LAG Interface ACG Configuration, and SAP
Service ACG Configuration
Command Syntax
device-name(config-if UU/SS/PP acg ACL-NUMBER)#set dscp <0-63>
device-name(config-if UU/SS/PP acg ACL-NUMBER)#no set dscp
device-name(config-if AG0N acg ACL-NUMBER)#set dscp <0-63>
device-name(config-if AG0N acg ACL-NUMBER)#no set dscp
device-name(config-tls-sap UU/SS/PP:CVLAN-ID: acg ACL-NUMBER)#set dscp <0-63>
device-name(config-tls-sap UU/SS/PP:CVLAN-ID: acg ACL-NUMBER)#no set dscp
Argument Description
0-63 DSCP value, configured for the remarked traffic on egress interfaces.
no Cancels this action for the changing the DSCP value.
Page 27
Configuring Access Control Lists (ACLs) (Rev 09)
T-Marc 300 Series User Guide
CLI Mode: Interface ACG Configuration, LAG Interface ACG Configuration and SAP
Service ACG Configuration
Command Syntax
device-name(config-if UU/SS/PP acg ACL-NUMBER)#set vpt <0-7>
device-name(config-if UU/SS/PP acg ACL-NUMBER)#no set vpt
device-name(config-if AG0N acg ACL-NUMBER)#set vpt <0-7>
device-name(config-if AG0N acg ACL-NUMBER)#no set vpt
device-name(config-tls-sap UU/SS/PP:CVLAN-ID: acg ACL-NUMBER)#set vpt <0-7>
device-name(config-tls-sap UU/SS/PP:CVLAN-ID: acg ACL-NUMBER)#no set vpt
Argument Description
0-7 VPT value, configured for the remarked traffic on egress interfaces.
no Cancels this action for the changing the VPT value.
Examples:
• Egress remarking:
device-name(config)#access-list 400 permit any any fc h1 drop-level green
device-name(config-if 1/1/1)#mac access-group out 400 option
device-name(config-if 1/1/1 acg 400)#set dscp 4
device-name(config-if 1/1/1 acg 400)#apply
• The color aware ACLs cannot be applied as ingress ACG Otherwise a warning message is
displayed:
device-name(config)#access-list 400 permit any any fc h1 drop-level green
device-name(config-if 1/1/1)#mac access-group in 400 option
device-name(config-if 1/1/1 acg 400)#set dscp 4
device-name(config-if 1/1/1 acg 400)#apply
[Error]Color aware access list can not be applied on ingress.
• The VPT and DSCP options are mutually exclusive. Otherwise a warning message is displayed:
device-name(config)#access-list 111 permit ip any any fc ef drop-level
green
device-name(config)#interface 1/1/1
device-name(config-if 1/1/1)#ip access-group out 111 option
device-name(config-if 1/1/1 acg 111)#set vpt 4
device-name(config-if 1/1/1 acg 111)#set dscp 44
% only one remark type is allowed
Page 28
Configuring Access Control Lists (ACLs) (Rev 09)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-if UU/SS/PP acg ACL-NUMBER)#apply
device-name(config-if AG0N acg ACL-NUMBER)#apply
device-name(config-tls-sap UU/SS/PP:CVLAN-ID: acg ACL-NUMBER)#apply
Example
device-name(config-if 1/1/1 acg 410)#apply
device-name(config-if 1/1/1)#
Command Syntax
device-name(config-if UU/SS/PP acg ACL-NUMBER)#statistics
device-name(config-if UU/SS/PP acg ACL-NUMBER)#no statistics
Argument Description
no Disables collecting statistics on the ACG.
Page 29
Configuring Access Control Lists (ACLs) (Rev 09)
T-Marc 300 Series User Guide
Command Syntax
device-name#show ip access-lists [<acl-number>]
Argument Description
acl-number (Optional) the ACL number displayed.
Valid values are:
• <1–99> or <1000-2999>—the ID for the standard ACL
• <100–199> or <10000-11999>—the ID for the extended ACL
Examples
device-name(config)#access-list 1 permit host 192.98.2.1
device-name(config)#access-list 1 deny 192.98.0.0/16
device-name(config)#access-list 1 permit 192.0.0.0/8
device-name(config)#end
device-name#show ip access-lists
Standard IP access list 1
permit host 192.98.2.1
deny 192.98.0.0 0.0.255.255
permit 192.0.0.0 0.255.255.255
Command Syntax
device-name#show mac access-lists [<acl-number>]
Argument Description
acl-number (Optional) the ACL number displayed, in the range of <400–499>, or <40000–
41999> (extended MAC ACLs).
Page 30
Configuring Access Control Lists (ACLs) (Rev 09)
T-Marc 300 Series User Guide
Examples
device-name(config)#access-list 400 permit any host 00:00:0a:00:00:4e ether-
type 0x8080
device-name(config)#access-list 401 permit 00:00:0A:00:00:65
00:00:00:00:00:03 any broadcast
The ACL matches BROADCAST layer 2 traffic.
Page 31
Configuring Access Control Lists (ACLs) (Rev 09)
T-Marc 300 Series User Guide
Command Syntax
device-name#show ip access-groups [<acl-number>]
Argument Description
acl-number (Optional) the IP ACG number displayed.
Valid values are:
• <1–99> or <1000–2999>—the ID for the standard ACL
• <100–199> or <10000–11999>—the ID for the extended ACL
Examples
device-name(config-if 1/1/1)#ip access-group 100
device-name(config-if 1/1/1)#ip access-group 101
device-name(config-if 1/1/1)#interface 1/1/2
device-name(config-if 1/1/2)#ip access-group 2
device-name(config-if 1/1/2)#end
device-name#show ip access-groups
interface 1/1/1
ip access-group 100
ip access-group 101
interface 1/1/2
ip access-group 2
Page 32
Configuring Access Control Lists (ACLs) (Rev 09)
T-Marc 300 Series User Guide
Command Syntax
device-name#show ip access-groups <acl-number> statistics [interface UU/SS/PP
| sap UU/SS/PP c-vlan <vlan-id>]
Argument Description
acl-number (Optional) the IP ACG number displayed.
Valid values are:
• <1–99> or <1000–2999>—the ID for the standard ACL
• <100–199> or <10000–11999>—the ID for the extended ACL
interface UU/SS/PP (Optional) the specified port
sap UU/SS/PP (Optional) the specified SAP port
vlan-id The C-VLAN ID, in the valid range of <1–4094>
Examples
device-name(config-if 1/1/1)#ip access-group 100 option
device-name(config-if 1/1/1 acg 100)#statistics
device-name(config-if 1/1/1 acg 100)#apply
device-name(config-if 1/1/1)#end
device-name#show ip access-groups 100 statistics
Access List 100 statistics:
interface 1/1/1
Match Statistics:
Classified packets: 926359
device-name#configure terminal
device-name(config)#interface 1/1/2
device-name(config-if 1/1/2)#ip access-group 102 option
device-name(config-if 1/1/2 acg 102)#rate-limit single-rate 10M 128K
statistics
[Warning] Rate can be rounded to the next supported value!
device-name(config-if 1/1/2 acg 102)#apply
device-name(config-if 1/1/2)#end
device-name#show ip access-groups 102 statistics
Access List 102 statistics:
interface 1/1/2
Single rate limit:
Green bytes: 100500
Yellow bytes: NA
Drop bytes: 35080
Page 33
Configuring Access Control Lists (ACLs) (Rev 09)
T-Marc 300 Series User Guide
Command Syntax
device-name#show mac access-groups [<acl-number>]
Argument Description
acl-number (Optional) the MAC ACG number displayed, in the range of <400–499> or
<40000–41999>.
Example
device-name#show mac access-groups
interface 1/1/1
mac access-group 400 option
set vlan 4094
mac access-group 401 option
set txq 7 drop-level green
Command Syntax
device-name#show mac access-groups <acl-number> statistics [interface UU/SS/PP
| sap UU/SS/PP c-vlan <vlan-id>]
Argument Description
acl-number The MAC ACG number displayed, in the range of <400–499> or
<40000–41999>.
interface UU/SS/PP (Optional) the specified port
sap UU/SS/PP (Optional) the specified SAP port
vlan-id The C-VLAN ID, in the valid range of <1–4094>
Page 34
Configuring Access Control Lists (ACLs) (Rev 09)
T-Marc 300 Series User Guide
Example
device-name(config-if 1/1/1)#mac access-group 402 option
device-name(config-if 1/1/1 acg 402)#rate-limit single-rate 10M 128K
statistics
[Warning] Rate can be rounded to the next supported value!
device-name(config-if 1/1/1 acg 402)#apply
device-name(config-if 1/1/1)#end
device-name#show mac access-groups 402 statistics
Access List 402 statistics:
interface 1/1/1
Single rate limit:
Green bytes: 100500
Yellow bytes: NA
Drop bytes: 35080
Command Syntax
device-name#clear ip access-groups <acl-number> statistics [interface UU/SS/PP
| sap UU/SS/PP c-vlan <vlan-id>]
Argument Description
acl-number (Optional) the IP ACG number cleared.
Valid values are:
• <1–99> or <1000–2999>—the ID for the standard ACL
• <100–199> or <10000–11999>—the ID for the extended ACL
interface UU/SS/PP (Optional) the specified port
sap UU/SS/PP (Optional) the specified SAP port
vlan-id The C-VLAN ID, in the valid range of <1–4094>
Page 35
Configuring Access Control Lists (ACLs) (Rev 09)
T-Marc 300 Series User Guide
Command Syntax
device-name#clear mac access-groups <acl-number> statistics [interface
UU/SS/PP | sap UU/SS/PP c-vlan <vlan-id>]
Argument Description
acl-number The MAC ACG number cleared, in the range of <400–499>, or
<40000–41999>.
interface UU/SS/PP (Optional) the specified port
sap UU/SS/PP (Optional) the specified SAP port
vlan-id The C-VLAN ID, in the valid range of <1–4094>
Page 36
Configuring Access Control Lists (ACLs) (Rev 09)
T-Marc 300 Series User Guide
Configuration Examples
Configuring IP ACLs
In the example below:
• the inbound and outbound traffic for PC 1 is limited to 3 Mbps for each direction
• the inbound and outbound traffic for PC 2 is limited to 1 Mbps for each direction
• the rest of the traffic that passes through the device is not controlled
Page 37
Configuring Access Control Lists (ACLs) (Rev 09)
T-Marc 300 Series User Guide
6. Define the rate limit on the server port: 3M to PC1 and 1M to PC2, and no rate limit to the
rest of the traffic on this port:
device-name(config)#interface 1/1/1
device-name(config-if 1/1/1)#ip access-group 101 option
device-name(config-if 1/1/1 acg 101)#rate-limit single-rate 3m 256k
[Warning] Rate can be rounded to the next supported value!
device-name(config-if 1/1/1 acg 101)#exit
device-name(config-if 1/1/1)#ip access-group 103 option
device-name(config-if 1/1/1 acg 103)#rate-limit single-rate 1m 256k
[Warning] Rate can be rounded to the next supported value!
device-name(config-if 1/1/1 acg 103)#exit
device-name(config-if 1/1/1)#ip access-group 1
7. Define the rate limit of 3M on PC1 connection to the server, and no rate limit to the rest of
the traffic on the port:
device-name(config-if 1/1/1)#interface 1/2/1
device-name(config-if 1/2/1)#ip access-group 100 option
device-name(config-if 1/2/1 acg 100)#rate-limit single-rate 3m 256k
[Warning] Rate can be rounded to the next supported value!
device-name(config-if 1/2/1 acg 100)#exit
device-name(config-if 1/2/1)#ip access-group 1
8. Define the rate limit of 1M on PC2 connection to the server, and no rate limit to the rest of
the traffic on the port:
device-name(config-if 1/2/1)#interface 1/2/2
device-name(config-if 1/2/2)#ip access-group 102 option
device-name(config-if 1/2/2 acg 102)#rate-limit single-rate 1m 256k
[Warning] Rate can be rounded to the next supported value!
device-name(config-if 1/2/2 acg 102)#exit
device-name(config-if 1/2/2)#ip access-group 1
device-name(config-if 1/2/2)#end
Page 38
Configuring Access Control Lists (ACLs) (Rev 09)
T-Marc 300 Series User Guide
3. Define an ACL for the traffic from the server to PC1 and PC2:
device-name(config)#access-list 403 permit any 00:00:05:00:00:14
00:00:00:00:00:00
Page 39
Configuring Access Control Lists (ACLs) (Rev 09)
T-Marc 300 Series User Guide
4. Define the rate limit on the server port, 10M, and no rate limit to the rest of the traffic on this
port:
device-name(config)#interface 1/1/1
device-name(config-if 1/1/1)#mac access-group 403 option
device-name(config-if 1/1/1 acg 403)#rate-limit single-rate 10m 256k
[Warning] Rate can be rounded to the next supported value!
device-name(config-if 1/1/1 acg 403)#exit
5. Define the rate limit of 3M on PC1 connection to the server, and no rate limit to the rest of
the traffic on the port:
device-name(config-if 1/1/1)#interface 1/2/1
device-name(config-if 1/2/1)#mac access-group 401 option
device-name(config-if 1/2/1 acg 401)#rate-limit single-rate 3m 256k
[Warning] Rate can be rounded to the next supported value!
device-name(config-if 1/2/1 acg 401)#exit
6. Define the rate limit of 1M on PC2 connection to the server, and no rate limit to the rest of
the traffic on the port:
device-name(config-if 1/2/1)#interface 1/2/2
device-name(config-if 1/2/2)#mac access-group 402 option
device-name(config-if 1/2/2 acg 402)#rate-limit single-rate 1m 256k
[Warning] Rate can be rounded to the next supported value!
device-name(config-if 1/2/2 acg 402)#end
Page 40
Configuring Access Control Lists (ACLs) (Rev 09)
T-Marc 300 Series User Guide
1. Create the VLAN v20 with ID 20 and add to it the 1/1/2 port (SDP port) as tagged and
1/1/1 port (SAP port) as untagged:
device-name#configure terminal
device-name(config)#vlan
device-name(config vlan)#create v20 20
device-name(config vlan)#config v20
device-name(config-vlan v20)#add ports 1/1/1 untagged
device-name(config-vlan v20)#add ports 1/1/2 tagged
device-name(config-vlan v20)#add ports default 1/1/1,1/1/2
device-name(config-vlan v20)#end
4. Apply the MAC ACL 410 per SAP port with a rate-limit:
device-name(config-tls serv)#sap 1/1/1 c-vlan 11 option
device-name(config-tls-sap 1/1/1:11:)#mac access-group 410 option
device-name(config-tls-sap 1/1/1:11: acg 410)#rate-limit single-rate 3m 1m
statistics
[Warning] Rate can be rounded to the next supported value!
device-name(config-tls-sap 1/1/1:11: acg 410)#statistics
device-name(config-tls-sap 1/1/1:11: acg 410)#apply
device-name(config-tls-sap 1/1/1:11:)#
5. Apply the MAC ACL 411 per SAP port with a rate-limit:
device-name(config-tls serv)#sap 1/1/1 c-vlan 11 option
device-name(config-tls-sap 1/1/1:11:)#mac access-group 411 option
device-name(config-tls-sap 1/1/1:11: acg 411)#rate-limit single-rate 3m 1m
statistics
[Warning] Rate can be rounded to the next supported value!
device-name(config-tls-sap 1/1/1:11: acg 411)#statistics
device-name(config-tls-sap 1/1/1:11: acg 411)#apply
device-name(config-tls-sap 1/1/1:11:)#
Page 41
Configuring Access Control Lists (ACLs) (Rev 09)
T-Marc 300 Series User Guide
Page 42
Configuring Access Control Lists (ACLs) (Rev 09)
T-Marc 300 Series User Guide
Page 43
Configuring Access Control Lists (ACLs) (Rev 09)
T-Marc 300 Series User Guide
+-----------+--------+-------------+
| 3 | be | green |
+-----------+--------+-------------+
| 4 | be | green |
+-----------+--------+-------------+
| 5 | be | green |
+-----------+--------+-------------+
| 6 | be | green |
+-----------+--------+-------------+
| 7 | be | green |
+-----------+--------+-------------+
| 8 | l2 | green |
+-----------+--------+-------------+
| 9 | l2 | green |
+-----------+--------+-------------++-
…
+-----------+--------+-------------+
| 61 | nc | green |
+-----------+--------+-------------+
| 62 | nc | green |
+-----------+--------+-------------+
| 63 | nc | green |
+-----------+--------+-------------+
Page 44
Configuring Access Control Lists (ACLs) (Rev 09)
T-Marc 300 Series User Guide
Page 45
Configuring Access Control Lists (ACLs) (Rev 09)
T-Marc 300 Series User Guide
Supported Platforms
Feature T-Marc 340 T-Marc 380
Access Control Lists No standards are Private MIB, RFC 2697, A Single
(ACLs) supported by this prvt_switch_access_list.mib Rate Three Color
feature. Marker
RFC 2698, A Two
Rate Three Color
Marker
Page 46
Configuring Access Control Lists (ACLs) (Rev 09)
DHCP Snooping
Table of Contents
Table of Figures ······················································································ 3
Page 1
Dhcp Snooping (Rev. 01)
T-Marc 300 Series User Guide
Page 2
Dhcp Snooping (Rev. 01)
T-Marc 300 Series User Guide
Table of Figures
Figure 1: DHCP Snooping in Action ··························································· 4
Figure 2: DHCP Snooping Configuration Example··········································21
Page 3
Dhcp Snooping (Rev. 01)
T-Marc 300 Series User Guide
DHCP Snooping
Overview
DHCP Snooping provides network security by filtering untrusted DHCP messages, (received from
outside the network and causing traffic attacks), and by building and maintaining a DHCP-
snooping binding table (see Enabling/Disabling the DHCP-Snooping Binding Table).
DHCP Snooping works with information from a DHCP server to:
• Track the physical location of hosts (DHCP clients)
• Ensure that hosts only use the IP addresses assigned to them
• Ensure that only authorized DHCP servers are accessible
DHCP Snooping acts like a firewall between untrusted hosts (DHCP clients) and DHCP servers.
Page 4
Dhcp Snooping (Rev. 01)
T-Marc 300 Series User Guide
Page 5
Dhcp Snooping (Rev. 01)
T-Marc 300 Series User Guide
Page 6
Dhcp Snooping (Rev. 01)
T-Marc 300 Series User Guide
NOTE
For DHCP Snooping to function properly, all DHCP servers must be connected to
the device through trusted interfaces.
Command Syntax
device-name(config)#ip dhcp snooping {enable | disable}
Argument Description
enable Enables DHCP Snooping
disable Disables DCHP Snooping
Disabled
Command Syntax
device-name(config)#ip dhcp snooping interface-mode interface {PORT-LIST |
PORT-AG-LIST} [vlan VLAN-LIST]
device-name(config)#no ip dhcp snooping interface-mode interface {PORT-LIST |
PORT-AG-LIST} [vlan VLAN-LIST]
Argument Description
PORT-LIST List of ports. Use commas as separators and hyphens to indicate sub-
ranges (for example: 1/2/1–1/2/8, 1/1/2)
PORT-AG-LIST LAG names’ list (for example, ag01, ag04–ag07), in the range of <1–7>
Page 7
Dhcp Snooping (Rev. 01)
T-Marc 300 Series User Guide
VLAN-LIST (Optional) a list of VLAN IDs to which the ports belong, in the following
format:
• A hyphenated range of VLANs (for example: 8–32)
• Several VLAN numbers and/or ranges, separated by commas (for
example: 2,4,8–32)
no Restores to default
Command Syntax
device-name(config)#ip dhcp snooping interface {PORT-LIST | PORT-AG-LIST}
{trusted | untrusted}
device-name(config-if UU/SS/PP)#ip dhcp snooping interface {trusted |
untrusted}
Argument Description
PORT-LIST List of ports. Use commas as separators and hyphens to indicate sub-
ranges (for example: 1/2/1–1/2/8, 1/1/2)
PORT-AG-LIST LAG names’ list (for example, ag01, ag04–ag07), in the range of <1–7>
trusted Enables DHCP Snooping on trusted port(s). Trusted ports receive only
packets from within the network, the outside-coming packets are simply
forwarded.
The trusted ports are used to reach a DHCP server or relay agent, and
DHCP information from them is not logged in the DHCP-snooping
binding table.
untrusted Enables DHCP Snooping on untrusted port(s). Untrusted ports receive
messages from outside the network.
Untrusted
Page 8
Dhcp Snooping (Rev. 01)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#ip dhcp snooping force-broadcast-request
device-name(config)#no ip dhcp snooping force-broadcast-request
Argument Description
no Disables the force-broadcast-request option
Command Syntax
device-name(config)#ip dhcp snooping binding-table {enable | disable}
Argument Description
enable Enables the DHCP-snooping binding table.
disable Disables the DHCP-snooping binding table
Disabled
Page 9
Dhcp Snooping (Rev. 01)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#ip dhcp snooping binding A.B.C.D HH:HH:HH:HH:HH:HH vlan
<vlan-id> interface UU/SS/PP
device-name(config)#no ip dhcp snooping binding A.B.C.D HH:HH:HH:HH:HH:HH
vlan <vlan-id> interface UU/SS/PP
Argument Description
A.B.C.D The binding entry’s IP address
HH:HH:HH:HH:HH:HH The binding entry’s MAC address
vlan <vlan-id> The VLAN to which the port belongs, in the range of <1–4094>
UU/SS/PP An untrusted port for which to add/delete a binding entry
no Deletes entries from the binding table
Command Syntax
device-name(config)#ip dhcp snooping binding-table max-entries <binding-
entries>
Argument Description
binding-entries The maximum number of the table entries, in the range of <100–10000>
Page 10
Dhcp Snooping (Rev. 01)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#ip dhcp snooping binding-table tftp A.B.C.D file name
FILE-NAME write-delay <time period>
device-name(config)#no ip dhcp snooping binding-table tftp
Argument Description
A.B.C.D The TFTP server’s IP address
FILE-NAME The name of the copied file
write-delay The time at which the file is uploaded to the TFTP server, in the range of
<time period> <60–86400> seconds
300 seconds
no Disables the coping
Command Syntax
device-name(config)#ip dhcp snooping binding-table upload tftp A.B.C.D
filename FILE-NAME
Argument Description
A.B.C.D The TFTP server’s IP address
FILE-NAME The name of the copied file
Page 11
Dhcp Snooping (Rev. 01)
T-Marc 300 Series User Guide
NOTE
When the DHCP client’s IP address is statically changed, the combination of Port
Security and Dynamic ARP Inspection features ensure blocking of the Layer-3 traffic
on untrusted ports of the DHCP-snooping-enabled device.
Command Syntax
device-name(config)#ip dhcp snooping port-security interface PORT-LIST [vlan-
id <vlan-id>]
device-name(config)#no ip dhcp snooping port-security interface PORT-LIST
[vlan-id <vlan-id>]
Argument Description
PORT-LIST List of ports. Use commas as separators and hyphens to indicate sub-ranges
(for example: 1/2/1–1/2/8, 1/1/2).
vlan-id (Optional) defines a VLAN ID in the range of <1–4094> to which the ports
<vlan-id> belong.
no Restores to default
Disabled
Command Syntax
device-name(config)#ip dhcp snooping match-mac {enable | disable}
Page 12
Dhcp Snooping (Rev. 01)
T-Marc 300 Series User Guide
Argument Description
enable Enables the MAC address match-option: the source MAC address in the
Ethernet header is compared to the chaddr field in the DHCP payload (within
the DHCP packet):
• If the address does not match the chaddr field, the DHCP packet is
dropped
• If the address matches the chaddr field, the device—on which DHCP
Snooping is enabled—forwards the packet
This comparison procedure is not performed for trusted ports.
disable Disables the MAC address match-option
Disabled
NOTE
Configure Option-82 on all devices in the ring topology.
Each device must have a unique Option-82 value. The unique Option-82 value
can be a remote-ID (MAC), a unique TAG, or a unique circuit-id.
In the ring topology, when the DHCP-snooping chain mode is enabled, all
Option-82-enabled devices and the DHCP servers must be in the same subnet.
Command Syntax
device-name(config)#[no] ip dhcp snooping information option chain-mode
Argument Description
no Disables the chain mode
Page 13
Dhcp Snooping (Rev. 01)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#ip dhcp snooping information option circuit-id WORD port
UU/SS/PP vlan-id <vlan-id>
device-name(config)#no ip dhcp snooping information option circuit-id port
UU/SS/PP vlan-id <vlan-id>
Argument Description
WORD Circuit-ID, a text string of 256 characters. The circuit-ID string cannot be
configured to 8, 15, 18, or 20 characters. Otherwise, a warning message
appears:
[Warning] The specified circuit ID might not work properly
if combined with other configured information options.
More than one circuit-ID can be defined per port. If a port is a member of
several VLANs, only one circuit-id can be defined for a port-VLAN
combination.
UU/SS/PP The related port
vlan-id VLAN ID, in the range of <1–4094>
no Removes the defined circuit-ID: the information contained in the Option-82
field is used to define the packet retransmit path
Command Syntax
device-name(config-if UU/SS/PP)#[no] ip dhcp snooping information option
Argument Description
no Disables the Option-82
Disabled
Page 14
Dhcp Snooping (Rev. 01)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-if UU/SS/PP)#ip dhcp snooping information option format
binary [remote-id]
device-name(config-if UU/SS/PP)#no ip dhcp snooping information option format
binary
Argument Description
remote-id (Optional) inserts the MAC address of the relay agent at the end of the Option-
82 field
no Restores to default
ASCII format
NOTE
To fill in the giaddr field using the ip dhcp snooping set-relay-agent-address
command in chain mode, first execute the ip dhcp snooping information
option chain-mode set-relay-agent-address command.
Command Syntax
device-name(config)#ip dhcp snooping set-relay-agent-address
device-name(config)#ip dhcp snooping information option chain-mode set-relay-
agent-address
Page 15
Dhcp Snooping (Rev. 01)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-if UU/SS/PP)#ip dhcp snooping information option tag <1-
65535>
device-name(config-if UU/SS/PP)#no ip dhcp snooping information option tag
Argument Description
tag <1-65535> Option-82 tag value, in the range of <1–65535>
no Removes the Option-82 tag
Command Syntax
device-name#clear ip dhcp snooping binding-table [static | learned | all]
Argument Description
static (Optional) only static entries are cleared.
learned (Optional) only dynamically learned entries are cleared.
all (Optional) all entries are cleared.
Page 16
Dhcp Snooping (Rev. 01)
T-Marc 300 Series User Guide
Command Syntax
device-name#clear ip dhcp snooping binding-table ip A.B.C.D vlan <vlan-id>
device-name#clear ip dhcp snooping binding-table mac HH:HH:HH:HH:HH:HH vlan
<vlan-id>
Argument Description
A.B.C.D The DHCP client’s IP address
HH:HH:HH:HH:HH:HH The DHCP client’s MAC address
vlan <vlan-id> The VLAN ID, in the range of <1–4094>
Command Syntax
device-name#show ip dhcp snooping binding {interface UU/SS/PP | vlan <vlan-
id>}
Argument Description
UU/SS/PP Displays table entries for the selected untrusted port
vlan <vlan-id> Displays table entries for the selected VLAN ID, in the range of <1–
4094>
Page 17
Dhcp Snooping (Rev. 01)
T-Marc 300 Series User Guide
Example
Display the DHCP-snooping binding entries for a specified VLAN:
device-name#show ip dhcp snooping binding vlan 1
Flags : V - valid, P - perm. lease, I - incomplete, L - learned, S - static
+-----------------+------+-------------------+-----------+---------+----------+
| IP address | VLAN | MAC address | Interface | Flags | Lease |
+-----------------+------+-------------------+-----------+---------+----------+
| 1.1.1.2| 1| 00:FF:00:00:00:01 | 1/1/2| V L | 43187|
| 1.1.1.3| 1| 00:FF:00:00:00:02 | 1/1/2| V L | 43199|
| 1.1.1.1| 1| 00:FF:00:00:00:00 | 1/1/2| V L | 43175|
+-----------------+------+-------------------+-----------+---------+----------+
Command Syntax
device-name#show ip dhcp snooping configuration
Example
device-name#show ip dhcp snooping configuration
=====================================================================
| DHCP SNOOPING - CONFIGURATION SUMMARY |
=====================================================================
DHCP Snooping module current state : ENABLE
Current Mode : RING MODE
Match MAC address : DISABLE
DHCP Snooping Database Use : ENABLE
DHCP Snooping Database Max Entries Value : 10000
TFTP Server IP address : 192.168.0.34
Page 18
Dhcp Snooping (Rev. 01)
T-Marc 300 Series User Guide
===========================================================
| DHCP Snooping Vlans - Interface mode |
===========================================================
VLAN ID | 1
===========================================================
| DHCP Snooping Aggregations - Interface mode |
===========================================================
AGGREGATION TRUSTED
AGGREGATION UNTRUSTED AG01
=====================================================================
| DHCP Snooping Option 82 Configuration |
| Interface | Option Format | Tag | Option Policy |
=====================================================================
Command Syntax
device-name#show ip dhcp snooping interface {UU/SS/PP | aggregations | all}
Argument Description
UU/SS/PP Displays information for a specific port
aggregations Displays information for all trusted and untrusted LAGs
all Displays information for all trusted and untrusted ports
Example
device-name#show ip dhcp snooping interface 1/1/1
| 1/1/1 | TRUSTED
Page 19
Dhcp Snooping (Rev. 01)
T-Marc 300 Series User Guide
Command Syntax
device-name#show ip dhcp snooping option82
Example
device-name#show ip dhcp snooping option82
ON PORT: 1/1/2
FORMAT: ASCII
TAG: 1
POLICY: DROP
Command Syntax
device-name#show ip dhcp snooping set-relay-agent-address
Example
device-name#show ip dhcp snooping set-relay-agent-address
set-relay-agent-address is enabled
Page 20
Dhcp Snooping (Rev. 01)
T-Marc 300 Series User Guide
Configuration Example
The following example is based on Figure 2 and shows how to configure DHCP Snooping on the
devices.
Configuring Device A:
1. Enter the VLAN Configuration mode and select the default VLAN:
DeviceA(config)#vlan
DeviceA(config vlan)#config default
3. Configure a VLAN named V9 with VLAN ID 9 and add to it a port list 1/2/1―1/2/8 as
untagged:
DeviceA(config vlan)#create v9 9
DeviceA(config vlan)#config v9
DeviceA(config-vlan v9)#add ports 1/2/1―1/2/8 untagged
DeviceA(config-vlan v9)#add ports default 1/2/1―1/2/8
DeviceA(config-vlan v9)#exit
DeviceA(config-vlan)#exit
Page 21
Dhcp Snooping (Rev. 01)
T-Marc 300 Series User Guide
Page 22
Dhcp Snooping (Rev. 01)
T-Marc 300 Series User Guide
===========================================================
| DHCP Snooping Vlans - Interface mode |
===========================================================
VLAN ID | 9
===========================================================
| DHCP Snooping Aggregations - Interface mode |
===========================================================
AGGREGATION TRUSTED
AGGREGATION UNTRUSTED AG01
=====================================================================
| DHCP Snooping Option 82 Configuration |
| Interface | Option Format | Tag | Option Policy |
=====================================================================
ip dhcp snooping information option not set
Page 23
Dhcp Snooping (Rev. 01)
T-Marc 300 Series User Guide
Page 24
Dhcp Snooping (Rev. 01)
Configuring Quality of Service (QoS)
Table of Figures ······················································································ 4
Overview ······························································································· 5
Implementation ··················································································· 5
Traffic Analysis ··················································································· 5
Page 1
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
Page 2
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
Configuration Examples···········································································55
Mapping Priority ·················································································55
Configuring the DSCP-to-FC Mapping ·······················································56
Configuring the Traffic Shaping Per-port ·····················································57
Configuring QoS Service Policy ································································58
Page 3
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
Table of Figures
Figure 1: Basic QoS Architecture ······························································· 7
Figure 2: 802.1p Priority Header Fields························································· 9
Figure 3: Type of Service (ToS) Header Fields ················································ 9
Figure 4: Strict Priority Queuing ·······························································11
Figure 5: Weighted Round Robin Queuing ···················································12
Figure 6: QoS Configuration Flow·····························································17
Page 4
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
Overview
QoS refers to the mechanisms used for controlling and reserving network resources in order to
provide different priority to specific applications/data flows and to guarantee their level of
performance. This preferential treatment might be at the expense of other traffic flows.
Implementing QoS in a network makes its performance more predictable and bandwidth utilization
more effective.
QoS policies have little effect during periods of light traffic since packets are transmitted as soon as
they arrive. They are effective at times of congestion, when a port cannot transmit all packets
simultaneously and there is a need for defining the order in which the queued packets are
transmitted.
Implementation
The typical QoS model is based on the following:
• At the network edge (ingress), the packet is assigned to a QoS service. The service is assigned
based on the packet header information (if the packet is trusted) or on the ingress port
configuration (in cases where the packet is untrusted).
• The QoS service defines the packet internal QoS handling (Class of Service—CoS and drop
precedence—Color) and optionally the packet external QoS marking, through either the
802.1p User Priority and/or the IP header DSCP field.
• Subsequent devices within the network core provide consistent QoS treatment to traffic, based
on the packet 802.1p or DSCP marking. As a result, an end-to-end QoS solution is provided.
• A device may modify the assigned CoS if a packet stream exceeds the configured profile. In
this case, the packet may be dropped or reassigned to a lower CoS.
The device incorporates the required QoS features to implement network-edge as well as network-
core devices:
• The device provides flexible mechanisms to classify packets into as many as 128 different
services.
• Up to 256 Traffic Policers may be used to control the maximum rate of specific traffic flows,
each of them can be bound to a flow or a flow aggregate.
• The packet header may have its User Priority and/or DSCP set to reflect the CoS assignment.
• Service application mechanism is based on eight egress priority queues per port (including the
CPU port), on which congestion-avoidance and congestion-resolution policies are applied.
Traffic Analysis
To effectively configure QoS, analyze the types of traffic using the port and determine their relative
bandwidth demands. Also evaluate the supported applications’ sensitivity to:
• Delay/latency—the time a packet takes before it reaches its destination.
Page 5
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
• Jitter—the variation of delay/latency that can seriously affect the quality of streaming audio
and/or video.
• Packet loss—the routers may fail to deliver some packets if they arrive when their buffers are
already full. Some, none, or all of the packets may be dropped, depending on the state of the
network. The receiving application might ask for this information to be retransmitted, possibly
causing severe delays in the overall transmission.
The below table details general guidelines for classifying traffic types:
Table 1: Traffic Types
Traffic Type Description
Voice Demands small amounts of bandwidth. However, the bandwidth must be
constant and predictable because voice applications are sensitive to latency
(inter-packet delay) and jitter.
Video Similar to voice application but requires larger bandwidth, depending on the
encoding.
Some applications can transmit large amounts of data for multiple streams in
one spike or burst, causing the device to buffer significant amounts of sent
video-stream data. This might cause difficulties at the network infrastructure
level, since it must be able to buffer the transmitted spikes when they occur
especially where there are line rate differences (for example, going from
Gigabit Ethernet to Fast Ethernet).
Database Does not demand significant bandwidth and is tolerant to delay. Therefore it
requires minimum bandwidth and can be set to use lower priority than the
more delay-sensitive applications.
Web browsing Cannot be generalized into a single category. You can distinguish casual and
application-oriented traffic from each other by their server source and
destinations.
Most browser-based applications have an asymmetric dataflow (small
dataflow from the client’s browser and large dataflow from the server to the
client). An exception to this pattern might be created by some Java-based
applications.
Web-based applications are generally tolerant of latency, jitter, and some
packet loss. However even a small amount of packet-loss m might have a
large impact on perceived performance, due to the nature of TCP.
File server Has the greatest demand on bandwidth, although it is tolerant to latency,
jitter, and some packet loss, depending on the network operating system and
the use of TCP or UDP.
Page 6
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
(Ingress) QoS Initial QoS initial marking associates every packet classified as data with a
Marking set of QoS attributes that determine the QoS processing by
subsequent stages. The sequence of the markers is important and is
as shown in the above figure.
(Ingress) Traffic Policing If enabled on a policy-based traffic flow, and if the packet is
and QoS Remarking classified as data, the policer meters the given flow according to a
configurable rate profile and classifies packets as either in-profile or
out-of-profile. Out-of-profile packets may be discarded or have their
QoS attributes remarked.
(Egress) QoS QoS enforcement utilizes eight egress queue-priorities per port.
Enforcement Congestion avoidance and congestion resolution techniques are
used to provide the required service.
(Egress) QoS Initial QoS initial marking associates every packet with a set of QoS
Marking attributes that determine QoS processing by subsequent stages.
Potentially, all types of packets—data, control, and mirrored to
analyzer port—are subject to egress QoS initial marking.
(Egress) Setting the The packet header 802.1p User Priority and/or IP-DSCP is defined
Packet Header’s QoS or modified.
Fields
Page 7
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
QoS Profile
The device supports up to 128 QoS Profiles (for default profile values, refer to Table 4).
Every packet classified as data has assigned the QoS attribute <QoS Profile index> that is used by
the egress pipeline to apply the QoS service.
The QoS Profile index is used as a direct index, ranging from 0 to 127, into the global QoS Profile
table.
Each entry in the QoS Profile table contains the set of attributes:
• TC—Traffic class queue assigned to the packet.
• DP—Drop precedence assigned to the packet.
• UP—If the packet QoS attribute <Modify UP> is set and the packet is received untagged, this
field is the value used in the packet 802.1p User Priority field and packet is transmitted tagged.
If receive the packet tagged, the existing User Priority is modified with this value.
• DSCP—If setting the packet QoS attribute <Modify DSCP>, and the packet is IPv4 or IPv6,
this field is the value used to modify the packet IP-DSCP field.
• QoS profiles 0–15 are used for all types of services. Indexes 0–15 are referred to as traffic
classes, where indexes 0–7 are duplicated to indexes 8–15 with DP being set to Yellow.
Page 8
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
The device examines the 802.1p priority of ingressing packets. Based on this priority, it maps the
packets to various hardware queues of egress ports.
NOTE
The device does not change the VPT of switched packets with an 802.1Q tag,
assuming that the sender of the packet has already determined the VPT.
You can define the VPT of packets received without a tag using the map priority
command.
Page 9
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
BiNOS can use ToS values for sorting packets into QoS queues. Individual ToS values, or ranges
of values, are mapped to 802.1p priority values. Based on 802.1p priority, the packets are sorted
into QoS queues.
When a packet arrives at the device on an ingress port, the device examines the first six of eight
ToS bits, called the code point. The device can assign the QoS priority to subsequently transmit the
packet based on the code point. The QoS priority controls a hardware queue used when
transmitting the packet out of the device, and determines the forwarding characteristics of a
particular code point. Each hardware queue represents a specific Class of Service (CoS). The Class
of Service is the priority level afforded each packet.
You can use one of the following traffic classes: be (Best-Effort), 12 (Low-2), af (Assured), 11
(Low-1), h2 (High-2), ef (Expedited), h1 (High-1), nc (Network Control).
To map the DSCP values to traffic classes you can use ACL. For more information using ACL for
implementing QoS, refer to the Configuring Access Control Lists (ACLs) chapter.
Traffic Scheduling
Traffic Scheduling allows you to control the packet transmission, based on priorities assigned to
packets and the queuing mechanism configured on the port.
Page 10
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
Page 11
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
Hybrid Scheduling
This scheduling method combines SP and WRR scheduling. Queues with higher priority are
serviced with SP while the remaining queues are serviced in accordance with WRR, after the higher
priority queues are empty.
Hybrid queuing guarantees immediate delivery of packets from high-ranking queues while avoiding
lowest-ranking queues’ starvation.
Storm Control
The storm control mechanism prevents broadcast, multicast, and unicast storms from
overwhelming a network. Traffic storm control (also called traffic suppression) occurs when
packets flood the LAN, creating excessive traffic and degrading network performance. The traffic
storm control feature prevents LAN ports from being disrupted by a broadcast, multicast, or
unicast traffic storm on physical ports. This mechanism regulates the rate at which devices forward
broadcast, multicast and unicast traffic.
Each port has a single traffic storm control level that is used for all types of traffic (broadcast,
multicast, and unicast).
With the storm control feature, you can configure the ingress line rate limit per port or group ports.
Page 12
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
Priority-to-queue assignment 0
Priority remark 0
QoS scheduling algorithm Strict Priority
Port profile ID See Table 4
DSCP priority 0
DSCP-to-profile assignment See Table 5
Traffic shaping Disabled
Trust mode Untrusted
SP scheduling Applied for all ports
0 0 Green 0 0
1 1 Green 1 0
2 2 Green 2 0
3 3 Green 3 0
4 4 Green 4 0
5 5 Green 5 0
6 6 Green 6 0
7 7 Green 7 0
8 0 Yellow 0 0
9 1 Yellow 1 0
10 2 Yellow 2 0
11 3 Yellow 3 0
12 4 Yellow 4 0
13 5 Yellow 5 0
14 6 Yellow 6 0
15 7 Yellow 7 0
16–127 Not Used Not Used Not Used Not Used
Page 13
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
0–7 0
8–15 1
16–23 2
24–31 3
32–39 4
40–47 5
48–55 6
56–63 7
1 50
2 25
0 1 green
1 2 green
2 3 green
3 4 green
4 5 green
5 6 green
6 7 green
7 8 green
Page 14
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
0–7 1 green
8–15 2 green
16–23 3 green
24–31 4 green
32–39 5 green
40–47 6 green
48–55 7 green
56–63 8 green
0 green 0 be
1 green 1 l2
2 green 2 af
3 green 3 l1
4 green 4 h2
5 green 5 ef
6 green 6 h1
7 green 7 nc
0 yellow 0 be
1 yellow 1 l2
2 yellow 2 af
3 yellow 3 l1
4 yellow 4 h2
5 yellow 5 ef
6 yellow 6 h1
7 yellow 7 nc
Page 15
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
Page 16
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
Ingress Egress
Network
Policy
End
Page 17
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
qos Configures the QoS configuration and enters QoS Configuration mode
(see Configuring QoS)
network-policy Creates a network QoS policy and enters QoS Network Configuration
mode (see Configuring the Network Policy)
qos-network-policy Applies per port the created network QoS policy (see Applying the
Network Policy per Port)
description Adds a description strings to the network policy (see Adding the
Description for Network Policy)
ingress Configures the ingress network policy and enters QoS Ingress
Network Configuration mode (see Configuring the Network Ingress
Policy)
trust-dscp Enables/disables L3 trusted mode DSCP per ingress network policy
(see Enabling/Disabling the Trusted Mode DSCP)
trust-priority Enables/disables L2 trusted mode priority per ingress network policy
(see Enabling/Disabling the Trusted Mode Priority)
fc Defines default mapping of port to FC and color (see Applying the QoS
Default Mapping on Port)
remark fc priority Configures dot1p egress global remarking (see Configuring the
Network Egress Remarking)
congestion- Configures the profile parameters to be used in the tail-drop
avoidance-profile calculations (see Defining Tail-Drop Profile)
tail-drop
egress Configures service egress QOS policy and enters QoS Egress
Network Configuration mode (see Configuring the Network Egress
Policy)
queue Configures queue on egress network and enters QoS Egress Queue
Network Configuration mode (see Configuring the Queue on Egress
Network).
congestion- Applies the profile of the tail-drop congestion avoidance mechanism
avoidance-profile on a queue in an egress network policy or directly on the egress
tail-drop network policy (see Applying Tail-Drop Profile)
shaper-profile Applies the shaper profile on a queue in an egress network policy or
directly on the egress policy (see Applying the Shaping Profile)
Page 18
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
Command Description
map dscp fc Defines a DSCP to forwarding class (FC) mapping and colors traffic to
a specified value (see Configuring the DSCP to FC and Color
Mapping)
map priority fc Defines a dot1p to FC mapping and colors traffic to a specified value
(see Configuring the Dot1p to FC and Color Mapping)
service-policy Creates a QoS service policy (see Configuring the Service Policy)
description Adds a description string to the created QoS service policy (see
Adding the Description for the Service Policy)
ingress Configures the QoS service ingress policy (see Configuring the
Service Ingress Policy)
queue Creates a QoS service ingress queue (see Configuring the Service
Queues)
congestion- Applies a tail-drop profile on a service ingress queue (Applying Tail-
avoidance-profile Drop Profiles)
tail-drop
shaper-profile Applies the already created service shaper profile on the service policy
or on the queue (see Applying the Shaping Profile)
scheduling-profile Applies the already created service scheduling profile on the service
policy (see Applying the Service Scheduling Profile)
qos-service-policy Binds the already created QoS service policy on the TLS service (see
Binding the Service Policy on a TLS Service)
apply-qos-service- Applies the already created QoS service policy on the specified SAP
policy (see Applying the Service Policy on a SAP)
shaper-profile Configures the shaper profile for network policy, service policy, and
queues (see Configuring the Shaper Profile)
scheduling-profile Configures SP (Strict Priority) scheduling (see Configuring Scheduling
sp SP Profile)
scheduling-profile Applies and configures Weighted Round-Robin (WRR) scheduling
wrr (see Configuring the Scheduling WRR Profile)
scheduling-profile Applies and configures the first hybrid QoS algorithm (see Configuring
hybrid-1 the Scheduling Hybrid-1 Profile)
Page 19
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
Command Description
scheduling-profile Applies and configures the second hybrid QoS algorithm (see
hybrid-2 Configuring the Scheduling Hybrid-2 Profile)
scheduling-profile Applies and configures the third hybrid QoS algorithm (see Configuring
hybrid-3 the Scheduling Hybrid-3 Profile)
scheduling-profile Applies and configures the forth hybrid QoS algorithm (see
hybrid-4 Configuring the Scheduling Hybrid-4 Profile)
scheduling-profile Applies and configures the fifth hybrid QoS algorithm (see Configuring
hybrid-5 the Scheduling Hybrid-5 Profile)
scheduling-profile Applies and configures the sixth hybrid QoS algorithm (see
hybrid-6 Configuring the Scheduling Hybrid-6 Profile)
show qos network- Displays the information for all configured network policies or for the
policy specified policy (see Displaying the Network Policy Configuration)
show qos Displays the configuration for all ports or for the specified port (see
interface Displaying the QoS Port Configuration)
show qos Displays the scheduler profile configuration for all profiles or for the
scheduler-profile specified scheduler profile ID (see Displaying the Scheduler Profile
Configuration)
show qos shaper- Displays the shaper profile configuration for all network and service
profile profiles or for the specified shaper profile ID (see Displaying the Shaper
Profile Configuration)
show qos Displays information for all configured tail-drop profiles or for the
congestion- specified tail-drop profile (see Displaying the Tail-Drop Profile
avoidance-profile Information)
tail-drop
show qos service Displays information for the SAP service (see Displaying the SAP
Service Information)
show qos service- Displays information for all configured service policies or for the
policy specified service policy (see Displaying the Service Policy Information)
show qos ingress Displays dot1p to FC Mapping (see Displaying the Dot1p to FC
priority-map Mapping)
show qos ingress Displays DSCP to FC mapping (see Displaying the DSCP to FC
dscp-map Mapping)
show qos egress Displays egress mapping and remarking (see Displaying the Egress
remark Mapping and Remarking)
storm-control Configures the storm-control threshold rate of the incoming traffic and
blocks forwarding of unnecessary flooded traffic (see Configuring the
Traffic Type)
Page 20
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
Command Description
show storm-control Displays the storm control levels configured on a port or for all ports
(see Displaying the Storm Control Settings)
Page 21
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
Configuring QoS
The qos command configures the QoS configuration. The command enters the QoS Configuration
mode, see the Example below.
Command Syntax
device-name(config)#qos
Example
device-name(config)#qos
device-name(config qos)#
Command Syntax
device-name(config qos)#network-policy <network-policy-name>
device-name(config qos-net policy_name)#
Argument Description
network-policy- Sets the policy name up to 6 characters. The default is the name of
name the default policy.
no Removes the network policy
Example
device-name(config qos)#network-policy batm
device-name(config qos-net batm)#
Page 22
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax
device-name(config UU/SS/PP)#qos-network-policy <network-policy-name>
device-name(config UU/SS/PP)#no qos-network-policy
Argument Description
network-policy- The policy name to be applied on a port. The name has up to 6
name characters
no Removes the network policy from the port
Example
device-name(config 1/1/1)#qos-network-policy batm
CLI Mode: QoS Network Configuration (see Configuring the Network Policy)
Command Syntax
device-name(config qos-net policy_name)#description <description-string>
device-name(config qos-net policy_name)#no description
Argument Description
description-string A string up to 30 characters
no Removes the description
Page 23
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
CLI Mode: QoS Network Configuration (see Configuring the Network Policy)
Command Syntax
device-name(config qos-net policy_name)#ingress
device-name(config qos-net-in policy_name)#
Example
device-name(config qos-net batm)#ingress
device-name(config qos-net-in batm)#
CLI Mode: QOS Ingress Network Configuration (see Configuring the Network Ingress Policy)
Command Syntax
device-name(config qos-net-in policy_name)#trust-dscp
device-name(config qos-net-in policy_name)#no trust-dscp
Argument Description
no Enables untrusted mode, or disables the trusted mode
CLI Mode: QOS Ingress Network Configuration (see Configuring the Network Ingress Policy)
Command Syntax
device-name(config qos-net-in policy_name)#trust-priority [preserve-priority]
device-name(config qos-net-in policy_name)#no trust-priority
Argument Description
preserve-priority Disables L2 remarking
no Enables untrusted mode, or disables the trusted mode
Page 24
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
CLI Mode: QOS Ingress Network Configuration (see Configuring the Network Ingress Policy)
By default, the default mapping of the port is fc be green.
Command Syntax
device-name(config qos-net-in policy_name)#fc {be | l2 | af | 11 | h2 | ef |
h1 | nc} {green | yellow}
Argument Description
be The forwarding class to be mapped is the Best-Effort Forwarding Class
12 The forwarding class to be mapped is the Low-2 Forwarding Class
af The forwarding class to be mapped is the Assured Forwarding Class
11 The forwarding class to be mapped is the Low-1 Forwarding Class
h2 The forwarding class to be mapped is the High-2 Forwarding Class
ef The forwarding class to be mapped is the Expedited Forwarding Class
h1 The forwarding class to be mapped is the High-1 Forwarding Class
nc The forwarding class to be mapped is the Network Control Forwarding Class
green The traffic with the above VPT or DSCP value is marked as green
yellow The traffic with the above VPT or DSCP value is marked as yellow
Command Syntax
device-name(config qos)#remark fc {be | l2 | af | 11 | h2 | ef | h1 | nc} drop-
level (green | yellow) priority <0-7>
Page 25
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
Argument Description
be Refer to the Argument Description above.
12
af
11
h2
ef
h1
nc
drop-level The drop level.
green Refer to the Argument Description above.
yellow
priority The mapping of packets according to DSCP fields, in the valid range of <0–7>.
<0–7>
Command Syntax
device-name(config qos)#congestion-avoidance-profile tail-drop
<tail_drop_profile_id> <yellow-threshold>
device-name(config qos)#no congestion-avoidance-profile tail-drop
<tail_drop_profile_id>
Argument Description
tail_drop_profile_id The tail-drop profile ID (corresponding to a specific threshold level),
in the range of <1–5>. Profile ID 1 and profile ID 2 are default and
cannot be modified.
By default:
• ID 1 uses 50% of the queue's memory (queuing up to 500
frames)
• ID 2 uses 25% of the queue's memory (queuing up to 250)
yellow-threshold The allocated memory threshold value for yellow packets, in the
range of <0-100> %.
Permitted values are: 25%, 50%, 75% and 100%.
The red threshold has to be less than or equal to the yellow
threshold.
Page 26
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
no Restores to default
Example
device-name(config qos)#congestion-avoidance-profile tail-drop 4 75
device-name(config qos)#congestion-avoidance-profile tail-drop 3 100
CLI Mode: QoS Network Configuration (see Configuring the Network Policy)
Command Syntax
device-name(config qos-net policy_name)#egress
device-name(config qos-net-eg policy_name)#
Example
device-name(config qos-net batm)#egress
device-name(config qos-net-eg batm)#
CLI Mode: QoS Egress Network Configuration (see Configuring the Network Egress Policy)
Command Syntax
device-name(config qos-net-eg policy_name)#queue <queue_id>
device-name(config qos-net-queue queue_id)#
Argument Description
queue_id The queue ID, in the valid range of <1–8>
Example
device-name(config qos-net-eg batm)#queue 3
device-name(config qos-net-queue 3)#
Page 27
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
CLI Mode: QoS Egress Queue Network Configuration (see Configuring the Queue on Egress
Network) and QoS Egress Network Configuration (see Configuring the Network Egress
Policy)
Command Syntax
device-name(config qos-net-queue queue_id)#congestion-avoidance-profile tail-
drop <tail_drop_profile_id>
device-name(config qos-net-queue queue_id)#no congestion-avoidance-profile
tail-drop
Argument Description
tail_drop_profile_id The tail-drop profile ID, in the range of <1–5>.
Profile ID 1 and profile ID 2 are default (see Defining Tail-Drop
Profiles)
no Restores to default
CLI Mode: QoS Egress Queue Network Configuration (see Configuring the Queue on Egress
Network) and QoS Egress Network Configuration (see Configuring the Network Egress
Policy)
Command Syntax
device-name(config qos-net-queue queue_id)#shaper-profile <shaper_profile_id>
device-name(config qos-net-queue queue_id)#no shaper-profile
Page 28
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
Argument Description
shaper_profile_id The shaper profile ID to be applied on the egress policy or queue. The
valid range is <1–8>.
no Removes the shaper profile from the configured egress policy or
queue.
CLI Mode: QOS Egress Network Configuration (see Configuring the Network Egress Policy)
Command Syntax
device-name(config qos-net-eg policy_name)#scheduling-profile
<profile_number>
device-name(config qos-net-eg policy_name)#no scheduling-profile
Argument Description
profile_number The scheduling profile ID to be applied on the egress policy. The valid
range is <1–8>.
no Removes the scheduler profile.
Command Syntax
device-name(config qos)#map dscp <0-63> fc {be | l2 | af | 11 | h2 | ef | h1 |
nc} drop-level {green | yellow}
Argument Description
dscp <0-63> The mapping of packets according to DSCP fields, in the valid range of <0–
63>.
be Refer to the Argument Description above.
12
af
11
h2
ef
Page 29
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
h1
nc
drop-level The drop level.
green Refer to the Argument Description above.
yellow
Example
device-name(config qos)#map dscp 1 fc nc drop-level green
Command Syntax
device-name(config qos)#map priority <0-7> fc {be | l2 | af | 11 | h2 | ef |
h1 | nc} drop-level {green | yellow}
Argument Description
priority The mapping of packets according to dot1p fields, in the valid range of <0–7>.
<0-7>
be Refer to the Argument Description above.
12
af
11
h2
ef
h1
nc
drop-level The drop level.
green Refer to the Argument Description above.
yellow
Page 30
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
Example
device-name(config qos)#map priority 2 fc l2 drop-level yellow
Command Syntax
device-name(config qos)#service-policy <qos-service-policy-name>
device-name(config qos)#no service-policy <qos-service-policy-name>
Argument Description
qos-service- The policy name up to 6 characters. The maximum number of network
policy-name policies is 64.
no Removes the service Policy
Example
device-name(config)#qos
device-name(config qos)#service-policy batm
device-name(config qos-serv batm)#
CLI Mode: QoS Service Configuration (see Configuring the Service Policy)
Command Syntax
device-name(config qos-serv policy_name)#description <description_string>
device-name(config qos-serv policy_name)#no description
Argument Description
description_string Adds a description to the service policy. It is a string up to 30 characters.
no Removes the description
Page 31
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
CLI Mode: QoS Service Configuration (see Configuring the Service Policy)
Command Syntax
device-name(config qos-serv policy_name)#ingress
Example
device-name(config qos-serv batm)#ingress
device-name(config qos-serv-in batm)#
CLI Mode: QoS Ingress Service Configuration ( see Configuring the Service Ingress Policy)
Command Syntax
device-name(config qos-serv-in policy_name)#queue <queue_id>
Argument Description
queue_id Queue ID in the valid range of <1–8>
Example
device-name(config qos-serv-in batm)#queue 3
device-name(config qos-queue 3)
CLI Mode: QoS Ingress Service Configuration ( see Configuring the Service Ingress Policy)
Command Syntax
device-name(config qos-serv-in policy_name)#congestion-avoidance-profile tail-
drop <tail_drop_profile_id>
Page 32
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
Argument Description
tail_drop_profile_id The tail-drop profile ID, in the range of <1–5>.
Profile ID 1 and profile ID 2 are default (see Defining Tail-Drop
Profiles)
no Restores to default
NOTE
Use the shaper-profile <service_shaper_profile_id> command to configure
the service shaper profile ID.
CLI Mode: QoS Ingress Service Configuration ( see Configuring the Service Ingress Policy) and
QoS Ingress Queue Service Configuration (see Configuring the Service Queues)
Command Syntax
device-name(config qos-serv-in policy_name)#shaper-profile
<service_shaper_profile_id>
device-name(config qos-serv-in policy_name)#no shaper-profile
Argument Description
service_shaper_profile_id The service shaper profile ID to be applied on the policy or on
the queue. The valid range is <9–57>.
no Removes the shaper profile.
NOTE
Use the scheduling-profile sp command to configure the service scheduling
profile ID.
CLI Mode: QoS Ingress Service Configuration ( see Configuring the Service Ingress Policy)
Page 33
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax
device-name(config qos-serv-in policy_name)#scheduling-profile
<profile_number>
device-name(config qos-serv-in policy_name)#no scheduling-profile
Argument Description
profile_number The service scheduling profile ID to be applied on the policy. The valid range
is <1–8>.
no Removes the scheduling profiles
NOTE
To execute this command (see Example below):
1. Create the QoS service policy with the service-policy command.
2. Create the TLS service with correct SDPs and SAPs. Configure the SDPs
before the SAPs.
3. Apply the created policy on the TLS service, and on desired SAP ports.
Command Syntax
device-name(config-tls SERVICE-NAME)#qos-service-policy <qos-service-policy-
name>
device-name(config-tls SERVICE-NAME)#no qos-service-policy <qos-service-
policy-name>
Argument Description
qos-service- The policy name up to 6 characters. The maximum number of network
policy-name policies is 64.
no Removes the service Policy.
Example
device-name(config)#qos
device-name(config qos)#service-policy batm
device-name(config qos)#shaper-profile 10 10m 1m
[Warning] Shaper CIR and CBS can be changed to the nearest supported value
device-name(config qos-serv batm)#ingress
device-name(config qos-serv-in batm)#shaper-profile 10
Page 34
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
NOTE
To execute this command (see Example below):
1. Create the QoS service policy with the service-policy command.
2. Create the TLS service with correct SDPs and SAPs. Configure the SDPs
before the SAPs.
3. Apply the created policy on the TLS service, and on desired SAP ports.
Command Syntax
device-name(config-tls-sap UU/SS/PP:CVLAN-ID:)#apply-qos-service-policy
Example
device-name(config)#qos
device-name(config qos)#service-policy batm
device-name(config qos)#shaper-profile 10 10m 1m
[Warning] Shaper CIR and CBS can be changed to the nearest supported value
device-name(config qos-serv batm)#ingress
device-name(config qos-serv-in batm)#shaper-profile 10
device-name(config qos-serv-in batm)#end
device-name#configure terminal
device-name(config)#tls serv 5
device-name(config-tls serv)#sdp 1/2/1 s-vlan 10
device-name(config-tls serv)#sap 1/2/2 c-vlans 100
device-name(config-tls serv)#qos-service-policy batm
device-name(config-tls serv)#sap 1/2/2 c-vlans 100 option
device-name(config-tls-sap 1/2/2:100:)#apply-qos-service-policy
Page 35
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax
device-name(config qos)#shaper-profile {<shaper_profile_id> |
<service_shaper_profile_id>} <cir> <cbs>
device-name(config qos)#no shaper-profile {<shaper_profile_id> |
<service_shaper_profile_id>}
NOTE
If you specify cir or cbs without K, M or G, the CLI assumes a default of K.
NOTE
The real shaper values for CIR and CBS may be different than the configured ones, due
to granularity limitations. After configuring these values, a warning message appears:
[Warning] Shaper CIR and CBS can be changed to the nearest supported
value
Argument Description
shaper_profile_id The shaper profile ID for network policy and queue, in the
valid range of <1–8>.
service_shaper_profile_id The service shaper profile ID to be applied on the policy or on
the queue. The valid range is <9–57>.
cir The committed information rate (CIR) value, in the valid range
of <64 Kbps–1 Gbps> in K, M or G.
NOTE
The real shaper value may be different than the
configured one, due to granularity limitations.
cbs The committed burst size (CBS) value, in the valid range of
<12 K–16 M> in K or M (granularity of 4K).
no Removes the scheduler profile.
Page 36
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax
device-name(config qos)#scheduling-profile sp <profile_number>
device-name(config qos)#no scheduling-profile <profile_number>
Argument Description
sp The SP scheduling profile
profile_number The scheduling profile ID, in the range of <1–8>. The default SP scheduling
is with profile number 1.
no Clears the specified profile ID.
Command Syntax
device-name(config qos)#scheduling-profile wrr <profile_number> <txq1-weight>
<txq2-weight> <txq3-weight> <txq4-weight> <txq5-weight> <txq6-weight>
<txq7-weight> <txq8-weight>
device-name(config qos)#no scheduling-profile <profile_number>
Argument Description
wrr The WRR profile.
profile_number The scheduling profile ID, in the range of <1–8>.
<txq1-weight> The weight of queue <txq1–txq8>. The valid range is <1–255>.
…
<txq8-weight>
Page 37
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax
device-name(config qos)#scheduling-profile hybrid-1 <profile_number>
<txq1-weight> <txq2-weight> <txq3-weight> <txq4-weight> <txq5-weight>
<txq6-weight> <txq7-weight>
device-name(config qos)#no scheduling-profile <profile_number>
Argument Description
hybrid-1 Creates hybrid profile type 1 scheduling.
profile_number Refer to Argument Description above.
<txq1-weight> The weight of queue <txq1–txq7>.
… Weight value is in the range of <1–255>.
<txq7-weight>
no Refer to Argument Description above.
Command Syntax
device-name(config qos)#scheduling-profile hybrid-2 <profile_number>
<txq1-weight> <txq2-weight> <txq3-weight> <txq4-weight> <txq5-weight>
<txq6-weight>
device-name(config qos)#no scheduling-profile <profile_number>
Page 38
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
Argument Description
hybrid-2 Creates hybrid profile type 2 scheduling.
profile_number Refer to Argument Description above.
<txq1-weight> The weight of queue <txq1–txq6>.
… Weight value is in the range of <1–255>.
<txq6-weight>
no Refer to Argument Description above.
Command Syntax
device-name(config qos)#scheduling-profile hybrid-3 <profile_number>
<txq1-weight> <txq2-weight> <txq3-weight> <txq4-weight> <txq5-weight
device-name(config qos)#no scheduling-profile <profile_number>
Argument Description
hybrid-3 Creates hybrid profile type 3 scheduling.
profile_number Refer to Argument Description above.
<txq1-weight> The weight of queue <txq1–txq5>.
… Weight value is in the range of <1–255>.
<txq5-weight>
no Refer to Argument Description above.
Command Syntax
device-name(config qos)#scheduling-profile hybrid-4 <profile_number>
<txq1-weight> <txq2-weight> <txq3-weight> <txq4-weight>
device-name(config qos)#no scheduling-profile <profile_number>
Page 39
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
Argument Description
hybrid-4 Creates hybrid profile type 4 scheduling.
profile_number Refer to Argument Description above.
<txq1-weight> The weight of queue <txq1–txq4>.
… Weight value is in the range of <1–255>.
<txq4-weight>
no Refer to Argument Description above.
Command Syntax
device-name(config qos)#scheduling-profile hybrid-5 <profile_number>
<txq1-weight> <txq2-weight> <txq3-weight>
device-name(config qos)#no scheduling-profile <profile_number>
Argument Description
hybrid-5 Creates hybrid profile type 5 scheduling.
profile_number Refer to Argument Description above.
<txq1-weight> The weight of queue <txq1–txq3>.
… Weight value is in the range of <1–255>.
<txq3-weight>
no Refer to Argument Description above.
Command Syntax
device-name(config qos)#scheduling-profile hybrid-6 <profile_number>
<txq1-weight> <txq2-weight>
device-name(config qos)#no scheduling-profile <profile_number>
Page 40
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
Argument Description
hybrid-6 Creates hybrid profile type 6 scheduling.
profile_number Refer to Argument Description above.
<txq1-weight> The weight of queue txq1 and txq2.
<txq2-weight> Weight value is in the range of <1–255>.
no Refer to Argument Description above.
Command Syntax
device-name#show qos network-policy [<policy_name>]
Argument Description
policy_name (Optional) the name of the network policy to be displayed, up to 6 characters.
Example 1
Display the information for all configured network policies:
device-name#show qos network-policy
+---------------------------------------------------------+
| Network Policy |
+----------------+----------------------------------------+
| Policy Name | Description |
+----------------+----------------------------------------+
| DefPol | Default network policy |
+----------------+----------------------------------------+
| User | |
+----------------+----------------------------------------+
| Test | This is a test policy |
+----------------+----------------------------------------+
Page 41
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
Example 2
Display the information for Test network policy:
device-name#show qos network-policy Test
Policy Name: Test
Description: This is a test policy
+---------------------------------+
| Ingress Policy Configuration |
+--------------+-----+------------+
| Trust Mode | FC | Drop Level |
+--------------+-----+------------+
| untrust | be | green |
+--------------+-----+------------+
+--------------------------------------------+
| Egress Policy Configuration |
+----------------+---------------------------+
| Scheduler Prof | Shaper Profile |
+-----+----------+-----+----------+----------+
| ID | Type | ID | CIR | CBS |
+-----+----------+-----+----------+----------+
| - | - | - | - | - |
+-----+----------+-----+----------+----------+
Egress Congestion Avoidance Configuration
+---------------------+
| Tail-drop Prof |
+-----+-------+-------+
| ID | Yel T | Red T |
+-----+-------+-------+
| 1 | 50 | NA |
+-----+-------+-------+
+----------+-----------+----------+----------+-----------+
| Queue Id | Shaper Id | CIR | CBS | Tail-drop |
+----------+-----------+----------+----------+-----------+
| 2 | 2 | 1000 | 2048 | |
+----------+-----------+----------+----------+-----------+
Policy is applied on the following port(s):
1/2/7 1/2/8
Page 42
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax
device-name#show qos interface [UU/SS/PP]
Argument Description
UU/SS/PP (Optional) the physical port (Unit/Slot/Port). If you do not specify the port, the
configuration of all ports is displayed.
Example
device-name#show qos interface 1/1/1
+-----------+-----------------+
| Interface | Network Policy |
+-----------+-----------------+
| 1/1/1 | DefPol |
+-----------+-----------------+
Command Syntax
device-name#show qos scheduler-profile [<profile_number>]
Argument Description
profile_number (Optional) the scheduler profile ID, in the range <1–8>. If you do not
specify the scheduler profile ID, all scheduler profiles are displayed.
Page 43
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
Example 1
device-name#show qos scheduler-profile
+------+----------+-----+-----+-----+-----+-----+-----+-----+-----+
| Id | Type | Q1 | Q2 | Q3 | Q4 | Q5 | Q6 | Q7 | Q8 |
+------+----------+-----+-----+-----+-----+-----+-----+-----+-----+
| 1 | sp | - | - | - | - | - | - | - | - |
+------+----------+-----+-----+-----+-----+-----+-----+-----+-----+
| 2 | hybrid-6 | 7 | 7 | - | - | - | - | - | - |
+------+----------+-----+-----+-----+-----+-----+-----+-----+-----+
Example 2
device-name#show qos scheduler-profile 2
+------+----------+-----+-----+-----+-----+-----+-----+-----+-----+
| Id | Type | Q1 | Q2 | Q3 | Q4 | Q5 | Q6 | Q7 | Q8 |
+------+----------+-----+-----+-----+-----+-----+-----+-----+-----+
| 2 | hybrid-6 | 7 | 7 | - | - | - | - | - | - |
+------+----------+-----+-----+-----+-----+-----+-----+-----+-----+
Command Syntax
device-name#show qos shaper-profile [<shaper_profile_id> |
<service_shaper_profile_id>]
Argument Description
shaper_profile_id (Optional) the shaper profile ID, in the range of <1–8>. If you
do not specify the shaper profile ID, all shaper profiles are
displayed.
service_shaper_profile_id (Optional) the service shaper profile ID, in the valid range of
<9–57>. If you do not specify the service shaper profile ID, all
shaper profiles are displayed.
Page 44
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
Example 1
device-name#show qos shaper-profile
+------+----------+----------+
| Id | CIR | CBS |
+------+----------+----------+
| 1 | 500 | 100 |
+------+----------+----------+
| 2 | 100 | 100 |
+------+----------+----------+
| 50 | 1000 | 2048 |
+------+----------+----------+
Example 2
device-name#show qos shaper-profile 1
+------+----------+----------+
| Id | CIR | CBS |
+------+----------+----------+
| 1 | 500 | 100 |
+------+----------+----------+
Command Syntax
device-name#show qos congestion-avoidance–profile tail-drop
[<tail_drop_profile_id>]
Argument Description
tail_drop_profile_id (Optional) the tail-drop profile ID for which information is displayed.
The valid range is <1–5>. ID 1 and ID 2 are default and cannot be
modified.
Page 45
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
Example
device-name#show qos congestion-avoidance-profile tail-drop
+------+--------+--------+
| Id | Yellow | Red |
+------+--------+--------+
| 1 | 50 %| NA |
+------+--------+--------+
| 2 | 25 %| NA |
+------+--------+--------+
| 3 | 75 %| NA |
+------+--------+--------+
Command Syntax
device-name#show qos service
Example
device-name#show qos service
Service: 4 Service policy: policy
Enabled on SAPs: 1/2/3:10:
Page 46
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax
device-name#show qos service-policy [<qos-service-policy-name>]
Argument Description
qos-service-policy-name (Optional) the service policy name for which information is
displayed. It is up to 6 characters.
Example
device-name#show qos service-policy policy
Policy Name: policy
Description: this is the service policy
+----------------+----------+
| Shaper Profile |
+-----+----------+----------+
| ID | CIR | CBS |
+-----+----------+----------+
| 10 | 10000 | 200 |
+-----+----------+----------+
+----------------+
| Scheduler Prof |
+-----+----------+
| ID | Type |
+-----+----------+
| 1 | sp |
+-----+----------+
+----------+-----------+----------+----------+
| Queue Id | Shaper Id | CIR | CBS |
+----------+-----------+----------+----------+
| 1 | 11 | 1000 | 200 |
+----------+-----------+----------+----------+
Page 47
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax
device-name#show qos ingress priority-map
Example
device-name#show qos ingress priority-map
+-----------+--------+-------------+
| Priority | FC | Drop Level |
+-----------+--------+-------------+
| 0 | be | green |
+-----------+--------+-------------+
| 1 | l2 | green |
+-----------+--------+-------------+
| 2 | af | green |
+-----------+--------+-------------+
| 3 | l1 | green |
+-----------+--------+-------------+
| 4 | h2 | green |
+-----------+--------+-------------+
| 5 | ef | green |
+-----------+--------+-------------+
| 6 | h1 | green |
+-----------+--------+-------------+
| 7 | nc | green |
+-----------+--------+-------------+
Command Syntax
device-name#show qos ingress dscp-map
Page 48
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
Example
device-name#show qos ingress dscp-map
+-----------+--------+-------------+
| DSCP | FC | Drop Level |
+-----------+--------+-------------+
| 0 | be | green |
…
+-----------+--------+-------------+
| 7 | be | green |
+-----------+--------+-------------+
| 8 | l2 | green |
+-----------+--------+-------------+
…
+-----------+--------+-------------+
| 15 | l2 | green |
+-----------+--------+-------------+
| 16 | af | green |
+-----------+--------+-------------+
…
| 23 | af | green |
+-----------+--------+-------------+
| 24 | l1 | green |
+-----------+--------+-------------+
…
+-----------+--------+-------------+
| 31 | l1 | green |
+-----------+--------+-------------+
| 32 | h2 | green |
+-----------+--------+-------------+
…
+-----------+--------+-------------+
| 39 | h2 | green |
+-----------+--------+-------------+
| 40 | ef | green |
+-----------+--------+-------------+
…
+-----------+--------+-------------+
| 47 | ef | green |
+-----------+--------+-------------+
| 48 | h1 | green |
+-----------+--------+-------------+
…
+-----------+--------+-------------+
| 55 | h1 | green |
+-----------+--------+-------------+
| 56 | nc | green |
…
| 63 | nc | green |
+-----------+--------+-------------+
Page 49
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax
device-name#show qos egress remark
Example
device-name#show qos egress remark
+---------------------+------------+
| QoS Parameters | Tx Remark |
+--------+------------+------------+
| FC | Drop Level | Priority |
+--------+------------+------------+
| be | green | 0 |
+--------+------------+------------+
| be | yellow | 0 |
+--------+------------+------------+
| l2 | green | 1 |
+--------+------------+------------+
| l2 | yellow | 1 |
+--------+------------+------------+
| af | green | 2 |
+--------+------------+------------+
| af | yellow | 2 |
+--------+------------+------------+
| l1 | green | 3 |
+--------+------------+------------+
| l1 | yellow | 3 |
+--------+------------+------------+
| h2 | green | 4 |
+--------+------------+------------+
| h2 | yellow | 4 |
+--------+------------+------------+
| ef | green | 5 |
+--------+------------+------------+
| ef | yellow | 5 |
+--------+------------+------------+
| h1 | green | 6 |
+--------+------------+------------+
| h1 | yellow | 6 |
+--------+------------+------------+
| nc | green | 7 |
+--------+------------+------------+
| nc | yellow | 7 |
+--------+------------+------------+
Page 50
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-if UU/SS/PP)#storm-control {broadcast | multicast |
unknown} <rate>
device-name(config-if UU/SS/PP)#no storm-control
Argument Description
broadcast Rate limits broadcast input traffic only.
multicast Rate limits known multicast traffic only.
unknown Rate limits unknown-unicast and unknown-multicast traffic only.
rate The desired ingress rate limit. Must be a number between 64 Kbps and 1 Gbps.
The number must be specified with K, M or G at the end.
NOTE
If the actual ingress line rate is different from your desired ingress
line rate, a relevant message appears, see the Example below.
no Disables storm control.
Page 51
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
Example
If you limit the ingress line rate to 250 Kbps, the actual rate is set to 256 Kbps. If you limit the
ingress line rate to 400 Kbps, the actual rate is set to 384 Kbps:
device-name(config-if 1/1/1)#storm-control broadcast 250K
Actual line rate was set to 256kbps due to granularity limitation
device-name(config-if 1/1/1)#interface ag01
device-name(config-if AG01)#storm-control unknown multicast 400K
Actual rate is set to 384Kbps due to granularity limitation.
Command Syntax
device-name#show storm-control {all | interface UU/SS/PP | interface ag0N}
Argument Description
all Displays the storm-control settings for all ports on the device.
interface Displays the storm-control settings for the specified port or aggregation port.
UU/SS/PP The desired port where you previously configured the ingress-rate limit.
ag0N The aggregation port where you previously configured the ingress-rate limit.
LAG ID is in the valid range of <1–7>.
Examples
• Display the storm control levels for port 1/1/1:
device-name#show storm-control interface 1/1/1
Traffic type = broadcast
Ingress line rate limit = 320Kbps
Interface ag01
Traffic type = unknown, multicast
Ingress rate limit = 384Kbps
Page 52
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-if UU/SS/PP)#tx-drop-broadcast
device-name(config-if UU/SS/PP)#no tx-drop-broadcast
device-name(config-if-group)#tx-drop-broadcast
device-name(config-if-group)#no tx-drop-broadcast
Argument Description
no Disables egress broadcast packets filtering
Command Syntax
device-name(config-if UU/SS/PP)#tx-drop-unknown
device-name(config-if UU/SS/PP)#no tx-drop-unknown
device-name(config-if-group)#tx-drop-unknown
device-name(config-if-group)#no tx-drop-unknown
Argument Description
no Disables egress unknown-unicast packets filtering
Page 53
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-if UU/SS/PP)#tx-drop-multicast
device-name(config-if UU/SS/PP)#no tx-drop-multicast
device-name(config-if-group)#tx-drop-multicast
device-name(config-if-group)#no tx-drop-multicast
Argument Description
no Disables egress multicast packets filtering
Page 54
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
Configuration Examples
Mapping Priority
Change the mapping of the FC priority levels to the following:
• Priority 0 and 1—FC l2, drop-level green
• Priority 2 and 3—FC l1, drop-level yellow
• Priority 4 and 5—FC ef, drop-level green
• Priority 6 and 7—FC nc, drop-level yellow
Page 55
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
Page 56
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
| 5 | be | green |
+-----------+--------+-------------+
| 5 | be | green |
+-----------+--------+-------------+
| 7 | be | green |
+-----------+--------+-------------+
| 8 | l2 | green |
+-----------+--------+-------------+
…
| 63 | nc | green |
+-----------+--------+-------------+
Page 57
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
8. Create the VLAN vl10 with ID 10 and add to it port 1/2/1 (SDP port) as tagged and port
1/2/2 (SAP port) as untagged:
device-name#configure terminal
device-name(config)#vlan
device-name(config vlan)#create vl10 10
device-name(config vlan)#config vl10
device-name(config-vlan vl10)#add ports 1/2/1 tagged
device-name(config-vlan vl10)#add ports 1/2/2 untagged
device-name(config-vlan vl10)#exit
device-name(config vlan)#exit
Page 58
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
10. Apply the created QoS service policy on the TLS service:
device-name(config-tls serv)#qos-service-policy policy
Page 59
Configuring Quality of Service (QoS) (Rev. 11)
T-Marc 300 Series User Guide
Supported Platforms
Feature T-Marc 340 T-Marc 380
Quality of Service (QoS) IEEE 802.1p Private MIB, RFC 2474, Definition
Priority Queuing prvt_qos.mib of the Differentiated
IEEE 802.1ad— Services Field (DS
Field) in the IPv4 and
Describes port-
IPv6 Headers
based service
RFC 2475, An
Architecture for
Differentiated
Services
RFC 2597, Assured
Forwarding PHB
Group
RFC 2598, An
Expedited
Forwarding PHB
RFC 2697, A Single
Rate Three Color
Marker
RFC 2698, A Two
Rate Three Color
Marker
RFC 3140, Per Hop
Behavior
Identification Codes
Page 60
Configuring Quality of Service (QoS) (Rev. 11)
Operations, Administration & Maintenance (OAM)
Table of Figures ······················································································ 8
Page 1
Operations, Administration & Maintenance (OAM) (Rev.13)
T-Marc 300 Series User Guide
Page 2
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Page 3
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Page 4
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Page 5
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Page 6
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Page 7
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Table of Figures
Figure 1: End-to-End OAM Configuration ···················································10
Figure 2: Managing Provider Devices using the EFM 802.3ah Standard···················11
Figure 3: Managing Customer Devices (passive) using the EFM 802.3ah Standard·······12
Figure 4: EFM-OAM Configuration Flow ····················································17
Figure 5: Example for Configuring Two Devices in EFM-OAM Protocol ················45
Figure 6: OAM Ethernet Tools ································································51
Figure 7: MEP1 and MEP3 Send a Multicast CC Frame ····································52
Figure 8: MEP4 and MEP2 Send a Multicast CC Frame ····································52
Figure 9: Loopback Operation ·································································53
Figure 10: Link Trace Operation ·······························································54
Figure 11: CFM-OAM Configuration Flow···················································56
Figure 12: CFM-OAM Performance Monitoring Flow ······································57
Figure 13: CFM-OAM on-demand Tools Flow ··············································58
Figure 14: Example for Configuring Two Devices in CFM Protocol ···················· 100
Figure 15: Example for using the clear connectivity Command··························· 105
Figure 16: Unidirectional Test ································································ 109
Figure 17: End-to-End Unicast Loopback Test ············································ 110
Figure 18: Configuring Two Devices in Throughput Test Configuration Mode ········ 127
Figure 19: Example for Configuring Two Devices in SAA Test Configuration Mode·· 153
Figure 20: Protecting Services Using EPS. ·················································· 158
Figure 21: EPF Configuration Flow ························································· 159
Figure 22: Event Propagation Configuration Flow········································· 173
Figure 23: E-LMI Configuration Flow ······················································ 184
Page 8
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Page 9
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Overview
The IEEE 802.3ah Ethernet in the First Mile (EFM) standard specifies the protocols and Ethernet
interfaces for using Ethernet over access links as a first-mile technology and transforming it into a
highly reliable technology.
Using the Ethernet in the First Mile solution, you gain broadcast Internet access in addition to
services (such as Layer 2 transparent LAN services, Voice services over Ethernet Access networks,
Video, and multicast applications) reinforced by security and Quality of Service (QoS) control to
build a scalable network.
The in-band management specified by this standard defines the operations, administration, and
maintenance (OAM) mechanism needed for the advanced monitoring and maintenance of
Ethernet links in the first mile. The OAM capabilities facilitate network operation and
troubleshooting for both the provider and the customer networks.
Basic 802.3 packets convey OAM data between two ends of a physical link. The 802.3ah (Clause
57) provides the single-link OAM capabilities.
When enabled, two connected OAM devices exchange Protocol Data Units (OAMPDUs).
OAMPDUs are standard-size frames, including information such as the destination MAC address,
EtherType and subtype, sent at a predefined rate (a limitation necessary for reducing the impact on
the usable bandwidth).
EFM OAM is an optional and you can enable or disable it per physical port.
Page 10
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Potential Applications
Service providers use the link layer EFM for demarcation point OAM services.
Using the Ethernet demarcation service, providers can manage remote devices (defined as passive
devices) without utilizing an IP layer. Instead they can utilize link-layer SNMP counters request and
reply, loopback testing, and other techniques that are controlled remotely.
Installation Configurations
The following configuration shows how to manage the provider device (CPE passive device) using
802.3ah standard.
Page 11
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
The configuration below illustrates how to manage the customer devices using EFM 802.3ah.
Figure 3: Managing Customer Devices (passive) using the EFM 802.3ah Standard
Page 12
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Discovery
At the first phase EFM-OAM enabled DTEs identify other DTEs along with their OAM
capabilities using Information OAMPDUs, advertising the following information:
• OAM configuration (capabilities)—the local DTE's OAM capabilities. Using this information, a
peer can determine what functions are supported and accessible (for example, loopback
capability).
• OAM mode—the DTE's OAM mode, also used to determine the DTE's functionality:
Active mode: the DTE instigates OAM communications and can issue queries and
commands to the remote device.
Passive mode: the DTE generally waits for the peer DTE to instigate OAM
communications and responds to them. It does not instigate commands and queries.
For more information about the rules for active and passive mode DTEs, refer to Rules
for Active Mode and Rules for Passive Mode below.
The mode combinations are:
One active and one passive OAM DTE
Two active OAM DTEs
• OAMPDU configuration—including the maximum size of OAMPDUs delivered (This
information, in combination with a limited rate of ten frames per second, is used to limit the
bandwidth allocated to OAM traffic)
• Platform identity—the platform identity is a combination of an Organization Unique Identifier
(OUI, the first three bytes of the MAC address) and 32-bits of vendor-specific information.
OUI allocation is controlled by the IEEE.
Once OAM support is detected and the OAM expectations are met, both ends of the link
exchange the above information, enabling OAM on the link. However, the loss of a link or a failure
to receive OAMPDUs for a predefined interval causes the discovery process the start over again.
Timers
Two configurable timers control the protocol:
• The Hello timer, determining the rate for sending OAMPDUs
• The Keep-alive timer, determining the time interval for expecting OAMPDUs from the peer
An additional 1-second non-configurable timer is used for error aggregation necessary for the Link
Monitoring Process to generate link quality events.
Page 13
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Flags
Each OAMPDU includes a Flags field that includes the discovery process status. There are three
possible status values:
• Discovering—the discovery process is in progress
• Stable—discovery is completed and the remote device can start sending any type of OAMPDU
• Unsatisfied—when there are mismatches in the OAM configuration that prevent OAM from
completing the discovery process
Process Overview
The discovery process allows a local Data Terminating Entity (DTE) to detect OAM on a remote
DTE. Once OAM support is detected, both ends of the link exchange state and configuration
information (such as mode, PDU size, loopback support, etc.). If both DTEs are satisfied with the
settings, OAM is enabled on the link. However, the loss of a link or a failure to receive OAMPDUs
for five seconds may cause the discovery process the start over again.
DTEs may either be in active or passive mode. Active mode DTEs instigate OAM
communications and can issue queries and commands to a remote device. Passive mode DTEs
generally wait for the peer device to instigate OAM communications and respond to, but do not
instigate, commands and queries. Rules of what DTEs in active or passive mode can do are
discussed in the following sections.
Page 14
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Page 15
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Remote Loopback
In order to verify the quality of links, estimating whether a network segment satisfies an SLA, and
when troubleshooting, the active device can enable the remote peer's loopback mode, using
Loopback Control OAMPDUs.
When in a loopback mode, the peer loops back all the traffic (except for OAMPDU traffic and
pause frames) without changing it. The remote peer acknowledges the loopback by responding
with an Information OAMPDU, indicating the loopback status in the State field.
CAUTION
Initiating this mode drops all traffic from the remote peer device.
Page 16
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Enable protocol
Non-intrusive Intrusive
Set network monitoring Configure EFM-OAM monitoring and
network testing
Start/Stop EFM-OAM local/remote
loopback configuration
End
Page 17
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Configuring EFM-OAM
Table 1: EFM-OAM Protocol Configuration Commands
Command Description
Enabling/Disabling EFM-OAM
The efm-oam command enables/disables the EFM-OAM protocol on the devices.
The efm-oam disable/enable command configures all EFM-OAM parameters to their default
values. To disable the protocol and keep the current configuration, disable the protocol on a
specified port or port range.
CLI Mode: Protocol Configuration
Command Syntax
device-name(cfg protocol)#efm-oam {enable | disable}
Argument Description
enable Enables EFM-OAM protocol.
Enabled
disable Disables EFM-OAM protocol.
Page 18
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Example
device-name(cfg protocol)#efm-oam enable
Command Syntax
device-name(cfg protocol)#efm-oam multiple-pdu-count <pdu-count>
device-name(cfg protocol)#no efm-oam multiple-pdu-count
Argument Description
pdu-count Defines the number of identical PDUs, in the range of <1–10>. These
PDUs are sent when the local event occurs and requires propagation to
the remote device.
5 OAMPDU
no Restores to default.
Example
device-name(cfg protocol)#efm-oam multiple-pdu-count 3
Command Syntax
device-name(cfg protocol)#[no] efm-oam propagate-events
Argument Description
no Disables the event propagation.
the event propagation is enabled
Page 19
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Example
device-name(cfg protocol)#efm-oam propagate-events
Command Syntax
device-name(cfg protocol)#[no] efm-oam log-events
Argument Description
no Disables the local Syslog daemon's event propagation.
the sending of the event notification OAMPDUs is enabled
Example
device-name(cfg protocol)#no efm-oam log-events
NOTE
This command takes affect only if the port is a tagged member of the default
VLAN.
Command Syntax
device-name(cfg protocol)#efm-oam priority <priority>
device-name(cfg protocol)#no efm-oam priority
Page 20
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Argument Description
priority Defines 802.1p priority value for the outgoing and incoming EFM-OAM PDUs,
in the range of <0–7>.
the priority is undefined
no Restores to default.
Example
device-name(cfg protocol)#efm-oam priority 3
Command Syntax
device-name(cfg protocol)#efm-oam keepalive-interval <interval>
device-name(cfg protocol)#no efm-oam keepalive-interval
Argument Description
interval Defines the aging interval, in the range of <100–15000> milliseconds.
5000 milliseconds
no Restores to default.
Example
device-name(cfg protocol)#efm-oam keepalive-interval 3000
Page 21
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
NOTE
The standard hello interval is 1 second. However, to reduce overload in some
cases, it is possible to set the range to up to 5 seconds even though it violates the
standard.
NOTE
The keepalive-interval must be 2 times bigger than the hello-interval.
Command Syntax
device-name(cfg protocol)#efm-oam hello-interval <interval>
device-name(cfg protocol)#no efm-oam hello-interval
Argument Description
interval Defines the repetition interval of sending Hello packets. The range is <100–
5000> milliseconds.
1000 milliseconds
no Restores to default.
Command Syntax
device-name(cfg protocol)#efm-oam history limit <1000-10000>
device-name(cfg protocol)#no efm-oam history limit
Argument Description
1000-10000 Defines the maximum number of entries in the EFM-OAM history.
5000 entries
no Restores to default.
Page 22
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
To execute this command, first enable EFM-OAM in the Protocol Configuration mode
(see Enabling/Disabling EFM-OAM), otherwise the %EFM-OAM is disabled error is generated.
Command Syntax
device-name(config-if UU/SS/PP)#efm-oam {active | passive}
device-name(config-if UU/SS/PP)#no efm-oam
device-name(config-if-group)#efm-oam {active | passive}
device-name(config-if-group)#no efm-oam
Page 23
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Argument Description
active When specifying the active mode, the device can send hello packets over this
port to initiate an EFM-OAM discovery process. To initiate the discovery
process, enable first the EFM-OAM protocol.
passive When specifying the passive mode, the device cannot use this port to send
hello packets.
port state is passive for uplink ports and disabled for user ports
no Disables 802.3ah EFM-OAM.
Example 1
device-name(config-if 1/1/1)#efm-oam passive
Example 2
device-name(config)#interface range 1/1/1
device-name(config-if-group)#efm-oam passive
Page 24
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-if UU/SS/PP)#efm-oam force-loopback {local | remote}
device-name(config-if UU/SS/PP)#no efm-oam force-loopback
device-name(config-if-group)#efm-oam force-loopback {local | remote}
device-name(config-if-group)#no efm-oam force-loopback Argument Description
Argument Description
local Forces the port loopback on the local device.
Disabled
remote Forces the port loopback on the remote device.
Disabled
no Removes the forced loopback on local or remote devices.
Example
device-name(config-if 1/1/1)#efm-oam force-loopback remote
Command Syntax
device-name(config-if UU/SS/PP)#efm-oam mode {enhanced | basic}
device-name(config-if UU/SS/PP)#no efm-oam mode
device-name(config-if-group)#efm-oam mode {enhanced | basic}
device-name(config-if-group)#no efm-oam mode
Argument Description
enhanced Enables enhanced mode.
Enhanced mode
basic Enables basic mode.
Page 25
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Example
device-name(config-if 1/1/1)#efm-oam mode enhanced
To execute this command, first enable EFM-OAM in the Protocol Configuration mode
(see Enabling/Disabling EFM-OAM), otherwise the %EFM-OAM is disabled error is generated.
Command Syntax
device-name(config-if UU/SS/PP)#efm-oam threshold bit-errors seconds <seconds>
error-count <error-count>
device-name(config-if UU/SS/PP)#no efm-oam threshold bit-errors
device-name(config-if-group)#efm-oam threshold bit-errors seconds <seconds>
error-count <error-count>
device-name(config-if-group)#no efm-oam threshold bit-errors
Argument Description
seconds The number of seconds required for monitoring the bit error-count, in the
range of <1–60>.
error-count The errors bit errors threshold in the range of <1–1000000000>.
no Disables the bit errors monitoring.
bit errors threshold is disabled
Example
device-name(config-if 1/1/1)#efm-oam threshold bit-errors seconds 20 error-
count 100
In this example, the device generates the Errored Symbol Period Event message in case of 100 bit errors
in a 20 seconds time frame.
Page 26
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
To execute this command, first enable EFM-OAM in the Protocol Configuration mode
(see Enabling/Disabling EFM-OAM), otherwise the %EFM-OAM is disabled error is generated.
Command Syntax
device-name(config-if UU/SS/PP)#efm-oam threshold frame-errors [seconds
<seconds> error-count <error-count>]
device-name(config-if UU/SS/PP)#no efm-oam threshold frame-errors
device-name(config-if-group)#efm-oam threshold frame-errors seconds <seconds>
error-count <error-count>
device-name(config-if-group)#no efm-oam threshold frame-errors
Argument Description
seconds The number of seconds required to monitor the frame error-count, in the
range of <1–60>.
error-count The errors frame errors threshold in the range of <1–1488000>.
no Disables the frame errors monitoring.
256 errors during 20 seconds
Example
device-name(config-if 1/1/1)#efm-oam threshold frame-errors seconds 20 error-
count 100
In this example, the device generates the Errored Frame Event message in case of 100 frame errors in
a 20 seconds time frame.
Page 27
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
The efm-oam event-forward command on the source port to enable and an Event Monitoring
action.
CLI Mode: Interface Configuration and Range Interface Configuration
For this command to take effect on the local interface, first enable EFM-OAM in the Protocol
Configuration mode (see Enabling/Disabling EFM-OAM), otherwise the %EFM-OAM is disabled
error is generated. You do not have to enable this option on the remote peer.
Command Syntax
device-name(config-if UU/SS/PP)#efm-oam event-forward {shutdown | status}
UU/SS/PP
device-name(config-if UU/SS/PP)#no efm-oam event-forward
device-name(config-if-group)#efm-oam event-forward {shutdown | status}
UU/SS/PP
device-name(config-if-group)#no efm-oam event-forward
Argument Description
shutdown Shuts down the target interface.
status Forwards a Link Event Notification from the target interface.
UU/SS/PP The target interface (on which the action is performed).
no Disables event monitoring.
event monitoring is disabled
Example
device-name(config-if 1/1/1)#efm-oam event-forward status 1/2/3
Page 28
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-if UU/SS/PP)#[no] efm-oam event-return shutdown <attempts>
Argument Description
attempts The number of discovery attempts before shutting down the port, in the range
of <1–10>.
5 discovery attempts when Event Return feature is enabled
no Disables this feature.
Event Return feature is disabled
Example
device-name(config-if 1/1/1)#efm-oam event-return shutdown 3
Page 29
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Page 30
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Command Syntax
device-name#efm-oam ping UU/SS/PP [number <number>] [delay <delay>] [timeout
<timeout>] [counter <branch> <leaf>] [extended]
Argument Description
UU/SS/PP The interface for EFM-OAM non-intrusive monitoring.
number <number> (Optional) defines the number of echo packets to send, in the range of
<1–10>
5 packets
delay <delay> (Optional) defines the delay between packets, in seconds, in the range
of <0–600>
there is no delay
timeout <timeout> (Optional) define the reply timeout in the range of <1–60> seconds
2 seconds
counter (Optional) defines a different counter for the ping-like operation, from
the options displayed in the below table
aFramesTransmittedOK, branch 7 leaf 2
branch (Optional) selects the branch (see table below).
leaf (Optional) selects the leaf (see table below).
extended (Optional) displays the replay time for every packet.
7 2 aFramesTransmittedOK
7 5 aFramesReceivedOK
7 8 aOctetsTransmittedOK
7 14 aOctetsReceivedOK
7 21 aMulticastFramesReceivedOK
7 22 aBroadcastFramesReceivedOK
Page 31
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
You can perform this test only if both devices support EFM-OAM Loopback.
Command Syntax
device-name#efm-oam loopback UU/SS/PP storm [count <burst-count>] [delay
<delay>] [packet-size <packet-size>] [no-remote-loopback] [timeout
<timeout>]
device-name#efm-oam loopback UU/SS/PP burst [duration <duration>] [packet-
size <packet-size>] [no-remote-loopback]
Argument Description
UU/SS/PP The interface for EFM-OAM non-intrusive monitoring.
Storm Selects a Storm loopback.
count <burst- (Optional) defines the number of packets sent in the Storm loopback, in
the range of <1–2147483646>.
count>
100 packets
delay <delay> (Optional) defines the delay between packets, in seconds, in the range
of <1–600>
there is no delay
packet-size (Optional) defines the test-packets' size, in the range of <64–1512>
<packet-size> bytes
64 bytes
no-remote- (Optional) does not define a remote loopback for this operation (set the
loopback loopback manually).
timeout (Optional) the reply timeout, in the range of <1–600> seconds
<timeout> 2 seconds
Page 32
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Example 1
device-name#efm-oam loopback 1/1/1 storm count 1000 packet-size 64
Setting Loopback ..... Started .... Completed
Generating Test Traffic ..... Started .... Completed
Sent: 1000 packets / 6400 octets
Received Successfully: 999 packets / 6336 octets
Local Remote
InOctets 636728 InOctets 1005096
OutOctets 613104 OutOctets 1136751
InUcastPkts 7500 InUcastPkts 7700
InNUcastPkts 2250 InNUcastPkts 7983
OutUcastPkts 7400
OutNUcastPkts 2176
InDiscards 0
OutDiscards 0
InErrors 0
OutErrors 0
Local Remote
InOctets 1669371083 InOctets 3910908339
OutOctets 632358980 OutOctets 1669699696
InUcastPkts 565339720 InUcastPkts 3223506341
InNUcastPkts 26540 InNUcastPkts 1086852153
OutUcastPkts 402271
OutNUcastPkts 290145
InDiscards 0
OutDiscards 0
InErrors 0
OutErrors 0
Page 33
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Example 2
Local Remote
InOctets 3341384836 InOctets 3341374388
OutOctets 3341374388 OutOctets 3341384767
InUcastPkts 10703329 InUcastPkts 10703329
InNUcastPkts 513 InNUcastPkts 434
OutUcastPkts 10703329
OutNUcastPkts 434
InDiscards 0
OutDiscards 0
InErrors 0
OutErrors 0
Local Remote
InOctets 3341404898 InOctets 3341394516
OutOctets 3341394516 OutOctets 3341404829
InUcastPkts 10703531 InUcastPkts 10703531
InNUcastPkts 606 InNUcastPkts 528
OutUcastPkts 10703531
OutNUcastPkts 528
InDiscards 0
OutDiscards 0
InErrors 0
OutErrors 0
Page 34
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-if UU/SS/PP)#[no] efm-oam accept-remote-loopback
Argument Description
no Disables reaction to loopback control OAMPDUs.
Disabled
Example
device-name(config-if 1/1/1)#efm-oam accept-remote-loopback
Using this command with no parameters displays the identical information as the show efm-oam
statistics command (for more information, refer to Displaying EFM-OAM Local and Remote
Interface Statistics).
Command Syntax
device-name#efm-oam get UU/SS/PP [counter <branch> <leaf>]
Argument Description
UU/SS/PP The interface to get counters from.
counter (Optional) performs a standard get variable operation, from the options
displayed in the below table.
branch (Optional) selects the branch for the get variable operation (see Table 4).
leaf (Optional) selects the leaf for the get variable operation (see Table 4).
Page 35
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Example
device-name#efm-oam get 1/1/1
Waiting to receive remote statistics values
....................
Remote Interface Status Stable
Remote If Status Stable
Remote MAC 00:A0:12:27:14:23
InOctets 363254
OutOctets 181663
InUcastPkts 0
InNUcastPkts 2757
Command Syntax
device-name#efm-oam history clear
Page 36
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
show efm-oam Displays the current EFM-OAM configuration and status for a
specific interface or for all interfaces(see Displaying the EFM-
OAM Status and Configuration)
show efm-oam history Displays the history of the events from the remote device for a
specific interface or for all interfaces (see Displaying EFM-OAM
History on a Specified Interface)
show efm-oam history Displays the number of entries in EFM-OAM history for a specific
count port (see Displaying the EFM-OAM History Count for a Specific
Port)
efm-oam history show Displays EFM-OAM history contents (see Displaying EFM-OAM
History)
show efm-oam Displays the local and remote counters and accumulated statistics
statistics for EFM-OAM on a specified interface (see Displaying the EFM-
OAM Local and Remote Interface Statistics)
Command Syntax
device-name#show efm-oam [extended | UU/SS/PP]
Argument Description
extended (Optional) displays additional details.
UU/SS/PP Selects the interface to display the EFM-OAM configuration and status.
Page 37
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Example 1
device-name#show efm-oam extended
Events sending status: Logging Enabled, Propagation Enabled
Event Notification Duplication Count: 5
Intervals: Keep-Alive is 5000 miliseconds, Hello is 1000 milliseconds
History limit: 24 hours or 5000 entries
Local MAC: 00:A0:12:27:12:40
Efm-Oam Pkts counter : sent = 106680 , received = 377329
Example 2
device-name#show efm-oam
Events sending status: Logging Enabled, Propagation Enabled
Event Notification Duplication Count: 5
Intervals: Keep-Alive is 5000 miliseconds, Hello is 1000 milliseconds
History limit: 24 hours or 5000 entries
Local MAC: 00:A0:12:27:12:40
Efm-Oam Pkts counter : sent = 106776 , received = 377734
Page 38
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Example 3
device-name#show efm-oam 1/2/1
Interface Mode: Enhancements Enabled
Loopback Status: Local
Local State: Active
Remote State: Active
Remote MAC: 00:A0:12:27:14:23
Remote Hostname: T-Marc
Remote Status: Stable
Local Status: Loopback
Remote OID/Vendor Specific: 00:A0:12 / 0x00000000
OAM Version: 1.0
Loopback Capable? Yes Events Capable? Yes
Variables Retrieve Capable? Yes Uni-Directional Mode Capable? Yes
Private Extensions Capable?
Active Remote Flags: ( Local Stable, Remote Stable )
Active Local Flags : ( Local Stable, Remote Stable )
Local Thresholds:
Bit Errors: Disabled
Frame Errors: 256 Window: 20
Command Syntax
device-name#show efm-oam [UU/SS/PP] history
Page 39
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Argument Description
UU/SS/PP (Optional) specifies the interface number for which the EFM-OAM history
is displayed.
Example
device-name#show efm-oam history
3/1/2008 19:20: Port 1/1/1: Remote Link Fault Bit Received
3/1/2008 19:21: Port 1/1/1: Remote Errored Frame Event Received
Timestamp: 12323445 Window: 30 sec
Threshold: 50 Errors: 55
Total Errors: 78654
Total Events: 9943
3/2/2008 19:21: Port 1/1/1: Remote Link Fault Bit Cleared
4/2/2008 22:30, Port 1/2/2: Remote Errored Frame Event Sent
Timestamp: 24523445 Window: 45 sec
Threshold: 10 Errors: 15
Total Errors: 32654
Total Events: 5943
3/4/2008 13:25, Port 1/1/1: Dying Gasp Received
3/4/2008 13:26, Port 1/1/1: Renegotiation Completed.
3/4/2008 13:27, Port 1/1/1: Unknown Organization Specific Event
Command Syntax
device-name#show efm-oam history [count | count UU/SS/PP]]
Argument Description
count (Optional) counts EFM-OAM history
UU/SS/PP The interface to display EFM-OAM statistics for
Example
device-name#show efm-oam history count 1/1/1
Efm-oam history count on interface 1/1/1 is 1
Page 40
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Command Syntax
device-name#efm-oam history show count [UU/SS/PP]
Argument Description
count Counts EFM-OAM history.
UU/SS/PP (Optional) the port on which to display EFM-OAM history.
Example 1
device-name#efm-oam history show
%Efm-Oam history empty
Example 2
device-name#efm-oam history show count
Efm-oam history count is 1
Example 3
device-name#efm-oam history show count 1/1/1
Efm-oam history count on interface 1/1/1 is 1
Page 41
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Command Syntax
device-name#show efm-oam UU/SS/PP statistics
Argument Description
UU/SS/PP The interface to display EFM-OAM statistics for.
Example
device-name#show efm-oam 1/1/1 statistics
Waiting to receive remote statistics values
Page 42
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Log Messages
The following table displays the log messages implemented by the EFM-OAM.
Page 43
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Page 44
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Configuring Device1:
1. Verify if the EFM-OAM protocol is enabled on the device:
Device1#show efm-oam
% EFM-OAM is disabled
Page 45
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
6. Define the aging interval in seconds for the neighboring device that last sent packets:
Device1(cfg protocol)#efm-oam keepalive-interval 3000
Device1(cfg protocol)#exit
7. Enable EFM-OAM on the specified interface and set its mode to active:
Device1(config)#interface 1/1/1
Device1(config-if 1/1/1)#efm-oam active
Configuring Device2:
1. Verify if the EFM-OAM protocol is enabled on the device:
Device2#show efm-oam
% EFM-OAM is disabled
Page 46
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
=================================================================
Port |Local |Remote MAC |Remote |Remote |Local
|State | |State |Status |Status
------+---------+-----------------+---------+---------+----------
1/1/1 |Active |00:A0:12:4B:06:C3|Passive |Loopback |Stable
1/1/2 |Active |Unknown |Unknown |Unknown |Discovery
1/2/1 |Active |Unknown |Unknown |Unknown |Link-Down
…
1/2/8 |Active |Unknown |Unknown |Unknown |Link-Down
Device2#show efm-oam
Events sending status: Logging Enabled, Propagation Enabled
Event Notification Duplication Count: 5
Intervals: Keep-Alive is 5000 miliseconds, Hello is 1000 milliseconds
History limit: 24 hours or 5000 entries
Local Priority is 5
Local MAC: 00:A0:12:4B:06:C3
Efm-Oam Pkts counter : sent = 927 , received = 927
=================================================================
Port |Local |Remote MAC |Remote |Remote |Local
|State | |State |Status |Status
------+---------+-----------------+---------+---------+----------
1/1/1 |Passive |00:A0:12:22:41:60|Active |Stable |Loopback
1/1/2 |Active |Unknown |Unknown |Unknown |Link-Down
1/2/1 |Disabled |Unknown |Unknown |Unknown |Unknown
…
1/2/8 |Disabled |Unknown |Unknown |Unknown |Unknown
Page 47
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
=================================================================
Port |Local |Remote MAC |Remote | Remote | Remote
|State | |State | Port | Hostname
------+---------+-----------------+---------+--------+-----------
1/1/1 |Active |00:A0:12:4B:06:C3|Passive |1/1/1 |Device2
1/1/2 |Active |Unknown |Unknown |UU/SS/PP|Unknown
1/2/1 |Active |Unknown |Unknown |UU/SS/PP|Unknown
…
1/2/8 |Active |Unknown |Unknown |UU/SS/PP|Unknown
=================================================================
Port |Local |Remote MAC |Remote | Remote | Remote
|State | |State | Port | Hostname
------+---------+-----------------+---------+--------+-----------
1/1/1 |Passive |00:A0:12:22:41:60|Active |1/1/1 |Device2
1/1/2 |Active |Unknown |Unknown |UU/SS/PP|Unknown
1/2/1 |Disabled |Unknown |Unknown |UU/SS/PP|Unknown
…
1/2/8 |Disabled |Unknown |Unknown |UU/SS/PP|Unknown
Page 48
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Page 49
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Overview
IEEE 802.1ag Connectivity Fault Management (CFM) refers to the ability of a network to monitor
the health of an end-to-end service delivered to customers (as oppose to just links or individual
bridges). The pre-standard IEEE 802.1ag CFM feature, called MAC ping/trace route, defines the
end-to-end OAM capabilities that are intrinsic to Ethernet technology, enabling service providers to
monitor the Ethernet service that the customer receives.
The 802.1ag CFM standard specifies protocols, procedures, and managed objects to support
transport fault management. These allow:
• the discovery and verification of the frames' path addressed to and from specified network
users
• the detection and isolation of a connectivity fault to a specific bridge or LAN
Ethernet CFM defines proactive and diagnostic fault localization procedures for point-to-point and
multipoint Ethernet Virtual Connections (EVC) that span one or more links.
CFM Purpose
Bridges are increasingly used in networks operated by multiple independent organizations, each
with restricted management access to each other’s equipment.
CFM provides capabilities for detecting, verifying, and isolating connectivity failures in such
networks, where multiple organizations are involved in providing and using the Ethernet service
(such as customers, service providers, and operators).
Customers purchase Ethernet service from service providers. These service providers may utilize
their own networks or the networks of other operators to provide connectivity for the requested
service. Customers themselves may be service providers. For example, a customer may be an
Internet service provider that sells Internet connectivity.
Page 50
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Operators need minimal Ethernet OAM as oppose to providers that need more comprehensive
Ethernet OAM for themselves and the ability to provide customers with better monitoring
functionality.
In order to validate the service quality and to perform fault verification on Maintenance End Points
(MEP) and Maintenance Intermediate Points (MIPs) that belong to the organization, each
organization defines its own maintenance domain. These MEPs and MIPs are then linked to the
relevant domain creating a Maintenance Association (MA).
Page 51
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
The database includes entities MEP Destination MAC Address (DA) and port (format: MEP DA,
Port).
A CCM timeout is used to detect connectivity faults (such as a software failure, memory corruption,
or miss-configuration). A CCM loss is assumed when a MEP does not receive the next CCM from
a remote MEP within the CCM timeout.
If a MEP on a local bridge (local MEP) stops receiving periodic CCMs from a peer MEP on a
remote bridge (remote MEP), it assumes that a failure in the remote bridge or in the continuity of
the path has occurred. If the MEP does not receive three consecutive CCMs, it declares a
connectivity loss.
In this case, the bridge can notify the network management application about the failure and initiate
the fault verification and fault isolation steps either automatically or through an operator command.
Since a short CCM interval rate is a key point in ensuring fast connection-failure detection, the
systems administrator can define a CCM interval rate of down to 3.3 milliseconds.
Page 52
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
In cases that the MEP is deliberately taken out of commission, the MEP indicates this status to
other peer MEPs to avoid triggering false fault detections.
CFM also provides an alarm suppression mechanism in cases where a network fault affects more
than one VLAN and to avoid a situation where different MEPs generate an alarm notifying of the
same common fault.
In the Figure 9 two maintenance entities are shown: one comprising the yellow MEPs and MIPs,
the other comprising orange MEPs and MIPs.
Page 53
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Each MP along the path returns a unicast Linktrace Reply (LTR) back to the originating MEP. The
MEP then sends a single LTM to the next hop along the trace path eventually determining the
MAC address of all MIPs along the MA and their precise location with respect to the originating
MEP.
In case of Ethernet, fault isolation is more challenging due to MAC addresses aging out, erasing the
information needed for locating the fault.
The possible ways to address this issue are:
• Carrying out the Linktrace within the age-out time frame
• Maintaining information about the destination MEP at the MIPs along the path using CCMs
• Maintaining the path's visibility at the source MEPs through periodic LTMs (in intervals larger
than the CCM rate interval)
You can also use the Linktrace mechanism to discover normal data paths through the network,
during times where the network is fault-free. This can be helpful at a later stage, in cases where
Linktrace cannot provide the information needed to isolate a fault and by issuing LBMs to MPs
along the normal data paths to retrieve additional useful information.
Page 54
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Page 55
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Start
Create MEP
End
Page 56
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Start
Is dynamic
SLA No
assurance
required?
Yes
Point-to-Multi-Point
Connection
Create Yes
performance
monitoring
profile?
Create a Performance
Monitoring Profile
No
End
Page 57
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Start
CFM No
Connectivity
Problem?
Yes
End
Page 58
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
cfm Enables/disables the CFM protocol on the devices and enters the
CFM Protocol Configuration mode (see Enabling/Disabling the
CFM Protocol)
domain Creates a maintenance domain with a specified name and level
and enters that Maintenance Domain mode (see Creating and
Accessing a Maintenance Domain)
use-draft61 Enables the compatibility with the old IEEE 802.1ag protocol
version 6.1 (see Enabling the Compatibility with Version 6.1)
show cfm use-draft61 Displays if the compatibility with the old IEEE 802.1ag protocol
version 6.1 is enabled (see Showing the Compatibility with
Version 6.1)
Command Syntax
device-name(config)#cfm [enable | disable]
device-name(config)#no cfm
Argument Description
enable (Optional) enables the CFM protocol
disable (Optional) disables the CFM protocol
Disabled
no Disables the CFM protocol
Page 59
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Examples:
• Enable CFM:
device-name(config)#cfm enable
device-name(config-cfm)#
• Enabling the CFM (using the cfm enable command) when CFM is already enabled, generates
the %CFM is already enabled error message, as displayed below:
device-name(config)#cfm enable
[%Error] %CFM is already enabled
device-name(config)#cfm
device-name(config-cfm)#
Command Syntax
device-name(config-cfm)#domain name NAME level <level>
device-name(config-cfm)#domain name NAME format {none | string} level <level>
device-name(config-cfm-DONAME NAME)#
Argument Description
NAME The domain name.
level The domain level in the range of <0–7>, according to the following rules:
• Operator’s MA levels: 0–2
• Provider’s MA levels: 3–4
• Customer’s MA levels: 5–7
NOTE
This argument is compulsory when creating a new domain.
Do not use this argument for re-entering an existing
domain.
format The way the name will appear in the MAID.
none The domain name does not appear in the MAID.
string The domain name appears as a string in the MAID.
string
no Removes the domain from the CFM protocol.
Page 60
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Examples:
• When reentering an existing domain, using the level argument generates the
[%Error] 'level' is not recognized error message, as displayed below:
device-name(config-cfm)#domain name D5 level 3
device-name(config-cfm-D5)#exit
device-name(config-cfm)#domain name D5 level 3
[%Error] 'level' is not recognized
device-name(config-cfm)#domain name D5
device-name(config-cfm-D5)#
Command Syntax
device-name(config-cfm)#use-draft61
device-name(config-cfm)#no use-draft61
Argument Description
no Restores to default
standard IEEE 802.1ag-2007 (draft 8.1)
Example
device-name(config-cfm)#use-draft61
Command Syntax
device-name(config-cfm)#show cfm use-draft61
Page 61
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-cfm-DONAME NAME)#ma name NAME {vlan-ID <vlan-id> | service
<SVCID>}
device-name(config-cfm-DONAME NAME)#ma name NAME format icc {vlan-ID <vlan-
id> | service <SVCID>}
device-name(config-cfm-DONAME NAME)#ma name NAME format ieee {vlan-ID <vlan-
id> | service <SVCID>}
Argument Description
NAME The MA name up to 22 characters.
vlan-id The unique VLAN identifier of the MA in the range of <1–4094>.
service The unique service ID (SVCID) of a TLS service in the valid range of <1–
<SVCID> 4294967295>.
format The way the name will appear in the MAID.
icc This format is described in ITU-T Y.1731.
ieee This format is described in IEEE 802.1ag.
ieee
no Removes the created MA.
Page 62
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
The MAID is unique over the domain. If the MAID is globally unique, then that domain is global.
CFM can detect connectivity errors only for a list of MEPs with unique MAIDs.
Example 1
• When reentering an existing MA, using the vlan argument generates the
[%Error] 'vlan-ID' is not recognized error message, as displayed below:
device-name(config-cfm-D5)#ma name MA5 vlan-ID 3
device-name(config-cfm-D5-MA5)#exit
device-name(config-cfm-D5)#ma name MA5 vlan-ID 3
[%Error] 'vlan-ID' is not recognized
device-name(config-cfm-D5)#ma name MA5
device-name(config-cfm-D5-MA5)#
Example 2
Page 63
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-cfm-DONAME NAME)#mip-policy {none | explicit | default}
device-name(config-cfm-DONAME NAME)#no mip-policy
Argument Description
none Does not create any MIPs for the specified MA
explicit Configures MIPs only if a MEP exists on a lower MD Level
default Always creates MIPs
MIPs are always created
no Restores to default
Example
device-name(config-cfm)#domain name D7 level 3
device-name(config-cfm-D7)#mip-policy explicit
Command Syntax
device-name(config-cfm-DONAME NAME)#senderid-content {none | hostname |
management-address | all}
device-name(config-cfm-DONAME NAME)#no senderid-content
Page 64
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Argument Description
none Does not send the Sender ID TLV to remote MEPs: the chassis ID and
management information are hidden from all remote sites.
hostname The Sender ID TLV includes only the device hostname: the local hostname is
visible to all remote sites on the MA but the local management address is
hidden.
management- The Sender ID TLV includes only the device's management address: the local
address management mechanism and management address are visible to all remote
sites on the MA but the local hostname is hidden.
all The Sender ID TLV includes both the hostname and the management address
of the device.
hostname and management address of the device
no Restores to default
Example
device-name(config-cfm)#domain name D7 level 3
device-name(config-cfm-D7)#senderid-content management-address
Page 65
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Page 66
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-cfm-DONAME NAME-MA NAME)#hello-interval {300 Hz | 10
milliseconds | 100 milliseconds | 1 second | 1 minute | 10 seconds | 10
minutes}
Argument Description
300 Hz Defines the time interval between two successive CCM packets to
3.3 milliseconds.
10 milliseconds Defines the time interval between two successive CCM packets to 10
milliseconds.
100 milliseconds Defines the time interval between two successive CCM packets to
100 milliseconds.
1 second Defines the time interval between two successive CCM packets to 1
second.
1 second
1 minute Defines the time interval between two successive CCM packets to 1
minute.
10 seconds Defines the time interval between two successive CCM packets to 10
seconds.
10 minutes Defines the time interval between two successive CCM packets to 10
minutes.
Page 67
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Adding/Removing MEPs
The mep command adds local ports or a group of ports as MEPs to a specific maintenance
association.
If the current MA is defined over the service and you are trying to create a MEP on a physical port
or a LAG, the [Error]MA is defined over service message is displayed.
When the MA is not defined over the service, and a MEP is created over VLAN, the [Error]MA
defined over VLAN message is displayed.
NOTE
MEP IDs have to be unique per MA.
Command Syntax
device-name(config-cfm-DOMAIN NAME-MA NAME)#mep <mep-id> {port UU/SS/PP |
ag0N} {in | out}
device-name(config-cfm-DOMAIN NAME-MA NAME)#mep <mep-id> sap SAPSTRING
device-name(config-cfm-DOMAIN NAME-MA NAME)#no mep <mep-id>
Argument Description
mep-id Defines the maintenance end point (MEP) ID, in the range of <1–8191>.
UU/SS/PP Specifies the target interface on which MEP is used.
ag0N Specifies the link aggregation ID (ag01, ag04–ag07) on which MEP is used.
The allowed ID is in the range of <1–7>.
in Defines the MEP Direction to in the bridge.
out Defines the MEP Direction to out the bridge.
sap Creates the MEP on a SAP (part of the service where MA was created on).
SAPSTRING
The SAPSTRING has the UU/SS/PP:CVLANID: format.
The C-VLAN ID is in the range of <1–4094>.
NOTE
To use this command, first create the MA on the service with
ma name NAME service <SVCID> command.
no Removes the MEP from the MA
Page 68
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Examples:
Command Syntax
device-name(config-cfm-DONAME NAME-MA NAME)#ccm-priority <0-7> [mep <mep-id>]
Argument Description
0-7 The VLAN priority.
6
mep-id (Optional) selects a MEP ID to assign the priority to, in the range of
<1–8191>.
Example
device-name(config-cfm-D5-MA5)#ccm-priority 5 mep 1
Page 69
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-cfm-DOMAIN NAME-MA NAME)#mip-policy {none | explicit |
default | defer}
device-name(config-cfm-DOMAIN NAME-MA NAME)#no mip-policy
Argument Description
none Does not create any MIPs for the specified MA.
explicit Creates MIPs only if a MEP exists on a lower MD Level.
default Always creates MIPs.
defer The policy is inherited from the domain policy configuration.
no Restores to defaults.
If no MIP creation policy per MA is defined, the default policy is inherited
from the domain policy configuration
True No
False True No
False False None No
False False Default the MIP Policy Yes
default always
creates MIPs
False False Explicit True Yes
False False The explicit MIP policy False No
depends on the presence of
MEPs at lower level.
All above All above Defer The decision
is taken
NOTE considering
You can define the the setting of
Defer policy only the enclosing
on the MA level domain.
(see Specifying
MIP Creation
Policy (in
Maintenance
Domain))
If you select the defer
argument, the MIP policy is
inherited from the enclosing
Domain.
The table above defines the Level of MIP on a given port and on a given VLAN.
Page 70
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
NOTE
Levels are set optionally by the administrator and depend on that part of the
network that is under monitoring or the place of the device in the network.
Therefore the MIPs appear on ports if there are any Domains and already defined MAs.
It is recommended the levels 7, 6 and 5 to be explored by the users. Levels 3 and 4 are distributed
for the Service Providers. Level 1 and 2 serve the Operators. Level 0 is intended to be closer to the
physical Level.
An Intermediate Service Access Point (ISAP) is a SAP, from a Maintenance Domain, through
which frames can pass in transit from DoSAP to DoSAP.
MIPs are supporting the discovery of paths among MEPs and the location of faults along those
paths.
Example
device-name(config-cfm)#domain name D7 level 3
device-name(config-cfm-D7)#ma name MA7 vlan-id 3
device-name(config-cfm-D7-MA7)#mip-policy explicit
Command Syntax
device-name(config-cfm-DOMAIN NAME-MA NAME)#senderid-content {none | hostname
| management-address | all | defer}
device-name(config-cfm-DOMAIN NAME-MA NAME)#no senderid-content
Argument Description
none Does not send the Sender ID TLV to remote MEPs: the chassis ID and
management information are hidden from all remote sites.
hostname The Sender ID TLV includes only the device hostname: the local
hostname is visible to all remote sites on the MA but the local
management address is hidden.
management- The Sender ID TLV includes only the device's management address: the
address local management mechanism and management address are visible to
all remote sites on the MA but the local hostname is hidden.
all The Sender ID TLV includes both the hostname and the management
address of the device.hostname and management address of the device
defer The content of the Sender ID TLV is decided by the corresponding
setting on the enclosing domain. The values are inherited from the
domain configuration.
defer
Page 71
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
no Restores to default
Example
device-name(config-cfm)#domain name D7 level 3
device-name(config-cfm-D7)#ma name MA7 vlan-id 3
device-name(config-cfm-D7-MA7)#senderid-content hostname
Disable Disable 6
xconCCMdefect DefXconCCM 5 most
errorCCMdefect DefErrorCCM 4
someRMEPCCMdefect DefRemoteCCM 3
someMACstatusDefect DefMACstatus 2
someRDIdefect DefRDICCM 1 least
Page 72
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-cfm-DOMAIN NAME-MA NAME)#fault-alarms-level <priority>
[mep <MEPID>]
device-name(config-cfm-DOMAIN NAME-MA NAME)#no fault-alarms-level [mep
<MEPID>]
Argument Description
priority The defect priority for the specified MEP, in the range of <1–6>.
Selecting priority 6 disables Alarm Reporting.
defect priority is 1 and alarms are generated for all defect conditions.
MEPID (Optional) defines the MEP ID, in the range of <1–8191>.
no Restores to default
Example
In this example, the defect priority of the local MEP ID 10 is configured to 3. In this case, this
MEP reports all defect conditions with a priority equal to or higher than 3:
• It announces the lack of CCMs from a remote MEPs (configured in the local MEPs list)
• It ignores the MAC status defects and the reception of valid CCMs with RDI bit set
device-name(config-cfm)#domain name D7 level 3
device-name(config-cfm-D7)#ma name MA7 vlan-id 3
device-name(config-cfm-D7-MA7)#fault-alarms-level 3 mep 10
Command syntax
device-name(config-cfm-DOMAIN NAME-MA NAME)#clear connectivity [<MEPID>]
Page 73
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Argument Description
MEPID (Optional) defines the remote MEP's ID, in the range of <1–8191>
NOTE
If you do not define a MEP ID, this command clears
all the MEPs in a down state.
Command Syntax
device-name(config-cfm-DOMAIN NAME-MA NAME)#fng-reset-time <250-1000> mep
<1-8191>
device-name(config-cfm-DOMAIN NAME-MA NAME)#no fng-reset-time mep <1-8191>
Argument Description
250-1000 Defines the reset interval time, in hundredths of a second.
1000 hundredths of a second
mep <1-8191> The MEP ID.
no Restores to default
Example
device-name(config-cfm-D7-MA7)#fng-reset-time 850 mep 225
Command Syntax
device-name(config-cfm-DOMAIN NAME-MA NAME)#fng-alarm-time <250-1000> mep
<1-8191>
device-name(config-cfm-DOMAIN NAME-MA NAME)#no fng-alarm-time mep <1-8191>
Page 74
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Argument Description
250-1000 Defines the alarm interval, in hundredths of a second.
250 hundredths of a second
mep <1-8191> The MEP ID.
no Restores to default
Example
device-name(config-cfm-D7-MA7)#fng-reset-time 350 mep 225
Command Syntax
device-name(config-cfm-DOMAIN NAME-MA NAME)#ais-lck {enable | disable}
Example
device-name(config-cfm-D5-MA5)#ais-lck enable
Command Syntax
device-name(config-cfm-DOMAIN NAME-MA NAME)#ais-lck level <1-7>
device-name(config-cfm-DOMAIN NAME-MA NAME)#no ais-lck level
Page 75
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Argument Description
level <1–7> The AIS/LCK level, in the range of <1–7>.
default level is one higher than the configured MA level.
no Restores to default
Example 1
device-name(config-cfm-D5-MA5)#ais-lck level 4
Example 2
device-name(config-cfm-D5-MA5)#ais-lck level 3
[%Error] AIS/LCK should be enabled first
device-name(config-cfm-D5-MA5)#ais-lck enable
device-name(config-cfm-D5-MA5)#ais-lck level 3
Command Syntax
device-name(config-cfm-DOMAIN NAME-MA NAME)#ais-lck priority <0-7>
Argument Description
0-7 The AIS/LCK priority
6
Example 1
device-name(config-cfm-D5-MA5)#ais-lck priority 5
Example 2
device-name(config-cfm-D5-MA5)#ais-lck priority 4
[%Error] AIS/LCK should be enabled first
device-name(config-cfm-D5-MA5)#ais-lck enable
device-name(config-cfm-D5-MA5)#ais-lck priority 4
Page 76
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-cfm-DOMAIN NAME-MA NAME)#ais-lck interval {1 second | 1
minute}
Argument Description
1 second Defines a 1 second interval between two successive AIS or LCK packets
1 second
1 minute Defines a 1 minute interval between two successive AIS or LCK packets
Example
device-name(config-cfm-D5-MA5)#ais-lck interval 1 minute
[%Error] AIS/LCK should be enabled first
device-name(config-cfm-D5-MA5)#ais-lck enable
device-name(config-cfm-D5-MA5)#ais-lck interval 1 minute
Command Syntax
device-name(config-cfm-DOMAIN NAME-MA NAME)#mep-state active <1-8191>
device-name(config-cfm-DOMAIN NAME-MA NAME)#no mep-state active
Argument Description
1-8191 Specifies the MEP ID.
MEP state is inactive
no Restores the default.
Page 77
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-cfm-DOMAIN NAME-MA NAME)#mep-ccm enabled <1-8191>
device-name(config-cfm-DOMAIN NAME-MA NAME)#no mep-ccm enabled
Argument Description
1-8191 Specifies the MEP ID.
MEP is not able to send CCMs
no Restores the default.
Example
device-name(config-cfm-D1)#ma name MA1 vlan-id 3
device-name(config-cfm-D1-MA1)#mep-ccm enabled 1
Page 78
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-cfm)#[no] profile PROFNAME
Argument Description
PROFNAME Defines the monitoring profile name.
when CFM protocol is enabled, a default profile is created automatically
no Removes the configured profile.
Example
device-name(config-cfm)#profile p1
device-name(config-cfm-profile-p1)#exit
Page 79
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-cfm)#[no] process PROCNAME domain DOMAIN NAME ma MA NAME
[repeat minutes <minutes> seconds <seconds>] [profile PROFNAME]
Argument Description
PROCNAME Defines the monitoring process name.
DOMAIN NAME The maintenance domain name used by the process.
MA NAME The maintenance association name that the process monitors.
repeat minutes (Optional) defines the repetition interval of the monitoring process.
<minutes>
seconds The valid range is:
<seconds> • <0–60> minutes
• <0–60> seconds
1 minute
profile PROFNAME (Optional) selects the monitoring profile name.
no Removes the existing configuration.
NOTE
The command is rejected if you add a process with an existing name but change the
repeat interval.
The command is accepted if you add a process with an existing name but change
the profile name and the repeat interval (even if the profile has the same
configuration as the previous).
Example
device-name(config-cfm)#process proc1 domain d7 ma ma7 profile p1 repeat
minutes 0 seconds 1
device-name(config-cfm)#process proc1 domain d7 ma ma7 profile p1 repeat
minutes 1 seconds 1
% Process proc1 is already using profile p1 for domain d7 and ma ma7
Page 80
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-cfm)#update-interval <0-65535>
Argument Description
0–65535 Defines the time between monitoring parameters update, in seconds. A
value of 0 suspends the monitoring task and a value different from 0
resumes it.
20 seconds
Example
device-name#update-interval 60
Page 81
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Page 82
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Command Syntax
device-name(cfg-cfm-profile-PROFNAME)#priority <priority>
Argument Description
priority The 802.1p class-of-service setting, in the range of <0–7>.
0
Command Syntax
device-name(cfg-cfm-profile-PROFNAME)#rate <packet-rate>
Argument Description
packet-rate The number of Loopback Request packets sent each time, in the range
of <1–3>.
1
Command Syntax
device-name(cfg-cfm-profile-PROFNAME)#size <0-1462>
Argument Description
0-1462 The Loopback Request data TLV payload, in the range of <0–1462>
bytes.
0 bytes
Page 83
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Command Syntax
device-name(cfg-cfm-profile-PROFNAME)#1wJitter-error <1wJitter-error>
Argument Description
1wJitter-error Defines the one-way jitter error value to monitor, in the range of
<1–10000> milliseconds.
350 milliseconds
Command Syntax
device-name(cfg-cfm-profile-PROFNAME)#1wJitter-warning <1wJitter-warning>
Argument Description
1wJitter-warning Defines the one-way jitter warning value to monitor, in the range of
<1–10000> milliseconds.
300 milliseconds
Command Syntax
device-name(cfg-cfm-profile-PROFNAME)#jitter-error <jitter-error> [period
<jitter-error-time>]
Page 84
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Argument Description
jitter-error The jitter error value to monitor, in the range of <1–10000>
milliseconds.
700 milliseconds
period <jitter- (Optional) defines the jitter duration, in the range of <1–3600> seconds.
error-time>
90 seconds
Command Syntax
device-name(cfg-cfm-profile-PROFNAME)#jitter-warning <jitter-warning> period
<jitter-warning-time>
Argument Description
jitter-warning The two-way jitter warning value to monitor, in the range of <1–10000>
milliseconds.
600 milliseconds
period <jitter- (Optional) defines the jitter duration, in the range of <1–3600> seconds.
warning-time>
180 seconds
Command Syntax
device-name(cfg-cfm-profile-PROFNAME)#frame-loss-error <frame-loss-error>
Argument Description
frame-loss-error The two-way frame-loss error value, in percents, in the range of
<0–99>.
10% frame loss
Page 85
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Command Syntax
device-name(cfg-cfm-profile-PROFNAME)#frame-loss-warning <frame-loss-warning>
Argument Description
frame-loss- The two-way frame-loss warning value, in percents, in the range of
warning <0–99>. If you define a value greater than the frame-loss-error
value, the frame-loss-warning is disabled.
8% frame loss
Command Syntax
device-name(cfg-cfm-profile-PROFNAME)#latency-error <latency-error> [period
<latency-error-time>]
Argument Description
latency-error The two-way latency error threshold, in the range of <1–10000>
milliseconds.
2000 milliseconds
period <latency- (Optional) defines the latency increase duration, in the range of
error-time> <1–3600> seconds.
90 seconds
Page 86
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Command Syntax
device-name(cfg-cfm-profile-PROFNAME)#latency-warning <latency-warning>
[period <latency-warning-time>]
Argument Description
latency-warning The two-way latency warning threshold, in the range of <1–10000>
milliseconds.
1600 milliseconds
period <latency- (Optional) defines the latency increase duration, in the range of
warning-time> <1–3600> seconds.
180 seconds
NOTE
If you define a threshold that is larger than the corresponding error threshold,
the warning threshold is disabled.
Command Syntax
device-name(cfg-cfm-profile-PROFNAME)#results-bucket-size <bucket-size>
Argument Description
bucket-size The number of results saved for jitter calculation, in the range of
<2–255> results.
20 results
Page 87
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
show cfm Displays the current CFM configuration and status (see
Displaying the CFM Configuration)
show cfm connectivity Displays connectivity statistics for all configured domains or for a
specified domain (see Displaying Connectivity Statistics)
show cfm profile Displays the monitoring parameters for a specified monitoring
profile or for all profiles (see Displaying Monitoring
Parameters)
show cfm process Displays performance statistics for a specified domain or all
domains (see Displaying Performance Statistics)
show cfm update- Displays the update interval value (see Displaying the Update
interval Interval)
cfm linktrace Sends a linktrace message to a specific MEP or MIP in a specified
domain (see Sending Linktrace Messages
cfm loopback Sends a loopback message to a specific MEP or MIP in a
specified domain (see Sending Loopback Messages)
Command Syntax
device-name#show cfm [UU/SS/PP | ag0N | interfaces | domain level <0-7>]
Argument Description
UU/SS/PP (Optional) the port for which MEPs and MIPs details are displayed.
ag0N (Optional) the aggregated port for which MEPs and MIPs details are
displayed. The allowed LAG ID numbers are in the range of <1–7>.
interfaces (Optional) the current CFM entities (MIPs, MEPs).
domain level (Optional) the CFM entities (MIPs, MEPs) for a specific domain level.
<0-7>
Page 88
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
The command displays two state types per MEP: Administrative and Operative (as detailed in the
below table):
Table 15: The show cfm Command Parameters Displayed (for Local MEPs)
Parameter Description
Adm State Indicates whether CFM packets are being sent or not. The
available states are:
• Up: the MEP is functioning normally and sends packets
• Down: the MEP is not functioning properly and is not able to
send packets
Oper state Displays the status of the port assigned to the MEP. The available
states are:
• Up: MEP functions normally and CFM PDUs are sent
• Down: at least one of the remote MEPs configured to this
MEP has failed and CFM PDUs are not sent.
• Block: the port is blocked by the xSTP protocol
• Test: a status that might be set as a result of an IEEE Std.
802.3ah OAM intrusive loopback operation
• NoDat: no data and no CFM Messages are received for an
excessive length of time
Example 1
device-name#show cfm
Domain: d1 (string)
Level: 1
Mip Policy: default
Sender ID Content: all
Local MEPs
======================================================
|MEP | SAP |Adm |Oper |Alarm|CCM |
| | |State|State|Level|Prio|
|----+------------------------+-----+-----+-----+----|
| 2|1/2/4:untagged: | Up |Up | 1 | 6 |
======================================================
Page 89
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Local MIPs
=============================================================
| MP | SDP | Domain | MA | MD | SVC |
| Type | | name | name | Level | ID |
|------+------------+----------+----------+-------+----------|
| MIP |1/1/1:10 | 1| 1| 1 | 33|
=============================================================
Domain: d3 (string)
Level: 3
Mip Policy: default
Sender ID Content: all
Local MEPs
===================================================
| MEP | Port | Adm | Oper | Alarm | CCM |
| | | State | State | Level |Priority|
|-----+----------+-------+-------+-------+--------|
| 3 | 1/2/1 | Up |Down | 1 | 6 |
===================================================
Local MIPs
=======================================================
| MP | Port | Domain | MA | MD | VLAN |
| Type | | name | name | Level | ID |
|------+----------+----------+----------+-------+------|
| MIP | 1/2/2| 3| 3| 3 | 10 |
=======================================================
Example 2
device-name#show cfm 1/2/2
========================================
| MP | Direction | ID | MD | VLAN |
| Type | | | Level | ID |
|------+-----------+------+-------+------+
| MEP | IN | 226 | 5 | 5 |
| MIP | | | 6 | 10|
========================================
Page 90
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Example 3
device-name#show cfm interfaces
Port 1/1/1
========================================
| MP | Direction | ID | MD | VLAN |
| Type | | | Level | ID |
|------+-----------+------+-------+------+
| MIP | OUT | 0 | 1 | 10 |
==========================================
Port 1/2/2
==========================================
| MP | Direction | ID | MD | VLAN |
| Type | | | Level | ID |
|------+-----------+------+-------+------+
| MEP | | 224 | 1 | 10 |
========================================
SDP 1/1/1:10
========================================
| MP | Direction | ID | MD | SVC |
| Type | | | Level | ID |
|------+-----------+------+-------+------+
| MIP | | 0 | 1 | 33 |
========================================
SAP 1/2/2:untagged:
========================================
| MP | Direction | ID | MD | SVC |
| Type | | | Level | ID |
|------+-----------+------+-------+------+
| MEP | IN | 2 | 1 | 33 |
==========================================
Page 91
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Example 4
device-name#show cfm domain level 1
Domain: d5 (string)
Level: 5
Mip Policy: default
Sender ID Content: all
Maintenance association: ma1 (string)
VLAN ID: 10
CCM Priority: 6
Hello interval (ms): 1000
Mip Policy: defer
Sender ID Content: defer
Local MIPs
=======================================================
| MP | Port | Domain | MA | MD | VLAN |
| Type | | name | name | Level | ID |
|------+----------+----------+----------+-------+------|
| MIP | 1/1/1 | d1| ma1| 1 | 10 |
| MIP | 1/1/2 | d1| ma1| 1 | 10 |
=========================================================
Example 5
device-name#show cfm ag01
Nothing defined on port
device-name#show cfm ag02
Local MEPs
==============================================================================
| MP | Direction | ID | Adm | Oper | Domain | MA | MD | VLAN|
| Type | | | State | State | name | name | Level ID |
|------+-----------+------+-------+-------+----------+----------+-------+------
| MEP | OUT | 1000 | Down | Down |Customer_L| MA10 | 7 | 10|
==============================================================================
Command Syntax
device-name#show cfm connectivity [domain NAME] [ma MA NAME] [extended]
Page 92
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Argument Description
domain NAME (Optional) the maintenance domain's name to display connectivity statistics
for.
the statistics for all defined domains are displayed
ma MA NAME (Optional) the maintenance association's name to display connectivity
statistics for.
the statistics for all domains (defined above) MAs are displayed
extended (Optional) displays information extracted from the Port ID TLV in CCMs
Example 1
device-name#show cfm connectivity
Domain: d5 (string)
Level: 5
Maintenance association: ma5 (string)
VLAN ID: 11
Hello interval (ms): 1000
Example 2
device-name#show cfm connectivity extended
Domain: D6 (string)
Level: 6
Page 93
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
The command displays two state types per MEP: Administrative and Operative (as detailed in the
below table).
Table 16: The show cfm connectivity extended Command Parameters (Remote
MEP)
Parameter Description
Adm State Indicates whether CFM packets are received or not. The available
states are:
• Up: the MEP is functioning normally and packets are received
• Fail: the MEP is not functioning properly and no packets were
received in the last 3.5 CCM lifetime intervals
Oper state Displays the status of the port assigned to the MEP. The available
states are:
• Up: MEP functions normally and CFM PDUs are received
• Down: at least one of the remote MEPs configured to this
MEP has failed and CFM PDUs are not recieved.
• Block: the remote port is blocked by the xSTP protocol
• Test: a status that might be set as a result of an IEEE Std.
802.3ah OAM intrusive loopback operation
• NA: the received CCMs do not contain the interface status
TLV or they contain an invalid interface status value.
• There are other available statuses defined by IEEE Std.
802.1ag: unknown, dormant, notPresent, lowerLayerDown
(the operating status displays these statuses only if some
other vendor transmits them, but the T-Marc does not
broadcast such states)
Command Syntax
device-name#show cfm profile [PROFILE NAME]
Argument Description
PROFILE NAME (Optional) the profile name to display.
Page 94
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Example
device-name#show cfm profile default
Process name: default
Priority: 3; Rate: 1; Payload size: 0; Bucket size: 20;
Thresholds (value<ms>/duration<s>):
1W Jitter error: 350 1W Jitter warning: 300
2W Jitter error: 700/90 2W Jitter warning: 600/180
Latency error: 2000/90 Latency warning: 1600/180
Frame loss error: 10.00% Frame loss warning: 8.00%
Command Syntax
device-name#show cfm process [PROCNAME]
Argument Description
PROCNAME (Optional) the process name to display
all domains' performance statistics are displayed
Example 1
device-name#show cfm process Proc1
Process: Proc1
Monitoring profile: default
Domain: D1; Level: 3
Maintenance association: MA1; VLAN-ID: 3
Loopback interval: 10; Loopback- timeout: 4200 sec
Results- bucket- size: 120
====================================================
MAC-address |One-way|Two-way| Latency | Frame |
| jitter| jitter| | loss |
-------------------+-------+-------+---------+--------
00:A0:12:27:12:40| 100 | 98 | 10 | 10% |
00:A0:12:27:12:40| 80 | 99 | 5| 2% |
====================================================
Page 95
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Example 2
If you configure the update interval to zero seconds (monitoring is suspended), this command
displays only the processes but not monitoring tables (see Configuring the Time between
Performance Parameters Update).
device-name(config-cfm)#update interval 0
device-name(config-cfm)#end
device-name#show cfm process
The Performance monitoring is disabled. The update interval is set to 0
Process: 1
Monitoring profile: default
Domain: d1; Level: 1
Maintenance Association: ma1; VLAN-ID: 10
Loopback interval: 60s; Loopback timeout: 1200s;
Results bucket size: 20
Command Syntax
device-name#show cfm update-interval
Example
device-name(config-cfm)#update interval 10
device-name(config-cfm)#end
device-name#show cfm update-interval
Update interval is set to: 10 seconds
Page 96
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Command Syntax
device-name#cfm linktrace domain NAME ma MA-NAME mep <mep-id> {target-mip
HH:HH:HH:HH:HH:HH | target-mep <mep-id>} [timeout <timeout>] [ttl
<TTL>]
Argument Description
domain NAME The maintenance domain.
ma MA-NAME The maintenance association.
mep <mep-id> The Source MEP ID, in the range of <1–8191>.
target-mip The MAC address of the linktrace destination MIP.
HH:HH:HH:HH:HH:HH
target-mep The linktrace destination MEP ID, in the range of <1–8191>.
<mep-id>
timeout <timeout> (Optional) the linktrace reply (LTR) timeout, in the range of <1–60>
seconds
2 seconds
ttl <TTL> (Optional) the initial TTL field value, in the range of <1–255>.
Example
device-name#cfm linktrace domain d5 ma ma5 mep 204 target-mep 201
Tracing link from mep 204 to mep-id 201 (00:A0:12:11:11:11)
Sending loopback message to refresh MAC address tables...
Loopback reply received
Sending Linktrace Message
Waiting to receive Linktrace Replies
Reply with ttl 63 transID 7674 from 00:A0:12:11:11:11 (5 ms)
Target MAC found
Done.
Page 97
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Command Syntax
device-name#cfm loopback domain NAME ma MA NAME mep <mep-id> {target-mep
<mep-id> | target-mip HH:HH:HH:HH:HH:HH} [number <number> | infinite]
[delay <delay>] [timeout <timeout>] [payload-size <size>]
Argument Description
domain NAME The maintenance domain.
ma MA NAME The maintenance association.
mep <mep-id> The Source MEP ID, in the range of <1–8191>.
target-mep The loopback destination MEP ID, in the range of <1–8191>.
<mep-id>
target-mip The MAC address of the linktrace destination MIP.
HH:HH:HH:HH:HH:HH
number <number> (Optional) defines the number of loopback messages sent, in the
range of <1–1024>
3 messages
infinite (Optional) configure the loopback to run continuously until you press
<ESC>
NOTE
Using this argument changes the delay value to 1, in
case you previously defined the delay value to 0.
delay <delay> (Optional) the delay between 2 consecutive loopback messages, in
the range of <0–60> seconds
5 seconds
timeout <timeout> (Optional) the loopback reply (LBR) timeout, in the range of <1–60>
seconds
2 seconds
payload-size (Optional) the loopback message PDU size, in the range of <0–1462>
<size> bytes
0 bytes
Page 98
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Example 1
device-name#cfm loopback domain D5 ma ma5 mep 17 target-mep 13 number 5 size
64
Sending 5 loopback message to mep-id 13 (00:A0:12:27:00:80)
.....
Done.
Sent 5. Received ok 5. Out of order 0. Bad 0. Success rate 100.0%
Time msec.(min/avg/max): 0.5/1/1.5
Example 2
device-name#cfm loopback domain d5 ma ma5 mep 17 target-mip 00:A0:12:22:5A:00
number 5 size 64
Sending 5 loopback message(s) to mip 00:A0:12:22:5A:00
..................................................
Done.
Sent 5. Received ok 5. Out of order 0. Bad 0. Success rate 100%
Time msec. (min/avg/max): 0.5/1/1.5
Page 99
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Configuring Device1:
1. Create a VLAN with the specified name vl10 and ID 10:
Device1#configure terminal
Device1(config)#vlan
Device1(config vlan)#create vl10 10
2. Change the configuration mode to a specified VLAN Configuration mode specified by name
in the command argument:
Device1(config vlan)#config vl10
Page 100
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
6. Create a maintenance domain with a specified name d7 and level 7 and create a maintenance
association within a specified domain:
Device1(config-cfm)#domain name d7 level 7
Device1(config-cfm-d7)#ma name ma7 vlan-ID 10
7. Specify the identification data sent to the remote MEPs creation policy on the specified MA:
Device1(config-cfm-d7-ma7)#senderid-content hostname
Device1(config-cfm-d7-ma7)#mip-policy explicit
Configuring Device2:
1. Create a VLAN with the specified name vl10 and ID 10:
Device2#configure terminal
Device2(config)#vlan
Device2(config vlan)#create vl10 10
2. Change the configuration mode to a specified VLAN Configuration mode specified by name
in the command argument:
Device2(config vlan)#config vl10
Page 101
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
6. Create a maintenance domain with a specified name d7 and level 7 and create a maintenance
association within a specified domain:
Device2(config-cfm)#domain name d7 level 7
Device2(config-cfm-d7)#ma name ma7 vlan-ID 10
7. Specify the identification data to be sent to the remote MEPs and the MIP creation policy on
the specified MA:
Device2(config-cfm-d7-ma7)#senderid-content hostname
Device2(config-cfm-d7-ma7)#mip-policy explicit
Profile name: p1
Priority: 0; Rate: 3; Payload size: 0; Bucket size: 20;
Thresholds (value<ms>/duration<s>):
1W Jitter error: 350 1W Jitter warning: 300
2W Jitter error: 700/90 2W Jitter warning: 600/180
Latency error: 2000/90 Latency warning: 1600/180
Frame loss error: 10.00% Frame loss warning: 8.00%
Page 102
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Local MEPs
===============================================================
| MEP | Port | Adm |CCM| Oper | Alarm | CCM | Sent |
| | | State|En |State | Level |Priority| CCM |
|-----+----------+------+---+-------+-------+--------+--------|
| 1| 1/2/1| Up |Yes| UP | 1 | 6 | 80|
===============================================================
Page 103
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Page 104
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Configuring Device1:
1. Create a VLAN with the specified name vl10 and ID 10:
Device1#configure terminal
Device1(config)#vlan
Device1(config vlan)#create vl10 10
2. Change the configuration mode to a specified VLAN Configuration mode specified by name
in the command argument:
Device1(config vlan)#config vl10
6. Create a maintenance domain with a specified name d7 and level 7 and create a maintenance
association within a specified domain:
Device1(config-cfm)#domain name d7 level 7
Device1(config-cfm-d7)#ma name ma7 vlan-ID 10
Page 105
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Configuring Device2:
1. Create a VLAN with the specified name vl10 and ID 10:
Device2#configure terminal
Device2(config)#vlan
Device2(config vlan)#create vl10 10
2. Change the configuration mode to a specified VLAN Configuration mode specified by name
in the command argument:
Device2(config vlan)#config vl10
6. Create a maintenance domain with a specified name d7 and level 7 and create a maintenance
association within a specified domain:
Device2(config-cfm)#domain name d7 level 7
Device2(config-cfm-d7)#ma name ma7 vlan-ID 10
Page 106
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Configuring Device3:
1. Create a VLAN with the specified name vl10 and ID 10:
Device3#configure terminal
Device3(config)#vlan
Device3(config vlan)#create vl10 10
2. Change the configuration mode to a specified VLAN Configuration mode specified by name
in the command argument:
Device3(config vlan)#config vl10
6. Create a maintenance domain with a specified name d7 and level 7 and create a maintenance
association within a specified domain:
Device3(config-cfm)#domain name d7 level 7
Device3(config-cfm-d7)#ma name ma7 vlan-ID 10
Page 107
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Clearing the Remote Inactive and Unused MEPs with the clear
connectivity Command:
Device1#configure terminal
Device1(config)#cfm
Device1(config-cfm)#domain name d7
Device1(config-cfm-d7)#ma name ma7
Device1(config-cfm-d7-ma7)#clear connectivity
Device1(config-cfm-d7-ma7)#end
Page 108
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Overview
CFM-OAM SAA Throughput tests are out-of-service applications that provide traffic
measurements between two network elements.
These tests are based on CFM domains, MEPs, and MAs (see 802.1ag Connectivity Fault Management
(CFM))
CAUTION
Initiating these tests stops all traffic on the test devices.
Page 109
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
To perform the unidirectional throughput test, the system administrator needs to define the
following parameters:
• The test-head (source) and test-tail (target) within an existing domain
• PDU sizes: since this test calculates performance for each PDU size (64, 128, 256, 512, 1024,
1280, 1518, 2000, 9000 bytes), displaying the test results per PDU size, the system
administrator has to select the relevant PDU sizes for the test.
• Maximum traffic rate, and the ratio between the constant and burst traffic rate: the test sends
two streams of traffic from the test-head, together concluding the test's maximum traffic rate:
Stream 1: The constant traffic rate (simulating the Committed Information Rate—CIR).
In default setting, this stream takes up 90% of the maximum traffic rate.
Stream 2: The burst traffic rate (simulating the Committed Burst Size—CBS). In default
setting, this stream takes up the remaining 10% of the maximum traffic rate.
• PDU burst size (in packets) for stream 2, which is CBS/PDU size
• The test length: the test duration per selected PDU size
When executing the test, the test-tail calculates the packet count for each test sequence, sending the
results to the test-head. Based on this message, the test-head reduces the test rate or continues to
the next PDU size.
To ensure the notification delivery, the test-tail keeps sending the results until the test-head sends a
reply to the test-tail or until it reaches the configured timeout.
If the test-head does not receive the message, it stops the test.
The bi-directional throughput test generates test frames using 802.1ag LBM/LBR format.
Page 110
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
To perform the bi-directional throughput test, the system administrator needs to define the
following parameters:
• The test-head (source) and test loopback (target) within an existing domain
• PDU sizes: since this test calculates performance for each PDU size (64, 128, 256, 512, 1024,
1280, 1518, 2000, 9000 bytes), displaying the test results per PDU size, the system
administrator has to select the relevant PDU sizes for the test.
• Maximum traffic rate, and the ratio between the constant and burst traffic rate: the test sends
two streams of traffic from the test-head, together concluding the test's maximum traffic rate:
Stream 1: The constant traffic rate (simulating the Committed Information Rate—CIR).
In default setting, this stream takes up 90% of the maximum traffic rate.
Stream 2: The burst traffic rate (simulating the Committed Burst Size—CBS). In default
setting, this stream takes up the remaining 10% of the maximum traffic rate.
• PDU burst size (in packets) for stream 2, which is CBS/PDU size
• The test length: the test duration per selected PDU size
• Select one of the below the loopback types:
MAC SA/DA swap and LBM to LBR swap
MAC SA/DA swaps only
When performing a bi-directional throughput test:
• The test transmits PDUs in the defined CIR rate for a single test duration to determine
whether the frame-loss drops from a configurable threshold.
• After finishing the packets transmission, the test suspends for a period of time equal to the
maximum latency in which all the packets arrive.
• Each transmitted PDU has an ID (sequence number) and timestamp used for statistics
calculation.
• If the frame-loss is above the maximum frame-loss percentage, the source repeats the test in a
lower rate until frame loss is within the configured SLA range.
• Display the following results: Maximum successful throughput, frame-loss measured at that
throughput, and total packets sent.
Page 111
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Page 112
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
saa throughput test Creates a throughput test and enters the Throughput Test
Configuration mode (see Creating a Throughput Test)
type Defines the throughput test type (see Defining the Source for
Throughput Test)
source Defines the parameters of the generated traffic (see Defining the
Source for Throughput Test)
c-vlan Defines the C-VLAN in the generated test packets (see Defining
the C-VLAN)
target Defines the throughput test destination (see Defining the
Throughput Test Target)
cir Defines the maximum committed information rate (CIR) of the test
packets (see Defining the Maximum Test Rate)
cbs Defines the committed burst size (CBS) and its ratio for the
second stream in the unidirectional testing (see Defining the Burst
Size for the Unidirectional Test)
duration Defines the duration of a single test sequence (see Defining the
Test Duration)
pattern Defines the pattern of the test packet (see Defining the Test
Packet Pattern)
frame-loss Defines the allowed frame-loss ratio threshold for throughput test
(see Defining the Frame Loss Ratio Threshold)
data-size Defines the list of data-sizes for which the throughput test is
executed (see Defining the Test's Data-Size)
timeout Defines the maximum timeout for the test packets (see Defining
the Test Timeout)
result-ack-timeout Defines the time to wait for the test-tail to send acknowledgement
(see Defining the Result Acknowledge Timeout)
loopback-type Defines the loopback type (see Defining the Loopback Type)
shutdown Stops/starts the throughput test (see Starting/Stoping the
Throughput Test)
show saa throughput Displays the results of the throughput test (see Displaying the
test Throughput Test Results)
Page 113
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
NOTE
You have to shutdown the test in order to change its configuration or remove it.
NOTE
If you try to create a throughput test with a name already used by the SAA test,
an error message is displayed; see Example 2 below.
Command Syntax
device-name(config)#saa throughput test NAME
device-name(config)#no saa throughput test NAME
Argument Description
NAME Specifies the test's name, a string of up to 10 characters.
no Removes the specified test.
Example 1
device-name(config)#saa throughput test t1
device-name(config-saa-throughput)#
Example 2
device-name(config)#saa test T1
device-name(config-saa-T1)#exit
device-name(config)#saa throughput test T1
[%Error] A saa test named T1 already exist
Example 3
device-name(config)#saa throughput test T33
Max number of throughput tests reached
Page 114
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-saa-throughput)#type {uni-test-head | bi-test-head | uni-
test-tail | bi-test-loopback}
Argument Description
uni-test-head Defines a unidirectional throughput test.
bi-test-head Defines a bi-directional throughput test.
uni-test-tail Defines the test-tail functionality during a unidirectional throughput
test.
bi-test-loopback Defines the test-loopback functionality during a bi-directional test.
Examples:
Page 115
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
NOTE
Configure the domain, MA, and MEP prior to running this command.
Configure this command immediately after the type command.
Command Syntax
device-name(config-saa-throughput-uth)#source cfm domain NAME ma NAME mep <ID>
[drop-eligible] [priority <0-7>]
device-name(config-saa-throughput-uth)#no source
device-name(config-saa-throughput-bth)#source cfm domain NAME ma NAME mep <ID>
[drop-eligible] [priority <0-7>]
device-name(config-saa-throughput-bth)#no source
device-name(config-saa-throughput-tt)#source cfm domain NAME ma NAME mep <ID>
device-name(config-saa-throughput-tt)#no source
device-name(config-saa-throughput-loopback)#source cfm domain NAME ma NAME mep
<ID>
device-name(config-saa-throughput-loopback)#no source
Argument Description
cfm Uses IEEE 802.1ag CFM protocol.
domain NAME Specifies the CFM domain.
ma NAME Specifies the CFM MA (defines the S-VLAN and priority).
mep <ID> Specifies the MEP ID, in the range of <1–8191>.
drop-eligible (Optional, valid only for unidirectional and bi-directional test-heads)
defines Data Exchange Interface (DEI) for S-TAG.
DEI is 0 (not drop-eligible)
priority <0-7> (Optional, valid only for unidirectional and bi-directional test-heads)
allows you to override default VPT bits for S-VLAN.
6
no Removes the previous configuration.
Page 116
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Examples
• The domains, MA, and MEP must be configured prior to executing the source command.
device-name(config-saa-throughput-uth)#source cfm domain d7 ma ma7 mep 10
drop-eligible priority 5
• If the domains, MA, and MEP are not already configured, the below messages are displayed:
device-name(config-saa-throughput-uth)#source cfm domain d7 ma ma7 mep 10
drop-eligible priority 5
%Error.'d7' does not exist
%Error.'ma7' does not exist
%Error.'10' does not exist
Command Syntax
device-name(config-saa-throughput-uth)#c-vlan <c-vlan-id> [drop-eligible]
[priority <0-7>]
device-name(config-saa-throughput-uth)#no c-vlan
device-name(config-saa-throughput-bth)#c-vlan <c-vlan-id> [drop-eligible]
[priority <0-7>]
device-name(config-saa-throughput-bth)#no c-vlan
device-name(config-saa-throughput-tt)#c-vlan <c-vlan-id> [drop-eligible]
[priority <0-7>]
device-name(config-saa-throughput-tt)#no c-vlan
device-name(config-saa-throughput-loopback)#c-vlan <c-vlan-id> [drop-eligible]
[priority <0-7>]
device-name(config-saa-throughput-loopback)#no c-vlan
Argument Description
c-vlan <c-vlan-id> Defines the C-VLAN ID, in the range of <1–4094>.
drop-eligible (Optional) specifies the DEI bit.
0 (not drop-eligible)
priority <0-7> (Optional) defines the 802.1p priority bits.
0
no Restores to defaults.
packets are not tagged
Example
device-name(config-saa-throughput-uth)#c-vlan 10 drop-eligible priority 5
Page 117
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
NOTE
Configure the target after configuring the source and the target MEP.
Command Syntax
device-name(config-saa-throughput-uth)#target {mip HH:HH:HH:HH:HH:HH | mep
<mep-id>}
device-name(config-saa-throughput-uth)#no target
device-name(config-saa-throughput-bth)#target {mip HH:HH:HH:HH:HH:HH | mep
<mep-id>}
device-name(config-saa-throughput-bth)#no target
Argument Description
mip HH:HH:HH:HH:HH:HH Specifies the target MIP MAC address.
mep <mep-id> Defines the target MEP ID, in the range of <1–8191>.
no Removes the previous configuration.
Examples
Page 118
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
NOTE
The CBS value must be smaller than CIR x Duration value.
Command Syntax
device-name(config-saa-throughput-uth)#cir <rate>
device-name(config-saa-throughput-uth)#no cir
device-name(config-saa-throughput-bth)#cir <rate>
device-name(config-saa-throughput-bth)#no cir
Argument Description
rate Defines the test packets maximum rate, in the range of <64–1000000> kbps.
500 Mbps
no Restores to default.
Example
device-name(config-saa-throughput-uth)#cir 150
NOTE
The CBS value must be smaller than the CIR x Duration value.
Command Syntax
device-name(config-saa-throughput-uth)#cbs <burst-size> percentage <0-100>
device-name(config-saa-throughput-uth)#no cbs
Page 119
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Argument Description
burst-size Defines the burst size, in the range of <10–2048> KB.
1 MB
percentage <0-100> Defines the bursty stream's ratio in the unidirectional throughput
test.
no Restores to default
Example
device-name(config-saa-throughput-uth)#cbs 64 percentage 55
Command Syntax
device-name(config-saa-throughput-uth)#duration <time>
device-name(config-saa-throughput-uth)#no duration
device-name(config-saa-throughput-bth)#duration <time>
device-name(config-saa-throughput-bth)#no duration
Argument Description
time Defines the duration value, in the range of <1–10> seconds.
5 seconds
no Restores to default
Examples:
• Here, the CBS value is larger than the CIR x Duration value (in the example: 150>2 x 64). An
error message appears. When changing the CIR value and fulfilling this condition, CIR accepts
the new value.
device-name(config-saa-throughput-uth)#duration 2
device-name(config-saa-throughput-uth)#cbs 150 percentage 30
device-name(config-saa-throughput-uth)#cir 64
%Value given for CIR is invalid (CBS must be smaller than CIR*Duration)
device-name(config-saa-throughput-uth)#cir 100
Page 120
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-saa-throughput-uth)#pattern {NULL | NULL-CRC | PRBS |
PRBS-CRC | NONE}
device-name(config-saa-throughput-uth)#no pattern
device-name(config-saa-throughput-bth)#pattern {NULL | NULL-CRC | PRBS |
PRBS-CRC | NONE}
device-name(config-saa-throughput-bth)#no pattern
Argument Description
NULL Specifies a 0 pattern type for all the tests.
NULL-CRC Specifies a 0 pattern type with Cyclic Redundancy Check (CRC) for all the
tests.
PRBS Specifies Pseudo Random Bit Sequence (PRBS).
PRBS
PRBS-CRC Specifies PRBS with CRC.
NONE Specifies an arbitrary pattern.
no Restores to default.
Example
device-name(config-saa-throughput-uth)#pattern NULL
Command Syntax
device-name(config-saa-throughput-uth)#frame-loss <frame-loss>
device-name(config-saa-throughput-uth)#no frame-loss
device-name(config-saa-throughput-bth)#frame-loss <frame-loss>
device-name(config-saa-throughput-bth)#no frame-loss
Page 121
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Argument Description
frame-loss Defines the frame-loss ratio, in the range of <0–100000> percents (the
resolution is 0.001%).
0%
no Restores to default.
Example
device-name(config-saa-throughput-bth)#frame-loss 50
Command Syntax
device-name(config-saa-throughput-uth)#data-size <fpga_pkt_size-list>
device-name(config-saa-throughput-uth)#no data-size
device-name(config-saa-throughput-bth)#data-size <fpga_pkt_size-list>
device-name(config-saa-throughput-bth)#no data-size
Argument Description
fpga_pkt_size-list Defines the data-size list: 64, 128, 256, 512, 1024, 1280,
1518, 2000, and 9000 bytes.
Separate tokens by a comma (',') or a dash ('-').
no Restores to default.
the test is performed for data-size list specified in the current
document (see Unidirectional Throughput Test and Bi-Directional
Throughput Test)
Example 1
device-name(config-saa-throughput-uth)#data-size 64
Example 2
device-name(config-saa-throughput-bth)#data-size 64-128
Page 122
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-saa-throughput-bth)#timeout <timeout>
device-name(config-saa-throughput-bth)#no timeout
Argument Description
timeout Defines the timeout, in the range of <0–100> (in 0.1 of second increments).
1 second
no Restores to default.
Example
device-name(config-saa-throughput-bth)#timeout 10
Command Syntax
device-name(config-saa-throughput-uth)#result-ack-timeout <timeout>
device-name(config-saa-throughput-uth)#no result-ack-timeout
Argument Description
timeout Defines the timeout, in the range of <1–60> seconds.
5 seconds
no Restores to default.
Page 123
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-saa-throughput-bth)#loopback-type {OAM | MAC-SWAP}
device-name(config-saa-throughput-bth)#no loopback-type
Argument Description
OAM Specifies the MAC SA/DA swap and LBM to LBR swap.
OAM
MAC-SWAP Specifies the MAC SA/DA swap only.
no Restores to default.
Example
device-name(config-saa-throughput-bth)#loopback-type MAC-SWAP
CAUTION
Initiating these tests stops all traffic on the test devices.
While performing a throughput test, CLI locks and a message informs you of each test iteration.
Pressing <ESC>, while the test is running, stops the test and the CLI unlocks.
NOTE
The device supports only one running throughput test at a time, although you can
create and configure up to 32 multiple tests. If you want to start other configured
test, first you have to stop the running throughput test.
NOTE
For correct results, first start the test on the test loopback device (in a Bi-directional
test) or the test-tail device (in a unidirectional test).
Command Syntax
device-name(config-saa-throughput)#[no] shutdown
Page 124
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Argument Description
no Starts the throughput test
Page 125
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Command Syntax
device-name#show saa throughput test NAME
Argument Description
NAME The test name to display
Page 126
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
2. Change the configuration mode to a specified VLAN Configuration mode specified by name
in the command argument:
Device1(config vlan)#config vl10
Page 127
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
6. Create a maintenance domain with a specified name and level and create a maintenance
association within a specified domain:
Device1(config)#domain name d7 level 7
Device1(config-cfm-d7)#ma name ma7 vlan-ID 10
2. Change the configuration mode to a specified VLAN Configuration mode specified by name
in the command argument:
Device2(config vlan)#config vl10
6. Create a maintenance domain with a specified name and level and create a maintenance
association within a specified domain:
Device2(config)#domain name d7 level 7
Device2(config-cfm-d7)#ma name ma7 vlan-ID 10
Page 128
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Page 129
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Device1(config-saa-throughput)#end
Page 130
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Overview
SAA is an in-service software feature that allows you to monitor the performance of network-
hosted applications by emulating the traffic of these applications. It provides the capability for
controlling and provisioning various OAM tests and SAA monitoring.
Using SAA you can measure real world performance scenarios through the SAA operations'
configuration, executing them periodically in a definable frequency.
SAA is based on the CFM feature, using its infrastructure to create and run ping tests, calculate and
store test results, and define performance profiles that include rising and falling statistics' thresholds.
Each test definition includes thresholds for different SLA levels. SAA calculates SLA statistics
(jitter, delay, and frame loss) and compares them to predefined SLA thresholds. In cases that the
statistics' values cross a threshold, SAA sends a notification.
Page 131
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Page 132
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
saa profile Creates a monitoring SAA profile and enters SAA Profile mode
(see Creating an SAA Profile)
delay-near-end Configures the measured one way delay threshold from the test-
head to the test loopback device (see Configuring the Near Delay
Thresholds)
delay-far-end Configures the measured one way delay threshold from the test
loopback to the test-head device (see Configuring the Far Delay
Thresholds)
jitter-near-end Configures the measured one way jitter threshold from the test-
head to the test loopback device (see Configuring the Near Jitter
Thresholds)
jitter-far-end Configures the measured one way jitter threshold from the test
loopback to the test-head device (see Configuring the Far Jitter
Thresholds)
frameloss-near-end Configures the measured one way frame loss ratio from the test-
head to the test loopback device (see Configuring the Near
Frame-Loss Ratio Thresholds)
frameloss-far-end Configures the measured one way frame loss ratio from the test
loopback to the test-head device (see Configuring the Far Frame-
Loss Ratio Thresholds)
saa max-concurrent- Defines the maximum number of concurrent active tests (see
requests Defining the Maximum Number of Concurrent SAA Tests)
saa test Creates a new SAA test and enters SAA Test Configuration mode
(see Creating an SAA Test)
type y1731-ptp Defines the type of the generated monitoring traffic for a specified
service TLS service (see Configuring the SAA Service Test Type)
type y1731-ptp vlan Defines the type of the generated monitoring traffic for a specified
VLAN (see Configuring the SAA VLAN Test Type)
shutdown Enables/Disables the SAA test (see Enabling/Disabling the
Current SAA Test)
profile Specifies the threshold profile attached to the current SAA test and
enables the alarm feature (see Attaching a Threshold Profile to an
SAA Test and Enabling Alarms)
frequency Defines the repeat frequency (see Configuring the Repeat
Frequency)
probe-statistics Defines the number of intervals for which the calculation results
are kept in the result history database (see Configuring Probe
Statistics)
Page 133
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Parameter Description
timeout Defines the probe timeout period for the packets to reply before
considering them lost (see Configuring Probe Timeout)
period Defines the time interval between the packets sent by the test (see
Configuring the Test Sending Interval)
interval Defines the time interval for a test to collect data before doing a
calculation (see Configuring the Monitored Interval)
priority Defines the priority of the packets sent by the test (see Configuring
the Test Priority)
supported-functions Defines the type of metrics used by the test (see Configuring the
Test's Metric Types)
delay-calculation Configures the way the test calculates the frame-loss ratio delay
threshold (see Configuring the Test Delay Calculation Method)
jitter-calculation Configures the way the test calculates the jitter delay threshold
(see Configuring the Test Jitter Calculation Method)
saa loopback service Defines the enabled loopback functionality for a specified TLS
service (see Defining the Current Service Loopback Functionality)
saa loopback service Defines the enabled loopback functionality for a specified VLAN
(see Defining the Current VLAN Loopback Functionality)
show saa test Displays the configuration of the SAA tests and the results of the
calculations at the end of the monitored intervals (see Displaying
the SAA Tests Results)
show saa profile Displays the configuration of the defined SAA profile (see
Displaying the SAA Threshold Profile)
show saa loopback Displays what loopback functionality is enabled and for what
services (see Displaying the SAA Loopback Service)
show saa loopback Displays what loopback functionality is enabled and for what VLAN
ID (see Displaying the SAA Loopback VLAN)
Page 134
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#saa profile <profile_id> [PROFILENAME]
device-name(config)#no saa profile <profile_id>
Argument Description
profile_id Defines the ID of the new profile to be configured, in the range of
<1–2147483647>.
PROFILENAME (Optional). Defines the name of the SAA profile.
no Removes the configured SAA profile
NOTE
You cannot remove a profile associated with a running test.
Example
device-name(config)#saa profile 1 StrictProfile
device-name(config-saa-profile-1)#
Command Syntax
device-name(config-saa-profile-Profile_ID)#delay-near-end <delay_threshold>
device-name(config-saa-profile-Profile_ID)#no delay-near-end
<delay_threshold>
Page 135
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Argument Description
delay_threshold Defines the one way delay threshold, in the range of <1–60000000>
microseconds.
1 second
no Restores to default.
Example
device-name(config-saa-profile-1)#delay-near-end 10000
Command Syntax
device-name(config-saa-profile-Profile_ID)#delay-far-end <delay_threshold>
device-name(config-saa-profile-Profile_ID)#no delay-far-end <delay_threshold>
Argument Description
delay_threshold Defines the one way delay threshold, in the range of <1–60000000>
microseconds.
1 second
no Restores to default
Example
device-name(config-saa-profile-1)#delay-near-end 15000
Page 136
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-saa-profile-Profile_ID)#jitter-near-end <jitter_threshold>
device-name(config-saa-profile-Profile_ID)#no jitter-near-end
<jitter_threshold>
Argument Description
jitter_threshold Defines the one way jitter threshold, in the range of <1–60000000>
microseconds.
300 milliseconds
no Restores to default.
Example
device-name(config-saa-profile-1)#jitter-near-end 4500
Command Syntax
device-name(config-saa-profile-Profile_ID)#jitter-far-end <jitter_threshold>
device-name(config-saa-profile-Profile_ID)#no jitter-far-end
<jitter_threshold>
Argument Description
jitter_threshold Defines the one way jitter threshold, in the range of <1–60000000>
microseconds.
300 milliseconds
no Restores to default.
Example
device-name(config-saa-profile-1)#jitter-near-end 5000
Page 137
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-saa-profile-Profile_ID)#frameloss-near-end
<frame_loss_threshold>
device-name(config-saa-profile-Profile_ID)#no frameloss-near-end
<frame_loss_threshold>
Argument Description
frame_loss_threshold Defines the one way frame-loss ratio, in the range of <0–100000>
percents. The resolution is 0.001%.
8%
no Restores to default.
Example
device-name(config-saa-profile-1)#frameloss-near-end 100
Command Syntax
device-name(config-saa-profile-Profile_ID)#frameloss-far-end
<frame_loss_threshold>
device-name(config-saa-profile-Profile_ID)#no frameloss-far-end
<frame_loss_threshold>
Argument Description
frame_loss_threshold Defines the one way frame-loss ratio, in the range of <0–100000>
percents. The resolution is 0.001%.
8%
no Restores to default.
Page 138
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#saa max-concurrent-requests <NUMBER>
device-name(config)#no saa max-concurrent-requests
Argument Description
NUMBER Defines the maximum concurrent active tests, in the range of <1–32>
10 concurrent active tests
no Restores to default
Example
device-name#configure terminal
device-name(config)#saa max-concurrent-requests 5
NOTE
If you try to create an SAA test with a name already used by the throughput test,
an error message is displayed; see Example 2 below.
Command Syntax
device-name(config)#saa test TESTNAME [OWNERNAME]
device-name(config)#no saa test TESTNAME [OWNERNAME]
Argument Description
TESTNAME Defines the test name up to 32 characters.
OWNERNAME (Optional) defines the test-owner's name.
no Removes an existing test.
Page 139
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Example 1
device-name#configure terminal
device-name(config)#saa test T1
device-name(config-saa-T1)#
Example 2
device-name(config)#saa throughput test T2
device-name(config-saa-throughput)#exit
device-name(config)#saa test T2
[%Error] A throughput test named T2 already exist
NOTE
Configure a TLS service prior to running this command.
Configure an MD, MA, and remote MEP prior to running this command.
Configure this command immediately after creating the test.
Command Syntax
device-name(config-saa-TESTNAME)#type y1731-ptp service <1-4294967295>
oamdomain <LEVEL> HH:HH:HH:HH:HH:HH [clock-in-sync]
Argument Description
service <1-4294967295> The TLS service ID
oamdomain <LEVEL> The CFM domain level, in the range of <0–7>. When the
domain is already created, this argument is optional.
The levels are:
• Operator MA levels: 0–2
• Provider MA levels: 3–4
• Customer MA levels: 5–7
HH:HH:HH:HH:HH:HH The target MAC address.
clock-in-sync (Optional, only for PTP time synchronization with the peer)
synchronizes the internal clock of the device.
Example
device-name(config-saa-T1)#type y1731-ptp service 1 oamdomain 7
00:A0:12:11:22:33
Page 140
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
NOTE
Configure a VLAN prior to running this command.
Configure an MD, MA, and remote MEP prior to running this command.
Configure this command immediately after creating the test.
Command Syntax
device-name(config-saa-TESTNAME)#type y1731-ptp vlan <2-4094> uplink-port
{UU/SS/PP | ag0N} user-port {UU/SS/PP | ag0N} oamdomain <0-7>
HH:HH:HH:HH:HH:HH [clock-in-sync]
Argument Description
vlan <2-4094> The VLAN ID
uplink-port The core (uplink) port
UU/SS/PP The target interface on which VLAN is used
ag0N The link aggregation ID (ag01, ag04–ag07) on which VLAN is used.
The allowed ID is in the range of <1–7>
user-port The access (user) port
oamdomain <LEVEL> The CFM domain level, in the range of <0–7>. When the domain is
already created, this argument is optional.
The levels are:
• Operator MA levels: 0–2
• Provider MA levels: 3–4
• Customer MA levels: 5–7
HH:HH:HH:HH:HH:HH The target MAC address
clock-in-sync (Optional, only for PTP time synchronization with the peer)
synchronizes the internal clock of the device
Example
device-name(config-saa-T1)#type y1731-ptp vlan 10 uplink-port 1/1/1 user-port
1/2/2 oamdomain 6 00:A0:12:00:00:00
Page 141
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-saa-TESTNAME)#shutdown
device-name(config-saa-TESTNAME)#no shutdown
Argument Description
no Enables the SAA test.
all tests are in a shutdown/disabled state
Example
device-name(config-saa-test)#no shutdown
Command Syntax
device-name(config-saa-TESTNAME)#profile <profile_id>
device-name(config-saa-TESTNAME)#no profile
Argument Description
profile_id Specifies an existing profile ID to attach to the current SAA test. The
values for the IDs are in the range of <1–2147483647>.
the calculations are done at the end of an interval and the results are
stored in the result history database
no Restores to default
Example
device-name(config-saa-T1)#profile 1
Page 142
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-saa-TESTNAME)#frequency <0-65535>
device-name(config-saa-TESTNAME)#no frequency
Argument Description
0-65535 Defines the test's repetition frequency, in seconds
0 seconds
no Restores to default
Example
device-name(config-saa-T1)#frequency 20
Command Syntax
device-name(config-saa-TESTNAME)#probe-statistics <1-120>
device-name(config-saa-TESTNAME)#no probe-statistics
Argument Description
1-120 Defines the number of probes kept in the database
96. The last 24 hours results of a test running continuously with a default
interval of 15 minutes and a non-zero frequency are available
no Restores to default
Exampl
device-name(config-saa-T1)#probe-statistics 10
Page 143
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-saa-TESTNAME)#timeout <1-60>
device-name(config-saa-TESTNAME)#no timeout
Argument Description
1-60 The timeout, in seconds.
3 seconds
no Restores to default.
Example
device-name(config-saa-T1)#timeout 5
Command Syntax
device-name(config-saa-TESTNAME)#period <100-10000>
device-name(config-saa-TESTNAME)#no period
Argument Description
100-10000 Defines the time interval, in milliseconds, between the packets sent by the
test.
1 second
no Restores to default.
Example
device-name(config-saa-T1)#period 2000
Page 144
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-saa-TESTNAME)#interval <1-60>
device-name(config-saa-TESTNAME)#no interval
Argument Description
1-60 Defines the time interval, in minutes, for a test to collect data before
calculating the results.
15 minutes
no Restores to default.
Example
device-name(config-saa-T1)#monitored-interval 10
NOTE
This is also the priority for which the service traffic is monitored.
Map the service traffic to this priority, by using the trust-priority command;
see Example 2. Use the trust-priority command, before configuring and
starting the SAA test (refer to the Configuring Quality of Service (QoS) chapter
of this User Guide).
Command Syntax
device-name(config-saa-TESTNAME)#priority <0-7>
device-name(config-saa-TESTNAME)#no priority
Argument Description
0-7 Defines the priority of the packets sent by the test.
6
no Restores to default.
Page 145
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Example 1
device-name(config-saa-T1)#priority 3
Example 2
SAA measurements are performed for specific traffic class, provided by QoS configuration.
1. Assign a traffic class according to the customer VLAN priority on both SDP and SAP ports:
NOTE
Prior to assging the traffic, add port 1/1/1 as tagged and port 1/2/1 as
untagged to the same service VLAN. After, create the TLS service by attaching
these ports to SDP (port 1/1/1) and SAP (port 1/2/1). For an example, refer to
the SAA Configuration Example section.
device-name(config)#qos
device-name(config qos)#network-policy batm
device-name(config qos-net batm)#ingress
device-name(config qos-net-in batm)#trust-priority
device-name(config qos-net-in batm)#end
device-name#configure terminal
device-name(config)#interface 1/1/1
device-name(config-if 1/1/1)#qos-network-policy batm
device-name(config-if 1/1/1)#interface 1/2/1
device-name(config-if 1/2/1)#qos-network-policy batm
device-name(config-if 1/2/1)#exit
Command Syntax
device-name(config-saa-TESTNAME)#supported-functions {loss-measurements |
delay-measurements | both}
device-name(config-saa-TESTNAME)#no supported-functions
Page 146
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Argument Description
loss-measurements Performs only loss measurements.
delay-measurements Performs only delay measurements.
both Performs loss measurements and delay measurements.
both loss and delay measurements are calculated
no Restores to default.
Example
device-name(config-saa-T1)#supported-functions loss-measurements
Command Syntax
device-name(config-saa-TESTNAME)#delay-calculation {average | p-percentile <1-
100>}
device-name(config-saa-TESTNAME)#no delay-calculation
Argument Description
average Performs a simple average of the delay, measured by all packets.
the delay calculation method uses a simple average of the delay, measured
by all packets
p-percentile Defines the OAM p-percentile method, in the range of <1–100>
<1-100>
50
no Restores to default.
Example
device-name(config-saa-T1)#delay-calculation p-percentile 85
Page 147
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-saa-TESTNAME)#jitter-calculation {peak-to-peak | variance |
p-percentile <1-100>}
device-name(config-saa-TESTNAME)#no jitter-calculation
Argument Description
peak-to-peak Specifies the difference between the maximum and minimum frame delay
during the interval.
variance Specifies a simple variance of all packets' delays.
the jitter calculation method uses a simple variance of the delay, measured
by all packets
p-percentile Defines the OAM p-percentile method, in the range of <1–100>
<1-100>
50
no Restores to default.
Example
device-name(config-saa-T1)#jitter-calculation peak-to-peak
NOTE
Configure a TLS service prior to running this command.
Command Syntax
device-name(config)#saa loopback service <1-4294967295> [frame-loss | delay-
measurement | both]
device-name(config)#no saa loopback service <1-4294967295> {frame-loss |
delay-measurement | both}
Page 148
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Argument Description
service <1- The TLS service ID
4294967295>
frame-loss (Optional) the measured one way frame loss ratio from the test
loopback to the test-head device
delay-measurement (Optional) the measured one way delay threshold from the test
loopback to the test-head device
both (Optional) both types of thresholds: frame loss and delay thresholds
no Removes the specified loopback functionality from a service.
Example 1
device-name(config)#saa loopback service 1 both
Example 2
device-name(config)#saa loopback service 1
Both DM and LM loopback capabilities are enabled
NOTE
Configure a VLAN prior to running this command.
Command Syntax
device-name(config)#saa loopback vlan <2-4094> uplink-port {UU/SS/PP | ag0N}
user-port {UU/SS/PP | ag0N} [frame-loss | delay-measurement | both]
device-name(config)#no saa loopback vlan <2-4094> {frame-loss | delay-
measurement | both}
Argument Description
vlan <2-4094> The VLAN ID
uplink-port The uplink port on which loopback is enabled
UU/SS/PP The target interface on which VLAN is used
ag0N The link aggregation ID (ag01, ag04–ag07) on which VLAN is used.
The allowed ID is in the range of <1–7>
user-port The user port on which loopback is enabled
Page 149
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
frame-loss (Optional) the measured one way frame loss ratio from the test
loopback to the test-head device
delay-measurement (Optional) the measured one way delay threshold from the test
loopback to the test-head device
both (Optional) both types of thresholds: frame loss and delay thresholds
no Removes the specified loopback functionality from a VLAN
Example
device-name(config)#saa loopback vlan 10 uplink-port 1/1/1 user-port 1/2/5
delay-measurement
Command Syntax
device-name#show saa test [TESTNAME [last-results <2-120>]]
Argument Description
TESTNAME (Optional) displays a specific test.
all configured tests are displayed
last-results <2-120> (Optional) specifies the number of results to display from the
test result history database.
Page 150
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Example
device-name#show saa test T1
Test Name: T1
Test Owner: default
Test type: y1731-ptp
Administrative status: enabled
Remote Mep: 224, MAC: 00:A0:12:4B:06:C0
Profile Id: not set
Frequency of repetition: 1
Probe timeout: 3 seconds
Probe history count: 96
Clocks in sync NO
Supported functions: delay measurements & loss measurements
Delay Method: average
Jitter Method: variance
Interval Id : 115 Results gathered FRI JAN 01 02:31:46 1993
Command Syntax
device-name#show saa profile [<1-2147483647>]
Argument Description
1-2147483647 (Optional) the profile ID.
Example
device-name#show saa profile 1
Profile Name: StrictProfile , index: 1
Delay (NE) 10000us Delay (FE) 15000us
Jitter (NE) 4500us Jitter (FE) 5000us
Frameloss (NE) 0.000% Frameloss (FE) 0.000%
Page 151
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Command Syntax
device-name#show saa loopback service [<1-4294967295>]
Argument Description
1-4294967295 (Optional) the TLS service ID
Example
device-name#show saa loopback service 1
Both DM and LM loopback capabilities are enabled
Command Syntax
device-name#show saa loopback vlan [<2-4094>]
Argument Description
2-4094 (Optional) the VLAN ID
Example
device-name#show saa loopback vlan
Vlan 10:
Both DM and LM loopback capabilities are enabled
Vlan 20:
Both DM and LM loopback capabilities are enabled
Page 152
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Figure 19: Example for Configuring Two Devices in SAA Test Configuration Mode
Configuring Device1:
1. Create a VLAN with the specified name vl10 and ID 10:
Device1#configure terminal
Device1(config)#vlan
Device1(config vlan)#create vl10 10
Device1(config vlan)#config vl10
2. Add 1/1/1 (SDP port) as tagged port and 1/2/1 (SAP port) as untagged port:
Device1(config-vlan vl10)#add ports 1/1/1 tagged
Device1(config-vlan vl10)#add ports 1/2/1 untagged
Device1(config-vlan vl10)#add ports default 1/2/1
Device1(config-vlan vl10)#end
Page 153
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
6. Create a maintenance domain with a specified name and level and create a maintenance
association within the specified domain:
Device1(config-cfm)#domain name d4 level 4
Device1(config-cfm-d4)#ma name ma4 service 1
Configuring Device2:
1. Create a VLAN with the specified name vl10 and ID 10:
Device2#configure terminal
Device2(config)#vlan
Device2(config vlan)#create vl10 10
Device2(config vlan)#config vl10
2. Add 1/1/2 (SDP port) as tagged port and 1/2/1 (SAP port) as untagged port:
Device2(config-vlan vl10)#add ports 1/1/2 tagged
Device2(config-vlan vl10)#add ports 1/2/1 untagged
Device2(config-vlan vl10)#add ports default 1/2/1
Device2(config-vlan vl10)#end
6. Create a maintenance domain with a specified name and level and create a maintenance
association within the specified domain:
Device2(config-cfm)#domain name d4 level 4
Device2(config-cfm-d4)#ma name ma4 service 1
Page 154
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Page 155
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Page 156
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Page 157
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Overview
EPS is a method of protecting point-to-point Ethernet service connection over VLAN transport
networks, assuring traffic transport between the two service ends. This method is based on ITU-T
G.8031 standard.
This method defines two transport paths (entities), based on existing CFM-OAM MEPs:
• a primary (normally active) path: this is the path through which traffic is sent
• a backup (protection) path: this is the path EPS switches the traffic to, in case of a failure of
the primary path
Once these paths are determined, EPS periodically sends CFM-OAM CCMs (see Discovery and
Connectivity) on both paths. The failure in receiving CCMs triggers a traffic switchover.
Switchover Options
EPS switches over the traffic from one path to another in the below cases:
1. When there is a signal failure (SF) in the active path
2. Upon a user request
3. A request from the remote device.
System administrators can lock the switchover, preventing traffic from switching over to the
backup path in any of the above cases.
In order to minimize unnecessary traffic, switchovers administrators can define a Hold off timer: This
timer postpones the switchover for a specified time. If the transport path does not recuperate by
the end of this time period, traffic is switched over.
Page 158
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Enable EPS
End
Page 159
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
eps Enables EPS for the TLS service and enters the EPS Configuration
mode.
cfm-config level Defines the CFM domain level used by EPS.
primary-link Defines the CFM pair of MEPs that monitor the primary path.
backup-link Defines the CFM pair of MEPs that monitor the backup path.
shutdown Activates/deactivates EPS for the current service.
hold-off-timer Defines the hold off timeout.
switchover Manually switches between the active and inactive transport paths.
lock Manually locks the active traffic path, preventing any switchover
from this path to the inactive path.
freeze Blocks all states change requests.
revertive Enables the revertive mode for the protection.
wait-restore-timer Defines the wait-to-restore timeout.
signal-degrade-test Configures the signal degrade test.
signal-degrade Controls whether the service should react to signal degrade events
from a test configured previously.
clear Clears the revertive mode, the forced and manual active traffic path,
the wait-to-restore timer and signal degrade state.
show tls eps Displays the status of the EPS service for all configured TLS
services.
Page 160
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Enabling/Disabling EPS
The eps command enables EPS for the TLS service and enters the EPS Configuration mode.
The eps command is used in conjunction with SDP primary and SDP secondary (refer to the sdp
command of Configuring Transparent LAN Services chapter of this User Guide).
Command Syntax
device-name(config-tls SERVICE-NAME)#[no] eps
Argument Description
no Disables EPS.
disabled
Example
Enable EPS for the TLS service with serv name and service ID 2:
device-name(config)#tls serv 2
device-name(config-tls serv)#eps
device-name(config-eps-serv)#
Command Syntax
device-name(config-eps-SERVICE-NAME)#cfm-config level <0-7>
device-name(config-eps-SERVICE-NAME)#no cfm-config level
Argument Description
0-7 Defines the CFM domain level
no CFM domain level is specified
no Restores to default
Page 161
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-eps-SERVICE-NAME)#primary-link local-mep <1-8191> remote-
mep <1-8191>
device-name(config-eps-SERVICE-NAME)#no primary-link local-mep
Argument Description
local-mep Specifies the service MEP ID of the local device
<1-8191>
remote-mep Specifies the discovered service MEP ID of the remote device
<1-8191>
no Restores to default
no MEPs are specified
NOTE
If the CFM configuration uses in-MEPs or if it is defined over services, then
both the primary and backup links are monitored by the same pair of MEPs.
Command Syntax
device-name(config-eps-SERVICE-NAME)#backup-link local-mep <1-8191> remote-mep
<1-8191>
device-name(config-eps-SERVICE-NAME)#no backup-link local-mep
Argument Description
local-mep Specifies the service MEP ID of the local device
<1-8191>
remote-mep Specifies the discovered service MEP ID of the remote device
<1-8191>
no Restores to default
no MEPs are specified
Page 162
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Activating EPS
The shutdown command activates/deactivates EPS for the current service.
Command Syntax
device-name(config-eps-SERVICE-NAME)#[no] shutdown
Argument Description
no Activates EPS for the service
Command Syntax
device-name(config-eps-SERVICE-NAME)#hold-off-timer <0-10000>
device-name(config-eps-SERVICE-NAME)#no hold-off-timer
Argument Description
0-10000 The hold-off timeout, in the range of <0–10000> ms, with 100 ms
increments
0 seconds
no Restores to default
Command Syntax
device-name(config-eps-SERVICE-NAME)#switchover
Page 163
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-eps-SERVICE-NAME)#lock
Command Syntax
device-name(config-eps-SERVICE-NAME)#[no] freeze
Argument Description
no Unblocks the states change requests
Command Syntax
device-name(config-eps-SERVICE-NAME)#[no] revertive
Argument Description
no Disables the revertive mode
Page 164
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-eps-SERVICE-NAME)#wait-restore-timer <value>
device-name(config-eps-SERVICE-NAME)#no wait-restore-timer
Argument Description
value The wait-to-restore timer in the range of <5–12>, or value 0, in minutes.
0 means revert immediately.
5 minutes
no Restores to default
Example
device-name(config-eps-serv)#wait-restore-timer 7
Command Syntax
device-name(config-eps-SERVICE-NAME)#signal-degrade-test cfm PROCNAME
Argument Description
PROCNAME The existing CFM monitoring process name
Example
device-name(config-eps-serv)#signal-degrade-test cfm PerfTest
Page 165
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-eps-SERVICE-NAME)#[no] signal-degrade
Argument Description
no Disables signal degrade events
Command Syntax
device-name(config-eps-SERVICE-NAME)#clear
Command Syntax
device-name#show tls eps [SERVICE-NAME]
Argument Description
SERVICE-NAME (Optional) displays the specified service name EPS status
Page 166
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Configuring Device 1:
1. Configure VLAN v2 with VLAN ID 2:
device1#configure terminal
device1(config)#vlan
device1(config vlan)#create v2 2
device1(config vlan)#config v2
8. Configure the primary SDP for the TLS service on port 1/1/2 with S-VLAN ID 2:
device1(config-tls serv)#sdp 1/1/2 s-vlan 2 primary
9. Configure the secondary SDP for the TLS service on port 1/1/3 with S-VLAN ID 3:
device1(config-tls serv)#sdp 1/1/3 s-vlan 3 secondary
Page 167
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
18. Select local MEP ID 1 and remote MEP ID 2 for monitoring the primary link:
device1(config-eps-serv)#primary-link local-mep 1 remote-mep 2
19. Select local MEP ID 1 and remote MEP ID 2 for monitoring the secondary link:
Configuring Device 2:
1. Configure VLAN v2 with VLAN ID 2:
device2#configure terminal
device2(config)#vlan
device2(config vlan)#create v2 2
device2(config vlan)#config v2
Page 168
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
8. Configure the primary SDP for the TLS service on port 1/1/2 with S-VLAN ID 2:
device2(config-tls serv)#sdp 1/1/2 s-vlan 2 primary
9. Configure the secondary SDP for the TLS service on port 1/1/3 with S-VLAN ID 3:
device2(config-tls serv)#sdp 1/1/3 s-vlan 3 secondary
18. Select local MEP ID 2 and remote MEP ID 1 for monitoring the primary link:
device2(config-eps-serv)#primary-link local-mep 2 remote-mep 1
Page 169
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
19. Select local MEP ID 2 and remote MEP ID 1 for monitoring the secondary link:
Page 170
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
CFM Level: 1
Primary link - Local Mep: 1, Remote Mep: 2 - Status: Up
Backup link - Local Mep: 1, Remote Mep: 2 - Status: Up
Hold off timer (ms): 0
Wait to restore timer (minutes): 5
SD events: Enabled, Test Ready: No
SD test name: TestEPS, SD test type: CFM
Page 171
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Event Propagation
The event propagation feature allows users to configure automatic actions executed upon the
occurrence of specific events.
The feature acts upon receiving events from the events provider. It matches the received events
with pre-configured pairs of event-action and then forwards the matched action to the related
action performer.
To configure this feature, the users have to define profiles grouping the event-action pairs. The
users can apply these profiles to various targets, such as SAPs or physical ports.
By enabling event propagation, the T-Marc 300 Series devices can:
• detect a remote link failure or a local port’s down status
• disconnect a link to a peer device
• restore the link to the peer device in case the event is reversed
To avoid flapping events, users can configure two timers per profile:
• Event timer: the interval from the time the event starts before the event propagation disconnects
a link.
• Revertive timer: the interval from the time the event is reversed before reversing the Event
Propagation action.
This feature is based on TLS and the CFM-OAM functionality. Therefore, it can function only on
devices where these features are enabled.
Page 172
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Start
Stop
Page 173
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#[no] event-propagation profile <id>
Argument Description
id The unique profile identifier, in the range of <1–10>.
there is no defined profile
no Removes an existing profile
Examples
Page 174
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-ep-profile ID)#source rem-mep <mep_id> event {con-lost |
status-down | recv-rdi} action link-drop [reverse link-restore]
Argument Description
rem-mep <id> The MEP ID the profile is allocated to, in the range of <1–8191>.
event {con-lost | The expected event type:
status-down | recv-
• connectivity loss: the connectivity is lost
rdi}
• port status down: the port is in down state
• received RDI: the RDI (Remote Defect Identification) bit is
received
action link-drop The action executed upon the event occurrence
reverse link-restore (Optional) reverses the action when the event is reversed
Examples
• Configure profile 1 to act upon a connectivity loss on remote MEP 200. This profile drops
the link to the remote peer and restores the link when the event reverts:
device-name(config-ep-profile 1)#source rem-mep 200 event con-lost action
link-drop reverse link-restore
• Configure profile 2 to act upon a down status event on remote MEP 200 and drop the link to
the remote peer without reversing this action:
device-name(config-ep-profile 2)#source rem-mep 200 event status-down
action link-drop
Page 175
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-ep-profile ID)#source local-port UU/SS/PP event status-down
action link-drop [reverse link-restore]
Argument Description
local-port The local port the profile is allocated to
UU/SS/PP
event status-down A port down status event
action link-drop The profile drops the link upon this event
reverse link- (Optional) reverses the action when the event is reversed
restore
Example
Configure profile 2 to act when port 1/1/1 is down and restore the link when the event is
reversed:
device-name(config-ep-profile 1)#source local-port 1/1/1 event staus-down
action link-drop reverse link-restore
CLI Mode: SAP Service Configuration, Interface Configuration, and Range Interface
Configuration
Command Syntax
device-name(config-tls-sap UU/SS/PP:CVLAN-ID:)#[no] event-propagation profile
<id>
device-name(config-if UU/SS/PP)#[no] event-propagation profile <id>
device-name(config-if-group)#[no] event-propagation profile <id>
Page 176
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Argument Description
profile <id> The existing profile ID applied to the SAP or port
no Removes the applied profile
Example
Command Syntax
device-name#show event-propagation profile [<id>]
Argument Description
profile <id> (Optional) displays the configuration for the specified profile.
Examples
Page 177
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
• If no profiles are defined or the specified profile does not exist, the command generates No
entry error message:
Command Syntax
device-name#show event-propagation session [profile <id>]
Argument Description
profile <id> (Optional) displays the configuration for the specified profile
Examples
profile 2
source type: local-port
source id : 1/1/1
event : status-down
action : link-drop
reverse : link-restore
targets:
==============================================================
|Type |ID |State | Actions |Revertives|
+--------+----------------+-----------+-----------+----------+
|Port |1/1/2 |link-drop | 2| 1|
==============================================================
Page 178
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
profile 3
source type: rem-mep
source id : 2
event : recv-rdi
action : link-drop
reverse : link-restore
targets:
=============================================================
|Type |ID |State |Actions |Revertives|
+--------+----------------+-----------+----------+----------+
|SAP |1/1/1:untagged: |default | 0| 0|
=============================================================
profile 2
source type: local-port
source id : 1/1/1
event : status-down
action : link-drop
reverse : link-restore
targets:
==============================================================
|Type |ID |State | Actions |Revertives|
+--------+----------------+-----------+-----------+----------+
|Port |1/1/2 |link-drop | 2| 1|
==============================================================
• If no profiles are defined or the specified profile does not exist, the command generates No
entry error message:
Page 179
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
TLS Configuration:
1. Create a TLS service named serv with service ID 2:
device-name#configure terminal
device-name(config)#tls serv 2
2. Attach to the TLS service the SAP port 1/2/1 with C-VLAN ID 2::
device-name(config-tls serv)#sap 1/2/1 c-vlans 2
device-name(config-tls serv)#exit
CFM Configuration:
1. Verify if the CFM protocol is enabled:
device-name(config)#cfm
[%Error] %CFM is disabled, enable it to config
Page 180
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Page 181
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Profile 2
source type: rem-mep
source id : 200
event : con-lost
action : link-drop
reverse : link-restore
Sessions:
================================================================
|Target |ID |State |Actions |Revertives|
+--------+----------------+--------------+----------+----------+
|SAP |1/2/1:2: |none | 0| 0|
================================================================
Page 182
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Page 183
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Stop
Page 184
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Page 185
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Command Syntax
device-name(cfg protocol)#e-lmi {enable | disable}
Argument Description
enable Enables E-LMI
disable Disables E-LMI
disabled
Command Syntax
device-name(config if UU/SS/PP)#e-lmi {enable | disable}
Argument Description
enable Enables E-LMI on the specified port
disable Disables E-LMI on the specified port
disabled per port
NOTE
Disable E-LMI on the port prior to changing its mode.
Changing the E-LMI mode restarts the E-LMI protocol per port and clears all
statistics and information per port.
Page 186
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Command Syntax
device-name(config if UU/SS/PP)#e-lmi mode {uni-c | uni-n}
Argument Description
uni-c Customer mode. UNI-C statically retrieves the needed configuration
information from the UNI-N.
uni-n Network mode
uni-n
Example
device-name(config if 1/1/1)#e-lmi mode uni-c
[%Error] Disable E-lmi on this port before changing E-lmi mode
device-name(config-if 1/1/1)#e-lmi disable
device-name(config-if 1/1/1)#e-lmi mode uni-c
Polling timer controls the interval at which status enquiry messages are transmitted. These messages
are sent by the UNI-C to request status or to verify sequence numbers.
NOTE
Valid only for customer mode, otherwise this command returns an error.
Command Syntax
device-name(config if UU/SS/PP)#e-lmi polling-timer <5-30>
device-name(config if UU/SS/PP)#no e-lmi polling-timer
Argument Description
5-30 The polling timer value, in seconds
10 seconds
no Restores to default
Example
device-name(config-if 1/1/1)#e-lmi polling-timer 7
[%Error] This command is valid only for customer mode
Page 187
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
NOTE
Valid only for network mode, otherwise the command returns an error.
The polling verification timer has to be grater than polling timer.
Command Syntax
device-name(config if UU/SS/PP)#e-lmi polling-verification-timer {<5-30> |
disable}
device-name(config if UU/SS/PP)#no e-lmi polling-verification-timer
Argument Description
5-30 The polling verification timer value, in seconds
15 seconds
disable Disables the polling verification timer
no Restores to default
Polling counter controls the number of polling cycles between Full Status (status of UNI and all
EVCs) exchanges.
NOTE
Valid only for customer mode, otherwise the command returns an error.
Command Syntax
device-name(config if UU/SS/PP)#[no] e-lmi polling-counter <1-65000>
Argument Description
1-65000 The polling counter value
360
no Restores to default
Page 188
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Status counter controls the number of consecutive errors that occurs before E-LMI is declared not
operational.
Command Syntax
device-name(config if UU/SS/PP)#[no] e-lmi status-counter <2-10>
Argument Description
2-10 The status counter value
4
no Restores to default
Command Syntax
device-name#show e-lmi {UU/SS/PP | all}
device-name(config-if UU/SS/PP)#show e-lmi
Argument Description
UU/SS/PP The port for which the E-LMI status information is displayed
all Displays the E-LMI status information for all ports
Page 189
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Example
device-name#show e-lmi 1/1/1
E-LMI administrative status : Disabled
Command Syntax
device-name#show e-lmi {UU/SS/PP | all} vlan-map
device-name(config-if UU/SS/PP)#show e-lmi vlan-map
Argument Description
UU/SS/PP The port for which the CE-VLAN ID/EVC map information is displayed
all Displays the CE-VLAN ID/EVC map for all ports
Page 190
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Example
device-name#show e-lmi 1/1/2 vlan-map
E-LMI administrative status : Enabled
E-LMI mode : UNI-N
E-LMI operational status : Up
Last full-status report : HH:MM DD/MM/YYYY
Command Syntax
device-name#show e-lmi {UU/SS/PP | all} statistics
device-name(config-if UU/SS/PP)#show e-lmi statistics
Argument Description
UU/SS/PP The port for which the E-LMI statistics information are displayed
all Displays the E-LMI statistics for all ports
Page 191
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Example
device-name#show e-lmi 1/1/1 statistics
E-LMI administrative status : Disabled
Reliability errors
Status Timeouts : 20
Messages with Invalid Sequence Number : 1023
Protocol errors
Invalid Protocol Version : 0
Invalid EVC Reference Id : 0
Invalid Message Type : 0
Out of Sequence IE : 1
Duplicated IE : 0
Mandatory IE Missing : 0
Invalid Mandatory IE : 2
Invalid non-Mandatory IE : 0
Unrecognized IE : 0
Unexpected IE : 1
Short Message : 0
Command Syntax
device-name#clear e-lmi {UU/SS/PP | all} statistics
device-name(config-if UU/SS/PP)#e-lmi clear statistics
Argument Description
UU/SS/PP The port for which the E-LMI statistics information are cleared
all Clears the E-LMI statistics for all ports
Page 192
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Page 193
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Reliability errors
Status Timeouts : 3
Messages with Invalid Sequence Number : 0
Protocol errors
Invalid Protocol Version : 0
Invalid EVC Reference Id : 0
Invalid Message Type : 0
Out of Sequence IE : 0
Duplicated IE : 0
Mandatory IE Missing : 0
Invalid Mandatory IE : 0
Invalid non-Mandatory IE : 0
Unrecognized IE : 0
Unexpected IE : 0
Short Message : 0
Page 194
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Ping
PING is a tool that helps you to verify the Internet connectivity at the IP level. The ping
command sends an Internet Control Message Protocol (ICMP) echo request to the IP address or
selected hostname.
Trace Route
The Trace route tool works by sending by sending ICMP echo packets with varying IP Time-to-
Live (TTL) values to the destination. On the screen, each device that is crossed between the source
computer and the destination IP address is displayed
For more details, refer to the Troubleshooting and Monitoring chapter of this User Guide.
Page 195
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Supported Platforms
Feature T-Marc 340 T-Marc 380
Page 196
Operations, Administration & Maintenance (OAM) (Rev. 13)
T-Marc 300 Series User Guide
Intermediate 802.3ah IEEE Std 802.3ah- Public MIB: No RFCs are supported
EFM-OAM 2004 dot3_oam.mib by this feature
Private MIB:
prvt_switch_efm_oa
m.mib
Intermediate 802.1ag • IEEE 802.1ag- Public MIB, RFC 2544,
CFM 2007 ieee8021_cfm.mib Benchmarking
(Connectivity Methodology for
Private MIB,
Fault Network Interconnect
prvt_cfm.mib
Management) Devices
• ITU-T Y.1731
SAA Throughput Test No Standards are No MIBs are RFC2544,
supported by this supported by this Benchmarking
feature feature. Methodology for
Network Interconnect
Devices
SAA • SOAM (Service Public MIB, ping.mib RFC 2925 allows
OAM) based on functionality for creating
Private MIB,
the IEEE of ping and traceroute
saa.mib
802.1ag-2007 tests that can be carried
(draft 8.1) out periodically on the
remote host.
• ITU-T
Recommendation
Y.1731
ITU-T G.8031 EPS ITU-T G.8031 Private MIB, No RFCs are supported
standard prvt_eps.mib by this feature
Event Propagation IEEE 802.1ag-2007 Private MIB, No RFCs are supported
(Connectivity Fault prvt_status_propag by this feature
Management) ation.mib
E-LMI No Standards are Private MIB, No RFCs are supported
supported by this prvt_elmi.mib by this feature
feature
Diagnosing No standards are No MIBs are RFC 791, Internet
Connectivity supported by this supported by this Protocol DARPA
Problems feature feature. Internet Program
Protocol Specifications
Page 197
Operations, Administration & Maintenance (OAM) (Rev. 13)
Configuring Link Layer Discovery Protocol (LLDP)
Table of Figures ······················································································ 2
Overview ······························································································· 3
LLDP Data Unit (LLDPDU)···································································· 3
TLV Format······················································································· 3
Page 1
Configuring Link Layer Discovery Protocol (LLDP) (Rev. 02)
T-Marc 300 Series User Guide
Table of Figures
Figure 1: LLDPDU Frame Structure ··························································· 4
Figure 2: LLDP Configuration Flow···························································· 6
Figure 3: Example for Configuring LLDP ····················································14
Page 2
Configuring Link Layer Discovery Protocol (LLDP) (Rev. 02)
T-Marc 300 Series User Guide
Overview
The Link Layer Discovery Protocol (LLDP) is a discovery Layer 2 protocol used by network
devices for advertising their identity, capabilities, interconnections, and store information about the
network. LLDP is a “one hop” protocol; the LLDP information can only be sent to and received
by devices that are directly connected to each other (neighbors) by the same link. It allows a device
to learn higher layer management reachability and connection endpoint information from adjacent
devices.
TLV Format
In an LLDPDU, the chassis ID, port ID, and TTL TLV are the first three TLVs. The optional
TLVs are placed after the TTL TLV. The end of LLDPDU TLV is placed last. There is no
restriction regarding the length of LLDPDUs. The restriction comes from the transport layer, for
example in 802.3 MAC environments the maximum size of the PDU is 1500 bytes.
The figure below provides the LLDPDU structure and the mandatory LLDPDU TLV structure
details:
Page 3
Configuring Link Layer Discovery Protocol (LLDP) (Rev. 02)
T-Marc 300 Series User Guide
Page 4
Configuring Link Layer Discovery Protocol (LLDP) (Rev. 02)
T-Marc 300 Series User Guide
LLDP Disabled
LLDP reinitialize-delay 2 seconds
LLDP transmit-delay 2 seconds
LLDP transmit-hold 4 seconds
LLDP transmit-interval 30 seconds
LLDP basic management-address no-advertise
LLDP basic port-description no-advertise
LLDP basic system-capabilities no-advertise
LLDP basic system-description no-advertise
LLDP basic system-name no-advertise
Page 5
Configuring Link Layer Discovery Protocol (LLDP) (Rev. 02)
T-Marc 300 Series User Guide
Enable LLDP
End
Page 6
Configuring Link Layer Discovery Protocol (LLDP) (Rev. 02)
T-Marc 300 Series User Guide
Page 7
Configuring Link Layer Discovery Protocol (LLDP) (Rev. 02)
T-Marc 300 Series User Guide
show lldp Displays LLDP configuration settings (see Displaying Global LLDP)
configuration
show lldp Displays statistical counters for all LLDP-enabled ports (see
statistics Displaying LLDP Statistics)
show lldp local- Displays LLDP global and port-specific configuration settings for this
system-data device (see Displaying the Local System Data)
show lldp remote- Displays LLDP global and port-specific configuration settings for
system-data remote devices attached to an LLDP-enabled port (see Displaying
the Remote System Data)
NOTE
If you do not enable first LLDP, the LLDP commands and their outputs are not
valid.
Command Syntax
device-name(config)#lldp {enable | disable}
Argument Description
enable Enables the LLDP.
disable Disables the LLDP.
Command Syntax
device-name(config)#lldp reinit-delay <1-10>
Argument Description
1-10 The time interval, in seconds. The default value is 2 seconds.
Page 8
Configuring Link Layer Discovery Protocol (LLDP) (Rev. 02)
T-Marc 300 Series User Guide
NOTE
Transmit-delay can be set only to values smaller than (0.25 * transmit-interval).
Command Syntax
device-name(config)#lldp transmit-delay <1-8192>
Argument Description
1-8192 The transmit delay interval, in seconds. The default value is 2 seconds.
Command Syntax
device-name(config)#lldp transmit-hold <2-10>
Argument Description
2-10 The transmit hold interval, in seconds. The default value is 4 seconds.
Page 9
Configuring Link Layer Discovery Protocol (LLDP) (Rev. 02)
T-Marc 300 Series User Guide
NOTE
Transmit-interval can be set only to values bigger than (4 * transmit-delay).
The values of transmit-interval and transmit-delay are mutually dependent on each
other:
transmit-interval is from 5 to 32768 (5 can be set when
transmit-delay is set to its minimum value of 1)
transmit-delay is from 1 to 8192 (8192 can be set when transmit-
interval is set to its maximum value of 32768)
Command Syntax
device-name(config)#lldp transmit-interval <5-32768>
Argument Description
5-32768 The transmit interval, in seconds. The default value is 30 seconds.
Command Syntax
device-name(config-if UU/SS/PP)#lldp {tx-only | rx-only | tx-rx | disabled |
basic}
device-name(config-if-group)#lldp {tx-only | rx-only | tx-rx | disabled |
basic}
Argument Description
basic Basic management set TLVs.
disabled The port neither receives nor transmits LLDP packets.
rx-only The port only receives LLDP packets.
tx-only The port only transmits LLDP packets.
tx-rx The port both transmits and receives LLDP packets.
The tx-rx option is used by default.
Page 10
Configuring Link Layer Discovery Protocol (LLDP) (Rev. 02)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-if UU/SS/PP)#lldp basic management-address {advertise | no-
advertise}
device-name(config-if-group)#lldp basic management-address {advertise | no-
advertise}
Argument Description
advertise The management address is advertised by LLDP.
no-advertise The management address is not advertised by LLDP.
The no-advertise option is used by default.
Command Syntax
device-name(config-if UU/SS/PP)#lldp basic port-description {advertise |
no-advertise}
device-name(config-if-group)#lldp basic port-description {advertise |
no-advertise}
Argument Description
advertise The description of the configured port is advertised by LLDP.
no-advertise The description of the configured port is not advertised by LLDP.
The no-advertise option is used by default.
Command Syntax
device-name(config-if UU/SS/PP)#lldp basic system-capabilities {advertise |
no-advertise}
device-name(config-if-group)#lldp basic system-capabilities {advertise | no-
advertise}
Argument Description
advertise The system capabilities information is advertised by LLDP.
Page 11
Configuring Link Layer Discovery Protocol (LLDP) (Rev. 02)
T-Marc 300 Series User Guide
Command Syntax
device-name(config-if UU/SS/PP)#lldp basic system-description {advertise | no-
advertise}
device-name(config-if-group)#lldp basic system-description {advertise | no-
advertise}
Argument Description
advertise The system description is advertised by LLDP.
no-advertise The system description is not advertised by LLDP.
The no-advertise option is used by default.
Command Syntax
device-name(config-if UU/SS/PP)#lldp basic system-name {advertise |
no-advertise}
device-name(config-if-group)#lldp basic system-name {advertise | no-advertise}
Argument Description
advertise The system name is advertised by LLDP.
no-advertise The system name is not advertised by LLDP.
The no-advertise option is used by default.
Page 12
Configuring Link Layer Discovery Protocol (LLDP) (Rev. 02)
T-Marc 300 Series User Guide
Command Syntax
device-name#show lldp configuration
device-name(config-if UU/SS/PP)#show lldp configuration
Command Syntax
device-name#show lldp statistics
device-name(config-if UU/SS/PP)#show lldp statistics
Command Syntax
device-name#show lldp local-system-data
device-name(config-if UU/SS/PP)#show lldp local-system-data
Command Syntax
device-name#show lldp remote-system-data
device-name(config-if UU/SS/PP)#show lldp remote-system-data
Page 13
Configuring Link Layer Discovery Protocol (LLDP) (Rev. 02)
T-Marc 300 Series User Guide
Configuration Example
The following example shows how to configure LLDP on two devices.
Device1 Configuration:
1. Enable the LLDP engine on the device:
Device1#configure terminal
Device1(config)#lldp enable
2. Specify the time interval at which it is checked if the port is enabled again so that the port can
be reinitialized:
Device1(config)#lldp reinit-delay 4
5. Specify the interval at which information about the LLDP-monitored parameters is divulged
(made public) by the device:
Device1(config)#lldp transmit-interval 500
Page 14
Configuring Link Layer Discovery Protocol (LLDP) (Rev. 02)
T-Marc 300 Series User Guide
Device2 Configuration:
1. Enable the LLDP engine on the device:
Device2#configure terminal
Device2(config)#lldp enable
2. Specify the time interval at which it is checked if the port is enabled again so that the port can
be reinitialized:
Device2(config)#lldp reinit-delay 4
5. Specify the interval at which information about the LLDP-monitored parameters is divulged
(made public) by the device:
Device2(config)#lldp transmit-interval 500
Page 15
Configuring Link Layer Discovery Protocol (LLDP) (Rev. 02)
T-Marc 300 Series User Guide
Page 16
Configuring Link Layer Discovery Protocol (LLDP) (Rev. 02)
T-Marc 300 Series User Guide
Supported Platforms
Features T-Marc 340 T-Marc 380
Page 17
Configuring Link Layer Discovery Protocol (LLDP) (Rev. 02)
Configuring Device Authentication Features
Table of Contents
Table of Figures ······················································································ 3
Page 1
Configuring Device Authentication Features (Rev. 07)
T-Marc 300 Series User Guide
Page 2
Configuring Device Authentication Features (Rev. 07)
T-Marc 300 Series User Guide
Table of Figures
Figure 1: User Privilege Levels Configuration Flow··········································· 6
Figure 4: A RADIUS Communication Example ·············································10
Figure 5: RADIUS Configuration Flow ·······················································11
Figure 6: RADIUS Configuration Example ···················································16
Figure 7: TACACS+ Configuration Flow ·····················································21
Figure 2: Security Alert Message Issued by the SSH Client ··································29
Figure 3: SSH Configuration Flow ···························································30
Page 3
Configuring Device Authentication Features (Rev. 07)
T-Marc 300 Series User Guide
Page 4
Configuring Device Authentication Features (Rev. 07)
T-Marc 300 Series User Guide
Administrators (level 0) Full read/write privileges (with no restrictions) for Layer 2 and
Layer 3.
Network-Admins (level 4) Read/write privileges for Layer 2 and Layer 3, without access
to security (usernames and passwords), debug commands,
and other administrative settings (such as license
management, software upgrade, device reload, and script FS).
Technicians (level 8) Read/write privileges for Layer 2 and read-only privileges for
Layer 3.
Users (level 12) Read-only privileges for Layer 2 and Layer 3. Users with this
privilege level have access to all the show commands and
general commands (such as exit, quit, ping, and traceroute
commands).
Guests (level 15) Read-only privileges in View mode. Users in this level cannot
access the Privileged (Enabled) mode.
Page 5
Configuring Device Authentication Features (Rev. 07)
T-Marc 300 Series User Guide
Start
End
Page 6
Configuring Device Authentication Features (Rev. 07)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#username NAME password PASSWORD CONFIRM-PASSWORD [group
{administrators | net-admins | technicians | users | guests}]
device-name(config)#no username NAME
Argument Description
NAME The new username, a case-sensitive string of up to 32 characters that
can consist of any character except for blank spaces and question
marks.
password Specifies a password
PASSWORD The password, a case-sensitive string of up to 64 characters that can
consist of any character except for blank spaces
CONFIRM-PASSWORD Retype the password for confirmation
group (Optional) defines the user’s privilege group
administrators Assigns the user to Administrators
net-admins Assigns the user to Network-Admins
technicians Assigns the user to Technicians
users Assigns the user to Users
guests Assigns the user to Guests
no Removes the specified username and its associated password from the
local authentication database.
Page 7
Configuring Device Authentication Features (Rev. 07)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#aaa authentication login default [tacacs+ radius | radius
tacacs+ | tacacs+ local | radius local | local radius | local tacac+]
device-name(config)#no aaa authentication login default
Argument Description
tacacs+ radius (Optional) configures TACACS+ as primary and RADIUS as secondary
methods.
radius tacacs+ (Optional) configures RADIUS as primary and TACACS+ as secondary
methods.
tacacs+ local (Optional) configures TACACS+ as primary and local authentication as
secondary methods.
radius local (Optional) configures RADIUS as primary and local authentication as
secondary methods.
local radius (Optional) configures local and RADIUS authentication as primary and
secondary login authentication methods respectively
local tacacs+ (Optional) configures local and TACACS+ authentication as primary and
secondary login authentication methods respectively.
no Disables the username authentication; users need to type the device
password only (refer to the password command in the Device Setup
and Maintenance chapter of the user guide).
Example
Create a user, assign a privilege level to this user and define an authentication method:
device-name(config)#username admin password admin admin group technicians
device-name(config)#aaa authentication login default local local
Page 8
Configuring Device Authentication Features (Rev. 07)
T-Marc 300 Series User Guide
Command Syntax
device-name>show privilege
device-name#show privilege
Example
device-name#show privilege
Current user privilege is Technician.
Page 9
Configuring Device Authentication Features (Rev. 07)
T-Marc 300 Series User Guide
3. The RADIUS server first validates the NAS (based on the shared secret-key). Then it validates
the user request against a local database, matching the user’s password (and in some cases,
other parameters, such as the port number). The RADIUS server then responds with:
an accept reply, if the user information is validated
a reject reply if the user is not found in the database or its information is not matched.
The reject reply might include the rejection reason.
Based on this reply, the NAS accepts or rejects the user’s request.
Page 10
Configuring Device Authentication Features (Rev. 07)
T-Marc 300 Series User Guide
The accept reply includes a list of attributes that should be used in the session. An important
parameter is the authenticated user’s privilege level.
Start
End
Page 11
Configuring Device Authentication Features (Rev. 07)
T-Marc 300 Series User Guide
3. Assign a privilege level to all other users; in the users configuraiton file, as shown in the below
example:
admin Auth-Type = Local, Password = "admin_password123"
BATM-privilege-group = Administrators
4. Add the following line to the dictionary file (in the RADIUS-configuration folder):
$INCLUDE dictionary.batm
5. Add the subnetwork address from which NAS is connected to the clients.conf:
client 10.2.200.200/16 {
secret = batm
shortname = n10
}
Page 12
Configuring Device Authentication Features (Rev. 07)
T-Marc 300 Series User Guide
radius-server host Selects the RADIUS server(s) (see Selecting a RADIUS Server).
radius-server key Defines the shared secret key between the device and the
RADIUS server (see Defining the Shared Secret Key).
radius-server Sets the number of times the device transmits each RADIUS
retransmit request (see Defining the Number of RADIUS Request
Retransmissions).
radius-server timeout Sets the time interval an access server waits for the RADIUS
server to reply before retransmitting (see Defining the RADIUS
Server Timeout).
radius-server Sets the number of minutes the access server marks a RADIUS
deadtime server as unavailable (see Defining the RADIUS-Server Dead
Time).
Command Syntax
device-name(config)#radius-server host A.B.C.D [<port–number>]
device-name(config)#no radius-server host A.B.C.D
Argument Description
A.B.C.D The RADIUS server IP-address
port–number (Optional) the UDP-authentication port number, in the range of <1024–65535>
1812
no Removes the specified RADIUS server from the database
Page 13
Configuring Device Authentication Features (Rev. 07)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#radius-server key STRING
device-name(config)#no radius-server key
Argument Description
STRING The shared secret
no Removes the secret key
Command Syntax
device-name(config)#radius-server retransmit <count>
device-name(config)#no radius-server retransmit
Argument Description
count The number of retransmissions, in the range of <1–30>
3 retransmissions
no Restores to default
Page 14
Configuring Device Authentication Features (Rev. 07)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#radius-server timeout <seconds>
device-name(config)#no radius-server timeout
Argument Description
seconds The timeout in the range of <1–60> seconds
3 seconds
no Restores to default
NOTE
A RADIUS server is presumed dead, if the timeout is reached in three authentication
sessions (requests) and RADIUS is defined as the primary authentication method.
In this case the device attempts authentication based on the secondary method.
Command Syntax
device-name(config)#radius-server deadtime <minutes>
device-name(config)#no radius-server timeout
Argument Description
minutes The dead-time interval, in the range of <0–1440> minutes
no Sets the dead-time to zero (non-responding servers are not declared dead)
Page 15
Configuring Device Authentication Features (Rev. 07)
T-Marc 300 Series User Guide
Configuration Example
RADIUS Server Configuration:
1. Install and configure the RADIUS server.
2. Add the following lines to the clients.conf file on the RADIUS server:
client 10.2.200.200/16 {
secret = batm
shortname = n10
}
Page 16
Configuring Device Authentication Features (Rev. 07)
T-Marc 300 Series User Guide
NOTE
The local authentication database is used if the configured RADIUS server
does not respond.
3. Define RADIUS as the primary authentication method and local authentication as the
secondary method:
device-name(config)#aaa authentication login default radius local
! Current Configuration:
!
! T-Marc 340
!
password 3090372e3f8bc00eeacc46219f7557485983251a994551f918e04712f86c5818
ip address 10.2.4.208
interface sw0
Page 17
Configuring Device Authentication Features (Rev. 07)
T-Marc 300 Series User Guide
Configuration Results:
1. When accessing the device using username richy, the RADIUS server sends a REJECT reply:
Username: richy
Pay the bill first!
Password:
Username:
2. When accessing the device using username user and password looser, the RADIUS server sends
an ACCEPT reply, authenticating the user:
Username: user
Password: user123
device-name>
user is in
3. When accessing the device using username localuser password mypass, the user is rejected by the
RADIUS server .
In case the RADIUS server is shut down or disconnected from the device, the device retransmits
the request for three times. After the retransmission timeout, the device attempts to authenticate
the user with the local database (defined as the secondary method), accepting the user.
Page 18
Configuring Device Authentication Features (Rev. 07)
T-Marc 300 Series User Guide
ACCEPT The user is authenticated. Based on configuration, the NAS might need to
start the authorization phase.
REJECT The user is not authenticated. Depending on the TACACS+ server
configuration, the user is either prompted to retry login or denied from
accessing the network.
ERROR An error occurred during the authentication procedure (such as a network
connection issue). In this case the NAS typically tries to authenticate the
user by an alternative method.
CONTINUE The TACACS+ server prompts the user for further authentication
information.
Page 19
Configuring Device Authentication Features (Rev. 07)
T-Marc 300 Series User Guide
Page 20
Configuring Device Authentication Features (Rev. 07)
T-Marc 300 Series User Guide
Start
End
Page 21
Configuring Device Authentication Features (Rev. 07)
T-Marc 300 Series User Guide
#The default user. If absent, each user must have “service=exec” statement
# in order to be granted authorization for shell login request.
user = DEFAULT {
default service = permit
}
Page 22
Configuring Device Authentication Features (Rev. 07)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#tacacs-server host A.B.C.D [<port>]
device-name(config)#no tacacs-server host A.B.C.D
Argument Description
A.B.C.D The TACACS+ server IP address
port (Optional) the TACACS+ server port, in the range of <1024–65535>
49
no Removes the specified TACACS+ server from the device
Page 23
Configuring Device Authentication Features (Rev. 07)
T-Marc 300 Series User Guide
NOTE
Defining an encryption key is not mandatory. However, if you configure one on the
device, you must configure the same key on the TACACS+ server.
We recommend defining an encryption key (unencrypted packets are intended for
testing).
Command Syntax
device-name(config)#tacacs-server key ENCRYPTION-KEY
device-name(config)#no tacacs-server key
Argument Description
ENCRYPTION-KEY The shared encryption key, a string of up to 64 characters. This key is also
encrypted in the running configuration
no Removes the encryption key
Command Syntax
device-name(config)#tacacs-server timeout <timeout>
Argument Description
timeout The timeout, in the range of <1–60> seconds
15 seconds
no Restores to default
Page 24
Configuring Device Authentication Features (Rev. 07)
T-Marc 300 Series User Guide
Configuration Example
The following example displays the contents of the TACACS+ server configuration file.
In this example we demonstrate the following setup:
• Shared encryption key= batm
• Usernames and privilege levels:
guest 0 15 Guest
ivo 3 12 User
tech 7 8 Technician
netadmin 11 4 Network-Admin
admintac 15 0 Administrator
key = batm
#All services are allowed..
user = DEFAULT {
default service = permit
}
#Profiles for user accounts
user = guest {
login = cleartext guest
service=exec {
priv-lvl = 0
}
}
# When user “guest” is authenticated and device-name#show privilege is
# entered from CLI, the device will display the following line:
# "Current user privilege is Guest"
#
# In this case the device changes automatically the privilege
# level to 15 to map the specified value of 0 to the internal privileged
# scheme of the device (see "User Privilege Levels" chapter).
user = ivo {
login = cleartext ivo
service=exec {
priv-lvl = 3
}
}
# device-name#show privilege
# "Current user privilege is User"
# (Changes automatically to 12, see "User Privilege Levels" chapter)
Page 25
Configuring Device Authentication Features (Rev. 07)
T-Marc 300 Series User Guide
user = tech {
login = cleartext tech
service = exec {
priv-lvl = 7
}
}
# device-name#show privilege
# "Current user privilege is Technician"
# (Changes automatically to 8, see "User Privilege Levels" chapter)
user = netadmin {
login = cleartext netadmin
service = exec {
priv-lvl = 11
}
}
# device-name#show privilege
# "Current user privilege is Network-Admin"
# (Changes automatically to 4, see "User Privilege Levels" chapter)
user = admintac {
login = cleartext admintac
service = exec {
priv-lvl = 15
}
}
# device-name#show privilege
# "Current user privilege is Administrator"
# (Changes automatically to 0, see "User Privilege Levels" chapter)
Device Configuration:
1. Select the TACACS+ server and define the shared encryption key:
device-name#configure terminal
device-name(config)#tacacs-server host 10.2.42.137
device-name(config)#tacacs-server key TacacsPlus
Page 26
Configuring Device Authentication Features (Rev. 07)
T-Marc 300 Series User Guide
4. Define TACACS+ as the primary authentication method and local authentication as the
secondary method:
device-name(config)#aaa authentication login default tacacs+ local
device-name(config)#exit
Configuration Results:
1. When accessing the device using username tech, the result is ACCEPT:
Username: tech
Password:
device-name>show privilege
Current user privilege is Technician
2. When accessing the device using username richy, the result is REJECT:
Username: richy
Password:
Username:
3. When accessing the device using local username root and password rtpsw, when the TACACS+
server is absent, the result is ACCEPT:
Username: root
Password:
device-name>
Page 27
Configuring Device Authentication Features (Rev. 07)
T-Marc 300 Series User Guide
Page 28
Configuring Device Authentication Features (Rev. 07)
T-Marc 300 Series User Guide
Security Considerations
Upon the first access to an SSH server, the SSH client usually issues a security-alert message as
shown in the below figure:
If you receive this message when accessing the SSH server again:
• you are either exposed to a malicious intrusion
• or the SSH keys were reconfigured
Supported Clients
You can access the SSH server using the following SSH clients:
• SSH Communications Security Corp’s client
• OpenSSH secure shell client
• PuTTY terminal program
• F-Secure SSH client
• SecureRT
• Other clients supporting SSH (version 2)
Page 29
Configuring Device Authentication Features (Rev. 07)
T-Marc 300 Series User Guide
Start
End
ssh generate-key dsa Generates the initial DSA public-parameters (see Generating the
Initial DSA Public-Parameters)
ssh start Initializes the SSH server (see Initializing the SSH Server)
ssh stop Stops the SSH server (see Stopping the SSH Server)
Page 30
Configuring Device Authentication Features (Rev. 07)
T-Marc 300 Series User Guide
NOTES
Apply this command before starting the SSH server for the first time.
This command is not displayed in the configuration file but is saved when
rebooting the device after saving the running configuration to the NVRAM.
Command Syntax
device-name(config)#ssh generate-key dsa
Command Syntax
device-name(config)#ssh start
NOTE
Stopping the SSH server closes all open SSH connections to the device.
Page 31
Configuring Device Authentication Features (Rev. 07)
T-Marc 300 Series User Guide
Configuration Examples
Authenticating the Local Database Usernames and Passwords with SSH
1. Create username abc with password klm:
device-name#configure terminal
device-name(config)#username abc password klm klm
Page 32
Configuring Device Authentication Features (Rev. 07)
T-Marc 300 Series User Guide
2. Create username abc with password klm in the local database (in case the RADIUS server does
not respond):
device-name(config)#username abc password klm klm
Page 33
Configuring Device Authentication Features (Rev. 07)
T-Marc 300 Series User Guide
Command Description
copy sftp Downloads a file from a remote SFTP server (see Downloading a
File to the Device)
copy localfile sftp Uploads a file to a remote SFTP server (see Uploading a File)
dir sftp Lists files in remote directory of a remote SFTP server (see Listing
Files)
rename sftp Renames a file located on a remote SFTP server (see Renaming a
File)
del sftp Removes a file located on a remote SFTP server (see Deleting a
File)
Page 34
Configuring Device Authentication Features (Rev. 07)
T-Marc 300 Series User Guide
Upon the file transfer, the CLI displays the number of received bytes. You can terminate the
command execution by pressing Ctrl+C.
Command Syntax
device-name#copy sftp://[ username[ :password]@] hostname[ :port]/ srcfile
[localfile]
Arguments Description
username (Optional) the SFTP-server username
password (Optional) the password authenticating the username
hostname The SFTP server IP Address, in an A.B.C.D format
port (Optional) the SFTP port number
srcfile The source file including path
localfile (Optional) the local filename, including path.
If you do not specify this argument, the file is saved with the source
filename into the current working directory.
NOTE
If you do not the username and password arguments within the command line, the
CLI prompts for them, as shown in the below examples.
Examples
Username and password specified in the command line:
device-name#copy sftp://batm:batm@10.20.30.40:1002/File_Image.Z
Connecting to 10.20.30.40
Remote directory is /home/batm
Downloading file /home/batm/File_Image.Z
SFTP receiving file flash:/File_Image.Z : 1249612
Download completed successfully...
Page 35
Configuring Device Authentication Features (Rev. 07)
T-Marc 300 Series User Guide
Connecting to 10.20.30.40
Remote directory is /home/batm
Downloading file /home/batm/File_Image.Z
SFTP receiving file flash:/File_Image.Z : 1249612
Download completed successfully...
Neither the username nor the password is specified in the command line:
device-name#copy sftp://10.20.30.40:1002/File_Image.Z
Username: batm
password:
Connecting to 10.20.30.40
Remote directory is /home/batm
Downloading file /home/batm/File_Image.Z
SFTP receiving file flash:/File_Image.Z : 1249612
Download completed successfully...
Connecting to 10.20.30.40
Remote directory is /home/batm
Downloading file /home/batm/File_Image.Z
SFTP receiving file flash:/New_File_Image.Z : 1249612
Download completed successfully...
Page 36
Configuring Device Authentication Features (Rev. 07)
T-Marc 300 Series User Guide
Upon the file transfer, the CLI displays the number of received bytes. You can terminate the
command execution by pressing Ctrl+C.
Command Syntax
device-name#copy localfile
sftp://[username[:password]@]hostname[:port][/dstfile]
Arguments Description
username (Optional) the SFTP-server username
password (Optional) the password authenticating the username
hostname The SFTP server IP Address, in an A.B.C.D format
port (Optional) the SFTP port number
localfile The local file including path
dstfile (Optional) specifies the destination filename including path.
If you do not specify:
• a path, the file is saved in the current working directory
• a filename, the file is stored with the local filename
NOTE
If you do not the username and password arguments within the command line, the
CLI prompts for them.
Example
device-name#copy File_Image.Z sftp://batm:batm@10.20.30.40:1002/File_Image.Z
Connecting to 10.20.30.40
Remote directory is /home/batm
Uploading file /home/batm/File_Image.Z
SFTP sending file flash:/BiNOS-T-Marc3X0.Z : 123456
Upload completed successfully...
Page 37
Configuring Device Authentication Features (Rev. 07)
T-Marc 300 Series User Guide
The command displays the filenames, size, directory or file, modification date, and permissions.
You can terminate the command execution by pressing Ctrl+C.
Command Syntax
device-name#dir sftp://[username[:password]@]hostname[:port][/dirname]
Arguments Description
username (Optional) the SFTP-server username
password (Optional) the password authenticating the username
hostname The SFTP server IP Address, in an A.B.C.D format
port (Optional) the SFTP port number
dirname (Optional) the path to the relevant directory, relative to the root directory
(usually the home directory).
Example
device-name#dir sftp://batm:batm@10.20.30.40/usr/temp
Connecting to 10.20.30.40
Remote directory is /home/batm/usr/temp
Page 38
Configuring Device Authentication Features (Rev. 07)
T-Marc 300 Series User Guide
Command Syntax
device-name#rename sftp://[username[:password]@]hostname[:port]/old_filename
new_filename
Arguments Description
username (Optional) the SFTP-server username
password (Optional) the password authenticating the username
hostname The SFTP server IP Address, in an A.B.C.D format
port (Optional) the SFTP port number
old_filename The current filename including the path (relative to the root directory, usually
home directory).
new_filename The new filename (without the path). This name cannot contain directory
separators and cannot be the same as the old one.
Command Syntax
device-name#del sftp://[username[:password]@]hostname[:port]/filename
Argument Description
username (Optional) the SFTP-server username
password (Optional) the password authenticating the username
hostname The SFTP server IP Address, in an A.B.C.D format
port (Optional) the SFTP port number
filename The filename including path (relative to the root directory, usually the home
directory).
Page 39
Configuring Device Authentication Features (Rev. 07)
T-Marc 300 Series User Guide
Supported Platforms
Feature T-Marc 340 T-Marc 380
CLI User- No Standards are supported No MIBs are No RFCs are supported by this
Privilege by this feature. supported by feature.
Levels this feature.
RADIUS No standards are supported No MIBs are • RFC 2865, Remote
by this feature. supported by Authentication Dial In User
this feature. Service (RADIUS)
• RFC 2869, Remote
Authentication Dial In User
Service (RADIUS)
Extensions
TACACS+ No Standards are supported No MIBs are draft-grant-tacacs-02—tac-
by this feature. supported by rfc.1.78.txt draft
this feature.
SSH • draft-ietf-secsh- No MIBs are • RFC 1851, The ESP Triple
architecture-07 supported by DES Transform
this feature.
• draft-ietf-secsh- • RFC 2792, DSA and RSA
transport-09 Key and Signature Encoding
• draft-ietf-secsh-connect- for the KeyNote Trust
09 Management System
• draft-ietf-secsh-userauth-
09
• FIPS 186 (Digital
Signature Standard)
• FIPS 180-1 (Secure
Hash Algorithm)
• HMAC-SHA1 MAC
algorithm
Page 40
Configuring Device Authentication Features (Rev. 07)
T-Marc 300 Series User Guide
SFTP No standards are supported No MIBs are • RFC 4251, The Secure Shell
Client by this feature. supported by (SSH) Protocol Architecture
this feature.
• RFC 4252, The Secure Shell
(SSH) Authentication
Protocol
• RFC 4253, The Secure Shell
(SSH) Transport Layer
Protocol
• RFC 4254, The Secure Shell
(SSH) Connection Protocol
Page 41
Configuring Device Authentication Features (Rev. 07)
Configuring Internet Group Multicast
Protocol (IGMP) Snooping
Table of Contents
Table of Figures ······················································································ 3
Page 1
Error! No text of specified style in document. (Rev. 01)
T-Marc 300 Series User Guide
Page 2
Configuring Internet Group Multicast Protocol (IGMP) Snooping (Rev. 01)
T-Marc 300 Series User Guide
Table of Figures
Figure 1: IGMP Version 1 Message Fields ····················································· 4
Figure 2: IGMP Version 2 Message Fields ····················································· 5
Figure 3: Initial IGMP Join Message···························································· 7
Figure 4: Second Host Joining a Multicast Group············································· 8
Figure 5: IGMP Configuration Flow···························································10
Figure 6: IGMP Snooping Configuration Example ··········································35
Page 3
Configuring Internet Group Multicast Protocol (IGMP) Snooping (Rev. 01)
T-Marc 300 Series User Guide
Multicast Address
Multicast IP addresses range is from 224.0.0.0 to 239.255.255.255. They are also referred to as
Group Destination Address (GDA). A MAC address is associated to each GDA. This GDA MAC
address is formed by 01:00:5E:XX:XX:XX, followed by the latest 23 bits of the GDA multicast IP
address in hex.
IGMP Version 1
The IGMP version 1 message is 8 bytes long and contains the following fields (see Figure 1):
• Version (bits 0 to 3)—is 1
• Type (bits 4 to 7)—there are 2 types of IGMP messages:
1=Host Membership Query
2=Host Membership Report
• GDA (bits 32 to 63)—Group Destination Address
IGMP Version 1 Format
Version Type Unused Checksum
0 3 4 7 8 15 16 31
GDA
32 63
Figure 1: IGMP Version 1 Message Fields
Page 4
Configuring Internet Group Multicast Protocol (IGMP) Snooping (Rev. 01)
T-Marc 300 Series User Guide
A host membership report is issued by a host that wants to join a specific multicast group (GDA).
When the IGMP multicast router receives the host membership report, it adds the GDA to the
multicast forwarding table and starts forwarding the IGMP traffic to this group. Host membership
queries are issued by the IGMP multicast router at regular intervals to check whether there is still a
host interested in the GDA in that segment. Host membership reports are sent either when the
host wants to receive GDA traffic or in response to a host membership query from the IGMP
multicast router.
IGMP version 1 does not have a Leave mechanism. When a host does not want to receive the
IGMP traffic any more, it just quits silently. IGMP multicast routers periodically send host
membership query messages (hereinafter called queries) to discover which host groups have
members on their attached local networks. If no reports are received for a particular group after a
certain number of queries, the routers assume that that group has no local members and that they
need not forward remotely-originated multicasts for that group onto the local network.
The host membership report messages are transmitted with the following datagram:
• Layer 2 information:
Source MAC address—is the MAC address of the host
Destination MAC address—is the MAC address for the GDA (01:00:5E:XX:XX:XX)
• Layer 3 information:
Source IP address—is the IP address of the host
Destination IP address—is the GDA (from 224.0.0.0 to 239.255.255.255)
IGMP Version 2
The IGMP version 2 message fields, as Figure 2, are as follows:
• Type (bits 0 to 7)—there are 3 types of IGMP messages:
0x11=Membership Query
0x16=Version 2 Membership Report
0x17=Leave Group
Also, there is an additional type of message for backwards-compatibility with IGMPv1:
0x12=Version 1 Membership Report.
• Maximal Response Time (MRT) (bits 8 to 15)—this field is meaningful only in
membership query messages, and specifies the maximum allowed time before sending a
responding report in units of 1/10 second. In all other messages, it is set to zero by the sender
and ignored by receivers.
• GDA (bits 32 to 63)—Group Destination Address
IGMP Version 2 Format
Type MRT Checksum
0 7 8 15 16 31
GDA
32 63
Page 5
Configuring Internet Group Multicast Protocol (IGMP) Snooping (Rev. 01)
T-Marc 300 Series User Guide
Report group message is a membership report issued by a host that wants to join a specific
multicast group (GDA). When the IGMP multicast router receives the membership report, it adds
the GDA to the multicast forwarding table and starts forwarding the IGMP traffic to this group.
Membership queries are issued by the IGMP multicast router at regular intervals to check whether
there is still a host interested in the GDA in that segment. Host membership reports are sent either
when the host wants to receive GDA traffic or responds to a membership query from IGMP
multicast router.
If a host does not want to receive the IGMP traffic any more, it sends a Leave Group message.
When the IGMP multicast router receives this Leave Group message, it removes the GDA from
the multicast routing table. In addition, IGMP multicast routers periodically send host membership
query messages (hereafter called queries) to discover which host groups have members on their
attached local networks. If no reports are received for a particular group after a certain number of
queries, the routers assume that that group has no local members and that they need not forward
remotely-originated multicasts for that group onto the local network.
NOTE
According to RFC 2236, all IGMP Version 2 messages have to contain a Router
Alert option in their IP header. IGMP drops any IGMP Version 2 message that
does not contain Router Alert option in its IP header.
Page 6
Configuring Internet Group Multicast Protocol (IGMP) Snooping (Rev. 01)
T-Marc 300 Series User Guide
The device architecture allows the CPU to distinguish IGMP information packets from other
packets for the multicast group. The device recognizes the IGMP packets through its filter engine.
This prevents the CPU from becoming overloaded with multicast frames.
The entry in the multicast forwarding table tells the switching engine to send frames addressed to
the 01:00:5E:01:02:03 multicast MAC address that are not IGMP packets to the host that has joined
the group.
If another host (for example, host D) sends an IGMP join message for the same group (Figure 4),
the CPU receives that message and adds the port number of host D to the multicast forwarding
table as shown in Table 2.
Page 7
Configuring Internet Group Multicast Protocol (IGMP) Snooping (Rev. 01)
T-Marc 300 Series User Guide
NOTE
The number of multicast groups is 1000.
When Link Aggregation is configured, all the multicast traffic is passed on the master port. For
more information about Link Aggregation, refer to the Configuring Interfaces chapter of this User
Guide.
Page 8
Configuring Internet Group Multicast Protocol (IGMP) Snooping (Rev. 01)
T-Marc 300 Series User Guide
Immediate Leave
IGMP Snooping Immediate Leave processing allows the device to remove an interface that sends a
Leave message from the forwarding table without first sending out group-specific queries to the
interface. The port is pruned from the multicast tree for the multicast group specified in the original
Leave message. Immediate Leave processing ensures optimal bandwidth management for all hosts
on a switched network, even when multiple multicast groups are in use simultaneously.
NOTE
IGMP Snooping Immediate Leave is suitable only if after connecting one receiver
on the port.
A Multicast server may be any stream server sending multicast traffic (such as a UDP stream destined
to multicast address). As a rule, a multicast server does not send IGMP queries. The snooping
devices connected to a multicast server (which does not send queries) require additional
configuration (see the example). Multicast traffic is forwarded to group members regardless of the
configuration of the incoming port.
Page 9
Configuring Internet Group Multicast Protocol (IGMP) Snooping (Rev. 01)
T-Marc 300 Series User Guide
Start
Yes Is there a
multicast/IGMP router?
No
End
Page 10
Configuring Internet Group Multicast Protocol (IGMP) Snooping (Rev. 01)
T-Marc 300 Series User Guide
Page 11
Configuring Internet Group Multicast Protocol (IGMP) Snooping (Rev. 01)
T-Marc 300 Series User Guide
Page 12
Configuring Internet Group Multicast Protocol (IGMP) Snooping (Rev. 01)
T-Marc 300 Series User Guide
NOTE
When you enable IGMP Snooping, all multicast data packets are filtered out before
receiving reports, except for well known multicast groups in the range
<01:00:5E:00:00:00–01:00:5E:00:00:FF>.
Command Syntax
device-name(config)#ip igmp snooping
device-name(config)#no ip igmp snooping
Argument Description
no Disables IGMP Snooping on all existing VLANs.
Disabled
You can enable IGMP snooping for each VLAN only after you have enable the global IGMP
snooping, using the ip igmp snooping command.
Command Syntax
device-name(config)#ip igmp snooping vlan <vlan-id>
device-name(config)#no ip igmp snooping vlan <vlan-id>
Argument Description
no Disables IGMP Snooping for a VLAN.
Enabled
vlan-id Enables IGMP snooping for the specified VLAN in the range of <1–4094>.
Page 13
Configuring Internet Group Multicast Protocol (IGMP) Snooping (Rev. 01)
T-Marc 300 Series User Guide
NOTE
To calculate the Group Membership Interval and Other Querier Present Interval
(see RFC 2236) use the IGMP Snooping timers.
Command Syntax
device-name(config)#ip igmp snooping router-timers {last-member <last-member-
interval> | query <query-interval> | responses <responses-time> | robustness
<robustness>}
device-name(config)#no ip igmp snooping router-timers {last-member | query |
responses | robustness}
Argument Description
last-member Specifies the expected response time, in seconds, for answering a specific
<last-member- query. The valid range is <0.1–125.0>.
interval> 1 second
The response time must be less than the query interval.
This value is inserted in the response-time field of the specific query
packet generated by the device. Increasing the response time makes the
traffic less bursty, by spreading out host responses over a larger interval.
query <query- Specifies the maximum time interval that the multicast router waits after
interval> sending a group-specific query to determine if hosts are still interested in a
specific multicast group. The valid range is <11.0–32762.0>.
125 seconds
responses Specifies the expected response time, in seconds, for answering a general
<responses- query. The valid range is <0.1–125.0>.
time> 10 seconds
This value is inserted in the response-time field of the general query
packet generated by the device. Increasing the response time makes the
traffic less bursty, by spreading out host responses over a larger interval.
Page 14
Configuring Internet Group Multicast Protocol (IGMP) Snooping (Rev. 01)
T-Marc 300 Series User Guide
robustness Specifies the number of specific query packets sent by the device. The
<robustness> valid range is <2–254>.
2 packets
The robustness variable allows tuning for the expected packet loss. If a
subnet is expected to be lost, the robustness variable may be increased.
no Restores to default.
Example
In the following example four specific queries are sent every 30 seconds with response time set to
15 seconds. If the device does not receive any join request after 60 seconds, it sends the Leave
packet to the multicast router port.
device-name(config)#ip igmp snooping router-timers last-member 30
device-name(config)#ip igmp snooping router-timers responses 15
device-name(config)#ip igmp snooping router-timers robustness 4
Command Syntax
device-name(config)#ip igmp snooping send-query vlan <vlan-id> interface {PORT-
LIST | PORT-AG-LIST} {query-interval <query-interval-value> | response-time
<response-time-value> | group <M.G.R.P>}
device-name(config)#no ip igmp snooping send-query vlan <vlan-id> interface
{PORT-LIST | PORT-AG-LIST}
Argument Description
vlan-id Specifies the VLAN ID number in range <1–4094>.
PORT-LIST Specifies the query port list distribution. Use commas as
separators and hyphens to indicate sub-ranges (e.g. 1/1/1–
1/2/5, 1/2/7).
PORT-AG-LIST Specifies the Query link aggregation port list, of the form:
ag01, ag02–ag05, ag07. The valid range is <ag01–ag07>.
query-interval <query- Specifies the interval between queries in seconds, in the
interval-value> range <1–300>.
125 seconds
response-time <response- Specifies the host response timeout, in seconds, to be set in
time-value> the query frame, in the range <1–25>.
10 seconds
group <M.G.R.P> Multicast group to query for.
no Removes the query generator.
Page 15
Configuring Internet Group Multicast Protocol (IGMP) Snooping (Rev. 01)
T-Marc 300 Series User Guide
Example
NOTE
The configured response timeout value is specified in seconds, but the value that is
actually inserted in the packet is in 1/10 second units.
Configure the general query packet every 50 seconds in VLAN 5 on port 1/1/1 with response
timeout of 15 seconds:
device-name(config)#ip igmp snooping send-query vlan 5 interface 1/1/1 query-
interval 50 response-time 15
NOTE
IGMP Snooping Immediate Leave is suitable only if one receiver is connected on
the port.
Command Syntax
device-name(config)#ip igmp snooping vlan <vlan-id> immediate-leave
device-name(config)#no ip igmp snooping vlan <vlan-id> immediate-leave
Argument Description
vlan-id Refer to the Argument Description.
no Restores to default.
Disabled
Example
device-name(config)#ip igmp snooping vlan 1 immediate-leave
Page 16
Configuring Internet Group Multicast Protocol (IGMP) Snooping (Rev. 01)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#ip igmp snooping vlan <vlan-id> interface UU/SS/PP {max-
reports <number> | static report M.G.R.P}
device-name(config)#no ip igmp snooping vlan <vlan-id> interface UU/SS/PP {max-
reports | static report M.G.R.P}
Argument Description
vlan-id Refer to the Argument Description.
interface UU/SS/PP Specifies the operating port.
max-reports <number> Specifies the maximum number of IGMP reports that the port can
join, in the range <0–2000>.
2000
static Adds a static entry.
report Adds a report entry.
M.G.R.P Specifies the IP multicast address.
no Removes the static report.
Example
device-name(config)#ip igmp snooping vlan 1 interface 1/2/8 static report
228.1.23.4
Command Syntax
device-name(config)#ip igmp snooping forbidden {PORT-LIST | PORT-AG-LIST}
device-name(config)#no ip igmp snooping forbidden {PORT-LIST | PORT-AG-LIST}
Page 17
Configuring Internet Group Multicast Protocol (IGMP) Snooping (Rev. 01)
T-Marc 300 Series User Guide
Argument Description
PORT-LIST Specifies one or more port numbers. Use commas as separators and
hyphens to indicate sub-ranges (e.g. 1/2/1–1/2/5, 1/2/7).
PORT-AG-LIST Specifies the link aggregation port list, of the form: ag01, ag02–ag05,
ag07. The valid range is <ag01–ag07>.
no Restores to default.
Enabled
IGMP does not process membership reports for groups in the local-link IP multicast range
<224.0.0.0–224.0.0.255>, since many hosts do not join multicast groups in this range. Thus, the
traffic in the range <01:00:5E:00:00:00–01:00:5E:00:00:FF> is always unregistered and forwarded
to all ports in the VLAN.
Command Syntax
device-name(config)#ip igmp snooping vlan <vlan-id> mrouter interface {ag0N |
UU/SS/PP}
device-name(config)#no ip igmp snooping vlan <vlan-id> mrouter interface {ag0N
| UU/SS/PP}
Argument Description
vlan-id Specifies the multicast router VLAN ID value, in the range <1–4094>.
ag0N Specifies the aggregation port to the multicast router. N is in the range <1–7>.
UU/SS/PP Specifies the multicast router port.
no Removes the multicast router port definition on the specific VLAN.
Example
device-name(config)#ip igmp snooping vlan 200 mrouter interface 1/1/1
Page 18
Configuring Internet Group Multicast Protocol (IGMP) Snooping (Rev. 01)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#ip igmp snooping vlan <vlan-id> static M.G.R.P interface
{PORT-LIST | PORT-AG-LIST}
device-name(config)#no ip igmp snooping vlan <vlan-id> [static M.G.R.P]
[interface {PORT-LIST | PORT-AG-LIST}]
Argument Description
vlan-id Refer to the Argument Description.
M.G.R.P Specifies the multicast address.
PORT-LIST Specifies one or more port numbers. Use commas as separators
and hyphens to indicate sub-ranges (e.g. 1/1/1–1/2/5, 1/2/7).
PORT-AG-LIST Specifies the link aggregation port list, of the form: ag01, ag02–
ag05, ag07. The valid range is <ag01–ag07>.
no Removes the static multicast definition.
Command Syntax
device-name(config)#ip igmp snooping vlan <vlan-id> max-groups <number>
device-name(config)#no ip igmp snooping vlan <vlan-id> max-groups
Argument Description
vlan-id Refer to the Argument Description.
max-groups <number> Specifies the maximum number of IGMP groups that VLAN can
join, in the range <0–2000>.
2000
no Restores the number of maximum groups to the default value.
Page 19
Configuring Internet Group Multicast Protocol (IGMP) Snooping (Rev. 01)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#ip igmp snooping vlan <vlan-id> max-reports <number>
device-name(config)#no ip igmp snooping vlan <vlan-id>> max-reports
Argument Description
vlan-id Refer to the Argument Description.
max-reports <number> Specifies the maximum number of IGMP reports that VLAN can
join, in the range <0–2000>.
2000
no Restores the number of maximum reports to the default value
Command Syntax
device-name(config)#ip igmp snooping vlan <vlan-id> transparent
Argument Description
vlan-id Refer to the Argument Description.
transparent Specifies the transparent mode.
Page 20
Configuring Internet Group Multicast Protocol (IGMP) Snooping (Rev. 01)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#ip igmp snooping vlan <vlan-id> proxy
Argument Description
vlan-id Refer to the Argument Description.
proxy Specifies the proxy mode.
Command Syntax
device-name(config)#ip igmp snooping vlan <vlan-id> source-tracking
device-name(config)#no ip igmp snooping source-tracking
Argument Description
vlan-id Refer to the Argument Description.
no Disables source tracking.
Enabled
Command Syntax
device-name(config)#ip igmp snooping vlan <vlan-id> report-suppression
Argument Description
vlan-id Refer to the Argument Description.
Page 21
Configuring Internet Group Multicast Protocol (IGMP) Snooping (Rev. 01)
T-Marc 300 Series User Guide
NOTE
Windows clients do not accept queries with source IP address 0.0.0.0.
Command Syntax
device-name(config)#ip igmp snooping query-source-ip-zero
device-name(config)#no ip igmp snooping query-source-ip-zero
Argument Description
no Restores to default.
The source IP address of the queries is the IP address of the IP
interface sw0.
Command Syntax
device-name(config)#ip igmp snooping interface UU/PP/SS max-reports <number>
device-name(config)#no ip igmp snooping interface UU/PP/SS max-reports
Argument Description
UU/SS/PP Specifies the port of the multicast device.
max-reports <number> Specifies the maximum number of IGMP reports that port can join,
in the range <0–2000>.
2000
no Restores the maximum number of IGMP reports that specified port
can join to default value.
Page 22
Configuring Internet Group Multicast Protocol (IGMP) Snooping (Rev. 01)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#ip igmp snooping ignore router-alert-option
device-name(config)#no ip igmp snooping ignore router-alert-option
Argument Description
router-alert-option IGMP packets are not checked for the router alert option.
no IGMP packets are checked for the router alert option.
Example
device-name(config)#ip igmp snooping ignore router-alert-option
Command Syntax
device-name(config)#ip igmp snooping max-groups <number>
device-name(config)#no ip igmp snooping max-groups
Argument Description
number Specifies the maximum number of IGMP groups, in the range <0–2000>.
2000
no Restores the number of maximum groups to the default value.
Page 23
Configuring Internet Group Multicast Protocol (IGMP) Snooping (Rev. 01)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#ip igmp snooping max-reports <number>
device-name(config)#no ip igmp snooping max-reports
Argument Description
number Specifies the maximum number of IGMP reports in the range <0–2000>.
2000
no Restores the number of maximum reports to the default value.
Command Syntax
device-name(config)#multicast vlan <vlan-id> static HH:HH:HH:HH:HH:HH interface
{PORT-LIST | PORT-AG-LIST}
device-name(config)#no multicast vlan <vlan-id> static HH:HH:HH:HH:HH:HH
Argument Description
vlan-id Specifies the VLAN ID value, in the range <1–4094>.
static Specifies the static multicast MAC address.
HH:HH:HH:HH:HH:HH
PORT-LIST Specifies one or more port numbers. Use commas as separators and
hyphens to indicate sub-ranges (e.g. 1/1/1–1/2/5, 1/2/7).
PORT-AG-LIST Specifies the link aggregation port list, of the form: ag01, ag02–
ag05, ag07. The valid range is <ag01–ag07>.
no Removes the previously configured static multicast entry.
Page 24
Configuring Internet Group Multicast Protocol (IGMP) Snooping (Rev. 01)
T-Marc 300 Series User Guide
Command Syntax
device-name#show ip igmp snooping [vlan <vlan-id>]
Argument Description
vlan <vlan-id> (Optional) displays all IGMP Snooping information for a specified VLAN ID
value, in the range <1–4094>.
Example
device-name#show ip igmp snooping
vlan 1
=======
IGMP snooping is enabled on this VLAN.
IGMP Snooping Mode: Suppress Reports
IGMP Snooping Source-Tracking: Enabled
IGMP Snooping Immediate-leave: Disabled
Report Table
=============================================================
Group Address | Interface | Age | Type
-----------------+-----------+-----+-------------------------
224.2.2.2 | 1/1/2 | 208.0| REPORTv2
224.2.1.1 | 1/1/2 | 258.1| REPORTv2
-------------------------------------------------------------
Page 25
Configuring Internet Group Multicast Protocol (IGMP) Snooping (Rev. 01)
T-Marc 300 Series User Guide
Command Syntax
device-name#show ip igmp snooping mrouter [vlan <vlan-id>]
Argument Description
vlan <vlan-id> (Optional) displays all multicast router ports for a specified VLAN ID value,
in the range <1–4094>. If you do not specify this argument, the information
for all VLANs is displayed.
Example
Display static and dynamic multicast router ports for all VLANs:
device-name#show ip igmp snooping mrouter
=============================================================
Vlan | Interface | Source Address | Age | Type
------+-----------+-----------------+-----+------------------
1 | 1/1/1 | 1.1.1.1 | 254.1| MROUTER, DYNAMIC
-------------------------------------------------------------
Command Syntax
device-name#show ip igmp snooping router-timers
Example
Display the multicast router timers:
device-name#show ip igmp snooping router-timers
Last member query interval : 1.0 sec
Responses interval : 10.0 sec
Query interval : 125.0 sec
Robustness : 2 packets
Page 26
Configuring Internet Group Multicast Protocol (IGMP) Snooping (Rev. 01)
T-Marc 300 Series User Guide
Command Syntax
device-name#show ip igmp snooping all [count]
Argument Description
count (Optional) counts all IGMP Snooping entries form the database.
Example 1
device-name#show ip igmp snooping all
Vlan 1
Ingress TABLE
Ing GrIp 224.2.2.2, Iface 1/1/2, Type 1, Timer 1448, PendQueue 0
Source Ip = 2.2.2.2
Ing GrIp 224.2.1.1, Iface 1/1/2, Type 1, Timer 1949, PendQueue 0
Source Ip = 2.2.2.2
Ingress count 2
Mrouter TABLE
Mrt IfIdx 1/1/1, SrcIp 1.1.1.1, Type 0, Timer 192,
Mrouter count 1
Egress TABLE
Egr GrIp 224.2.2.2, IfCount 2 - 1/1/2 1/1/1
Egr GrIp 224.2.1.1, IfCount 2 - 1/1/2 1/1/1
Egress count 2
Querier TABLE
Queries count 0
Vlan 10
Ingress TABLE
Ingress count 0
Mrouter TABLE
Mrouter count 0
Egress TABLE
Egress count 0
Querier TABLE
Queries count 0
Page 27
Configuring Internet Group Multicast Protocol (IGMP) Snooping (Rev. 01)
T-Marc 300 Series User Guide
Example 2
device-name#show ip igmp snooping all count
Vlan 1
Ingress TABLE
Ingress count 0
Mrouter TABLE
Mrouter count 1
Egress TABLE
Egress count 2
Querier TABLE
Querier Interface 1/2/3, GrpIp 224.0.0.1, QueryInterval 125 Resp
onseInterval 10
Querier Interface 1/1/1, GrpIp 224.0.0.1, QueryInterval 300 Resp
onseInterval 25
Queries count 2
Command Syntax
device-name#show ip igmp snooping interfaces
Example
device-name(config)#ip igmp snooping forbidden 1/1/1,1/1/2
device-name(config)#end
device-name#show ip igmp snooping interfaces
=========================================
Interface | State | Forbidden |
------------+---------------+-----------+
1/1/1 | Operational | Yes |
1/1/2 | Operational | Yes |
1/2/1 | Operational | No |
…
1/2/8 | Operational | No |
ag01 | Operational | No |
ag02 | Operational | No |
…
ag07 | Operational | No |
-----------------------------------------
Page 28
Configuring Internet Group Multicast Protocol (IGMP) Snooping (Rev. 01)
T-Marc 300 Series User Guide
Command Syntax
device-name#show ip igmp snooping limits [interface UU/SS/PP | vlan <vlan-id> |
vlan <vlan-id> interface UU/SS/PP]
Argument Description
interface UU/SS/PP (Optional) displays all IGMP Snooping limits for a specified port of the
multicast router.
vlan <vlan-id> (Optional) displays all IGMP Snooping limits for a specified VLAN ID
value, in the range <1–4094>.
Example
device-name#show ip igmp snooping limits
Number of max Reports for application : 2000
Number of max Reports for Default VSI : 30
Command Syntax
device-name#show ip igmp snooping limits current [vlan <vlan-id> | interface
UU/SS/PP | vlan <vlan-id> interface UU/SS/PP]
Argument Description
current Displays all IGMP Snooping reports and groups currently
present in IGMP database.
interface UU/SS/PP (Optional) refer to the Argument Description above.
vlan <vlan-id>
Page 29
Configuring Internet Group Multicast Protocol (IGMP) Snooping (Rev. 01)
T-Marc 300 Series User Guide
Example
device-name#show ip igmp snooping limits current
Number of current Reports for application : 5
Number of current Reports for Default VSI : 5
Command Syntax
device-name#show ip igmp snooping querier [vlan <vlan-id>]
Argument Description
vlan <vlan-id> (Optional) displays all IGMP Snooping queriers sending for a
specified VLAN ID value, in the range <1–4094>.
Example
device-name#show ip igmp snooping querier
============================================================================
Vlan|Source Address|Multicast Grp |Type|Query Int|Rsp Time| Interface | Age
----+--------------+--------------+----+---------+--------+-----------+-----
1 | 200.1.1.1 | 224.0.0.1 | D | 125 | 10 | 1/2/8 | 88.5
1 | 200.1.1.1 | 224.0.0.1 | D | 125 | 10 | 1/2/7 | 88.5
Command Syntax
device-name#show ip igmp snooping statistics
Page 30
Configuring Internet Group Multicast Protocol (IGMP) Snooping (Rev. 01)
T-Marc 300 Series User Guide
Example
device-name#show ip igmp snooping statistics
Total Queries Received : 8
Total Reports Received : 43
Total Leaves Received : 0
Current Groups : 2
Max Simultaneously Groups : 2
Command Syntax
device-name#clear ip igmp snooping statistics [max-groups | leaves | queries |
reports]
Argument Description
max-groups (Optional) clears the maximum simultaneous groups counter.
leaves (Optional) clears the Leave packets received counter.
queries (Optional) clears the query packets received counter.
reports (Optional) clears the report packets received counter.
Example
device-name#clear ip igmp snooping statistics
Command Syntax
device-name#debug igmp snooping {mvr | hw | database | timers | events | all}
device-name#no debug igmp snooping {mvr | hw | database | timers | events |
all}
Page 31
Configuring Internet Group Multicast Protocol (IGMP) Snooping (Rev. 01)
T-Marc 300 Series User Guide
Argument Description
mvr Debugs IGMP Snooping MVR (Multicast VLAN Registration).
hw Debugs IGMP Snooping hardware calls.
database Debugs IGMP Snooping database.
timers Debugs IGMP Snooping timers.
events Debugs IGMP Snooping events.
all Debugs all IGMP Snooping.
no Stops the IGMP Snooping debug.
Command Syntax
device-name#debug igmp snooping packet {send | recv} [detail]
device-name#no debug igmp snooping packet {send | recv} [detail]
Argument Description
send Debugs all IGMP Snooping sent PDU.
recv Debugs all IGMP Snooping received PDU.
detail (Optional) debugs all IGMP Snooping PDU details.
no Stops the IGMP Snooping PDUs debug.
Command Syntax
device-name#show multicast table {l2mac | l2g | l2sg | l3 | nbr | all}
Argument Description
l2mac Displays L2 MAC address entries.
l2g Displays multicast L2 group entries.
l2sg Displays multicast L2 source group table entries.
l3 Displays L3 entries.
nbr Displays neighbors.
Page 32
Configuring Internet Group Multicast Protocol (IGMP) Snooping (Rev. 01)
T-Marc 300 Series User Guide
Example
device-name#show multicast table all
Layer 2 Vlan, MAC Multicast Table
===============================================================================
Vlan| MAC | Interfaces
----+-------------------+------------------------------------------------------
1 | 01:00:5E:02:02:02 | 1/1/1
1 | 01:00:5E:03:04:01 | 1/1/1, 1/1/2
1 | 01:00:5E:02:01:01 | 1/1/1, 1/1/2
10 | 01:00:5E:01:01:01 |
===============================================================================
Page 33
Configuring Internet Group Multicast Protocol (IGMP) Snooping (Rev. 01)
T-Marc 300 Series User Guide
Command Syntax
device-name#debug mfib [l2mac | l2g | l2sg | l3 | unknown | igmp | timers |
events | hw]
device-name#no debug mfib [l2mac | l2g | l2sg | l3 | unknown | igmp | timers |
events | hw]
Argument Description
l2mac (Optional) debugs multicast MAC table.
l2g (Optional) debugs multicast L2 group table.
l2sg (Optional) debugs multicast L2 source group table.
l3 (Optional) debugs multicast L3 table.
unknown (Optional) debugs multicast unknown packets.
igmp (Optional) debugs multicast events from IGMP snooping.
timers (Optional) debugs multicast timers.
events (Optional) debugs multicast events.
hw (Optional) debugs multicast hardware.
no Disables debugging information regarding multicast database.
Page 34
Configuring Internet Group Multicast Protocol (IGMP) Snooping (Rev. 01)
T-Marc 300 Series User Guide
Configuration Example
The following figure shows an example of IGMP configuration. The multicast server is the source
of the multicast traffic. Switch 3 is configured as IGMP General Query sender. multicast receivers
(clients) are connected to Switch 1 and Switch 2.
Configuring Switches 1, 2:
Enable IGMP Snooping:
device-name#configure terminal
device-name(config)#ip igmp snooping
Configuring Switch 3:
1. Enable IGMP Snooping:
device-name#configure terminal
device-name(config)#ip igmp snooping
3. Set the maximum number of IGMP groups that the VLAN can join:
device-name(config)#ip igmp snooping vlan 1 max-groups 20
Page 35
Configuring Internet Group Multicast Protocol (IGMP) Snooping (Rev. 01)
T-Marc 300 Series User Guide
4. Set the maximum number of IGMP reports that the VLAN can join:
device-name(config)#ip igmp snooping vlan 1 max-reports 30
8. Send every 30 seconds specific queries with response time set to 15 seconds:
device-name(config)#ip igmp snooping router-timers query 30.0
device-name(config)#ip igmp snooping router-timers responses 15.0
device-name(config)#ip igmp snooping router-timers robustness 4
Report Table
=============================================================
Group Address | Interface | Age | Type
-----------------+-----------+-----+-------------------------
228.1.23.5 | 1/2/1 | 0.0 | REPORTv2, STATIC
Page 36
Configuring Internet Group Multicast Protocol (IGMP) Snooping (Rev. 01)
T-Marc 300 Series User Guide
-------------------------------------------------------------
Page 37
Configuring Internet Group Multicast Protocol (IGMP) Snooping (Rev. 01)
T-Marc 300 Series User Guide
Querier TABLE
Querier Interface 1/2/2, GrpIp 224.0.0.1, QueryInterval 10
Respo
nseInterval 15
Querier Interface 1/2/1, GrpIp 224.0.0.1, QueryInterval 10
Respo
nseInterval 15
Queries count 2
Page 38
Configuring Internet Group Multicast Protocol (IGMP) Snooping (Rev. 01)
T-Marc 300 Series User Guide
Supported Platforms
Features T-Marc 340 T-Marc 380
IGMP Snooping + +
Page 39
Configuring Internet Group Multicast Protocol (IGMP) Snooping (Rev. 01)
Configuring Simple Network Management
Protocol (SNMP)
Table of Figures ······················································································ 3
Overview ······························································································· 4
SNMP Entity······················································································ 4
SNMP Agent ······················································································ 5
Structure of Management Information (SMI)·················································· 5
SNMP Manager ··················································································· 5
Management Information Base (MIB)·························································· 5
SNMP Engine ID················································································· 5
SNMP View Records············································································· 6
SNMP Notifications·············································································· 6
The Discovery Mechanism ······································································ 8
Versions of SNMP ··············································································10
Page 1
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
Configuration Examples···········································································48
Using SNMPv1 ··················································································48
SNMP Notification for Users ··································································48
Group Definition ················································································49
Defining Users and Assigning Users to Groups ··············································50
Using SNMPv3 ··················································································51
Configuring a Target Address to Receive Informs and Traps ·······························52
Configuring Notification Logs ·································································53
Page 2
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
Table of Figures
Figure 1: SNMP Agent and Manager Communications······································· 4
Figure 2: Trap Sent to SNMP Manager Successfully ·········································· 6
Figure 3: Inform Request Sent to SNMP Manager Successfully ····························· 7
Figure 4: Trap Unsuccessfully Sent to SNMP Manager ······································· 7
Figure 5: Inform Request Successfully Resent to SNMP Manager··························· 8
Figure 6: Obtaining the snmpEngineID························································ 9
Figure 7: Obtaining the snmpEngineBoots and snmpEngineTime·························· 9
Page 3
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
Overview
The Simple Network Management Protocol (SNMP) is an application layer protocol that facilitates
the exchange of management information between network devices.
An SNMP-managed network consists of three key components:
• managed device—is a network node that contains an SNMP Agent and resides on a managed
network
• agent—is a network-management software module that resides in a managed device. An agent
has local knowledge of management information and translates that information into a form
compatible with SNMP
• network-management system—executes applications that monitor and control managed
devices.
SNMP enables network administrators to manage network performance, find and solve network
problems and extend the network.
The SNMP system consists of SNMP Manager, SNMP Agent and Management Information Base
(MIB). SNMP provides a message format for communication between SNMP Managers and
Agents.
Figure 1 displays the communication between an SNMP Agent and Manager.
SNMP Entity
An SNMP Entity is an implementation of the SNMP architecture. Each entity consists of an
SNMP Engine and one or more associated applications. An SNMP Engine provides services for
sending and receiving messages, authenticating and encrypting messages, and controlling access to
managed objects. The SNMP Engine is identified by the SNMP Engine ID. The applications use
the services of an SNMP Engine to accomplish specific tasks. They coordinate the processing of
management information operations, and may use SNMP messages to communicate with other
SNMP Entities.
Page 4
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
SNMP Agent
An Agent is a network-management software module that resides in a managed device and is
responsible for maintaining local management information and delivering that information to a
Manager via SNMP. A management information exchange can be initiated by the Manager or by
the Agent. The SNMP Agent contains MIB variables and these values can be requested or
changed by the SNMP Manager. The Agent and MIB reside on the device. The Agent gathers data
from the MIB and responds to a Manager’s request to get or set data.
SNMP Manager
An SNMP Manager is a software module in a management network responsible for managing part
or the entire configuration on behalf of network management applications and users.
The SNMP Manager sends requests to the SNMP Agent to get and set MIB values.
Communication among protocol entities is accomplished by the exchange of messages; each of
them is entirely and independently represented within a single UDP datagram. A message consists
of a version identifier, an SNMP community name, and a protocol data unit (PDU). PDUs are the
packets that are exchanged in the SNMP communication.
SNMP Engine ID
The SNMP Engine ID is a 5 to 32 bytes long, administratively unique identifier of a participant in
SNMP communication within a single management domain. The SNMP Manager and SNMP
Agent must be configured by an administrator to have unique SNMP Engine IDs.
Page 5
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
SNMP Notifications
The SNMP notification messages allow devices to send asynchronous messages to the SNMP
Managers. Devices can send notifications to SNMP Managers when particular events occur. For
example, an Agent might send a message to a Manager when the Agent experiences an error
condition.
NOTE
All traps, except the ones sent with SNMPv1, have a request ID as part of the PDU.
SNMP notifications can be sent as traps or Inform requests. Traps are unreliable because the
receiver does not send any acknowledgment when it receives a trap. However, an SNMP Manager
that receives an Inform request acknowledges the message with an SNMP response PDU. If the
Manager does not receive an Inform request, it does not send a response. If the sender does not
receive a response after a particular time interval, the Inform request can be sent again.
Because they are more reliable, Informs consume more resources in the device and in the network.
Unlike a trap, which is discarded as soon as it is sent, an Inform request must be held in memory
until a response is received or the request times out. Also, traps are sent only once, while an Inform
may be retried several times. The retries increase traffic and contribute to a higher overhead on the
network. Thus, traps and Inform requests provide a trade-off between reliability and resources. If it
is important that the SNMP Manager receives every notification, use Inform requests. On the other
hand, if you are concerned about traffic on your network or memory in the device and you do not
need to receive every notification, use traps.
Figure 2 through Figure 5 illustrate the differences between traps and Inform requests.
In Figure 2, the Agent successfully sends a trap to the SNMP Manager. Although the Manager
receives the trap, it does not send any acknowledgment to the Agent. The Agent has no way of
knowing whether the trap reached its destination.
Page 6
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
In Figure 3, the Agent successfully sends an Inform request to the Manager. When the Manager
receives the Inform request, it sends a response back to the Agent. Thus, the Agent knows that the
Inform request successfully reached its destination. In this example, twice traffic is generated as in
Figure 2; however, the Agent is sure that the Manager received the notification.
In Figure 4, the Agent sends a trap to the Manager, but the trap does not reach the Manager. Since
the Agent has no way of knowing whether the trap reached its destination, the trap is not sent
again. The Manager never receives the trap.
In Figure 5, the Agent sends an Inform request to the Manager, but the Inform request does not
reach the Manager. Since the Manager did not receive the Inform request, it does not send a
response. After a period of time, the Agent resends the Inform request. This time, the Manager
receives the Inform request and replies with a response. In this example, there is more traffic than
in Figure 4; however, the notification reaches the SNMP Manager.
Page 7
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
Page 8
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
When an event occurs, for example LinkUp, the Agent sends an Inform PDU to all valid targets for
this Inform. The very first Inform PDU actually is not valid as the Agent still does not know the
parameters of the Receiver Engine ID—snmpEngineId, snmpEngineBoots and snmpEngineTime.
In Figure 6, the Manager reports the PDU with its Engine ID to the Agent.
The Agent sends an Inform PDU with a valid Engine ID (the Engine ID that is received as shown
in Figure 6), but with incorrect snmpEngineBoots and snmpEngineTime. These parameters are still
unknown to the Agent. The discovery process ends when no authentication/encryption exists for
the target address. If authentication/encryption exists, the packet is with the corresponding
authentication / encryption—MD5, SHA or DES.
In Figure 7, the Manager returns an authenticated REPORT PDU (notInTimeWindow) that
consists of valid snmpEngineBoots and snmpEngineTime parameters.
Finally, when the discovery process is completed, the Agent and the Manager are synchronized and
following packets do not discover the Engine ID of the Manager.
Page 9
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
Versions of SNMP
The application software supports the following versions of SNMP:
Table 1: SNMP Versions
Variable Description
Page 10
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
Variable Description
You must configure the SNMP Agent to use the version of SNMP supported by the management
device. An Agent can communicate with multiple users. For this reason, you can configure the
application software to support communications with many users: some users can use the SNMPv1
protocol, some can use the SNMPv2c protocol, and the rest can use SMNPv3.
NOTE
You can participate in different groups, with a different security model in each
group. You cannot participate in more than one group with the same security model.
Page 11
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
Page 12
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
Page 13
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
snmp-server engineID Configures a new value for the Agent’s SNMP Engine ID
(see Configuring the Agent Engine ID)
snmp-server enable Enables the SNMP Server (see Enabling the SNMP
Server)
snmp-server view Defines the subset of all MIB objects accessible to the
given view (see Defining SNMPv3 Views)
snmp-server group Creates an SNMP group with a specified security model
(v1, v2c or v3) and defines the access-right for this
group by associating views to this group (see Defining
SNMP Groups)
snmp-server user Creates an SNMP local or remote user and associates it
to a group (see Defining an SNMP User)
snmp-server access-list Assigns an access list to the specified user (see
Assigning an Access List to a User)
Page 14
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
Command Description
snmp-server contact Sets the MIB-II system contact string (see Defining the
System Contact String)
snmp-server system-name Sets the MIB-II system name (see Defining the System
Name)
snmp-server location Sets the MIB-II system location string (see Defining the
System Location)
Page 15
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
Command Description
show snmp-server access-list Displays the access list assigned to a user (see
Displaying the Access List Applied to a User)
NOTE
• Configure the Engine ID before adding any users.
• Do not perform changes for the Engine ID once users are configured.
• If you use third part MIB SNMP Managers, check the Engine ID configuration.
• You cannot create two SNMP entities in the management domain with the same
Engine ID.
Command Syntax
device-name(config)#snmp-server engineID ENGINE-ID
device-name(config)#no snmp-server engineID
Argument Description
ENGINE-ID Specifies a string of 10 to 64 characters (represented internally by 5 to 32 bytes)
This ID represents the Agent’s Engine ID as a hexadecimal number. Use an
even number of characters in the valid range <0–9> and <a–f> (case-
insensitive).
Type an even number of hexadecimal digits. Otherwise, as a result an extra zero
is inserted before the last digit. For example, if you type the string 11223344556
(an odd number of characters), the Agent’s parser interprets it as
0x112233445506.
The changing of the Engine ID while there are users that use SNMPv3
authentication or use privacy and authentication, invalidates the keys and
requires recalculation.
no Returns the ID to its default value.
Example
Set the local engineID to be 1234567890ABCD:
device-name(config)#snmp-server engineID 1234567890ABCD
Page 16
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
By default, the SNMP server is disabled and the SNMP UDP port is 161.
NOTE
If the SNMP server is disabled, it can still be configured from the CLI, but it cannot
respond to SNMP PDUs and cannot send traps.
Command Syntax
device-name(config)#snmp-server enable [<udp-port>]
device-name(config)#no snmp-server enable
Argument Description
udp-port (Optional) specifies the number of the UDP port on which the SNMP server
listens for messages. The valid range is <1–65535>.
If you do not specify the UDP port, the SNMP server listens for incoming
messages on its default UDP port—161.
If you specify the UDP port number, the Agent listens for incoming SNMP
messages on this port.
no Disables the SNMP server.
Example
Enable the SNMP server on port 1021:
device-name(config)#snmp-server enable 1021
Command Syntax
device-name(config)#snmp-server view VIEWNAME OID-TREE {included | excluded}
[MASK]
device-name(config)#no snmp-server view VIEWNAME [OID-TREE]
Page 17
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
Argument Description
VIEWNAME Specifies the name of the view. It is limited to 32 characters.
OID-TREE Specifies the starting point inside the MIB tree given in dot-notation.
If the view definition exists, the defined subtree is added to the list of view families.
If the Object ID (OID) already exists, it is replaced by the new data (type of rule
and mask).
This parameter is optional for the no form of the command.
included Specifies that Object ID is included in the view.
excluded Specifies that Object ID is excluded from the view.
MASK (Optional) specifies the bit-mask defining OID wildcard. The mask is typed as a
hexadecimal value, and is interpreted as a binary value.
A binary 1 in the mask states that the Object ID at the corresponding position has
to match, a binary 0 states that the Object ID at the corresponding position is
irrelevant—no match is required.
no Removes the defined view.
Example 1
Create the view MyView and add two rules to it.
1. The first rule enables access to all Object IDs under the MIB-2 tree (all object identifiers that
start with 1.3.6.1.2.1).
2. The second rule disables access to the sysUpTime Object ID.
Grant or denial of access is determined by the most specific rule that matches the object ID. After
the Agent decides whether to grant access to the Object ID 1.3.6.1.2.1.1.3 both typed rules of
MyView match the object. The second rule has a longer match to the view family and the result is
that access is denied (by the excluded keyword).
device-name(config)#snmp-server view MyView 1.3.6.1.2.1 included
device-name(config)#snmp-server view MyView 1.3.6.1.2.1.1.3 excluded
Example 2
Grant access to all conceptual rows in ipCidrRouteTable that have next-hop 192.168.5.1. The
destination, mask and the TOS typed in the OID have no match (the bits of the mask are 0 at these
OIDs).
If an Object ID does not match any rule in a view, its access is denied.
device-name(config)#snmp-server view v1
1.3.6.1.2.1.4.24.4.1.1.0.0.0.0.0.0.0.0.0.192.168.5.1 included FFC01E
Page 18
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
Example 3
Remove the specified view data. If the Object ID is not supplied, all the data of the view
VIEWNAME is removed:
device-name(config)#no snmp-server view VIEWNAME
Example 4
Remove the rule for the sysUpTime (1.3.6.1.2.1.1.3) view family (all other data of MyView is
preserved):
device-name(config)#no snmp-server view MyView 1.3.6.1.2.1.1.3
Example 5
Remove all data for the view with name MyView:
device-name(config)#no snmp-server view MyView
Command Syntax
device-name(config)#snmp-server group NAME {v1 | v2c} read READ-VIEW write
WRITE-VIEW notify NOTIFY-VIEW
device-name(config)#no snmp-server group NAME [v1 | v2c]
Argument Description
NAME Configures a new SNMP group on the device. The name of the group is
limited to 32 characters.
v1 Specifies version 1 of the SNMP protocol.
v2c Specifies version 2 of the SNMP protocol.
v3 Specifies version 3 of the SNMP protocol. This requires you to select an
authentication level—noAuth, Auth or AuthPriv.
In SNMPv3, you can participate in more than one group provided and
each group has a different security model.
auth Enables the Message Digest 5 (HMAC-MD5) or the Secure Hash
Algorithm (HMAC-SHA) packet authentication.
noauth Enables the security level that implies no authentication and no encryption
of the PDUs. This is the default if no keyword is specified.
Page 19
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
priv Enables Data Encryption Standard (DES) packet encryption. In this case
authentication is mandatory and is based on HMAC-MD5 or HMAC-SHA
and CBC-DES encryption.
read READ- Specifies a string (not to exceed 32 characters) that is the name of the
VIEW view in which you can only view the contents of the Agent’s MIB.
write WRITE- Specifies a string (not to exceed 32 characters) that is the name of the
VIEW view in which you can type data and configure the contents of the Agent’s
MIB.
notify Specifies a string (not to exceed 32 characters) that is the name of the
NOTIFY-VIEW view, and specify what portion of the MIB database is accessible for
notifications.
no Removes the SNMP group data.
If you specify only the group name, all groups with that name are removed,
regardless of their security model and security level. If you specify the
security model and security level (if the model is v3), only the group
matching all conditions is removed.
Example 1
Create an SNMP v3 group named GR1 with security level Authenticated:
device-name(config)#snmp-server group GR1 v3 auth read v3_read write v3_write
notify v3_read
Example 2
Remove the group named MyGroup:
device-name(config)#no snmp-server group MyGroup
Example 3
Remove only the group that is named MyGroup2 with security model v3 and security level AuthPriv:
device-name(config)#no snmp-server group MyGroup2 v3 priv
Page 20
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
NOTE
The generation of the key is considerably slow. During this generation, the CLI
stops responding for several seconds (depending on the device model).
Users with security level AuthNoPriv and AuthPriv are stored in NVRAM when the write
command is executed. The configured users are not seen in the configuration file.
Command Syntax
device-name(config)#snmp-server user USER-NAME group GROUP-NAME {v1 | v2c |
v3}
device-name(config)#snmp-server user USER-NAME group GROUP-NAME v3 [priv
ENCRYPTION_PASSWORD] [auth {md5 | sha} AUTHENTICATION_PASSWORD] [remote
ENGINE-ID]
Argument Description
USER-NAME Specifies the name of the user on the host that connects to the
Agent. The user name is limited to 32 characters.
GROUP-NAME Specifies the name of the group to which the user is associated.
v1, v2c, v3 Specifies the SNMP version number (v1, v2c, or v3).
If the security model is v3, type the security level for the user.
For v3 users, if no security level is specified, noAuthNoPriv
security level is assumed.
priv (Optional) specifies that the PDUs sent to or received by this
ENCRYPTION_PASSWORD user should be encrypted, with the key generated from the
encryption password.
auth (Optional) specifies the authentication level setting session.
Specifying this argument requires either md5 or sha to be
specified, as well as a password string.
md5 Specifies theHMAC-MD5 authentication.
sha Specifies the HMAC-SHA authentication.
AUTHENTICATION_PASSWORD Specifies the authentication password string. Do not exceed 32
characters for the password.
remote ENGINE-ID (Optional) creates a remote user by its engine ID.
Page 21
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
no Removes the defined user and the user from its associated
group.
Example 1
Create a user named TOM that uses SNMP v1:
device-name(config)#snmp-server user TOM group g_all_v1 v1
Example 2
Create a user named TOM that uses SNMP v3 with authentication and privacy. The privacy
password is privPass and the authentication password is authPass:
device-name(config)#snmp-server user TOM group g_all_v3 v3 priv privPass auth
md5 authPass
Example 3
Remove a defined v3 user named IVAN from an associated group ACC:
device-name(config)#no snmp-server user IVAN group ACC v3
The access list can permit or deny access to a user according to the access list rules. The rules
contain a permit or deny action and a source IP address. To define the named access list use the
snmp-server access-list and access-list commands. The defined access lists can be viewed
by the show access-lists and/or show snmp-server access-list commands.
For more information regarding ACL commands, refer to the Device Setup and Maintenance chapter of
this User Guide.
NOTE
SNMPv3 time synchronization may double the authenticationFailure notifications.
This can happen when applying user access lists on SNMPv3 users. In this case, the
SNMP requests contain engineBoots or engineTime equaled to zero (0) as time
synchronization. The request cannot take place because of the access list. Therefore,
if notInTimeWindow occurs, it generates an additional authenticationFailure
notification.
Command Syntax
device-name(config)#snmp-server access-list USER-NAME ACL-NAME
device-name(config)#no snmp-server access-list USER-NAME
Page 22
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
Argument Description
USER-NAME Specifies the user name.
ACL-NAME Specifies the existing access list name.
no Removes the access list assigned to the specified user.
Examples:
• Create and assign an access list to a user named IVAN.
device-name(config)#access-list MyLyst permit 220.132.0.0/16
device-name(config)#snmp-server access-list IVAN MyLyst
NOTE
The notification name is the same as specified in the MIB (case-sensitive). You can
add a notification with only one tag name.
Command Syntax
device-name(config)#snmp-server notify NAME TAG-NAME [inform]
device-name(config)#snmp-server notify all TAG-NAME [inform]
device-name(config)#no snmp-server notify NAME
Argument Description
NAME Specifies the notification name, a reserved literal string. The available names are
available in Table 8.
all Enables all notifications. If you specify this parameter, all the available notifications
under the specified tag name are included.
TAG-NAME Specifies the notification tag name.
inform (Optional) creates the notification as Inform. If you omit this parameter, the
notification is created as trap.
no Disables the specified notification.
Example
device-name(config)#snmp-server notify linkUp tag1
Page 23
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
Page 24
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
Page 25
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
Page 26
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
Page 27
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
Page 28
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
Page 29
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
Page 30
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
Page 31
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
A log entry is created for each notification as it occurs, regardless if a notification is sent or not.
Command Syntax
device-name(config)#snmp-server log-notify [TAG-NAME]
device-name(config)#no snmp-server log-notify [TAG-NAME]
Page 32
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
Argument Description
TAG-NAME (Optional). Specifies the name of the tag associated with the notifications to be
logged. If the parameter is not supplied, the logging of all notifications is
enabled/disabled. The available names of notifications are specified in Table 8.
no Disables the SNMP notification log and clear its contents.
If you disable notifications associated with a specific tag name, by specifying
the tag name in the no command, the general snmp-server log-notify
command (without the specific tag name) is not enabling these notifications. In
this case, you have to explicitly enable these notifications.
Example
If you use no snmp-server log-notify Tag1, then snmp-server log-notify enables all
notifications except for those associated with Tag1.
device-name(config)#no snmp-server log-notify Tag1
device-name(config)#snmp-server log-notify
To enable the notifications that are associated with Tag1, use snmp-server log-notify Tag1.
device-name(config)#snmp-server log-notify Tag1
NOTE
The notifications that are not sent to a management device due to a configuration
error are not logged.
Command Syntax
device-name(config)#snmp-server log-sent-notify
device-name(config)#no snmp-server log-sent-notify
Argument Description
no Disables the SNMP sent-notification logging.
Page 33
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
Command Syntax
device-name#clear snmp-server log-notify
The SNMP server target parameter sets the trap security parameters and specifies the user that
sends the trap to the target address. The user data contains the keys for the trap PDU encryption.
Command Syntax
device-name(config)#snmp-server target-param NAME USER-NAME v1 [PROFILE-NAME]
device-name(config)#snmp-server target-param NAME USER-NAME v2c [PROFILE-
NAME]
device-name(config)#snmp-server target-param NAME USER-NAME v3 {auth | noauth
| priv} [PROFILE-NAME]
device-name(config)#no snmp-server target-param NAME
Argument Description
NAME Specifies the name of the target parameter.
USER-NAME Specifies the name of the user on the host that connects to the Agent.
v1, v2c, v3 Specifies the security model of the target-parameter. It specifies the
version of the protocol in which the traps would be sent (v1, with TRAP-V1
PDU type, v2c with TRAP-V2 PDU type OR v3, with TRAP-V2 PDU type).
noauth Specifies the security level that implies no authentication and no
encryption of the PDUs.
auth Specifies the authentication of the PDUs based on HMAC-MD5 or HMAC-
SHA. No encryption is used.
priv Specifies the authentication based on HMAC-MD5 or HMAC-SHA and
CBC-DES encryption for the message data.
PROFILE-NAME (Optional) specifies the profile name, defined by the snmp-server
target-profile command. The target profile represents a set of filters
that restrict the access to the MIB tree for trap sending.
no Removes the notification target parameter.
Example
device-name(config)#snmp-server target-param param1 ABC v3 auth
Page 34
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#snmp-server target-addr NAME A.B.C.D <udp-port> PAR-NAME
[<TAG1> ... <TAGN>]
device-name(config)#snmp-server target-addr NAME {addtag | deltag} TAG-NAME
device-name(config)#no snmp-server target-addr NAME
NOTE
Use the command with addtag and deltag arguments only if the notification tag
address is already defined.
Argument Description
NAME Specifies the name of the notification target address.
A.B.C.D Specifies the IP address of the target.
udp-port Specifies the UDP port number of the target address in the range of
<1–65535>.
PAR-NAME Specifies the parameter name.
<TAG1> ... <TAGN> (Optional) specifies a list of tags. You can add one or more tags.
addtag Adds the specified tag to the list.
deltag Removes the specified tag from the list.
TAG-NAME Specifies the name of the added/removed tag.
no Removes the notification target address.
Example 1
device-name(config)#snmp-server target-addr XYZ 192.168.0.121 162 param1 tag1
Example 2
device-name(config)#snmp-server target-addr XYZ addtag tag2
Page 35
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#snmp-server set-execute-trap
device-name(config)#no snmp-server set-execute-trap
Argument Description
no Disables the sending of snmpSetExecuted notifications.
Command Syntax
device-name(config)#snmp-server authentication-failure-trap
device-name(config)#no snmp-server authentication-failure-trap
Argument Description
no Disables the sending of authenticationFailure notifications.
Page 36
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
NOTE
First define the Notification Target Parameter (target-param) and Target Address
(target-addr) and then the Target Profile. Otherwise, you receive an error message.
NOTE
Before you use this command, read RFC 3413 section 6.
When you create target profiles, include snmpTrapOID.0 in the profile.
Command Syntax
device-name(config)#snmp-server target-profile PROFILE-NAME OBJECT-ID
{included | excluded} [MASK]
device-name(config)#no snmp-server target-profile PROFILE-NAME OBJECT-ID
{included | excluded}
Argument Description
PROFILE-NAME Specifies the name of the profile.
OBJECT-ID Specifies the starting point inside the MIB tree given in dot-notation or as
an object name.
included Specifies the Object ID is included in the profile.
excluded Specifies the Object ID is excluded from the profile.
MASK (Optional) specifies the bit-mask that defines Object ID wildcard
characters.
no Removes the notification target profile.
Command Syntax
device-name(config)#snmp-server inform retry <number>
device-name(config)#no snmp-server inform retry
Page 37
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
Argument Description
number Specifies the number of retries for resending Inform PDUs. The valid range is
<1–2147483647>.
no Configures the number of retries to its default value.
Example 1
Set the number of inform PDU retries to 5:
device-name(config)#snmp-server inform retry 5
Example 2
Disable snmp-server inform retry option and set the number of retries to 3 (default value):
device-name(config)#no snmp-server inform retry
Command Syntax
device-name(config)#snmp-server inform timeout <time>
device-name(config)#no snmp-server inform timeout
Argument Description
time Specifies the time, in seconds, to wait for an acknowledgement before resending an
unacknowledged Inform PDU. The valid range is <1–2147483647>.
no Configures the timeout to its default value.
Example
Set the inform PDU time to 10 seconds:
device-name(config)#snmp-server inform timeout 10
Page 38
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#snmp-server contact .LINE-TEXT
device-name(config)#no snmp-server contact
Argument Description
.LINE-TEXT Descriptive system contact string, up to 80 characters long.
Use the system contact string for the textual identification of the contact
person for this managed node, together with information on how to contact
this person. If no contact information is known, the value is a zero-length
string.
no Removes the SNMP system contact string.
Example
device-name(config)#snmp-server contact tom@comp.com
Command Syntax
device-name(config)#snmp-server system-name .LINE-TEXT
device-name(config)#no snmp-server system-name
Argument Description
.LINE-TEXT Descriptive system name string, up to 80 characters long.
The system name is an administratively-assigned name for this managed
node. If the name is unknown, the value is a zero-length string. If the name
is unknown, the value is a zero-length string.
no Removes the SNMP system name.
Example
device-name(config)#snmp-server system-name T-Marc
Page 39
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#snmp-server location .LINE-TEXT
device-name(config)#no snmp-server location
Argument Description
.LINE-TEXT Descriptive system location string, up to 80 characters long.
Use the system location string for describing the physical location of this
node (e.g., telephone closet, 3rd floor). If the location is unknown, the value
is a zero-length string.
no Removes the SNMP system location string.
Example
device-name(config)#snmp-server location ROOM 256
Command Syntax
device-name#show snmp-server
Example
device-name#show snmp-server
snmp-server enable
authentication-failure trap disable
Inform retries 10
Inform timeout 2 secs
Page 40
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
Command Syntax
device-name#show snmp-server engineID
Example
device-name#show snmp-server engineID
Local snmpEngineID: 000002DB0300A01211259A0000
snmpEngineBoots: 3, snmpEngineTime: 2394
Command Syntax
device-name#show snmp-server group
Example
device-name#show snmp-server group
group name: GR1 security model: v3 auth
read view: READ write view: WRITE
notify view: NOTIFY row status: active
Page 41
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
Command Syntax
device-name#show snmp-server users
Example
device-name#show snmp-server users
User name: MAG
Engine ID:1234567890
Group: GR1 model:v3 Auth
Command Syntax
device-name#show snmp-server view [VIEWNAME]
Argument Description
VIEWNAME (Optional) specifies the name of the view. The view name is limited to 32
characters.
If you specify the view name, only data for the views with the specified name is
displayed on the screen. If you do not specify the view name, all views are
displayed on the screen.
Page 42
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
Example
Display a view family in symbolic format, the view family has the following long OID:
1.3.6.1.2.1.4.24.4.1.192.168.0.0.255.255.0.0.0.192.168.4.1
If you load the file batm_oid_table in the flash file system, the OIDs are displayed with symbolic
names.
The row status can be Active (the row is operable) or notInService (the row is administratively
disabled).
The storage type can be Volatile (the data is in volatile memory, and after reboot it is lost) or Non
Volatile (the data is in non volatile memory—it can restore after reboot).
Command Syntax
device-name#show snmp-server target-param
Example
device-name#show snmp-server target-param
Target Parameter: param1
Security Name : GHJ
Security Model: v3
Security Level: auth
Profile name : PROFILE
Page 43
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
Command Syntax
device-name#show snmp-server target-profiles
Example
device-name#show snmp-server target-profiles
Profile name: profile
OID: 1.3.6 included
Command Syntax
device-name#show snmp-server notify
Example
device-name#show snmp-server notify
Notify Name: fanStatusChangelinkDown
Notify type: inform
Tag: tag1
Page 44
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
Command Syntax
device-name#show snmp-server log-notify {first NUMBER | last NUMBER}
Argument Description
first NUMBER Specifies the number of first records to be displayed, in the valid range of <1-
65535> records.
last NUMBER Specifies the number of last records to be displayed, in the valid range of <1-
65535> records.
Example 1
If only the snmp-server log-notify command is present in the SNMP running configuration,
the device displays the following output:
device-name#show snmp-server log-notify
2009/01/01 00:04:11 linkDown notification sent: interface 1/1/1
Example 2
device-name#show snmp-server log-notify last 78
% No records stored in notification log.
Command Syntax
device-name#show snmp-server target-addr
Page 45
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
Example
device-name#show snmp-server target-addr
Target Address: YOU
IP address: 192.168.0.39
UDP port: 162
Target Parameter: param
Tag list: tag1
Command Syntax
device-name#show snmp-server informs
Example
device-name#show snmp-server informs
Inform ID 5 about to be sent to 10.0.0.1
Retries left: 9, elapsed: 0, timeout: 2
Status: SENDING_PROBE
Page 46
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
Command Syntax
device-name#show snmp-server access-list [USER]
Argument Description
USER (Optional) specifies the user name. If specified, only the access list of this user is
displayed on the screen. If not specified, all the access lists of this user are displayed
on the screen.
Example 1
device-name#show snmp-server access-list
User name : restricted_user
Access list: aclRestrict
Example 2
Display the SNMP server users and their assigned access-lists:
device-name#show snmp-server access-list
User name: IVAN
Access List: MyLyst
device-name#show access-lists
Standard routing-protocol access-list MyLyst
permit 220.132.0.0/16
Page 47
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
Configuration Examples
Using SNMPv1
In this example two SNMP users are added to the device. Both users use SNMPv1. The first user
uses the public community with read-only permission and the second uses the private community
with read-write access. The SNMPv1 community is parsed by the SNMP Agent as the user name.
1. Enable SNMP:
device-name#configure terminal
device-name(config)#snmp-server enable
2. Create a view that includes the entire MIB tree from root:
device-name(config)#snmp-server view viewAll 1.3 included
6. Create user name private that uses the group with read-write access:
device-name(config)#snmp-server user private group groupAllReadWrite v1
2. Create a view that includes the entire MIB tree from root:
device-name(config)#snmp-server view viewAll 1.3 included
Page 48
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
6. Create the target address TargetAddress1 for IP address 20.0.0.5, port 162 that uses the
target parameter MyParam and sends all the packets to tag1:
device-name(config)#snmp-server target-addr TargetAddress1 20.0.0.5 162
MyParam tag1
The following commands change the device configuration to send the same notification in
SNMPv3 format without authentication and privacy to the same target, as well as SNMPv1
notifications.
1. Create a user named trap_v3 with group gall for SNMPv3:
device-name(config)#snmp-server user trap_v3 group gall v3
2. Add a target parameter named MyParam1 that uses the user trap_v3:
device-name(config)#snmp-server target-param MyParam1 trap_v3 v3 noauth
3. Create the target address TargetAddress_v3 for IP address 20.0.0.5, port 162 that uses the
target parameter MyParam1 and sends all the packets to tag1:
device-name(config)#snmp-server target-addr TargetAddress_v3 20.0.0.5 162
MyParam1 tag1
Group Definition
The following example shows how to create a group with name public_grp.1.
1. Enable the SNMP server:
device-name#configure terminal
device-name(config)#snmp-server enable
2. Create SNMP view, starting from the 1.3.6 Object ID in the MIB tree:
device-name(config)#snmp-server view MyView 1.3.6 included
3. Create group public_grp with SNMP v1 security level and define the access rights for the
group:
device-name(config)#snmp-server group public_grp v1 read MyView write
MyView notify none
Page 49
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
4. Define group public_grp with SNMP v2 security level and define the access rights for the
group:
device-name(config)#snmp-server group public_grp v2 read MyView write
MyView notify none
5. Define group public_grp with SNMP v3 authenticated and encrypted model and define the
access rights of the group:
device-name(config)#snmp-server group public_grp v3 priv read MyView
write MyView notify none
6. Display the created groups and access rights that are assigned above:
device-name#show snmp-server group
group name: public_grp security model:v1
read view: MyView write view: MyView
notify view: none row status: active
2. Create a user with name public and connect it to the group public_grp for the user security
model v1:
device-name(config)#snmp-server user public group public_grp v1
3. Connect the user public to the group public_grp for the security model v2 :
device-name(config)#snmp-server user public group public_grp v2
4. Connect the user public to the group public_grp for the security model v3. The restrictions
of the v3_read and v3_write views are applied on the SNMPv3 PDUs received with the user
name public for security level AuthPriv. The PDU has to conform to the DES and MD5
security checks.
device-name(config)#snmp-server user public group public_grp v3 priv
pass1 auth md5 pass2
Page 50
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
Using SNMPv3
1. Enable the SNMP server:
device-name#configure terminal
device-name(config)#snmp-server enable
3. Create SNMP view, starting from the 1.3.6 Object ID in the MIB tree:
device-name(config)#snmp-server view MyView 1.3.6 included
4. Configure a group with name GR1 with security model v3. Specify this group to use
authentication, read view name READ, write view for the group WRITE and notify view with
name NOTIFY for this group GR1:
device-name(config)#snmp-server group GR1 v3 auth read READ write WRITE
notify NOTIFY
5. Configure a user MAG and assign this user to group GR1 with security model v3. Specify the
packet authentication SHA authentication and the authentication password MAG:
device-name(config)#snmp-server user MAG group GR1 v3 auth sha MAG
7. Specify the notification target address 192.168.0.39. Assign a UDP port, parameter name
and tag list to the target address:
device-name(config)#snmp-server target-addr YOU 192.168.0.39 162 param1
tag1
Page 51
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
2. Define the notification with name risingAlarm, tag tagRmonInform, and create the
notification as an inform:
device-name(config)#snmp-server notify risingAlarm tagRmonInform inform
3. Define the notification with name fallingAlarm and tag tagRmonTrap. Since the parameter
inform is omitted, this notification is created as a trap:
device-name(config)#snmp-server notify fallingAlarm tagRmonTrap
4. Define a notification target address with name informPC and IP address 192.168.0.30.
Specify the default UDP port (162), the parameter name parInform, and a tag
tagRmonInform.
device-name(config)#snmp-server target-addr informPC 192.168.0.30 162
parInform tagRmonInform
5. Define a notification target address with name trapPC and IP address 192.168.0.30. Specify
the default UDP port (162), the parameter name parTrap, and a tag tagRmonTrap.
device-name(config)#snmp-server target-addr trapPC 192.168.0.30 162
parTrap tagRmonTrap
6. Define a notification target parameter with name parInform and security name usrRemote,
security model v3 and Authentication of the PDUs based on HMAC-MD5 or HMAC-SHA:
device-name(config)#snmp-server target-param parInform usrRemote v3 auth
7. Define a notification target parameter with name parTrap and security name usrLocal,
security model v3 and Authentication of the PDUs based on HMAC-MD5 or HMAC-SHA:
device-name(config)#snmp-server target-param parTrap usrLocal v3 auth
8. Create a user with name usrRemote and assign this user to group grpRemote. Specify the
SNMP v3, authentication level auth with HMAC-SHA authentication, and authentication
password string. Create a remote user with engine ID 123456789abcd.:
device-name(config)#snmp-server user usrRemote group grpRemote v3 auth sha
auth_password remote 123456789abcd
Page 52
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
9. Create a user with name usrLocal and assign this user to group grpLocal. Specify the SNMP
v3, authentication level auth with HMAC-MD5 authentication, and authentication password
string:
device-name(config)#snmp-server user usrLocal group grpLocal v3 auth md5
another_password
10. Configure a group with name grpLocal, SNMP v 3, authentication level auth. Specify the
read view all, the write view all and the notify view all:
device-name(config)#snmp-server group grpLocal v3 auth read all write all
notify all
11. Configure a group with name grpRemote, SNMP v 3, authentication level auth. Specify the
read view all, the write view all and the notify view all:
device-name(config)#snmp-server group grpRemote v3 auth read all write all
notify all
12. Create a view with name all. Specify the OID-TREE ID in the view:
device-name(config)#snmp-server view all 1.3.6 included
2. Define the following notification events: linkUp (tag NotifyTag1), linkDown (tag
NotifyTag2), coldStart and warmStart (tag NotifyTag3):
device-name(config)#snmp-server notify linkUp NotifyTag1
device-name(config)#snmp-server notify linkDown NotifyTag2
device-name(config)#snmp-server notify coldStart NotifyTag3
device-name(config)#snmp-server notify warmStart NotifyTag3
3. Configure the notification log so that only the notifications included in NotifyTag1 and
NotifyTag2 notify tags are logged:
device-name(config)#snmp-server log-notify NotifyTag1
device-name(config)#snmp-server log-notify NotifyTag2
device-name(config)#exit
5. After a linkDown event occurs on port 1/1/1, the notification log is displayed as follows:
device-name#show snmp-server log-notify
2009/01/01 00:04:11 linkDown notification sent: interface 1/1/1
Page 53
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
6. Reload the device with option save. Display the notification log. The warmStart notification
is not logged, because its tag NotifyTag3 was not defined earlier:
device-name#reload save
…
device-name#show snmp-server log-notify
2009/01/01 00:04:11 linkDown notification sent: interface 1/1/1
7. After a linkUp event occurs on port 1/1/1, the notification log is displayed as follows:
device-name#show snmp-server log-notify
2009/01/01 00:02:26 linkUp notification sent: interface 1/1/1
2009/01/01 00:04:11 linkDown notification sent: interface 1/1/1
8. Prevent the notifications grouped in tag NotifyTag2 (linkDown in this particular case) from
further inclusion in the notification log:
device-name(config)#no snmp-server log-notify NotifyTag2
device-name(config)#exit
9. After linkDown and linkUp events occur on port 1/1/1, the notification log is displayed as
follows:
device-name#show snmp-server log-notify
2009/01/01 00:05:30 linkUp notification sent: interface 1/1/1
2009/01/01 00:02:26 linkUp notification sent: interface 1/1/1
2009/01/01 00:04:11 linkDown notification sent: interface 1/1/1
11. Reload the device with save option and display the notification log:
device-name#reload save
…
Page 54
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
Supported Platforms
Feature T-Marc 340 T-Marc 380
Page 55
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
T-Marc 300 Series User Guide
Page 56
Configuring Simple Network Management Protocol (SNMP) (Rev. 08)
SNMP Reference Guide
Table of Contents
Features Included in this Chapter ································································ 4
Configuring Fast Ethernet and Giga Ethernet Port via SNMP ····························· 6
MIB Architecture: PRVT-SWITCH-MIB ······················································ 6
Fast Ethernet and Giga Ethernet Port Configuration Examples····························· 9
Configuration via CLI······································································· 9
Configuration via SNMP ··································································10
Page 1
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
PRVT-SERV-MIB ·········································································21
PRVT-L2TUNNELING-MIB····························································24
Notifications ·····················································································27
TLS Configuration Examples ··································································29
Configuration via CLI······································································29
Configuration via SNMP ··································································29
TLS Tunneling Configuration Example ·······················································30
Configuration via CLI······································································30
Configuration via SNMP ··································································30
Page 2
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Configuring 802.3ah Ethernet in the First Mile (EFM) via SNMP ························56
MIB Architecture ················································································56
PRVT-SWITCH-EFM-OAM-MIB·······················································56
DOT3-OAM-MIB ·········································································57
Notifications ·····················································································59
EFM-OAM via SNMP Configuration Example ··············································60
Page 3
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Page 4
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Page 5
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
NOTE
For the configuration via SNMP, only the configL2IfaceTable is used.
Page 6
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Page 7
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Page 8
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
6. Configure broadcast-limit:
device-name(config-if 1/1/1)#storm-control broadcast 10M
7. Configure multicast-limit:
device-name(config-if 1/1/1)#storm-control multicast 20M
8. Configure unknown-limit:
device-name(config-if 1/1/1)#storm-control unknown 30M
Page 9
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
6. Configure broadcast-limit:
***** SNMP SET-RESPONSE START *****
snmpset configL2IfaceBroadcastRateLimit.1.1.1 integer 100
***** SNMP SET-RESPONSE END *******
7. Configure multicast-limit:
***** SNMP SET-RESPONSE START *****
snmpset configL2IfaceMulticastRateLimit.1.1.1 integer 200
***** SNMP SET-RESPONSE END *******
8. Configure unknown-limit:
***** SNMP SET-RESPONSE START *****
snmpset configL2IfaceUnknownRateLimit.1.1.1 integer 300
***** SNMP SET-RESPONSE END *******
Page 10
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
NOTE
For the configuration via SNMP, only the portsAggregationConfigTable is used.
Page 11
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Notifications
The PRVT-PORTS-AGGREGATION-MIB contains the following notifications:
• lagMemberLinkUp—is generated when the LAG link becomes up. It has two indexes. The
first ifIndex indicates the ID of the trunk interface. The second one shows the port member
with link status change.
OID: 1.3.6.1.4.1.738.1.5.106.3.1
• lagMemberLinkDown—is generated when the LAG link becomes down. It has two
indexes. The first ifIndex indicates the ID of the trunk interface. The second one shows the
port member with link status change.
OID: 1.3.6.1.4.1.738.1.5.106.3.2
• lagMemberAdd—is generated when a new port is added to a LAG link. It has two indexes.
The first ifIndex indicates the ID of the trunk interface. The second one shows the added port
member.
OID: 1.3.6.1.4.1.738.1.5.106.3.3
• lagMemberRemove—is generated when a port is removed from a LAG link. It has two
indexes. The first ifIndex indicates the ID of the trunk interface. The second one shows the
removed port member.
OID: 1.3.6.1.4.1.738.1.5.106.3.4
For more information regarding traps definition, refer to the Configuring Simple Network Management
Protocol (SNMP) chapter of this User Guide.
Page 12
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Page 13
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Page 14
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Page 15
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Notifications
The PRVT-RESILIENT-LINK-MIB contains the resilientLinkStatusChange notification. It
indicates that the resilient link status was changed; it is identified by the resilientLinkIndex (OID:
1.3.6.1.4.1.738.1.5.102.0.1).
For more information regarding traps definition, refer to the Configuring Simple Network Management
Protocol (SNMP) chapter of this User Guide.
Page 16
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
dot1qBase
Page 17
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Page 18
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Page 19
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Page 20
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
MIB Architecture
To configure TLS via SNMP, use the following MIBs:
• PRVT-SERV-MIB
• PRVT-L2TUNNELING-MIB
PRVT-SERV-MIB
The PRVT-SERV-MIB has 4 basic modules:
• prvtTMSvcObjs: This module contains objects which allow configuration the individual
service instances
• prvtTMSapObjs: This module contains information about the Service Access Ports (SAPs)
• prvtTMSdpObjs: The objects for configuring Service Distribution Paths (SDPs)
• prvtTMCustObjs (Currently not supported)
This MIB contains the following tables and objects:
Object Entry Field Name Description
Page 21
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Page 22
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
sdpId This is the SdpId, index of the table along with the
svcId.
sdpRowStatus This object is used to create new SDPs.
sdpOperFlags This object specifies all the conditions that affect the
operating status of this SDP. If the SDP is up, the
value of this object is ignored.
This field is not supported.
sdpLastStatusChange This field is not supported.
Page 23
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
PRVT-L2TUNNELING-MIB
In BiNOS version 10.1.Rx and above, the configuration of TLS tunneling via SNMP support has
been added.
PRVT-L2TUNNELING-MIB provides configuration abilities and statistical information about L2
protocols tunneling via SNMP.
This MIB contains the following tables and objects:
Object Entry Field Name Description
Page 24
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Page 25
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Page 26
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Notifications
The PRVT-SERVICES-MIB contains the following notifications:
• svcCreated—is sent when a new row is created in the svcBaseInfoTable.
OID: 1.3.6.1.4.1.738.1.7.2.2.2.0.1
The object included in the svcCreated notification is svcName.
• svcDeleted—is sent when an existing row is deleted from the svcBaseInfoTable.
OID: 1.3.6.1.4.1.738.1.7.2.2.2.0.2
The object included in the svcDeleted notification is svcName.
• svcStatusChanged—is generated when there is a change in the administrative or operating
status of a service.
OID: 1.3.6.1.4.1.738.1.7.2.2.2.0.3
The objects included in the svcStatusChanged notification are:
svcName
svcVCId
svcAdminStatus
svcOperStatus
• sapCreated—is sent when a new row is created in the sapBaseInfoTable.
OID: 1.3.6.1.4.1.738.1.7.2.2.3.0.1
The objects included in the sapCreated notification are:
sapName
sapPortId
sapEncapValue
• sapDeleted—is sent when an existing row is deleted from the sapBaseInfoTable.
OID: 1.3.6.1.4.1.738.1.7.2.2.3.0.2
The objects included in the sapDeleted notification are:
sapName
sapPortId
sapEncapValue
• sapStatusChanged—is generated when there is a change in the administrative or operating
status of an SAP.
OID: 1.3.6.1.4.1.738.1.7.2.2.3.0.3
The objects included in the sapStatusChanged notification are:
sapName
sapPortId
sapEncapValue
sapAdminStatus
sapOperStatus
Page 27
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Page 28
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Page 29
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Page 30
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
6. Specify an action for a profile per a protocol (profil LACP to tunnel STP BPDUs):
***** SNMP SET-RESPONSE START *****
1: prvtL2TunnAction.4.108.97.99.112.3.115.116.112 (integer) tunnel(1)
***** SNMP SET-RESPONSE END *****
Page 31
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
MIB Architecture
To configure STP via SNMP, use the following MIBs:
• BRIDGE-MIB
• RSTP-MIB
• PRVT-SWITCH-MIB
BRIDGE-MIB
The BRIDGE-MIB provides information about the STP module management. This MIB defines
objects for managing MAC bridges based on the IEEE 802.1D-1990 standard between Local Area
Network (LAN) segments.
Standard supported: IEEE 802.1D-1990.
The RFC supported: RFC 1493. This RFC specifies an IAB standards track protocol for the
Internet community, and requests discussion and suggestions for improvements.
This MIB contains the following tables and objects:
Object Entry Field Name Description
dot1dBase
dot1dBaseBridgeAddress This object is the MAC address used by this bridge. This is
the numerically smallest MAC address of all ports that
belong to this bridge. However, it is required to be unique.
When concatenated with dot1dStpPriority a unique bridge
Identifier is formed and is used in the STP.
dot1dBaseNumPorts This object specifies the number of ports controlled by this
bridging entity.
dot1dBaseType This object indicates what type of bridging this bridge can
perform. If a bridge is actually performing a certain type of
bridging, this is indicated by entries in the port table for the
given type.
dot1dBasePortTable This table contains generic information about every port that
is associated with this bridge.
Transparent, source-route, and SRT ports are included.
Page 32
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
dot1dStp
dot1dStpRootPort This object represents the port number of the port that offers
the lowest cost path from this bridge to the root bridge.
Page 33
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
dot1dStpBridgeMaxAge This object represents the value that all bridges use for
MaxAge, when this bridge is acting as the root.
802.1D-1990 specifies that the range for this parameter is
related to the value of dot1dStpBridgeHelloTime.
The granularity of this timer is specified by 802.1D-1990 to
be 1 second. An agent may return a badValue error if a set
is attempted to a value which is not a whole number of
seconds.
dot1dStpBridgeHelloTime This object represents the value that all bridges use for
hello-time, when this bridge is acting as the root. The
granularity of this timer is specified by 802.1D-1990 to be 1
second. An agent may return a badValue error if a set is
attempted to a value which is not a whole number of
seconds
dot1dStpBridgeForward This object represents the value all bridges use for forward-
Delay delay, when this bridge is acting as the root.
802.1D-1990 specifies that the range for this parameter is
related to the value of dot1dStpBridgeMaxAge.
The granularity of this timer is specified by 802.1D-1990 to
be 1 second. An agent may return a badValue error if a set
is attempted to a value which is not a whole number of
seconds.
dot1dStpPortTable This is a table that contains port-specific information for the
STP.
dot1dTp
Page 34
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
dot1dStatic
RSTP-MIB
This MIB is an extension of Bridge MIB used for managing devices that support the Rapid
Spanning Tree Protocol defined by IEEE 802.1w.
This MIB contains the following tables and objects:
Object Entry Field Name Description
Page 35
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Page 36
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
PRVT-SWITCH-MIB
The Switch MIB (1.3.6.1.4.1.738.1.5.100) is a private MIB used for managing Telco Systems internal
device parameters.
The RFC supported: RFC 2863 The Interfaces Group MIB (configL2IfaceTable and interface
table)..
NOTE
For the configuration via SNMP, only the configL2SpanOnOff object is used.
This object is used to enable or disable MSTP.
configL2SpanOnOff (1.3.6.1.4.1.738.1.5.100.2.2.1)
This object enables/disables Spanning Tree protocols. When Spanning Tree is disabled, the device's
ports are placed in forwarding mode, regardless of the current Spanning Tree state. When enabled
again, the normal state transitions take place.
To enable STP, select enableSTP(1) value from the following list:
1. enableSTP(1)
2. disable(2)
3. enableRSTP(3)
4. enablePVST(4)
5. enableMST(5)
Notifications
The BRIDGE-MIB contains the following notifications:
• newRoot—indicates that a new root is elected by the Spanning Tree algorithm.
OID: 1.3.6.1.2.1.17.1
• topologyChange—indicates that the topology change is detected by the Spanning Tree
algorithm.
OID: 1.3.6.1.2.1.17.2
Page 37
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
NOTE
To configure the path cost, set dot1dStpPortPathCost object as follows:
• for port 1/1/1, select value 1
• for port 1/1/2, select value 2
• for ports 1/2/1–1/2/8, select values from 3 to 10
Configuring Device A:
1. Enable STP:
***** SNMP SET-RESPONSE START *****
1: configL2SpanOnOff.0 (integer) enableSTP(1)
***** SNMP SET-RESPONSE END *****
2. Configure the STP bridge priority to 4096, to make device A the bridge root.
***** SNMP SET-RESPONSE START *****
1: dot1dStpPriority.0 (integer) 4096
***** SNMP SET-RESPONSE END *****
3. Configure the STP MaxAge time to 10. Do this calculation according to the following formula:
Max_age = (4 x hello) + (2 x dia) - 2, when the hello-time is 2 and the diameter is 2:
(The aging time value, from this example, is in milliseconds.)
***** SNMP SET-RESPONSE START *****
1: dot1dStpBridgeMaxAge.0 (integer) 1000
***** SNMP SET-RESPONSE END *****
4. Configure the STP forward-delay timer to 7. Do this calculation according to the following
formula: Forward_delay = ((4 x hello) + (3 x dia)) / 2, when the hello-time is 2 and the diameter
is 2:
(The delay timer value, from this example, is in milliseconds.)
***** SNMP SET-RESPONSE START *****
1: dot1dStpBridgeForwardDelay.0 (integer) 700
***** SNMP SET-RESPONSE END *****
Page 38
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Configuring Device B:
1. Enable STP:
***** SNMP SET-RESPONSE START *****
1: configL2SpanOnOff.0 (integer) enableSTP(1)
***** SNMP SET-RESPONSE END *****
Configuring Device C:
Enable STP:
***** SNMP SET-RESPONSE START *****
1: configL2SpanOnOff.0 (integer) enableSTP(1)
***** SNMP SET-RESPONSE END *****
Configuring Device D:
1. Enable STP:
***** SNMP SET-RESPONSE START *****
1: configL2SpanOnOff.0 (integer) enableSTP(1)
***** SNMP SET-RESPONSE END *****
Configuring Device E:
Enable STP:
***** SNMP SET-RESPONSE START *****
1: configL2SpanOnOff.0 (integer) enableSTP(1)
***** SNMP SET-RESPONSE END *****
Page 39
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
MIB Architecture
To configure RSTP via SNMP, use the following MIBs:
• BRIDGE-MIB
• RSTP-MIB
• PRVT-SWITCH-MIB
BRIDGE-MIB
Refer to the BRIDGE-MIB section.
RSTP-MIB
Refer to the RSTP-MIB section.
PRVT-SWITCH-MIB
Refer to the PRVT-SWITCH-MIB section.
To enable RSTP, select enableRSTP(3) value from the following list:
1. enableSTP(1)
2. disable(2)
3. enableRSTP(3)
4. enablePVST(4)
5. enableMST(5)
Page 40
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
NOTE
To configure the port priority, path cost, and edge ports:
• for port 1/1/1, select value 1
• for port 1/1/2, select value 2
• for ports 1/2/1–1/2/8, select values from 3 to 10
Configuring Device A:
1. Enable RSTP:
***** SNMP SET-RESPONSE START *****
1: configL2SpanOnOff.0 (integer) enableRSTP(3)
***** SNMP SET-RESPONSE END *****
2. Configure the RSTP bridge priority to 4096, to make device A the root bridge:
***** SNMP SET-RESPONSE START *****
1: dot1dStpPriority.0 (integer) 4096
***** SNMP SET-RESPONSE END *****
3. Configure the RSTP MaxAge time to 10. Do this calculation according to the following
formula: Max_age = (4 x hello) + (2 x dia) - 2, where the hello-time is 2 and the diameter is 2:
(The aging time value, from this example, is in milliseconds.)
***** SNMP SET-RESPONSE START *****
1: dot1dStpBridgeMaxAge.0 (integer) 1000
***** SNMP SET-RESPONSE END *****
4. Configure the RSTP forwarding delay timer to 7. Do this calculation according to the
following formula: Forward_delay = ((4 x hello) + (3 x dia)) / 2, where the hello-time is 2 and the
diameter is 2:
(The delay time value, from this example, is in milliseconds.)
***** SNMP SET-RESPONSE START *****
1: dot1dStpBridgeForwardDelay.0 (integer) 700
***** SNMP SET-RESPONSE END *****
Configuring Device B:
Enable RSTP:
***** SNMP SET-RESPONSE START *****
1: configL2SpanOnOff.0 (integer) enableRSTP(3)
***** SNMP SET-RESPONSE END *****
Page 41
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Configuring Device C:
1. Enable RSTP:
***** SNMP SET-RESPONSE START *****
1: configL2SpanOnOff.0 (integer) enableRSTP(3)
***** SNMP SET-RESPONSE END *****
Configuring Device D:
1. Enable RSTP:
***** SNMP SET-RESPONSE START *****
1: configL2SpanOnOff.0 (integer) enableRSTP(3)
***** SNMP SET-RESPONSE END *****
3. Configure ports 1/2/3 and 1/2/4 on device D as edge ports, since they are attached to PCs:
***** SNMP SET-RESPONSE START *****
1: dot1dStpPortAdminEdgePort.5 (integer) true(1)
***** SNMP SET-RESPONSE END *****
***** SNMP SET-RESPONSE START *****
1: dot1dStpPortAdminEdgePort.6 (integer) true(1)
***** SNMP SET-RESPONSE END *****
Configuring Device E:
1. Enable RSTP:
***** SNMP SET-RESPONSE START *****
1: configL2SpanOnOff.0 (integer) enableRSTP(3)
***** SNMP SET-RESPONSE END *****
2. Configure ports 1/2/3 and 1/2/4 on device E as edge ports, since they are attached to PCs:
***** SNMP SET-RESPONSE START *****
1: dot1dStpPortAdminEdgePort.5 (integer) true(1)
***** SNMP SET-RESPONSE END *****
***** SNMP SET-RESPONSE START *****
1: dot1dStpPortAdminEdgePort.6 (integer) true(1)
***** SNMP SET-RESPONSE END *****
Page 42
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
MIB Architecture
To configure MSTP via SNMP, use the following MIBs:
• PRVT-MST-MIB
• PRVT-SWITCH-MIB
PRVT-MST-MIB
This MIB is used for managing 802.1s Multiple Spanning Tree Protocol (MSTP).
MSTP carries the concept of the IEEE 802.1w Rapid Spanning Tree Protocol (RSTP) a leap
forward by allowing you to group and associate VLANs to multiple spanning tree instances
(forwarding paths). Used in a VLAN environment, this added capability affords rapid convergence
as well as load balancing.
Standards supported:
• IEEE 802.1d-1998
• IEEE 802.1t-2001
• IEEE 802.1w-2001
• IEEE 802.1s-2002
This MIB contains the following tables and objects:
Object Entry Field Name Description
mSTRegion
Page 43
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Page 44
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Page 45
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
PRVT-SWITCH-MIB
Refer to PRVT-SWITCH-MIB section.
To enable MSTP, select enableMST(5) value from the following list:
1. enableSTP(1)
2. disable(2)
3. enableRSTP(3)
4. enablePVST(4)
5. enableMST(5)
Notifications
The PRVT-MST-MIB contains the following notifications:
• MSTPNewRoot—indicates that a new root is selected by the Multiple Spanning Tree
algorithm.
OID: 1.3.6.1.4.1.738.1.5.107.0.1
• MSTPTopologyChange—indicates that the topology change is detected by the Multiple
Spanning Tree algorithm.
OID: 1.3.6.1.4.1.738.1.5.107.0.2
For more information regarding traps definition, refer to the Configuring Simple Network Management
Protocol (SNMP) chapter of this User Guide.
Page 46
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Pending Configuration
1. Enter MSTP Protocol Configuration mode and map the VLANs ranging from 1 to 10 to MST
instance 1:
***** SNMP SET-RESPONSE START *****
1: mSTInstanceEditVlansMap.1 (octet string) 1-10
***** SNMP SET-RESPONSE END *****
2. Assign to the MSTP region the name region1 and the revision number 1:
***** SNMP SET-RESPONSE START *****
1: mSTRegionEditName.0 (octet string) region1 [72.65.67.69.6F.6E.31
(hex)]
***** SNMP SET-RESPONSE END *****
***** SNMP SET-RESPONSE START *****
1: mSTRegionEditRevision.0 (integer) 1
***** SNMP SET-RESPONSE END *****
2. Configure the following parameters: hello-time to 5 seconds, MaxAge time to 14 seconds and
max-hop count to 23:
(The values for hello-time and aging time, from this example, are in milliseconds.)
***** SNMP SET-RESPONSE START *****
1: mSTBridgeHelloTime.0 (integer) 500
***** SNMP SET-RESPONSE END *****
***** SNMP SET-RESPONSE START *****
1: mSTBridgeMaxAge.0 (integer) 1400
***** SNMP SET-RESPONSE END *****
***** SNMP SET-RESPONSE START *****
1: mSTMaxHopCount.0 (integer) 23
***** SNMP SET-RESPONSE END *****
Page 47
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
tCongestionAvoidanceProfileObjects
qosServicePolicyObjects
Page 48
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
qosGlobalObjects
qosServiceObjects
Page 49
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Page 50
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Page 51
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Page 52
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Page 53
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Page 54
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
NOTE
Before this configuration, first create the QoS service policy, and then SDP and
SAP for the TLS service (see the TLS Configuration Examples).
Page 55
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
MIB Architecture
To configure EFM-OAM via SNMP, use the following MIBs:
• PRVT-SWITCH-EFM-OAM-MIB
• DOT3-OAM-MIB
PRVT-SWITCH-EFM-OAM-MIB
This private MIB is used for managing the IEEE 802.3ah EFM-OAM module.
This MIB contains the following tables and objects:
Object Entry Field Name Description
Page 56
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
DOT3-OAM-MIB
This public MIB is used for managing the IEEE 802.3ah EFM-OAM module.
This MIB contains the following tables:
Object Entry Field Name Description
dot3OamTable This table contains the primary controls and status for the OAM
capabilities of an Ethernet port. There is one row in this table for
each Ethernet port in the system that supports the OAM functions
defined in 802.3ah standard.
dot3OamPeerTable This table contains information about the OAM peer for a
particular Ethernet port. OAM entities communicate with a single
OAM peer entity on Ethernet links on which OAM is enabled and
operating properly. There is one entry in this table for each entry
in the dot3OamTable for which information on the OAM peer
entity is available.
dot3OamLoopbackTable This table contains controls for the loopback state of the local link
as well as indicates the status of the loopback function. There is
one entry in this table for each entry in dot3OamTable that
supports loopback functionality (where
dot3OamFunctionsSupported includes the loopbackSupport bit
set).
Loopback can be used to place the remote OAM entity in a state
where every received frame (except OAMPDUs) is echoed back
over the same port on which they were received. In this state, at
the remote entity, normal traffic is disabled as only the looped
back frames are transmitted on the port.
Page 57
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
dot3OamStatsTable This table contains statistics for the OAM function on a particular
Ethernet port. There is an entry in the table for every entry in the
dot3OamTable.
The counters in this table are defined as 32-bit entries to match
the counter size as defined in 802.3ah standard. Given that the
OAM protocol is a slow protocol, the counters increment at a slow
rate.
dot3OamEventConfigTable Ethernet OAM includes the ability to generate and receive Event
Notification OAMPDUs to indicate various link problems.
This table contains the mechanisms to enable Event Notifications
and configure the thresholds to generate the standard Ethernet
OAM events. There is one entry in the table for every entry in
dot3OamTable that supports OAM events (where
dot3OamFunctionsSupported includes the eventSupport bit set).
The values in the table are maintained across changes to
dot3OamOperStatus.
The standard threshold crossing events are:
• Errored Symbol Period Event—generated when the number
of symbol errors exceeds a threshold within a given window
defined by a number of symbols (for example, 1,000 symbols
out of 1,000,000 had errors).
• Errored Frame Period Event—generated when the number
of frame errors exceeds a threshold within a given window
defined by a number of frames (for example, 10 frames out
of 1000 had errors).
• Errored Frame Event—generated when the number of frame
errors exceeds a threshold within a given window defined by
a period of time (for example, 10 frames in 1 second had
errors).
• Errored Frame Seconds Summary Event—generated when
the number of errored frame seconds exceeds a threshold
within a given time period (for example, 10 errored frame
seconds within the last 100 seconds). An errored frame
second is defined as a 1 second interval which had more
than 0 frame errors.
There are other events (dying gasp, critical events) that are not
threshold crossing events but which can be enabled/disabled via
this table.
Page 58
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
dot3OamEventLogTable This table records a history of the events that occurred at the
Ethernet OAM level. These events can include locally detected
events, which may result in locally generated OAMPDUs, and
remotely detected events, which are detected by the OAM peer
entity and signaled to the local entity via Ethernet OAM. Ethernet
OAM events can be signaled by Event Notification OAMPDUs or
by the flags field in any OAMPDU.
This table contains both threshold crossing events and non-
threshold crossing events. The parameters for the threshold
window, threshold value, and actual value
(dot3OamEventLogWindowXX, dot3OamEventLogThresholdXX,
dot3OamEventLogValue) are only applicable to threshold
crossing events.
Entries in the table are automatically created when such events
are detected. The size of the table is implementation dependent.
When the table reaches its maximum size, older entries are
automatically deleted to allow newer entries.
Notifications
PRVT-SWITCH-EFM-OAM-MIB contains the following notifications:
• prvtOamLoopBackState: is sent whenever the loopback state changes from remote; when
dot3OamMode is passive or dot3OamAdminState is disabled, the interface cannot be on
remoteLoopback state and this trap is sent.
OID: 1.3.6.1.4.1.738.1.5.133.0.1
• prvtOamDyingGasp: generates a dying-gasp alarm. In order for dying-gasp trap to be
functional, also configure warmStart and coldStart notifications. Dying-gasp is sent only to
one server (last one used).
OID: 1.3.6.1.4.1.738.1.5.133.0.2
DOT3-OAM-MIB contains the following notifications:
• dot3OamThresholdEvent: is sent when a local or remote threshold crossing event is
detected. A local threshold crossing event is detected by the local entity, while a remote
threshold crossing event is detected by the reception of an Ethernet OAM Event Notification
OAMPDU that indicates a threshold event. This notification should not be sent more than
once per second. The OAM entity can be derived from extracting the ifIndex from the
variable bindings. The objects in the notification correspond to the values in a row instance in
the dot3OamEventLogTable. The management entity should periodically check
dot3OamEventLogTable to detect any missed events.
OID: 1.3.6.1.2.1.158.0.1
• dot3OamNonThresholdEvent: is sent when a local or remote non-threshold crossing event
is detected. This notification should not be sent more than once per second. For more
information, refer to the dot3OamNonThresholdEvent notification above.
OID: 1.3.6.1.2.1.158.0.2
For more information regarding traps definition, refer to the Configuring Simple Network Management
Protocol (SNMP) chapter of this User Guide.
Page 59
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Configuring Device 1:
1. Enable EFM-OAM if necessary:
***** SNMP SET-RESPONSE START *****
1: prvtEfmOamEnable.0 (integer) true(1)
***** SNMP SET-RESPONSE END *****
5. Define the expected time interval between two consecutive OAMPDUs received from the
peer (the keep-alive interval value, from the example, is in milliseconds):
***** SNMP SET-RESPONSE START *****
1: prvtEfmOamKeepAlive.0 (gauge) 3000
***** SNMP SET-RESPONSE END *****
***** SNMP SET-RESPONSE START *****
1: prvtEfmOamHelloInterval.0 (gauge) 200
***** SNMP SET-RESPONSE END *****
6. Enable EFM-OAM on the specified port and define its mode to Active:
***** SNMP SET-RESPONSE START *****
1: dot3OamMode.1101 (integer) active(2)
***** SNMP SET-RESPONSE END *****
Page 60
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
1: dot3OamErrSymPeriodWindowLo.1101 (gauge) 20
***** SNMP SET-RESPONSE END *****
***** SNMP SET-RESPONSE START *****
1: dot3OamErrSymPeriodThresholdLo.1101 (gauge) 100
***** SNMP SET-RESPONSE END *****
Configuring Device 2:
1. Enable EFM-OAM if necessary:
***** SNMP SET-RESPONSE START *****
1: prvtEfmOamEnable.0 (integer) true(1)
***** SNMP SET-RESPONSE END *****
5. Define the expected time interval between two consecutive OAMPDUs received from the
peer (the keep-alive interval value, from the example, is in milliseconds):
***** SNMP SET-RESPONSE START *****
1: prvtEfmOamKeepAlive.0 (gauge) 3000
***** SNMP SET-RESPONSE END *****
***** SNMP SET-RESPONSE START *****
1: prvtEfmOamHelloInterval.0 (gauge) 200
***** SNMP SET-RESPONSE END *****
6. Enable EFM-OAM on the specified interface and define its mode to Active:
***** SNMP SET-RESPONSE START *****
1: dot3OamMode.1102 (integer) active(2)
***** SNMP SET-RESPONSE END *****
Page 61
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Architecture
To configure CFM via SNMP, use the following MIBs:
• IEEE8021-CFM-MIB
• PRVT-CFM-MIB
IEEE8021-CFM-MIB
This public MIB is used for managing the IEEE 802.1ag CFM module.
This MIB contains the following tables and objects:
Object Entry Field Name Description
dot1agCfmStack
dot1agCfmStackTable There is one CFM Stack table per bridge. Use this
table to retrieve information about the Maintenance
Points configured on any given interface.
dot1agCfmDefaultMd
Page 62
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
dot1agCfmMd
Page 63
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
dot1agCfmMa
Page 64
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
PRVT-CFM-MIB
This private MIB also uses the dot1agCfmMd, dot1agCfmMa and dot1agCfmMep modules from
IEEE8021-CFM-MIB and is an extension to the CFM for managing IEEE 802.1ag.
This MIB contains the following tables and objects:
Object Entry Field Name Description
prvtCfmProfile
Page 65
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Notifications
IEEE8021-CFM-MIB contains the following dot1agCfmFaultAlarm notification. If a MEP has a
persistent defect condition, this notification (fault alarm) is sent to the management entity with the
OID of the MEP that detected the fault (OID: 1.3.111.2.802.1.1.8.0.1).
PRVT-CFM-MIB contains the following notifications:
• prvtCfm1wJitterThreshold—is sent when CFM one way jitter threshold crossed.
OID: 1.3.6.1.4.1.738.1.5.131.0.1
• prvtCfmJitterThreshold—is sent when CFM two way jitter threshold crossed.
OID: 1.3.6.1.4.1.738.1.5.131.0.2
• prvtCfmFrameLossThreshold—is sent when CFM frame loss threshold crossed.
OID: 1.3.6.1.4.1.738.1.5.131.0.3
• prvtCfmLatencyThreshold—is sent when CFM latency threshold crossed.
OID: 1.3.6.1.4.1.738.1.5.131.0.4
For more information regarding traps definition, refer to the Configuring Simple Network Management
Protocol (SNMP) chapter of this User Guide.
Page 66
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
4. Define the identification data sent to the remote MEPs creation policy in the
dot1agCfmMaCompTable:
dot1agCfmMaCompIdPermission: defines the numeric value indicating the contents of
the Sender ID TLV transmitted by MPs configured in this MA.
dot1agCfmMaCompMhfCreation: defines whether the management entity can create
MHFs (MIP Half Function) for this MA.
dot1agCfmMaCompRowStatus: you have to deactivate the row to be able to change the
writable columns. To activate the row, make sure that all columns have a valid value.
5. Add a port as MEP to the MA in the dot1agCfmMepTable:
dot1agCfmMepRowStatus: you have to deactivate the row to be able to change the
writable columns. To activate the row, make sure that all columns have a valid value.
dot1agCfmMepIfIndex: this object is the interface index of the interface of either a bridge
port or an aggregated IEEE 802.1 link within a bridge port, to which the MEP is
attached. Upon reboot, the system (if necessary) changes the value of this variable. It
indexes the entry in the interface table with the same value of ifAlias that it indexed before
the system reboot. If no such entry exists, the system sets this variable to 0.
dot1agCfmMepDirection: defines the direction the MEP faces on the Bridge port.
dot1agCfmMepActive: defines the MEP's administrative state (a Boolean):
♦ true indicates that the MEP functions normally
♦ false indicates that the MEP ceased functioning
6. Create a profile in the prvtCfmProfileTable:
prvtCfmProfileRowStatus: defines the row's status. You have to deactivate the row to be
able to change the writable columns. To activate the row, make sure that all columns have
a valid value.
prvtCfmProfileName: defines the profile name.
prvtCfmProfileRate: defines the number of request packets to send each time.
7. Create a process in the prvtCfmProcessTable:
prvtCfmProcessRowStatus: defines row's status. You have to deactivate the row to be
able to change the writable columns. To activate the row, make sure that all columns have
a valid value.
prvtCfmProcessName: defines a unique process name per domain/MA.
prvtCfmProcessProfileIndex: define the monitoring profile index used.
prvtCfmProcessStatus: enables/disables the two-way monitoring process for MEPs in the
MA.
prvtCfmProcessRepeatInterval: defines the repeating frequency of the monitoring
process.
Page 67
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
8. To send a loopback message to a specified MEP in a specified domain, define the below
objects in dot1agCfmMepTable:
dot1agCfmMepTransmitLbmDestMepId: defines the MEP ID for sending LBMs within
the same domain.
This address is used if the dot1agCfmMepTransmitLbmDestIsMepId column's value is
true.
dot1agCfmMepTransmitLbmDestIsMepId: selects the loopback transmission target:
♦ True to use a MEPID
♦ False to use a unicast destination MAC address
dot1agCfmMepTransmitLbmMessages: defines the number of transmitted loopback
messages.
9. To send a linktrace message to a specified MEP in a specified domain, define the following
objects in dot1agCfmMepTable:
dot1agCfmMepTransmitLtmTargetMepId: defines the target MAC address transmitted.
This address is used if the dot1agCfmMepTransmitLtmTargetIsMepId column's value is
true.
dot1agCfmMepTransmitLtmTargetIsMepId: selects the linktrace transmission target:
♦ True to use a MEPID
♦ False to use a unicast destination MAC address
10. To clear the inactive remote MEPs from the local MEP's connectivity list, define the following
object in prvtCfmMaTable:
prvtCfmMaCompClearConnectivity: define the MEP ID (or 0 for all MEPs).
Configuring Device 1:
1. Create a VLAN where the VLAN name is vl10 and the VLAN ID is 10:
***** SNMP SET-RESPONSE START *****
1: dot1qVlanStaticRowStatus.10 (integer) createAndWait(5)
***** SNMP SET-RESPONSE END *****
***** SNMP SET-RESPONSE START *****
1: dot1qVlanStaticName.10 (octet string) vl10 [76.6C.31.30 (hex)]
***** SNMP SET-RESPONSE END *****
Page 68
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
5. Define the identification data sent to the remote MEPs creation policy on the specified MA:
***** SNMP SET-RESPONSE START *****
1: dot1agCfmMaCompIdPermission.1.1.1 (integer) sendIdChassis(2)
***** SNMP SET-RESPONSE END *****
***** SNMP SET-RESPONSE START *****
1: dot1agCfmMaNetRowStatus.1.1 (integer) active(1)
***** SNMP SET-RESPONSE END *****
***** SNMP SET-RESPONSE START *****
1: dot1agCfmMaCompMhfCreation.1.1.1 (integer) defMHFexplicit(3)
***** SNMP SET-RESPONSE END *****
***** SNMP SET-RESPONSE START *****
1: dot1agCfmMaCompRowStatus.1.1.1 (integer) active(1)
***** SNMP SET-RESPONSE END *****
Page 69
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Page 70
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Configuring Device 2:
1. Create a VLAN where the VLAN name is vl10 and the VLAN ID is 10:
***** SNMP SET-RESPONSE START *****
1: dot1qVlanStaticRowStatus.10 (integer) createAndWait(5)
***** SNMP SET-RESPONSE END *****
***** SNMP SET-RESPONSE START *****
1: dot1qVlanStaticName.10 (octet string) vl10 [76.6C.31.30 (hex)]
***** SNMP SET-RESPONSE END *****
Page 71
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
5. Define the identification data sent to the remote MEPs creation policy on the specified MA:
***** SNMP SET-RESPONSE START *****
1: dot1agCfmMaCompIdPermission.1.1.1 (integer) sendIdChassis(2)
***** SNMP SET-RESPONSE END *****
***** SNMP SET-RESPONSE START *****
1: dot1agCfmMaNetRowStatus.1.1 (integer) active(1)
***** SNMP SET-RESPONSE END *****
***** SNMP SET-RESPONSE START *****
1: dot1agCfmMaCompMhfCreation.1.1.1 (integer) defMHFexplicit(3)
***** SNMP SET-RESPONSE END *****
***** SNMP SET-RESPONSE START *****
1: dot1agCfmMaCompRowStatus.1.1.1 (integer) active(1)
***** SNMP SET-RESPONSE END *****
Page 72
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Page 73
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Configuring Device 1:
1. Create a VLAN where the VLAN name is vl10 and the VLAN ID is 10:
***** SNMP SET-RESPONSE START *****
1: dot1qVlanStaticRowStatus.10 (integer) createAndWait(5)
***** SNMP SET-RESPONSE END *****
***** SNMP SET-RESPONSE START *****
1: dot1qVlanStaticName.10 (octet string) vl10 [76.6C.31.30 (hex)]
***** SNMP SET-RESPONSE END *****
Page 74
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Page 75
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Configuring Device 2:
1. Create a VLAN where the VLAN name is vl10 and the VLAN ID is 10:
***** SNMP SET-RESPONSE START *****
1: dot1qVlanStaticRowStatus.10 (integer) createAndWait(5)
***** SNMP SET-RESPONSE END *****
***** SNMP SET-RESPONSE START *****
1: dot1qVlanStaticName.10 (octet string) vl10 [76.6C.31.30 (hex)]
***** SNMP SET-RESPONSE END *****
Page 76
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Configuring Device 3:
1. Create a VLAN where the VLAN name is vl10 and the VLAN ID is 10:
***** SNMP SET-RESPONSE START *****
1: dot1qVlanStaticRowStatus.10 (integer) createAndWait(5)
***** SNMP SET-RESPONSE END *****
***** SNMP SET-RESPONSE START *****
1: dot1qVlanStaticName.10 (octet string) vl10 [76.6C.31.30 (hex)]
***** SNMP SET-RESPONSE END *****
Page 77
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
6. Clear the remote inactive and unused MEPs using the clear connectivity command:
***** SNMP SET-RESPONSE START *****
1: prvtCfmMaCompClearConnectivity.1.1.1 (gauge) 0
***** SNMP SET-RESPONSE END *****
Page 78
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
prvtEpsServiceTable
Page 79
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Page 80
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Notifications
Following notifications are supported:
• prvtEpsDefectAlarm—is sent when EPS service operational status changed or protocol
defect occurred.
OID: 1.3.6.1.4.1.738.1.5.132.0.1
• prvtEpsSwitchoverAlarm—is sent when EPS service active link changed.
OID: 1.3.6.1.4.1.738.1.5.132.0.2
• prvtEpsLostCommunication—is sent when APS communication failed.
OID: 1.3.6.1.4.1.738.1.5.132.0.3
• prvtEpsRestoredCommunication—is sent when APS communication restored.
OID: 1.3.6.1.4.1.738.1.5.132.0.4
• prvtEpsSignalFailDetected—is sent when three consecutive CCMs are not received.
OID: 1.3.6.1.4.1.738.1.5.132.0.5
• prvtEpsSignalDegradeDetected—is sent when monitored error threshold is crossed.
OID: 1.3.6.1.4.1.738.1.5.132.0.6
For more information regarding traps definition, refer to the Configuring Simple Network Management
Protocol (SNMP) chapter of this User Guide.
Page 81
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Configuring Device 1:
1. Create a TLS service; refer to the TLS Configuration Examples section.
2. Activate the primary status for the specified SDP:
set prvtEpsSvcSdpAdminIsPrimary to true(1)
Configuring Device 2:
1. Create a TLS service; refer to the TLS Configuration Examples section.
2. Activate the primary status for the specified SDP:
set prvtEpsSvcSdpAdminIsPrimary to true(1)
4. Activate the TLS service; refer to the TLS Configuration Examples section.
5. Configure the MD, MA, and MEP ID; refer to the Configuring Two Devices in CFM Protocol
section.
Page 82
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Page 83
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
lldpConfiguration
Page 84
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Page 85
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Page 86
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Notifications
The LLDP-MIB contains the lldpRemTablesChange notification. This notification is sent when
the value of lldpStatsRemTablesLastChangeTime changes. It can be used by an NMS to trigger
LLDP remote systems table maintenance polls (OID: 1.0.8802.1.1.2.0.0.1).
For more information regarding traps definition, refer to the Configuring Simple Network Management
Protocol (SNMP) chapter of this User Guide.
Page 87
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
This example uses the lldpPortConfigAdminStatus object to set the desired status of the LLDP.
You can select one of the values:
• txOnly(1)—the port will only transmit LLDP packets
• rxOnly(2)—the port will only receive LLDP packets
• txAndRx(3)—the port will both transmit and receive LLDP packets
• disabled(4)—the port will neither receive nor transmit LLDP packets
Page 88
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
statistics
Page 89
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
hosts
Page 90
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Notifications
The RMON-MIB contains the following notifications:
• risingAlarm—is generated when a value rises above its pre-programmed threshold.
OID: 1.3.6.1.2.1.16.0.2
• fallingAlarm—is generated when a value falls below its pre-programmed threshold.
OID: 1.3.6.1.2.1.16.0.2
For more information regarding traps definition, refer to the Configuring Simple Network Management
Protocol (SNMP) chapter of this User Guide.
Page 91
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Page 92
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
2. Define RMON alarm conditions. The threshold type is absolute, so the falling event is
insignificant. The index has an arbitrary value of zero. If the threshold type is delta, the index
has the number of the event of the falling value:
***** SNMP SET-RESPONSE START *****
1: alarmStatus.1 (integer) createRequest(2)
***** SNMP SET-RESPONSE END *****
***** SNMP SET-RESPONSE START *****
1: alarmVariable.1 (object identifier) etherStatsOctets.5
***** SNMP SET-RESPONSE END *****
***** SNMP SET-RESPONSE START *****
1: alarmSampleType.1 (integer) absoluteValue(1)
***** SNMP SET-RESPONSE END *****
***** SNMP SET-RESPONSE START *****
1: alarmStartupAlarm.1 (integer) risingAlarm(1)
***** SNMP SET-RESPONSE END *****
***** SNMP SET-RESPONSE START *****
1: alarmRisingThreshold.1 (integer) 20000
***** SNMP SET-RESPONSE END *****
***** SNMP SET-RESPONSE START *****
1: alarmFallingThreshold.1 (integer) 0
***** SNMP SET-RESPONSE END *****
***** SNMP SET-RESPONSE START *****
1: alarmRisingEventIndex.1 (integer) 1
***** SNMP SET-RESPONSE END *****
***** SNMP SET-RESPONSE START *****
1: alarmFallingEventIndex.1 (integer) 0
***** SNMP SET-RESPONSE END *****
***** SNMP SET-RESPONSE START *****
1: alarmOwner.1 (octet string) STN1
***** SNMP SET-RESPONSE END *****
***** SNMP SET-RESPONSE START *****
1: alarmStatus.1 (integer) valid(1)
***** SNMP SET-RESPONSE END *****
Page 93
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Supported Platforms
Feature T-Marc 340 T-Marc 380
Fast Ethernet • IEEE 802.3 Public MIBs: RFC 2863 The Interfaces
and Giga Ethernet • RFC 1213, Group MIB
Ethernet Port via (configL2IfaceTable and
SNMP
• IEEE 802.3u Management
interface table)
Fast Ethernet Information Base for
Network
• IEEE 802.3x
Management of
Flow Control
TCP/IP-based
• IEEE 802.3z internets: MIB-II
Gigabit Ethernet (qwerinterface table
and
onfigL2IfaceTable)
• RMON MIB
Private MIB,
prvt_switch.mib
LAGs via SNMP IEEE 802.3ad Private MIB, No RFCs are supported
prvt_Ports_Aggregation. by this feature.
mib
Resilient Links No standards are Private MIB, No RFCs are supported
via SNMP supported by this prvt_resilient_link.mib by this feature.
feature.
Page 94
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
VLANs via SNMP • IEEE 802.1Q- IEEE 802.1Q No RFCs are supported
1998 by this feature.
• IEEE 802.1Q-
2003
• IEEE 802.1P
• IEEE 802.1u-
2001
TLS via SNMP No standards are Private MIBs: No RFCs are supported
supported by this • prvt_serv.mib by this feature.
feature.
• prvt_L2tunneling.mib
STP via SNMP IEEE 802.1d-1998 Public MIBs: • RFC 1493,
• bridge.mib Definitions of
Managed Objects for
• rstp.mib Bridges
Private MIB, • RFC 2863,
prvt_switch.mib Interfaces Group
MIB
(configL2IfaceTable)
RSTP via SNMP • IEEE 802.1d- Public MIBs: • RFC 1493,
1998 • bridge.mib Definitions of
• IEEE 802.1t- Managed Objects for
• rstp.mib Bridges
2001
• IEEE 802.1w-
Private MIB, • RFC 2863,
prvt_switch.mib Interfaces Group
2001
MIB
(configL2IfaceTable)
MSTP via SNMP • IEEE 802.1d- Private MIBs: RFC 2863, Interfaces
1998 • prvt_mst.mib Group MIB
(configL2IfaceTable)
• IEEE 802.1t-
• prvt_switch.mib
2001
• IEEE 802.1w-
2001
• IEEE 802.1s-
2002
QoS via SNMP • IEEE 802.1p Private MIB, prvt_qos.mib • RFC 2474, Definition
Priority Queuing of the Differentiated
• IEEE 802.1ad— Services Field (DS
Describes port- Field) in the IPv4
based service and IPv6 Headers
• RFC 2475, An
Architecture for
Differentiated
Services
• RFC 2597, Assured
Forwarding PHB
Group
• RFC 2598, An
Expedited
Page 95
SNMP Reference Guide (Rev. 04)
T-Marc 300 Series User Guide
Page 96
SNMP Reference Guide (Rev. 04)
Configuring Remote Monitoring (RMON)
Table of Figures ······················································································ 2
Overview ······························································································· 3
Page 1
Configuring Remote Monitoring (RMON) (Rev. 07)
T-Marc 300 Series User Guide
Table of Figures
Figure 1: RMON Monitoring Example························································· 3
Page 2
Configuring Remote Monitoring (RMON) (Rev. 07)
T-Marc 300 Series User Guide
Overview
Remote Monitoring (RMON) is an Internet Engineering Task Force (IETF) monitoring
specification that defines a set of statistics and functions that can be exchanged between RMON-
compliant console systems and network probes.
RMON provides you with comprehensive network-fault diagnosis, planning, and performance-
tuning information.
You can use the RMON feature with the Simple Network Management Protocol (SNMP) agent in
the device to monitor all the traffic flowing among devices on all connected LAN segments.
Page 3
Configuring Remote Monitoring (RMON) (Rev. 07)
T-Marc 300 Series User Guide
RMON Groups
The T-Marc 300 Series devices support the following four RMON groups:
• Statistics (group 1)
The Ethernet statistics group collects Fast Ethernet and Gigabit Ethernet statistics on an
interface.
Use the information from the Statistics group to detect changes in traffic and error
patterns in critical areas of the network.
• History (group 3)
The History group provides historical views of network performance by taking periodic
samples of the counters supplied by the Statistics group.
The group is useful for analyzing traffic patterns and trends on an Ethernet interface on
the device and for establishing baseline information indicating normal operating
parameters.
• Alarms (group 4)
The Alarms group provides a general mechanism for setting threshold and sampling
intervals to generate events on any RMON variable. This group monitors a specific
management information base (MIB) object for a specified interval, triggers an alarm at a
specified value (rising threshold), and resets the alarm at another value (falling threshold).
You can use alarms with RMON events to generate a log entry and/or an SNMP
notification when the RMON alarm triggers.
• Events (group 10)
The Events group creates entries in an event log and/or sends SNMP traps. An event is
triggered by an RMON alarm. The action taken can be configured to ignore it, to log the
event, to send an SNMP trap to the receivers listed in the trap receiver table, or to both
log and send a trap.
Page 4
Configuring Remote Monitoring (RMON) (Rev. 07)
T-Marc 300 Series User Guide
rmon alarm counter Configures RMON alarms (see Configuring RMON Alarm)
rmon event Configures RMON events (see Configuring RMON Events)
Command Description
show rmon alarm Displays information about RMON alarms (see Displaying
RMON Alarms)
show rmon event Displays information about RMON events (see Displaying
RMON Events)
show rmon statistics Displays counter statistics of the specified port or all available
ports on the device (see Displaying RMON Statistics)
show rmon statistics Displays the high capacity of RMON statistics for a specified
high-capacity port or for all ports (see Displaying High-Capacity Counters)
Page 5
Configuring Remote Monitoring (RMON) (Rev. 07)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#rmon alarm <alarm-index> counter <index> UU/SS/PP
<polling-interval> {absolute | delta} <rising-threshold> <falling-
threshold> <rising-index> <falling-index> OWNER
device-name(config)#no rmon alarm [<alarm-index>]
Argument Description
alarm-index Specifies the alarm index, in the range <1–65535>.
If it is a new index, the alarm is created. If the index already exists, the
alarm is updated.
counter <index> Specifies the counter number of the statistics kept for a particular
Ethernet interface. The counter number is in the range <1-25>. For
more information about the RMON counters, see Table 4.
UU/SS/PP Specifies the Ethernet interface on which to collect statistics.
polling-interval Specifies the time in seconds the alarm monitors the counters. The
range is <1–2147483647> seconds.
absolute Use absolute threshold values.
The trap is sent only once when the rising threshold value is met.
delta Use threshold value differences.
The agent sends the trap whenever the difference between the last
and the current value reaches the rising or falling value.
The delta keyword requires you to define two events—one for the
case when the rising value is met and one for the case when the
falling value is met.
rising-threshold Specifies the rising-threshold, in the range <0–2147483647>.
falling-threshold Specifies the falling-threshold, in the range <0–2147483647>.
Insignificant if absolute is specified.
rising-index Specifies the rising-event index, in the range <0–65535>.
falling-index Specifies the falling-event index, in the range <0–65535>.
OWNER The owner name can be any alphanumeric string (without spaces).
no Removes all defined RMON alarms. When the alarm index is
specified, only the selected RMON alarm is removed.
Page 6
Configuring Remote Monitoring (RMON) (Rev. 07)
T-Marc 300 Series User Guide
Page 7
Configuring Remote Monitoring (RMON) (Rev. 07)
T-Marc 300 Series User Guide
Page 8
Configuring Remote Monitoring (RMON) (Rev. 07)
T-Marc 300 Series User Guide
Example 1
In the following example, the threshold type is absolute, so the falling event is insignificant. The
index has an arbitrary value of zero.
If the threshold type is delta, the index has the number of the event of the falling value.
device-name(config)#rmon alarm 1 counter 2 1/2/3 5 absolute 20000 0 1 0 STN1
Example 2
To remove all defined RMON alarms, perform the following command:
device-name(config)#no rmon alarm
remove all defined RMON alarms ? [y/n] : y
Example 3
To remove a specific RMON alarm, perform the following command:
device-name(config)#no rmon alarm 1
Command Syntax
device-name(config)#rmon event <event-index> DESCRIPTION {none | log |
snmp-trap | trap-and-log} COMM OWNER
device-name(config)#no rmon event [<event-index>]
Argument Description
event-index Specifies the event index, in the range <1–65535>.
If it is a new index, the event is created. If the index already exists, the event is
updated.
DESCRIPTION The event description can be any alphanumeric string (without spaces).
none No notification.
log Generates an RMON log entry when the event is triggered.
snmp-trap Generates an SNMP trap entry when the event is triggered.
trap-and-log Generates an SNMP trap and RMON log entries when the event is triggered.
COMM Specifies the trap community (alphanumeric string without blank spaces).
OWNER The owner name can be any alphanumeric string.
no Removes all existing RMON events. When the event index is specified, only
the selected RMON event is removed.
Page 9
Configuring Remote Monitoring (RMON) (Rev. 07)
T-Marc 300 Series User Guide
Example 1
To define an RMON event description, select:
• The event index to be 1
Example 2
To remove all defined RMON events, perform the following command:
device-name(config)#no rmon event
remove all defined RMON events ? [y/n] : y
Command Syntax
device-name#show rmon alarm [<alarm-index>]
Argument Description
alarm-index (Optional). Displays information about the specified RMON alarm in the
range <1–65535>.
Example
device-name#show rmon alarm
Alarm 1, status active, owned by STN1
Counter Octets, interface 1/2/3
Sampling interval (h:m:s) 00:00:05, SampleType absolute
Current value 5986918 Startup : rising
RisingThreshold 20000 FallingThreshold 0
RisingEventIndex 1 FallingEventIndex 0
Page 10
Configuring Remote Monitoring (RMON) (Rev. 07)
T-Marc 300 Series User Guide
Command Syntax
device-name#show rmon event [<event-index>]
Argument Description
event-index (Optional). Displays information for the specified RMON event, in the
range <1–65535>.
Example 1
device-name#show rmon event
Event 1, status active, owned by STN1
Description : the_tank_is_full
Type : snmp-trap, LastTimeSent: 01:36:29
Community : PUBLIC
Event 2, status active, owned by STN2
Description : the_tank_is_empty
Type : snmp-trap, LastTimeSent: 02:16:29
Community : PUBLIC2
Example 2
device-name#show rmon event 1
Event 1, status active, owned by STN1
Description : the_tank_is_full
Type : snmp-trap, LastTimeSent: 01:36:29
Community : PUBLIC
Command Syntax
device-name#show rmon statistics [UU/SS/PP]
Argument Description
UU/SS/PP (Optional). Displays counter statistics on the specified port.
Page 11
Configuring Remote Monitoring (RMON) (Rev. 07)
T-Marc 300 Series User Guide
Example
device-name#show rmon statistics 1/2/3
Octets 178472399 In/OutPkts 64 7350025
Collisions 0 In/OutPkts 65-127 4746706
Broadcast 2204 In/OutPkts 128-255 1600779
Multicast 0 In/OutPkts 256-511 705253
CRCAlignErrors 0 In/OutPkts 512-1023 269046
Undersize 0 In/OutPkts 1024-MaxFrameSize 3915499
Oversize 0 TotalInPkts 5940113
Fragments 0 TotalIn/OutPkts 18587308
Jabbers 0 Down Count 0
DropEvents 0
Last5secInPkts 0 Last5secInBps 25
Last1minInPkts 18 Last1minInBps 31
Last5minInPkts 44 Last5minInBps 7
Last5secOutPkts 1 Last5secOutBps 54
Last1minOutPkts 33 Last1minOutBps 47
Last5minOutPkts 111 Last5minOutBps 19
Octets This counter is incremented once for every data octet of all received
packets. This includes data octets of rejected and local packets that
are not forwarded to the switching core for transmission. This
counter reflects all the data octets received on the line.
For oversized packets, when they exceed the allocated buffer-size,
only buffer-size bytes are counted and all the rest of the bytes are
not.
Collisions This counter is incremented once for every received packet when
detecting a Collision Event.
Broadcast This counter is incremented once for every good Broadcast packet
received.
Multicast This counter is incremented once for every good Multicast packet
received.
CRCalignErrors This counter is incremented once for every received packet that
meets all the following conditions:
• Packet data length is between 64 and MaxFrameSize bytes
(=1518) inclusive
• Packet has invalid CRC
• Collision Event is not detected
• Late Collision Event is not detected
Undersize This counter is incremented once for every received packet that
meets all the following conditions:
• Packet data length is less than 64 bytes
• Collision Event is not detected
• Late Collision Event is not detected
• Packet has valid CRC
Page 12
Configuring Remote Monitoring (RMON) (Rev. 07)
T-Marc 300 Series User Guide
Counter Description
Oversize This counter is incremented once for every received packet that
meets all the following conditions:
• Packet data length is greater than MaxFrameSize bytes
(=1518)
• Packet has valid CRC
Fragments This counter is incremented once for every received packet that
meets all the following conditions:
• The packet’s data length is less than 64 bytes, or the packet is
without SFD (Start Frame Delimiter) and is less than 64 bytes
in length
• Collision Event is not detected
• Late Collision Event is not detected
• Packet has invalid CRC
Jabbers This counter is incremented once for every received packet that
meets all the following conditions:
• Packet data length is greater than MaxFrameSize bytes
(=1518)
• Packet has invalid CRC
DropEvents Not supported.
Last5secInPkts Counts the number of packets received on the device during the five
seconds before executing the command.
Last1minInPkts Counts the number of packets received on the device during the
minute before executing the command.
Last5minInPkts Counts the number of packets received on the device during the five
minutes before executing the command.
Last5secOutPkts Counts the number of packets transmitted to the device during the
five seconds after executing the command.
Last1minOutPkts Counts the number of packets transmitted to the device during the
minute after executing the command.
Last5minOutPkts Counts the number of packets transmitted to the device during the
five minutes after executing the command.
In/OutPkts 65-127 This counter is incremented once for every received and transmitted
packet that is 65 to 127 bytes in size. This counter includes rejected,
received, and transmitted packets.
In/OutPkts 128-255 This counter is incremented once for every received and transmitted
packet that is 128 to 255 bytes in size. This counter includes
rejected, received, and transmitted packets.
In/OutPkts 256-511 This counter is incremented once for every received and transmitted
packet that is 256 to 511 bytes in size. This counter includes
rejected, received, and transmitted packets.
In/OutPkts 512-1023 This counter is incremented once for every received and transmitted
packet that is 512 to 1023 bytes in size. This counter includes
rejected, received, and transmitted packets.
In/OutPkts 1024- This counter is incremented once for every received and transmitted
MaxFrameSize packet that is 1024 to MaxFrameSize bytes (1518) in size. This
counter includes rejected, received, and transmitted packets.
Page 13
Configuring Remote Monitoring (RMON) (Rev. 07)
T-Marc 300 Series User Guide
Counter Description
TotalInPkts This counter is incremented once for every received packet. This
includes rejected and local packets that are not forwarded to the
switching core for transmission. This counter reflects all packets
received on the line.
TotalIn/OutPkts This counter is incremented once for every received and transmitted
packet that is 64 to MaxFrameSize bytes (1518) in size. This
counter includes rejected, received, and transmitted packets.
Down Count This counter is incremented once for every disconnection of the
port. The counter is initialized in any of the following cases:
• When the device starts running (provided that the link to the
port is attached), the counter is initialized to zero.
• When inserting the module at run-time (hot-swapped), the
counter is initialized to one.
• If attaching the link to the port for the first time during run-time,
the counter is initialized to one.
Last5secInBps Counts the number of Bps received on the device during the five
seconds before executing the command.
Last1minInBps Counts the number of Bps received on the device during the minute
before executing the command.
Last5minInBps Counts the number of Bps received on the device during the five
minutes before executing the command.
Last5secOutBps Counts the number of Bps transmitted to the device during the five
seconds after executing the command.
Last1minOutBps Counts the number of Bps transmitted to the device during the
minute after executing the command.
Last5minOutBps Counts the number of Bps transmitted to the device during the five
minutes after executing the command.
Command Syntax
device-name#show rmon statistics [UU/SS/PP] high-capacity
Argument Description
UU/SS/PP (Optional). Displays RMON statistics for the specified port.
Page 14
Configuring Remote Monitoring (RMON) (Rev. 07)
T-Marc 300 Series User Guide
Example 1
The following example shows interface statistics for port 1/1/1:
device-name#show rmon statistics 1/1/1 high-capacity
interface 1/1/1 High Capacity
Overflow Octets N/A Octets 1
Overflow Packets N/A Packets 6
Overflow 64 N/A In/OutPkts 64 1
Overflow 65-127 N/A In/OutPkts 65-127 1
Overflow 128-255 N/A In/OutPkts 128-255 1
Overflow 256-511 N/A In/OutPkts 256-511 1
Overflow 512-1023 N/A In/OutPkts 512-1023 1
Overflow 1024-MaxSize N/A In/OutPkts 1024-MaxSize 1
Example 2
The following example shows interface statistics for all supported ports: 1/1/1, 1/1/2, 1/2/1–
1/2/8:
device-name#show interface statistics high-capacity
interface 1/1/1 High Capacity
Overflow Octets N/A Octets 1
Overflow Packets N/A Packets 6
Overflow 64 N/A In/OutPkts 64 1
Overflow 65-127 N/A In/OutPkts 65-127 1
Overflow 128-255 N/A In/OutPkts 128-255 1
Overflow 256-511 N/A In/OutPkts 256-511 1
Overflow 512-1023 N/A In/OutPkts 512-1023 1
Overflow 1024-MaxSize N/A In/OutPkts 1024-MaxSize 1
Page 15
Configuring Remote Monitoring (RMON) (Rev. 07)
T-Marc 300 Series User Guide
Page 16
Configuring Remote Monitoring (RMON) (Rev. 07)
T-Marc 300 Series User Guide
Configuration Example
1. To define an RMON event description, select:
The event index to be 1
The event description to be the_tank_is_full
The event notification to be snmp-trap
The community string, as defined previously, to be PUBLIC
The event owner to be STN1
device-name#configure terminal
device-name(config)#rmon event 1 the_tank_is_full snmp-trap PUBLIC STN1
2. Define RMON alarm conditions. The threshold type is absolute, so the falling event is
insignificant. The index has an arbitrary value of zero. If the threshold type is delta, the index
has the number of the event of the falling value.
device-name(config)#rmon alarm 1 counter 2 1/2/2 5 absolute 20000 0 1 0
STN1
device-name(config)#exit
Page 17
Configuring Remote Monitoring (RMON) (Rev. 07)
T-Marc 300 Series User Guide
Supported Platforms
Feature T-Marc 340 T-Marc 380
Page 18
Configuring Remote Monitoring (RMON) (Rev. 07)
Configuring System Message Logging
System Log Messages Overview ·································································· 3
System Log Message Format ···································································· 3
NVRAM-based Configuration History Logging··············································· 4
Settings and Values ··············································································· 4
Trap Levels··················································································· 4
Syslog Facility ················································································ 5
Log Modules ················································································· 6
Configuration Examples···········································································22
Enabling Log Messages ·········································································22
Page 1
Configuring System Message Logging (Rev. 07)
T-Marc 300 Series User Guide
Page 2
Configuring System Message Logging (Rev. 07)
T-Marc 300 Series User Guide
Page 3
Configuring System Message Logging (Rev. 07)
T-Marc 300 Series User Guide
NOTE
The PRIORITY, SEQUENCE NUMBER and DATE TIME fields are optional. By
default, these fields are not included in any message. To force inclusion of the
PRIORITY and SEQUENCE NUMBER fields in trap-messages, use the log
include command.
The log timestamp datetime localtime timezone msecs command displays the date and
time.
Example
3180:1993-01-03 22:59:25:tTelnetd:informational:Access from 10.3.127.102
granted !
Page 4
Configuring System Message Logging (Rev. 07)
T-Marc 300 Series User Guide
0 emergency Internal error occurred. The device reached a crash state and
cannot continue to operate.
1 alert Immediate action needed. The device might operate
incorrectly.
2 critical Internal error or non-supported event occurred.
3 error Error condition (for example, error messages about software or
hardware malfunctions).
4 warning Warning condition.
5 notification Normal but significant condition (for example, interface
up/down transitions and system restart messages).
6 information Informational message only (for example, reload requests and
low-process stack messages).
7 debugging Appears during debugging only.
Syslog Facility
A Syslog facility is a setting for the remote Syslog server and is represented by a number between 0
and 23.
Table 3: Syslog Message Facilities
Numerical Code Facility
0 Kernel messages
1 User-level messages
2 Mail system
3 System daemons
4 Security/authorization messages (0)
5 Messages generated internally by Syslog
6 Line printer subsystem
7 Network news subsystem
8 UUCP subsystem
9 Clock daemon (0)
10 Security/authorization messages (1)
11 FTP daemon
12 NTP subsystem
13 Log audit
14 Log alert
15 Clock daemon (1)
16 Local use 0 (local0)
17 Local use 1 (local1)
Page 5
Configuring System Message Logging (Rev. 07)
T-Marc 300 Series User Guide
NOTE
1. Some operating systems use Facilities 4, 10, 13 and 14 for security/authorization
and audit/alert messages.
2. Some operating systems use both Facilities 9 and 15 for clock (clockd0/clockd1)
messages.
Log Modules
The module that generates the message and sends it to the log daemon is represented by a keyword.
NOTE
When a module is configured explicitly, all system log messages from that module
are logged according to the module configuration, and the default configuration is
ignored.
When a module is not configured, the log output contains system log messages from
all system modules.
Page 6
Configuring System Message Logging (Rev. 07)
T-Marc 300 Series User Guide
Default default Enables the configurations of all modules, which are not
explicitly configured.
NVRAM history Logging Only Emergency Level trap messages are logged.
The PRIORITY field is not recorded.
NVRAM-based Configuration History Disabled
Logging buffer size 1000 messages
Syslog server IP address None configured
Logging to buffer log module default buffer trap debugging
Page 7
Configuring System Message Logging (Rev. 07)
T-Marc 300 Series User Guide
Page 8
Configuring System Message Logging (Rev. 07)
T-Marc 300 Series User Guide
log cli-console Displays system log messages on the CLI console that is
attached to the COM port (see Local Console Logging)
log telnet-console Display the system log messages on a Telnet console (see
Telnet Console Logging)
log server syslog-facility Display the system log messages on a Syslog server
(remote device) (see Configuring the Console Log to a
Syslog Server)
log nvram-history Enables storing message logging in the NVRAM history
table (see Storing Message Logging to NVRAM)
log buffer upload-to Uploads the log buffer to a TFTP server, using the specified
file-name (see Uploading the Log Buffer to a TFTP Server)
log buffer trap Copies system log messages to an internal buffer instead of
writing them to the console (see Configuring Message
Logging to Memory Buffer)
log buffer resize-to Enables resizing and displaying the memory buffer (see
Resizing Memory Buffer)
log group users-limit Enables privilege-limited logging (see Enabling the
Privilege-limited Logging)
log include Causes displayed and logged trap-messages to include the
optional PRIORITY field or sequence number (see Including
the PRIORITY Field or SEQUENCE NUMBER)
log synchronous Synchronizes system log messages with a command output
on the CLI console or Telnet session (see Synchronizing
System Log Messages)
log timestamp Adds a timestamp with Uptime or DateTime format (see
Adding Timestamps )
clear log Clears all the memory buffer contents or all System trap-
messages from NVRAM (see Clearing the NVRAM Trap
Log)
Page 9
Configuring System Message Logging (Rev. 07)
T-Marc 300 Series User Guide
Page 10
Configuring System Message Logging (Rev. 07)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#log [module MODULE-NAME] cli-console trap TRAP-LEVEL
device-name(config)#no log [module MODULE-NAME] cli-console
Argument Description
module MODULE- (Optional). Specifies the name of the module for which log output to a
NAME local console is enabled.
See Table 4 for the module name keyword.
trap TRAP-LEVEL Specifies trap value for severity. Log message severity levels are listed
in Table 2.
no Stops log output to the CLI console.
Example
The following example enables local console logging for the whole system and configures a
message log filter to the severity level 6.
device-name(config)#log cli-console trap informational
NOTE
When applied in a Telnet session, the log telnet-console command is effective
only in the current Telnet session. Therefore, the command is not added to the
configuration file.
Command Syntax
device-name(config)#log [module MODULE-NAME] telnet-console trap TRAP-LEVEL
device-name(config)#no log [module MODULE-NAME] telnet-console
Page 11
Configuring System Message Logging (Rev. 07)
T-Marc 300 Series User Guide
Argument Description
module MODULE- (Optional). Specifies the name of the module for which log output to a
NAME local console is enabled. See Table 4 for the module name keyword.
trap TRAP-LEVEL Specifies trap value for severity. Log message severity levels are listed in
Table 2.
no Stops log output to the Telnet console.
Example
The following example enables Telnet console logging for the whole system and configures a
message log filter to the severity level 7.
device-name(config)#log telnet-console trap debugging
Command Syntax
device-name(config)#log [module MODULE-NAME] server A.B.C.D syslog-facility
<syslog-facility> trap TRAP-LEVEL
Argument Description
A.B.C.D IP address of the Syslog server.
module MODULE- (Optional). Specifies the name of the module for which log output to a
NAME local console is enabled.
See Table 4 for the module name keyword.
syslog-facility Syslog facility valid entries are all values from 0 to 23 according to RFC
<syslog-facility> 3164. Recommended values are local6 and local7 (22, 23). The Syslog
message facilities are listed in Table 3.
trap TRAP-LEVEL Specifies trap value for severity. Log message severity levels are listed
in Table 2.
no Disables the remote logging.
Page 12
Configuring System Message Logging (Rev. 07)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#log [module MODULE-NAME] buffer trap TRAP-LEVEL
device-name(config)#no log [module MODULE-NAME] buffer trap TRAP-LEVEL
Argument Description
module MODULE- (Optional). Specifies the name of the module for which log output to a
NAME local console is enabled. See Table 4 for the module name keyword.
trap TRAP-LEVEL Specifies trap value for severity. Log message severity levels are listed in
Table 2.
no Disables the memory buffer logging.
Command Syntax
device-name(config)#log buffer resize-to <buffer-size>
device-name(config)#no log buffer resize-to <buffer-size>
Argument Description
no Sets the default value of the memory buffer.
resize-to <buffer- Resizes the number of messages in the memory buffer, in the range
size> <2–1000>.
Page 13
Configuring System Message Logging (Rev. 07)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#log group users-limit trap TRAP-LEVEL
device-name(config)#no log group users-limit
Argument Description
trap TRAP-LEVEL Specifies trap value for severity. Log message severity levels are listed in
Table 2.
no Disables privilege-limited logging and all users can see all console
messages.
Command Syntax
device-name(config)#log include {priority | sequence-number | syslog-prefix }
device-name(config)#no log include {priority | sequence-number}
Argument Description
priority Sets the PRIORITY field in the messages to be displayed and logged.
sequence-number Includes the SEQUENCE NUMBER in the log messages.
syslog-prefix Includes prefix in the syslog message.
no Causes displayed and logged trap messages to exclude the optional
PRIORITY field or the SEQUENCE NUMBER.
Page 14
Configuring System Message Logging (Rev. 07)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#log synchronous {cli-console | telnet-console}
device-name(config)#no log synchronous {cli-console | telnet-console}
Argument Description
cli-console Enables the log synchronous feature on the CLI console.
telnet-console Enables the log synchronous feature on the Telnet console.
no Disables the log synchronous feature.
Example
This example shows how to prevent displaying system log messages on the CLI console until the
command output finishes or is interrupted if press <Ctrl+Z>. Logging to the console session
resumes after displaying all the requested output.
device-name(config)#log synchronous cli-console
Adding Timestamps
The log timestamp command adds a timestamp with Uptime or DateTime format.
NOTE
This command does not affect system log messages sent to the Syslog server.
Command Syntax
device-name(config)#log timestamp {uptime | datetime [<localtime> | <timezone>
| <msec>]}
device-name(config)#no log timestamp {uptime | datetime [<localtime> |
<timezone> | <msec>]}
Page 15
Configuring System Message Logging (Rev. 07)
T-Marc 300 Series User Guide
Argument Description
uptime The Uptime format: Days hh:mm:ss.
datetime The DateTime format: is MM/dd hh:mm:ss[.msec].
localtime (Optional). Displays the local time-zone offset relative to GMT.
timezone (Optional). Displays the time zone name.
msec (Optional). Adds milliseconds to the format.
no Disables timestamps in the system log messages.
NOTE
This feature logs only the most important system log messages of the system and
cannot be turned off by design.
All trap-messages of the specified level and higher levels (lower severity level
numbers) are stored.
Command Syntax
device-name(config)#log [module MODULE-NAME] nvram-history trap {alerts |
critical | emergencies | errors}
device-name(config)#no log [module MODULE-NAME] nvram-history
Argument Description
module (Optional). Specifies the name of the module for which console logging to a
MODULE-NAME Syslog server is enabled. See Table 4 for the module name keyword.
alerts Log messages in the event of an internal error that requires immediate
action. Severity level is one.
critical Log messages in the event of an internal error or a non-supported event.
Severity level is two.
emergencies Log messages in the event of an internal error that causes the System to be
unusable. Severity level is zero.
errors Log messages if error conditions exist. Severity level is three.
no Disables the recording, but does not clear existing command records.
Page 16
Configuring System Message Logging (Rev. 07)
T-Marc 300 Series User Guide
NOTE
This command determines the severity level that limits trap messages currently
stored, but does not indicate the minimal severity level of previously stored system
log messages that exist in NVRAM.
Command Syntax
device-name#show log nvram-history [first <number-of-records> | last <number-
of-records> | size | status]
Argument Description
last <number-of- (Optional). Displays the latest specified number of stored trap-
messages. The range is <1–65535>.
records>
size (Optional). Displays the number of records in the system-message
history.
status (Optional). Displays the status of recording.
Command Syntax
device-name#clear log [buffer | nvram-history]
Argument Description
buffer (Optional). Clears the memory buffer contents.
nvram-history (Optional). Clears the system trap-messages from NVRAM.
Page 17
Configuring System Message Logging (Rev. 07)
T-Marc 300 Series User Guide
Command Syntax
device-name#show log {buffer | module MODULE-NAME | nvram-history}
Argument Description
buffer (Optional). Displays the contents of the log memory buffer.
module MODULE-NAME (Optional). Displays the logging configuration for the specified
module. See Table 4 for the module name keyword.
nvram-history Log history in NVRAM.
NOTE
After each reload of the device there are some logs in the log buffer. Even if you clear
the log buffer after reload (no matter reload to defaults or reload save) the buffer has
logs!
Example
This example shows that the buffer size is reduced to 20 messages and log messages are directed to
the CLI and Telnet consoles and to the memory buffer:
device-name#show log module default
Module default configuration:
buffer size:1000 trap: debugging
nvram-history trap: emergencies
Synchronous logging terminals:
device-name#configure terminal
device-name(config)#log buffer resize-to 20
device-name(config)#end
Page 18
Configuring System Message Logging (Rev. 07)
T-Marc 300 Series User Guide
Command Syntax
device-name#log buffer upload-to A.B.C.D FILE-NAME
Argument Description
A.B.C.D The IP address of the TFTP server.
FILE-NAME (Optional). The name of the uploaded buffer for storing.
Example
device-name#log buffer upload-to 192.168.0.56 buf
Command Syntax
device-name(config)#record configuration-history nvram
device-name(config)#no record configuration-history
Argument Description
no Disables the recording, but does not clear existing command records.
Page 19
Configuring System Message Logging (Rev. 07)
T-Marc 300 Series User Guide
Command Syntax
device-name#clear configuration-history nvram
Command Syntax
device-name#show configuration-history [<session-number> | all | size | status]
Argument Description
session- (Optional). Number of session displayed in the range <1–65535>. If no
number session number is specified, the command displays all configuration
commands stored in NVRAM during the last session.
all Displays all configuration commands stored in NVRAM during all recorded
sessions.
size Displays the number of sessions currently stored in NVRAM.
status Displays the current recording state of configuration history (as set by the
record configuration-history nvram command).
Example 1
The following example displays the last configuration-session (two sessions were recorded):
device-name#show configuration-history
! Configuration session 2 start
configure terminal
interface 1/1/1
mac access-group 400
! Configuration session 2 end
Page 20
Configuring System Message Logging (Rev. 07)
T-Marc 300 Series User Guide
Example 2
The following example displays the specified configuration-session (session number 1):
device-name#show configuration-history 1
! Configuration session 1 start
configure terminal
access-list 400 permit host 00:00:11:22:33:45 any
Example 3
The following example displays all recorded configuration-sessions:
device-name#show configuration-history all
! Configuration session 1 start
configure terminal
access-list 400 permit host 00:00:11:22:33:45 any
! Configuration session 1 end
configure terminal
interface 1/1/1
mac access-group 400
no mac access-group 400
mac access-group 400
! Configuration session 2 end
Example 4
device-name#show configuration-history size
Configuration history consists of 2 sessions (num. 1 - 2).
Example 5
device-name#show configuration-history status
Configuration history recording enabled
Page 21
Configuring System Message Logging (Rev. 07)
T-Marc 300 Series User Guide
Configuration Examples
Enabling Log Messages
The following example shows how to enable log messages for the notification level that is displayed
by the console port, on Telnet session and on remote Syslog server with IP address 220.119.10.1.
1. Enable logging to the console port:
device-name#configure terminal
device-name(config)#log cli-console trap notifications
Page 22
Configuring System Message Logging (Rev. 07)
T-Marc 300 Series User Guide
configure terminal
interface 1/1/1
link-aggregation static id 2
interface 1/1/2
link-aggregation static id 2
show
! Configuration session 1 end
Page 23
Configuring System Message Logging (Rev. 07)
T-Marc 300 Series User Guide
Supported Platforms
Feature T-Marc 340 T-Marc 380
Page 24
Configuring System Message Logging (Rev. 07)
Troubleshooting and Monitoring
Table of Figures ······················································································ 5
Page 1
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Enabling CPU Monitoring and Entering the CPU Monitoring Mode ················21
Enabling Flash-Usage Monitoring and Entering the Flash Monitoring Mode ·······22
Enabling Fan Monitoring and Entering the Fan Monitoring Mode ···················22
Enabling Power Monitoring and Entering the Power Monitoring Mode ·············23
Enabling RAM Monitoring and Entering the RAM Monitoring Mode ···············23
Enabling Temperature Monitoring and Entering the Temperature Monitoring Mode
·······························································································24
Enabling Laser Management Monitoring and Entering the Laser Monitoring Mode25
Enabling Port Monitoring and Entering the Port Monitoring Mode··················26
Enabling Periodic Monitoring for a Specific Indicator ·································27
Disabling Periodic Monitoring for a Specific Indicator·································27
Restoring Default Settings for a Specific Indicator······································27
Enabling Log-Alert Notification for a Specific Indicator·······························28
Enabling LED-Alert Notification for a Specific Indicator ·····························28
Enabling SNMP Trap Notifications for a Specific Indicator···························29
Defining the Monitoring Interval for a Specific Indicator······························29
Defining a Limit Value for a Specific Indicator ·········································30
Defining a Scale for Triggering New Alerts··············································31
Displaying the Periodic Monitoring Settings·············································32
Displaying a Specific Indicator’s Monitoring Settings ··································34
Configuration Examples ········································································35
CPU Usage Monitoring ····································································35
RAM Usage Monitoring ···································································36
Flash Usage Monitoring ···································································37
Page 2
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Page 3
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Page 4
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Table of Figures
Figure 1: Periodic Monitoring Configuration Flow···········································18
Figure 2: Laser Management Configuration Flow ············································40
Figure 3: Local Port Mirroring ·································································54
Figure 4: Remote Port Mirroring·······························································54
Figure 5: Monitor-Session Configuration Example ··········································57
Page 5
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Chapter Overview
Telco Systems provides a set of powerful tools for troubleshooting and resolving technical issues
with T-Marc 300 Series devices. This chapter details these tools.
Page 6
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Page 7
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Startup BiST
The Startup BiST reports a summary of the results by BiST group, stating whether the group tests
passed or failed.
• When all the BiST tests pass, the device Status LED (STS) turns steady green.
• When one or more tests fail, the device STS LED starts blinking.
Below is the console-port screen example of a Startup BIST:
BUILT-IN SELF TEST
------------------
Page 8
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
BiST Commands
Table 2: BiST Commands
Command Description
Invoking BiST
The self-test command runs a BiST test.
Caution
This command does not execute the RAM Resource Test since this test clears
the RAM memory. This test is executed during the startup BiST.
Command Syntax
device-name#self-test
Example
device-name#self-test
Processing BIST by request...
Fan Test :
Fan 1 - Passed
Fan 2 - Passed
Fan 3 - Passed
Temperature Test :
Temperature - Passed
Page 9
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Command Syntax
device-name#clear power-supply-alarms
NOTE
The report that is displayed by the show self-test command is based on the
periodic monitoring on operational indicators (see Periodic Monitoring).
Command Syntax
device-name#show self-test [full]
Argument Description
full (Optional) the command displays the full details of the last BiST, including
additional tests (that are not usually displayed), stating each test’s results.
If you do not use this argument, the command displays:
• a notification, stating whether the BiST encountered any problems
• only failed items and their status
Example 1
Below is an example of BiST results when all tests pass:
device-name#show self-test
No problem encountered by BIST
Example 2
Below is an example of BiST results when the fan test failed:
device-name#show self-test
Problem encountered by BIST
FLASH Resources Test :
FLASH Usage - Failed
Page 10
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
CPU Utilization
CPU utilization provides a picture of how the device CPU handles the load. The higher the
percentage of the CPU used by data transfer, the less power the CPU can devote to other tasks. A
device is diagnosed underpowered or has depleted resources, if it utilizes 80-85% of its CPU for an
extended period of time.
Command Syntax
device-name(config)#[no] cpu monitoring
Argument Description
no Disables CPU utilization monitoring
Page 11
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
show cpu utilization Displays real-time CPU usage (see Displaying the CPU Utilization)
show temperature Displays the current temperature at the CPU area (see Displaying
the CPU Temperature)
show power supply Displays the power supply status (see Displaying the Power
Supply Status)
show fan Displays the fan status (see
Displaying the Fan Status)
Command Syntax
device-name#show cpu utilization
Example
device-name#show cpu utilization
CPU usage 6%
Page 12
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Command Syntax
device-name#show temperature [high-limit]
Argument Description
high-limit (Optional) displays the defined CPU temperature limit-value
Example 1
device-name#show temperature
CPU Temperature = 30C (86F)
Example 2
device-name#show temperature high-limit
CPU temperature high limit = 55C (131F)
Command Syntax
device-name#show power-supply
Example
device-name#show power-supply
Power Supply-I: Power OK - 12V
Power Supply-E: No Power
Page 13
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Command Syntax
device-name#show fan
Example
device-name#show fan
Fan tray:
Fan 1 : OK
Fan 2 : OK
Fan 3 : OK
Page 14
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Periodic Monitoring
Periodic monitoring is a method used for monitoring different hardware conditions before they
become critical. This method generates SNMP traps notifying of the device status.
You can use periodic monitoring:
• to ensure a more reliable day-to-day operation. You can periodically monitor crucial device
functions in the background, receiving alerts when the monitored indicators vary from
operating norms.
• as a troubleshooting tool, monitoring transient conditions and tracking irregular behaviors.
You can use this method for triggering diagnostic data-polling based on the device operational
status.
Page 15
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Alert Types
You can assign any or all of the actions below to monitor an alert status:
• log—the alert status is written to the CLI history and error message log files
You can define an alert behavior globally (for all monitored indicators) or individually (for each
specific indicator).
Page 16
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Temperature Enabled
Temperature monitoring scale Celsius
Fan Enabled
Power supply Enabled
CPU usage Enabled
Flash usage Enabled
RAM (memory) usage Enabled
Laser Management Disabled
Port Disabled
Log message alert Enabled
LED alert Enabled
Trap alert Enabled
Limit values for monitoring alert See Table 11
Delta value for monitoring alert Disabled
Monitoring interval See Table 7
Page 17
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Start
End
Page 18
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
monitor all Configures periodic monitoring for all indicators (see Configuring
Periodic Monitoring)
monitor cpu-usage Enables CPU Monitoring (see Enabling CPU Monitoring and
Entering the CPU Monitoring Mode)
monitor flash-usage Enables Flash-usage monitoring (see Enabling Flash-Usage
Monitoring and Entering the Flash Monitoring Mode)
monitor fan Enables fan monitoring (see Enabling Fan Monitoring and Entering
the Fan Monitoring Mode)
monitor power Enables power monitoring (see Enabling Power Monitoring and
Entering the Power Monitoring Mode)
monitor ram-usage Enables RAM monitoring (see Enabling RAM Monitoring and
Entering the RAM Monitoring Mode)
monitor temperature Enables temperature monitoring (see Enabling Temperature
Monitoring and Entering the Temperature Monitoring Mode)
monitor laser Enables Laser Management monitoring (see Enabling Laser
Management Monitoring and Entering the Laser Monitoring Mode)
monitor ports Enables port monitoring (see Enabling Port Monitoring and
Entering the Port Monitoring Mode)
Page 19
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Command Description
show monitor Displays the periodic monitoring settings for enabled indicators
(see Displaying the Periodic Monitoring Settings)
show Displays the monitoring settings of a specific indicator (see
Displaying a Specific Indicator’s Monitoring Settings)
Page 20
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#monitor all [log | status-led | trap] {enable | disable}
device-name(config)#no monitor all [log | status-led | trap]
Argument Description
log (Optional) writes alert messages to the log history
status-led (Optional) triggers the STS LED to blink in case of a failure
trap (Optional) sends SNMP traps
enable Enables periodical monitoring
disable Disables periodical monitoring
no Restores to default
Command Syntax
device-name(config)#monitor cpu-usage [enable | disable]
device-name(config)#no monitor cpu-usage
device-name(config)#monitor cpu-usage
device-name(config monitor cpu-usage)#
Argument Description
enable (Optional) enables CPU usage monitoring
disable (Optional) disables CPU usage monitoring
no Restores to default
Page 21
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#monitor flash-usage [enable | disable]
device-name(config)#no monitor flash-usage
device-name(config)#monitor flash-usage
device-name(config monitor flash-usage)#
Argument Description
enable (Optional) enables Flash usage monitoring
disable (Optional) disables Flash usage monitoring
no Restores to default
Command Syntax
device-name(config)#monitor fan [enable | disable]
device-name(config)#no monitor fan
device-name(config)#monitor fan
device-name(config monitor fan)#
Argument Description
enable (Optional) enables fan monitoring
disable (Optional) disables fan monitoring
no Restores to default
Page 22
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#monitor power [enable | disable]
device-name(config)#no monitor power
device-name(config)#monitor power
device-name(config monitor power)#
Argument Description
enable (Optional) enables power monitoring
disable (Optional) disables power monitoring
no Restores to default
Command Syntax
device-name(config)#monitor ram-usage [enable | disable]
device-name(config)#no monitor ram-usage
device-name(config)#monitor ram-usage
device-name(config monitor ram-usage)#
Argument Description
enable (Optional) enables RAM usage monitoring
disable (Optional) disables RAM usage monitoring
no Restores to default
Page 23
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#monitor temperature [enable | disable | celsius |
fahrenheit]
device-name(config)#no monitor temperature
device-name(config)#monitor temperature
device-name(config monitor temperature C)#
device-name(config)#monitor temperature
device-name(config monitor temperature F)#
Argument Description
enable (Optional) enables temperature monitoring
disable (Optional) disables temperature monitoring
celsius (Optional) configures the temperature scale to Celsius.
Celsius
fahrenheit (Optional) configures the temperature scale to Fahrenheit
no Restores to default
Example
device-name(config)#monitor temperature fahrenheit
device-name(config)#monitor temperature
device-name(config monitor temperature F)#
Page 24
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#monitor laser [enable | disable]
device-name(config monitor laser)#
Argument Description
enable (Optional) enables Laser Management monitoring
disable (Optional) disables Laser Management monitoring
Page 25
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#monitor ports [enable | disable]
device-name(config)#no monitor ports
device-name(config)#monitor ports
device-name(config monitor ports)#
Argument Description
enable (Optional) enables port monitoring
disable (Optional) disables port monitoring
no Restores to default
Page 26
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Command Syntax
device-name(config monitor INDICATOR)#enable
Example
The following example enables temperature monitoring:
device-name(config)#monitor temperature
device-name(config monitor temperature)#enable
Command Syntax
device-name(config monitor INDICATOR)#disable
Example
The following example disables temperature monitoring:
device-name(config)#monitor temperature
device-name(config monitor temperature)#disable
Command Syntax
device-name(config monitor INDICATOR)#default
Page 27
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Command Syntax
device-name(config monitor INDICATOR)#log {enable | disable}
Argument Description
enable Enables log-alert notification
disable Disables log-alert notification
Command Syntax
device-name(config monitor INDICATOR)#status-led {enable | disable}
Argument Description
enable Enables LED-alert notification
disable Disables LED-alert notification
Page 28
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Command Syntax
device-name(config monitor INDICATOR)#trap {enable | disable}
Argument Description
enable Enables SNMP trap notification
disable Disables SNMP trap notification
Command Syntax
device-name(config monitor INDICATOR)#period {hour | minutes | seconds}
<value>
device-name(config monitor INDICATOR)#no period
Argument Description
hour Sets the monitoring interval in hour units
minutes Sets the monitoring interval in minute units
seconds Sets the monitoring interval in second units
value The monitoring interval. Valid values are:
• <1–24> hours
• <1–1440> minutes
• <1–86400> seconds
no Restores to default
Page 29
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Command Syntax
device-name(config monitor INDICATOR)#limit <value>
device-name(config monitor INDICATOR)#no limit
Argument Description
value The limit value. Defining a zero (00 value disables limit-based alerts and
erases the limit
no Restores to default
NOTE
When a monitored value exceeds the specified limit value, alert notification is
triggered. An exception is the RAM usage value: when this value is lower than the
specified limit value, an alert notification is triggered.
Page 30
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Command Syntax
device-name(config monitor INDICATOR)#delta <difference> [always | greater |
less]
device-name(config monitor INDICATOR)#no delta
This command defines delta points that are whole multiples of the <difference> argument, in which a
new alert is generated. For example, if the limit value is 55 and <difference> is 3, new alerts are
generated when the value crosses each of the values: 55, 58, 61, 64, and so on.
Argument Description
difference The delta between the current monitored value and previous measurement
that should trigger an alert.
For temperature monitoring, the configured unit is in Fahrenheit or Celsius
degrees, depending on the selected temperature scale.
always (Optional) triggers an alert when the measured value rises above or drops
below the value limit by a multiple of the <difference>
greater (Optional) triggers an alert when the measured value rises above the limit
by a multiple of the <difference>
less (Optional) triggers an alert when the measured value drops below the limit
by a multiple of the <difference>
no Restores to defaults. Specifying a zero value disables delta alerts.
Example
In this example an alert is generated when the measured temperature rises above the limit by 5º,
10º, 15º, and so on. No alert is generated when the temperature drops below the limit..
device-name(config monitor temperature C)#delta 5 greater
Page 31
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Command Syntax
device-name#show monitor [INDICATOR] [brief]
Argument Description
INDICATOR (Optional) displays periodic monitoring settings for a specific indicator. The
valid options are:
• power
• fan
• temperature
• port
• cpu-usage
• ram-usage
• flash-usage
• laser
brief (Optional) displays a summary of all monitored indicators
Example 1
Use the command without any options to display the status of all enabled indicators:
device-name#show monitor
Period : 60 sec.
Status LED : Enabled
Traps : Enabled
Log : Enabled
Fan Test
Period : 60 sec.
Status LED : Enabled
Traps : Enabled
Log : Enabled
Temperature Test
Page 32
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Period : 20 sec.
Status LED : Enabled
Traps : Enabled
Log : Enabled
Temperature limit : 55C
Period : 10 sec.
Status LED : Enabled
Traps : Enabled
Log : Enabled
Limit value : 1%
Period : 10 sec.
Status LED : Enabled
Traps : Enabled
Log : Enabled
Limit value : 75%
Period : 30 sec.
Status LED : Enabled
Traps : Enabled
Log : Enabled
Limit value : 1000KB
Period : 60 sec.
Status LED : Enabled
Log : Enabled
Limit value : 3047KB
Page 33
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Example 2
Display a summary of enabled indicators:
device-name #show monitor brief
Power Supply Test : Period 60 sec.
Fan Test : Period 60 sec.
Temperature Test : Period 20 sec.
Port Statistics Test : Period 10 sec.
CPU Resources Test : Period 10 sec.
RAM Resources Test : Period 30 sec.
FLASH Resources Test : Period 60 sec.
Laser Management Test : Disabled
Example 3
Display the temperature indicator: settings:
device-name#show monitor temperature
Period : 20 sec.
Status LED : Enabled
Traps : Enabled
Log : Enabled
Temperature limit : 55C
Command Syntax
device-name(config monitor INDICATOR)#show
Example:
device-name(config monitor cpu-usage)#show
Period : 10 sec.
Status LED : Enabled
Traps : Enabled
Log : Enabled
Limit value : 75%
Page 34
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Configuration Examples
CPU Usage Monitoring
In the following example, CPU usage monitoring is enabled and configured with both limit and
delta commands.
1. Enable CPU usage monitoring:
device-name(config)#monitor cpu-usage enable
7. Display the CPU usage monitoring on the CLI console and store the information in the
NVRAM history table:
device-name#configure terminal
device-name(config)#log cli-console trap debugging
device-name(config)#log nvram-history trap errors
Page 35
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Page 36
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
15. Display the RAM usage monitoring on the CLI console and store the information in the
NVRAM history table:
device-name#configure terminal
device-name(config)#log cli-console trap debugging
device-name(config)#log nvram-history trap errors
Page 37
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
23. Display the Flash usage monitoring on the CLI console and store the information in the
NVRAM history table:
device-name#configure terminal
device-name(config)#log cli-console trap debugging
device-name(config)#log nvram-history trap errors
Page 38
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Laser Management
Laser Management is a feature used for monitoring optical SFP transceivers’ operational-
parameters. This feature is based on the enhanced digital-diagnostic interface, described in SFF-
8472 specification.
Using this method you can monitor parameters such as received optical power, transmitter (Tx) and
receiver (Rx) output power, and transceiver temperature. In addition you can configure high/low
monitoring thresholds and receive notification in case these thresholds are crossed.
Page 39
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Start
End
Page 40
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
monitor laser Enables Laser Management monitoring and enters the Laser
Monitoring Configuration mode (see Enabling Laser Management
and Entering the Laser Monitoring Mode)
enable Enables periodic Laser Management monitoring (see Enabling
Periodic Laser Management)
disable Disables periodic Laser Management monitoring (see Disabling
the Periodic Laser Management)
Page 41
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#monitor laser {enable | disable}
device-name(config monitor laser)#
Argument Description
enable Enables laser monitoring
disable Disables laser monitoring
Command Syntax
device-name(config monitor laser)#enable
Command Syntax
device-name(config monitor laser)#disable
Page 42
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Command Syntax
device-name(config monitor laser)#default
Command Syntax
device-name(config monitor laser)#period {hour | minutes | seconds} <value>
device-name(config monitor laser)#no period
Argument Description
hour Sets the interval in hour units
minutes Sets the interval in minute units
seconds Sets the interval in second units
value The interval value. The valid values are:
• <1–24> hours
• <1–1440> minutes
• <1–86400> seconds
no Restores to default
Example
device-name(config monitor laser)#period minutes 100
Page 43
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Command Syntax
device-name(config monitor laser)#log {enable | disable}
Argument Description
enable Enables alert notification logging
disable Disables alert notification logging
Command Syntax
device-name(config monitor laser)#status-led {enable | disable}
Argument Description
enable Enables LED-alert notification
disable Disables LED-alert notification
Page 44
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Command Syntax
device-name(config monitor laser)#trap {enable | disable}
Argument Description
enable Enables SNMP trap notification
disable Disables SNMP trap notification
Command Syntax
device-name(config monitor laser)#temperature-threshold {high | low} <VALUE>
[PORT-LIST]
device-name(config monitor laser)#no temperature-threshold {high | low} [PORT-
LIST]
Argument Description
high Defines the high temperature threshold
85 C
low Defines the low temperature threshold
-40 C
VALUE The temperature threshold value, with an accuracy range of 1 C
PORT-LIST (Optional) one or more port numbers, specified by the following options:
• UU/SS/PP—a single port specified by unit, slot, and port number
• UU—all ports on a specified unit
• UU/SS—all ports on a specified slot
• A hyphenated range of ports (for example: 1/2/1–1/2/2 or 1/1–1/2)
• Several port numbers and/or ranges, separated by commas
(for example: 1/1/1, 1/2/1–1/2/2, 1/3/1)
NOTE
Do not leave blank spaces before or after the comma
separating sequential lists.
Page 45
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
no Restores to default
Command Syntax
device-name(config monitor laser)#tx-power-threshold {high | low} <VALUE>
[PORT-LIST]
device-name(config monitor laser)#no tx-power-threshold {high | low} [PORT-
LIST]
Argument Description
high Defines the Tx power high threshold
-5 dBm
low Defines the Tx power low threshold
-16 dBm
VALUE The Tx power threshold value
PORT-LIST (Optional) one or more port numbers, specified by the following options:
• UU/SS/PP—a single port specified by unit, slot, and port number
• UU—all ports on a specified unit
• UU/SS—all ports on a specified slot
• A hyphenated range of ports (for example: 1/2/1–1/2/2 or 1/1–1/2)
• Several port numbers and/or ranges, separated by commas
(for example: 1/1/1, 1/2/1–1/2/2, 1/3/1)
NOTE
Do not leave blank spaces before or after the comma
separating sequential lists.
no Restores to default
Page 46
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Command Syntax
device-name(config monitor laser)#rx-power-threshold {high | low} <VALUE>
[PORT-LIST]
device-name(config monitor laser)#no rx-power-threshold {high | low} [PORT-
LIST]
Argument Description
high Defines the Rx power high threshold
-7 dBm
low Defines the Rx power low threshold
-32 dBm
VALUE The Rx power threshold value
PORT-LIST (Optional) one or more port numbers, specified by the following options:
• UU/SS/PP—a single port specified by unit, slot, and port number
• UU—all ports on a specified unit
• UU/SS—all ports on a specified slot
• A hyphenated range of ports
(for example: 1/2/1–1/2/2 or 1/1–1/2)
• Several port numbers and/or ranges, separated by commas (for
example: 1/1/1, 1/2/1–1/2/2, 1/3/1).
NOTE
Do not leave blank spaces before or after the comma
separating sequential lists.
no Restores to default
Page 47
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Command Syntax
device-name#show monitor laser
Example
device-name#show monitor laser
Laser Management Test
Period : 20 sec.
Fault LED : Enabled
Traps : Enabled
Log : Enabled
Temperature Limit :
Default: -45C..85C
1/2/2: -35C..90C
Tx-Power Limit :
Default: -16dBm..-5dBm
1/2/4: -13dBm..-5dBm
Rx-Power Limit :
Default: -32dBm..-7dBm
1/2/4: -13dBm..-7dBm
Command Syntax
device-name#show laser [PORT-LIST]
Argument Description
Page 48
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
PORT-LIST (Optional) one or more port numbers, specified by the following options:
• UU/SS/PP—a single port specified by unit, slot, and port number
• UU—all ports on a specified unit
• UU/SS—all ports on a specified slot
• A hyphenated range of ports (for example: 1/2/1–1/2/2 or 1/1–1/2)
• Several port numbers and/or ranges, separated by commas
(for example: 1/1/1, 1/2/1–1/2/2, 1/3/1).
NOTE
Do not leave blank spaces before or after the comma
separating sequential lists.
Page 49
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Example 1
device-name#show laser
Port 1/2/1
Temperature : 30C
Tx-Power : -10dBm
Rx-Power : -9dBm
Port 1/2/2
Temperature : 30C
Tx-Power : -10dBm
Rx-Power : -9dBm
Example 2
device-name#show laser 1/2/1
Port 1/2/1
Temperature : 30C
Tx-Power : -10dBm
Rx-Power : -9dBm
Page 50
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
For example, you cannot attach pin pair (1, 2) to pins (3, 4).
Command Syntax
device-name#vct-run {UU/SS/PP | full-device}
Argument Description
UU/SS/PP The port on which VCT is performed
full-device Performs VCT on all ports
Example 1
device-name#vct-run 1/1/1
Port will be disabled during the test. Are you sure?(y/n):y
%This port does not support VCT.
Page 51
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Example 2
device-name#vct-run 1/2/1
Port will be disabled during the test. Are you sure?(y/n):y
VCT test running. Please wait to gather available data ...
Example 3
device-name#vct-run 1/2/2
Port will be disabled during the test. Are you sure?(y/n):y
VCT test running. Please wait to gather available data ...
Example 4
device-name#vct-run full-device
The test will disable all ports on device. Are you sure?(y/n):y
VCT test running. Please wait to gather available data ...
Port: 1/1/2
Pins 1,2: Open at 0m.
Pins 3,6: Open at 0m.
Pins 4,5: Open at 0m.
Pins 7,8: Open at 0m.
Port: 1/2/1
Pins 1,2: Open at 0m.
Pins 3,6: Open at 0m.
Pins 4,5: Open at 0m.
Pins 7,8: Open at 0m.
Port: 1/2/2
Pins 1,2: Open at 0m.
Pins 3,6: Open at 0m.
Pins 4,5: Open at 0m.
Pins 7,8: Open at 0m.
Port: 1/2/3
Pins 1,2: Open at 0m.
Page 52
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Port: 1/2/4
Pins 1,2: Open at 0m.
Pins 3,6: Open at 0m.
Pins 4,5: Open at 0m.
Pins 7,8: Open at 0m.
Port: 1/2/5
Pins 1,2: Open at 0m.
Pins 3,6: Open at 0m.
Pins 4,5: Open at 0m.
Pins 7,8: Open at 0m.
Port: 1/2/6
Pins 1,2: Open at 0m.
Pins 3,6: Open at 0m.
Pins 4,5: Open at 0m.
Pins 7,8: Open at 0m.
Port: 1/2/7
Pins 1,2: Open at 0m.
Pins 3,6: Open at 0m.
Pins 4,5: Open at 0m.
Pins 7,8: Open at 0m.
Port: 1/2/8
Pins 1,2: Open at 0m.
Pins 3,6: Open at 0m.
Pins 4,5: Open at 0m.
Pins 7,8: Open at 0m.
Page 53
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
• Remote Port Mirroring copies packets passing through the source port(s) to a destination port on
a different device.
Page 54
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Page 55
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#monitor session {tx | rx} {destination interface UU/SS/PP
| source interface PORT_LIST}
device-name(config)#no monitor session {tx | rx}
Argument Description
tx The session monitors egress traffic
rx The session monitors ingress traffic
destination The destination port (monitoring port)
interface UU/SS/PP
source interface Configures the source port(s)
PORT_LIST List of source ports, separated by commas. Use hyphens to indicate
a port range (for example, 1/1/1–1/1/2, 1/2/2)
no Removes the monitor session
Command Syntax
device-name(config)#show monitor session
Example
device-name(config)#monitor session tx destination interface 1/1/1
device-name(config)#monitor session tx source interface 1/1/2
device-name(config)#end
device-name#show monitor session
====================================================
Monitor |Destination | Source | Monitored Source
----------+------------+---------+------------------
Transmit | port 1/1/1 | ports | 1/1/2
Receive |
Page 56
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Configuration Example
In the following example port 1/2/1 mirrors the traffic on ports 1/1/1 and 1/1/2. The port
monitors both Rx and Tx traffic.
Page 57
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
LSL
LSL provides end-to-end service-level verification across multiple providers to support individual
service level agreements. LSL extracts the source MAC address from the incoming loopback frame
and modifies the incoming frame by using the extracted source address as the destination address.
The device can continue receiving and transmitting normal data frames while LSL is enabled.
BiNOS utilizes hardware-based Iometrix loopback and LSL, ensuring wire-speed reply from these
tests.
Page 58
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Page 59
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Command Syntax
device-name(config–if UU/SS/PP)#iometrix {enable | disable}
device-name(config–if AG0N)#iometrix {enable | disable}
Argument Description
enable Enables Iometrix loopback
disable Disables Iometrix loopback
Example
device-name(config)#interface 1/1/1
device-name(config–if 1/1/1)#iometrix enable
device-name(config)#interface ag01
device-name(config-if AG01)#iometrix disable
NOTE
Do not remove the CPU from the VLAN used by Iometrix and LSL. The port should
participate as a tagged/untagged member of the default VLAN that is configured on
that port. The looped back packets egress the port with/without tag (depending on
the port configuration: tagged in case the port is a tagged member of the default
VLAN or untagged in case the port is an untagged member of the default VLAN).
Command Syntax
device-name#show iometrix {UU/SS/PP | ag0N}
Argument Description
UU/SS/PP (Optional) the port number
agON (Optional) the LAG ID, in the of range <1–7>
Page 60
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Example 1
device-name#show iometrix
======================
|Interface | Status |
======================
|1/1/1 | Enabled |
|1/1/2 | Disabled |
|1/2/1 | Disabled |
...
|1/2/8 | Disabled |
|AG01 | Disabled |
|...
|AG07 | Disabled |
Example 2
device-name#show iometrix 1/1/1
======================
|Interface | Status |
======================
|1/1/1 | Enabled |
Command Syntax
device-name(config–if UU/SS/PP)#lsl {enable | disable}
device-name(config–if AG0N)#lsl {enable | disable}
Argument Description
enable Enables LSL
disable Disables LSL
Example
device-name(config)#interface 1/1/1
device-name(config–if 1/1/1)#lsl enable
device-name(config)#interface ag01
device-name(config-if AG01)#lsl disable
Page 61
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#lsl loopback destination-mac {MM:MM:MM:MM:MM:MM | default}
Argument Description
MM:MM:MM:MM:MM:MM The destination multicast MAC address
default The device MAC address+ 12.
12 is added only to the last byte of the MAC address. For example if
the device MAC is 00:a0:12:b0:b0:b0, the default LSL destination
MAC address is 00:a0:12:b0:b0:bc.
Example
device-name(config)#lsl loopback destination-mac 01:00:11:22:33:44
Command Syntax
device-name#show lsl {UU/SS/PP | ag0N}
Argument Description
UU/SS/PP (Optional) the port number
ag0N (Optional) the LAG ID, in the of range <1–7>
Page 62
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Example 1
device-name#show lsl
Destination MAC: 01:00:11:22:33:44
======================
|Interface | Status |
======================
|1/1/1 | Enabled |
|1/1/2 | Disabled |
|1/2/1 | Disabled |
...
|1/2/8 | Disabled |
|AG01 | Disabled |
...
|AG07 | Disabled |
Example 2
device-name#show lsl 1/1/1
Destination MAC: 01:00:11:22:33:44
======================
|Interface | Status |
======================
|1/1/1 | Enabled |
Page 63
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
NOTE
You can enable this mechanism only on ports or LAGs with an already configured
ACG.
Command Syntax
device-name(config)#network-loopback-tester {UU/SS/PP | ag0N} access-group
<acl-number> [time <seconds>]
device-name(config)#no network-loopback-tester {UU/SS/PP | ag0N} access-group
<acl-number>
Argument Description
UU/SS/PP The port number
ag0N The LAG ID, in the of range <1–7>
access-group The ACL number (for detailed information, refer to the Configuring Access
<acl-number> Control Lists (ACLs) chapter).
Traffic permitted by this condition is looped back through the port/LAG.
time (Optional) the period of time the tests is enabled, in the range of <1–100000>
<seconds> seconds
Page 64
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Command Syntax
device-name#show network-loopback-tester [UU/SS/PP | ag0N]
Argument Description
UU/SS/PP (Optional) the port number
ag0N (Optional) the LAG ID, in the of range <1–7>
Example
device-name#show network-loopback-tester
Network Loopback Tester:
interface 1/2/1
Access Control Group: 401
Test Duration: 12s
Start Duration: 15:11:12
End Duration: 15:11:24
Page 65
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Configuration Example
device-name#configure terminal
device-name(config)#interface 1/1/1
device-name(config-if 1/1/1)#mac access-group 400 option
device-name(config-if 1/1/1 acg 400)#rate-limit single-rate 100k 128k exceed-
action mark-yellow
[Warning] Rate can be rounded to the next supported value!
device-name(config-if 1/1/1 acg 400)#exit
device-name(config-if 1/1/1)#mac access-group 401 option
device-name(config-if 1/1/1 acg 401)#rate-limit single-rate 1M 8K
[Warning] Rate can be rounded to the next supported value!
device-name(config-if 1/1/1 acg 401)#exit
device-name(config-if 1/1/1)#mac access-group 402 option
device-name(config-if 1/1/1 acg 402)#rate-limit single-rate 512K 8K
[Warning] Rate can be rounded to the next supported value!
device-name(config-if 1/1/1 acg 402)#end
device-name#configure terminal
device-name(config)#network-loopback-tester 1/1/1 access-group 400 time 20
device-name(config)#exit
device-name#show network-loopback-tester
Network Loopback Tester:
interface 1/1/1
Access Control Group: 400
Test Duration: 20s
Start Duration: 12:25:37
End Duration: 12:25:57
Page 66
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Watchdog Features
Watchdog is a feature used to monitor the performance of a set of tasks/processes to ensure their
proper functionality.
The Watchdog feature also triggers several automated actions in order to correct malfunctioning
monitored tasks/processes.
Watchdog integrates three features:
• Reset-Loop Detection—detects and stops a reset-loop. A reset-loop is a condition where the
software causes the device to reset. However since this software is configured to start
automatically upon the device startup, it causes the device to reset again.
• SNMP Request Failure Detection—monitors the timing and validity of SNMP requests,
resetting the device when detecting a failure in receiving SNMP requests.
• CPU Task Suspension Detection—monitors suspended (interrupted) CPU tasks and issues
log notifications whenever a CPU task is suspended.
Watchdog Commands
Table 23: Watchdog Configuration Commands
Command Description
service sw-watchdog Enters the Watchdog Configuration mode (see Entering the
Watchdog Configuration Mode)
sw-watchdog system Configures Reset-Loop Detection (see Configuring Reset-Loop
reset-loop Detection)
sw-watchdog system Configures SNMP Request Failure Detection (see Configuring
snmp-request-reset SNMP Request Failure Detection)
sw-watchdog task- Configures CPU Task Suspension Detection (see Configuring
suspension CPU Task Suspension Detection)
Page 67
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#service sw-watchdog
device-name(sw-watchdog)#
When the Watchdog detects a reset-loop, it disables the device LAN ports except for the one
configured as the maintenance port. In addition it logs a notification in the NVRAM.
The Watchdog identifies a reset-loop when the device resets more than 3 times within a specified
time period.
Command Syntax
device-name(sw-watchdog)#sw-watchdog system reset-loop <time> interface
UU/SS/PP
device-name(sw-watchdog)#no sw-watchdog system reset-loop
Argument Description
time The Reset-Loop Detection time period, in the range of <30–1500>
seconds.
interface The selected maintenance port
UU/SS/PP
no Disables Reset-Loop Detection
Example
The following command configures port 1/1/1 as the maintenance port and the Reset-Loop
Detection time to 30 seconds:
device-name(sw-watchdog)#sw-watchdog system reset-loop 30 interface 1/1/1
Page 68
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
NOTE
Enable this feature only if the SNMP server is configured to send periodic requests.
Otherwise, the Watchdog interprets the lack of SNMP requests as an SNMP request
failure and resets the device repeatedly (thus causing a reset-loop).
Command Syntax
device-name(sw-watchdog)#sw-watchdog system snmp-request-reset <time>
device-name(sw-watchdog)#no sw-watchdog system snmp-request-reset
Argument Description
time The SNMP request failure timeout, in the range of <5–360> minutes, after which
the device is reset if no valid SNMP request is received.
no Disables SNMP Request Failure Detection
Command Syntax
device-name(sw-watchdog)#[no] sw-watchdog task-suspension {all | TASK-NAME}
Argument Description
all All CPU tasks are monitored.
TASK-NAME A specified CPU task name (see the table below for the list of tasks)
NOTE
You can loop up the list of task-names by using the task
command in the Show System mode.
no Disables CPU Task Suspension Detection
Page 69
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Example
To configure monitoring of the tRmon task:
device-name(sw-watchdog)#sw-watchdog task-suspension tRmon
tRmon_Susp added to watchdog
Command Syntax
device-name#show sw-watchdog
Example
device-name#show sw-watchdog
Watch Dog Objects status
===========================================
| No | Object | STATUS |
===========================================
|1 | Memory| OK|
|1 | tRmon_Susp| FAILED|
Page 70
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Page 71
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Traceroute
Traceroute sends ICMP echo packets with increasing Time-to-Live (TTL) values to the destination.
When a device receives an ICMP echo packet with TTL value of 1 or 0, it drops the packet and
sends a time-to-live-exceeded message to the sender. Traceroute uses this mechanism for determining
the route to the destination:
It starts by sending an ICMP echo (PING) to the destination device, setting its TTL value to 1,
receiving a time-to-live-exceeded message from the next hop.
To identify the next hop, Traceroute sends another PING, setting its TTL value to 2. The first
device reached decreases the TTL field by 1 and sends the PING to the next device. This device
discards the PING (identifying a TTL value of 1) and returns a time-to-live-exceeded message to the
source.
This process continues until the TTL is incremented to a value large enough for the PING to reach
the destination device (or until reaching the maximum TTL). When the PING reaches the
destination device, it returns an ICMP Echo Reply back to the sender.
Page 72
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Connectivity-Troubleshooting Defaults
Table 26: Connectivity-Troubleshooting Default Configuration
Parameter Default Value
Traceroute TTL 64
Traceroute timeout 2 seconds
Ping delay Immediately
Ping packet length 100
Ping number of echo packets to send 5
Ping timeout 2 seconds
Connectivity-Troubleshooting Commands
Table 27: Connectivity Diagnostics Commands
Command Description
Page 73
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Pinging a Device
The ping command pings a remote device.
Command Syntax
device-name#ping A.B.C.D [delay <delay>] [length <length>] [number <number>]
[timeout <timeout>]
Argument Description
A.B.C.D The destination IP address
number <number> (Optional) the number of echo packets sent, in the range of
<1–2147483646>
5
timeout <timeout> (Optional) the timeout for receiving a response, in the range of
<1–600> seconds
2 seconds
delay <delay> (Optional) the delay between packets, in the range of <1–600>
seconds
immediately
length <length> (Optional) the size of the ICMP echo packets in the range of
<1–65535>
100
Example
To send 5 pings of 80 bytes with a 30-second timeout for reply and a 20-second delay between
pings, type the following command:
device-name#ping 212.29.220.136 number 5 timeout 30 delay 20 length 80
Sending 5, 80-byte ICMP Echoes to 212.29.220.136, timeout 30 sec, delay 20 sec:
Press Esc for break
!!!!!
Page 74
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Executing Traceroute
The traceroute command traces the data-packets’ route to their destination IP address. The
command displays each device the packets go through until reaching the destination.
To stop the command's execution, press <ESC>.
Command Syntax
device-name#traceroute A.B.C.D [ttl <ttl>] [timeout <timeout>]
Argument Description
A.B.C.D The destination IP address
ttl <ttl> (Optional) the maximum number of devices the traceroute command
passes, in the range of <1–255>
64
timeout (Optional) the timeout for receiving responses, in the range of <1–600>
<timeout> seconds
2 seconds
Example
device-name#traceroute 192.118.82.140
1 : 10ms. 20ms. 10ms. – Hop [212.29.220.193]
2 : 50ms. 40ms. 40ms. – Hop [10.96.96.1]
3 : 60ms. 95ms. 95ms. – Hop [212.29.196.109]
4 : 60ms. 60ms. 100ms. – Hop [206.49.94.116]
5 : 225ms. 100ms. 220ms. – Hop [212.29.206.214]
6 : 60ms. 60ms. 55ms. – Hop [212.29.206.66]
7 : 60ms. 60ms. 60ms. – Hop [212.29.206.210]
8 : 60ms. 60ms. 65ms. – Hop [212.150.63.186]
9 : 80ms. 85ms. 80ms. – Hop [192.118.68.17]
10 : 65ms. 70ms. 70ms. – Target [192.118.82.140]
Page 75
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Command Syntax
device-name(config)#tech-support
device-name(tech-support)#
Page 76
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Page 77
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Command Description
Page 78
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Command Description
Command Syntax
device-name#show tech-support
Example
device-name#show tech-support
It could take several minutes to complete the task. Please wait ...
Mcache
Page 79
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Command Syntax
device-name#copy tech-support upload-to A.B.C.D FILE-NAME
Argument Description
A.B.C.D The TFTP-server IP address
FILE-NAME The tech-support filename (located on the TFTP server)
Example
The following command uploads the tech-support output file to a new file named TECHSUP on
the TFTP server at IP address 192.168.30.1:
device-name#copy tech-support upload-to 192.168.30.1 TECHSUP
Page 80
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Supported Platforms
Feature T-Marc 340 T-Marc 380
BiST + +
CPU Utilization Commands + +
Periodic Monitoring + +
Laser Management + +
Port Mirroring + +
LSL and Iometrix Loopback + +
Network Loopback Tester + +
Watchdog + +
Diagnosing Connectivity Problems + +
Technical Support Information + +
Page 81
Troubleshooting and Monitoring (Rev. 10)
T-Marc 300 Series User Guide
Page 82
Troubleshooting and Monitoring (Rev. 10)
Appendix B: Products Capabilities
Overview ······························································································· 2
Key Features ······················································································ 2
Main Features ····················································································· 3
Page 1
Appendix B: Products Capabilities (Rev. 07)
T-Marc 300 Series User Guide
Overview
The T-Marc 300 Series are comprised of the T-Marc 340 and T-Marc 380. These products are
compact, cost-effective, single/multi user Ethernet Demarcation Devices with full OAM
capabilities and support for MPLS Pseudowire LER.
The device operates using an internal AC or DC power supply, offering various power source
redundancy capabilities and may be installed as a table-top, wall, or rack mount.
Key Features
The T-Marc 300 Series devices offer the following features:
• One RJ45 connector for CLI configuration & device management
• 2 GE/FE Network Uplink Ports (1/1/1, 1/1/2)—two WAN uplink ports
• 4 GE/FE Access Ports (1/2/1–1/2/4)—four LAN access ports
• 4 GE/FE Access Ports (1/2/5–1/2/8)—four LAN access ports supported on T-Marc 380
only
• one internal AC or DC (-48V) power supply unit (PSU)
• Ethernet Transport & OAM for remote fault isolation and for end-to-end SLA monitoring
and verification:
Resiliency and link protection
Remote management and control
Fault isolation and diagnostics of network infrastructure and services
Ethernet services network demarcation unit
Advanced QoS with 802.1p and DSCP filtering/marking/re-marking 8 output queues per
port
Flexible 10/100/1000 Mbps Ethernet or 100BaseFX (via SFP) LAN/WAN interface
selection
• Ethernet Switching Support:
802.1Q support with full range of VLAN ID support
Port based VLAN
4K VLANs per IEEE 802.1q
MAC address table
Transparent LAN services (TLS) (VLAN stacking Q-in-Q)
802.3x (pause) flow control and backpressure
IEEE 802.3ad Link Aggregation
Page 2
Appendix B: Products Capabilities (Rev. 07)
T-Marc 300 Series User Guide
Main Features
T-Marc 340 and T-Marc 380 features include:
• Ethernet Capabilities—For the delivery of enhanced Ethernet services, the devices support:
4K VLAN tags per IEEE 802.1q, VLAN stacking, IEEE 802.3x flow control, super
VLAN, and IEEE 802.3ad link aggregation.
IEEE 802.1ad formalizes the definition of Ethernet frames with multiple VLAN
tags. It also formally labels Customer VLANs (C-VLANs) and Service VLAN (S-
VLANs).
802.1ad Provider Bridging that adds a second 802.1Q VLAN tag into the Ethernet
packet. The customer’s IEEE 802.1Q VLAN tag is enveloped by the provider tag. A
service provider can then ignore the customer’s VLAN tag and only switch traffic based
upon the outer provider tag. Since the provider is tunneling the customer’s VLAN tag,
each customer is free to use its own bank of 4K VLAN IDs to separate traffic types and
classes within their network.
• OAM Tools—OAM is a family of standards providing reliable remotely-managed service-
assurance (SA) mechanisms for both the provider and customer networks, offering the ability
to perform automatic periodic network-wide service assurance and quality verifications. The
following OAM standards are supported:
802.3ah support (EFM-OAM): specifies the protocols and Ethernet interfaces for using
Ethernet over access links as a first-mile technology and transforming it into a highly
reliable technology.
802.1ag support (CFM-OAM): refers to the ability of a network to monitor the health of
an end-to-end service delivered to customers (as oppose to just links or individual
bridges).
SAA Throughput Test: describes the steps for configuring and executing unidirectional
and bi-directional throughput tests.
SAA: allows you to monitor the performance of network-hosted applications by
emulating the traffic of these applications.
EPS: is a method of protecting point-to-point Ethernet service connection over VLAN
transport networks, assuring traffic transport between the two service ends.
Event Propagation: allows users to configure automatic actions executed upon the
occurrence of specific events.
E-LMI application: is an OAM protocol enabling the CE to auto configure its support of
Metro Ethernet services
• Access Control Lists—allow network operators to define large numbers of QoS and security
policies without compromising wire-speed performance. The ACLs enhance service levels
through high-performance differentiated services (DiffServ) marking, Denial of Service (DoS)
and Distributed Denial of Service (DDoS) attack mitigation, and by enforcing service access
rights across the service infrastructure. The ability to classify traffic according to C-VLAN
and/or S-VLAN provides full QinQ ACL support.
Page 3
Appendix B: Products Capabilities (Rev. 07)
T-Marc 300 Series User Guide
Page 4
Appendix B: Products Capabilities (Rev. 07)
T-Marc 300 Series User Guide
Product Applications
T-Marc 300 Series can be used in the following applications:
1. Aggregation node in campus environments
2. Laser Management
3. Test-Head
Page 5
Appendix B: Products Capabilities (Rev. 07)
T-Marc 300 Series User Guide
Technical Summary
Feature T-Marc 340 T-Marc 380
Interfaces • One RJ45 connector for CLI configuration & device management
• 2 GE/FE Network Uplink Ports (1/1/1, 1/1/2)
• 4 GE/FE Access Ports (1/2/1–1/2/4)
• 4 GE/FE Access Ports (1/2/5–
1/2/8)
QoS • Advanced QoS with 802.1p and DSCP filtering/marking/re-marking
8 output queues per port
• Packet and byte counter statistics (ingress and egress)
• Rate-limiting for bandwidth allocation
ACLs • ACL support with 2 VLAN tags for QinQ/802.1ad services (based
on customer VLAN IDs
• Remarking/forwarding/policing/filtering/etc support per ACL
Ethernet VLAN Stacking • TLS (QinQ)
Switching
Bridging • IEEE 802.1d Spanning Tree Algorithm
• IEEE 802.1w Rapid Spanning Tree Algorithm
• IEEE 802.1s Multiple Spanning Tree Algorithm
VLANS • 4K VLANs per IEEE 802.1q
Resiliency • Fast ring Ethernet restoration (<50ms)
• Resilient Link
MAC Table • 16K
Size
Forwarding • 148,000 pps per 100 Mb/s port
Rate
• 1,488,000 pps per 1 Gb/s port
Flow Control • IEEE 802.3x for full duplex back pressure for half duplex
transmission
Port Trunking • IEEE 802.3ad Link Aggregation
OAM Ethernet OAM • IEEE 802.1ag (CFM-OAM)
Protocols
• IEEE 802.3ah (EFM-OAM)
• SAA Test-Head
• SAA Throughput Test
• EPS
• Event Propagation
• E-LMI
Troubleshooting • Laser Management
Page 6
Appendix B: Products Capabilities (Rev. 07)
Appendix A: Default Configuration
Access List Default Configuration ······························································ 3
ACL Default Configuration ····································································· 3
Boot Loader Default Configuration ···························································· 3
CFM-OAM Default Configuration ····························································· 4
Connectivity Diagnosing Default Configuration ·············································· 6
CPU Resource Control Default Configuration ················································ 6
CPU Utilization Settings Default Configuration··············································· 6
DNS Resolver Default Configuration ·························································· 6
EFM-OAM Default Configuration ····························································· 7
E-LMI Default Configuration ··································································· 7
EPS Default Configuration ······································································ 8
Fast and Giga Ethernet Ports Default Configuration ········································· 8
File System Default Configuration ······························································ 9
IGMP Snooping Default Configuration························································ 9
Laser Management Default Configuration ····················································10
Link Aggregation Default Configuration ······················································10
LLDP Default Configuration···································································11
Loader Configuration Default Configuration ·················································11
LSL and Iometrix Loopback Default Configuration ·········································11
MAC Address Table Default Configuration ··················································12
Message Logging Default Configuration ······················································12
MSTP Configuration Default Configuration··················································12
NTP Default Configuration ····································································14
Passwords Default Configuration ······························································14
Packet Size Limit Default ·······································································14
Passwords Default Configuration ······························································14
Periodic Monitoring Default Configuration···················································15
Port Security Default Configuration ···························································16
QoS Default Configuration ·····································································16
QoS Mapping Default Configuration··························································18
Scheduler Profile Default Configuration ······················································19
Page 1
Appendix A: Default Configuration (Rev. 09)
T-Marc 300 Series User Guide
Page 2
Appendix A: Default Configuration (Rev. 09)
T-Marc 300 Series User Guide
Password batm
Block start address 0
Block length 256
Simulation of CPM redundancy Disabled
Line-card module operation mode line-module
Page 3
Appendix A: Default Configuration (Rev. 09)
T-Marc 300 Series User Guide
CFM-OAM Disabled
The domain name Appears as a string in the MAID
Compatibility with the IEEE 802.1ag protocol Standard IEEE 802.1ag-2007 (draft 8.1)
version 6.1
CFM Maintenance Domain
The way the name will appear in the MAID ieee
MIPs Are always created
Content of the Sender ID TLV All (hostname and management address of
the device)
CFM Maintenance Association
Hello-interval 1 second
CCM Priority 6
The decision regarding the MIPs If no MIP creation policy per MA is defined,
the default policy is inherited from the
domain policy configuration
Content of the Sender ID TLV All (hostname and management address of
the device)
Defect priority 1 (Alarms are reported for all conditions)
FNG reset interval time 1000 hundredths of a second
FNG alarm interval 250 hundredths of a second
AIS/LCK level One higher than the configured MA level
AIS/LCK priority 6
Interval between two successive AIS or LCK 1 second
packets
MEP state Inactive
MEP Is not able to send CCMs
CFM Performance Monitoring
Profile When CFM protocol is enabled, a default
profile is created automatically
Repetition interval of the monitoring process 1 minute
Update-interval 20 seconds
CFM Profile Monitoring
Priority 0
Number of the Loopback Request packets 1
Loopback Request packets' size 0 bytes
Page 4
Appendix A: Default Configuration (Rev. 09)
T-Marc 300 Series User Guide
Page 5
Appendix A: Default Configuration (Rev. 09)
T-Marc 300 Series User Guide
Traceroute TTL 64
Traceroute timeout 2 seconds
Ping delay Immediately
Ping packet length 100
Ping number of echo packets to send 5
Ping timeout 2 seconds
Rate limit for learning new addresses for the 1500 PPS
entire device
Rate limit to the CPU for the entire device 1500 PPS
Page 6
Appendix A: Default Configuration (Rev. 09)
T-Marc 300 Series User Guide
EFM-OAM Enabled
Number of OAMPDUs 5 OAMPDUs
Event propagation Enabled
Sending of the event notification OAMPDUs Enabled
Priority Undefined
Aging interval 5 seconds
Hello Interval 1000 milliseconds
Port state uplink ports Passive
Port state for user ports Disabled
Local loopback Disabled
Remote loopback Disabled
EFM-OAM Is using enhanced mode
Bit-errors threshold Disabled
Frame-errors threshold monitoring Enabled and it is defined as “256 errors
during 20 seconds”
Event monitoring Disabled
Requests sent on the specified interface 5
Accept remote loopback Disabled
E-LMI Disabled
E-LMI mode uni-n (network mode)
Polling timer 10
Polling verification timer 15
Polling counter 360
Polling status counter 4
Page 7
Appendix A: Default Configuration (Rev. 09)
T-Marc 300 Series User Guide
EPS Disabled
Hold Off Timer 0 seconds
Switchovers Are allowed
wait-to-restore timer 5 minutes
Page 8
Appendix A: Default Configuration (Rev. 09)
T-Marc 300 Series User Guide
Page 9
Appendix A: Default Configuration (Rev. 09)
T-Marc 300 Series User Guide
Page 10
Appendix A: Default Configuration (Rev. 09)
T-Marc 300 Series User Guide
LLDP Disabled
LLDP reinitialize-delay 2 seconds
LLDP transmit-delay 2 seconds
LLDP transmit-hold 4 seconds
LLDP transmit-interval 30 seconds
LLDP basic management-address no-advertise
LLDP basic port-description no-advertise
LLDP basic system-capabilities no-advertise
LLDP basic system-description no-advertise
LLDP basic system-name no-advertise
Password batm
Block start address 0
Block length 256
Simulation of CPM redundancy Disabled
Line-card module operation mode line-module
LSL Disabled
Iometrix Loopback Disabled
Iometrix measurement packets Are not captured
Iometrix MAC address 00:30:79:FF:FF:FF
Page 11
Appendix A: Default Configuration (Rev. 09)
T-Marc 300 Series User Guide
Page 12
Appendix A: Default Configuration (Rev. 09)
T-Marc 300 Series User Guide
Page 13
Appendix A: Default Configuration (Rev. 09)
T-Marc 300 Series User Guide
Page 14
Appendix A: Default Configuration (Rev. 09)
T-Marc 300 Series User Guide
Page 15
Appendix A: Default Configuration (Rev. 09)
T-Marc 300 Series User Guide
Priority-to-queue assignment 0
Priority remark 0
QoS scheduling algorithm Strict Priority
QoS scheduling algorithm Strict Priority
Port profile index 0 (see Table 36)
DSCP priority 0
DSCP-to-profile assignment See Table 33
Traffic shaping Disabled
Trust mode Untrusted
SP scheduling Is applied
0–7 0
8–15 1
16–23 2
24–31 3
32–39 4
40–47 5
48–55 6
56–63 7
Page 16
Appendix A: Default Configuration (Rev. 09)
T-Marc 300 Series User Guide
0 0 Green 0 0
1 1 Green 1 0
2 2 Green 2 0
3 3 Green 3 0
4 4 Green 4 0
5 5 Green 5 0
6 6 Green 6 0
7 7 Green 7 0
8 0 Yellow 0 0
9 1 Yellow 1 0
10 2 Yellow 2 0
11 3 Yellow 3 0
12 4 Yellow 4 0
13 5 Yellow 5 0
14 6 Yellow 6 0
15 7 Yellow 7 0
#16–127 Not Used Not Used Not Used Not Used
Page 17
Appendix A: Default Configuration (Rev. 09)
T-Marc 300 Series User Guide
0 1 green
1 2 green
2 3 green
3 4 green
4 5 green
5 6 green
6 7 green
7 8 green
0–7 1 green
8–15 2 green
16–23 3 green
24–31 4 green
32–39 5 green
40–47 6 green
48–55 7 green
56–63 8 green
0 green 0 be
1 green 1 l2
2 green 2 af
3 green 3 l1
4 green 4 h2
5 green 5 ef
6 green 6 h1
7 green 7 nc
0 yellow 0 be
1 yellow 1 l2
2 yellow 2 af
Page 18
Appendix A: Default Configuration (Rev. 09)
T-Marc 300 Series User Guide
3 yellow 3 l1
4 yellow 4 h2
5 yellow 5 ef
6 yellow 6 h1
7 yellow 7 nc
Page 19
Appendix A: Default Configuration (Rev. 09)
T-Marc 300 Series User Guide
Page 20
Appendix A: Default Configuration (Rev. 09)
T-Marc 300 Series User Guide
Page 21
Appendix A: Default Configuration (Rev. 09)
T-Marc 300 Series User Guide
Page 22
Appendix A: Default Configuration (Rev. 09)
T-Marc 300 Series User Guide
Page 23
Appendix A: Default Configuration (Rev. 09)
T-Marc 300 Series User Guide
SSH Disabled
Page 24
Appendix A: Default Configuration (Rev. 09)
T-Marc 300 Series User Guide
TACACS+ Disabled
TCP port 49
TACACS+ server timeout 15 seconds
IP stack Selects the source IP address
Page 25
Appendix A: Default Configuration (Rev. 09)
T-Marc 300 Series User Guide
Page 26
Appendix A: Default Configuration (Rev. 09)
T-Marc 300 Series User Guide
Page 27
Appendix A: Default Configuration (Rev. 09)
T-Marc 300 Series User Guide
PTP Disabled
PTP mode Slave
PTP primary priority (priority1) 255
PTP secondary priority (priority2) 255
Domain number 0
Announce interval 16 seconds
Synchronization interval 4 seconds
Static master address (none)
PTP per interface Disabled
Announce-receipt timeout intervals 3
Synchronization-receipt timeout intervals 3
Page 28
Appendix A: Default Configuration (Rev. 09)
Appendix C: Acronyms Glossary
This appendix provides a detailed list of the acronyms used in the T-Marc 300 Series User Guide
and their meaning.
Acronym Meaning
Page 1
Appendix C: Acronyms Glossary (Rev. 03)
T-Marc 300 Series User Guide
Acronym Meaning
Page 2
Appendix C: Acronyms Glossary (Rev. 03)
T-Marc 300 Series User Guide
Acronym Meaning
Page 3
Appendix C: Acronyms Glossary (Rev. 03)
T-Marc 300 Series User Guide
Acronym Meaning
Page 4
Appendix C: Acronyms Glossary (Rev. 03)