DmOS UserGuide CLI PDF

DmOS
Release 1.12.0
USER GUIDE - CLI

204.4006.03
DmOS – User Guide Legal notice
LEGAL NOTICE
Although every precaution has been taken in the preparation of this document, DATACOM takes no
responsibility for possible errors or omissions, and it will accept no obligation for damages resulting
from the use of the information contained in this manual. The specifications provided in this manual are
subject to changes without notice, and they will not be recognized as any kind of contract.
© 2017 DATACOM - All rights reserved.
WARRANTY
This product is warranted against material and workmanship defects for the period specified in the sales
invoice.
The warranty only includes the repair and replacement of defective components and parts without any
resulting burden to the customer. Defects resulting from the following are not covered: improper use of
device, faulty electrical power network, nature-related events (lightning discharges, for instance), failure
in devices connected to this product, installations with improper grounding or repairs made by personnel
not authorized by DATACOM.
This warranty does not cover repairs at the customer’s facilities. Device must be forwarded for repairs
to DATACOM.
Quality Management System
certified by DQS in compliance with
ISO9001 Registration No. (287097 QM)
DATACOM 204.4006.03 2
DmOS – User Guide Contacts
CONTACTS
TECHNICAL SUPPORT
DATACOM offers a technical support call center to support customers during configuration and use of
its device, and also to provide a technical assistance for product maintenance and repair.
DATACOM Technical Support can be reached through the following channels:
e-mail: support@datacom.ind.br
phone: +55 51 3933-3122
Website: www.datacom.ind.br/en/support
GENERAL INFORMATION
For any additional information, visit http://www.datacom.ind.br/en or contact:
DATACOM
Rua América, 1000
92990-000 - Eldorado do Sul - RS – Brazil
+55 51 3933-3000
DATACOM 204.4006.03 3
DmOS – User Guide Available Product Documentation
AVAILABLE PRODUCT DOCUMENTATION

This manual is part of a set of documents prepared to provide all necessary information about
DATACOM products, whether you are a buyer, administrator, manager or operator.
DMOS
• Command Reference - Lists and describes all CLI commands
• User Guide – Provides technology and product resources overview, product level set up
instructions and examples
• Quick Start Guides – Guides the user to install and interconnect the device
• Release Notes - Informs the user about new features, resolved bugs and compatibility in a new
Software and/or Hardware
DM4610
• Datasheet - Presents product data and technical characteristics
• Installation Guide – Provides safety and detailed information regarding product installation
and basic connection via terminal
• Quick Start Installation – Provides to the user guidelines of how performe the initial
installation of the device
The availability of certain documents may vary depending on the product.

Visit the DATACOM website to locate related documentation for a product or contact Customer
Support (see Contacts).
DATACOM 204.4006.03 4
DmOS – User Guide Contents
CONTENTS
LEGAL NOTICE .................................................................................................................................................2

WARRANTY .......................................................................................................................................................2
CONTACTS .........................................................................................................................................................3
TECHNICAL SUPPORT........................................................................................................................................3
GENERAL INFORMATION ..................................................................................................................................3
AVAILABLE PRODUCT DOCUMENTATION ................................................................................................4
CONTENTS .........................................................................................................................................................5
1 INTRODUCING THE USER GUIDE .......................................................................................................10
1.1 ABOUT THIS GUIDE .............................................................................................................................10
1.2 INTENDED AUDIENCE .........................................................................................................................10
1.3 CONVENTIONS ....................................................................................................................................10
1.3.1 Icons Convention ........................................................................................................................10
1.3.2 Text Convention .........................................................................................................................11
2 GETTING STARTED ................................................................................................................................12
2.1 DMOS OVERVIEW ..............................................................................................................................12
2.2 STARTING DMOS SYSTEM ..................................................................................................................12
2.2.1 Logging in for First Time ...........................................................................................................12
2.2.2 Understanding Cards Position Syntax ........................................................................................12
2.2.3 Displaying System Information ..................................................................................................13
2.3 OPERATIONAL MODE ..........................................................................................................................14
2.3.1 CLI Session Configuration .........................................................................................................14
2.3.2 Displaying CLI Session Configuration .......................................................................................19
2.3.3 Default CLI Session Configuration ............................................................................................20
2.3.4 Basic CLI Session Oerations ......................................................................................................20
2.4 CONFIGURATION MODE ......................................................................................................................21
2.4.1 Config Terminal .........................................................................................................................21
2.4.2 Config Exclusive ........................................................................................................................21
2.4.3 Config Shared .............................................................................................................................21
2.5 COMMIT CONFIGURATION ..................................................................................................................22
2.5.1 Commit and Quit ........................................................................................................................22
2.5.2 Commit Check ............................................................................................................................22
2.5.3 Commit Comment ......................................................................................................................22
2.5.4 Commit Confirmed .....................................................................................................................23
2.5.5 Commit Abort .............................................................................................................................23
2.5.6 Commit Label .............................................................................................................................23
2.5.7 Commit No-Confirm ..................................................................................................................23
2.5.8 Commit Persist ...........................................................................................................................24
2.5.9 Commit Save-Running ...............................................................................................................24
2.5.10 Displaying Commit Configuration .............................................................................................25
2.5.11 Compare Configuration ..............................................................................................................25
2.6 ROLLBACK DATABASE .......................................................................................................................25
2.6.1 Rollback Configuration ..............................................................................................................25
2.6.2 Rollback Selective ......................................................................................................................26
2.6.3 Displaying Rollback Configuration ............................................................................................26
DATACOM 204.4006.03 5
2.7 HANDLING CONFIGURATION FILES ....................................................................................................26

2.7.1 Saving Configurations ................................................................................................................26
2.7.2 Deleting Stored Configurations ..................................................................................................27
2.7.3 Listing Stored Configurations ....................................................................................................28
2.7.4 Displaying Stored Configurations ..............................................................................................28
2.7.5 Comparing Stored Configurations ..............................................................................................28
2.8 LOAD CONFIGURATION ......................................................................................................................28
2.8.1 Load Factory-config ...................................................................................................................28
2.8.2 Load Merge ................................................................................................................................29
2.8.3 Load Override .............................................................................................................................29
2.8.4 Load Replace ..............................................................................................................................30
2.9 GETTING HELP ABOUT COMMANDS ...................................................................................................30
2.10 ABBREVIATED SYNTAX ......................................................................................................................32
2.11 CLI ERROR PROMPTS .........................................................................................................................32
3 MANAGING THE DEVICE......................................................................................................................33
3.1 COMMAND LINE INTERFACE (CLI).....................................................................................................33
3.1.1 Using Console Interface .............................................................................................................33
3.1.2 Using Out-Of-Band Management Interface ...............................................................................34
3.1.3 Using In-Band Management Interface........................................................................................36
3.2 DMVIEW .............................................................................................................................................37
3.3 CONNECTIVITY TOOLS........................................................................................................................39
3.3.1 Ping .............................................................................................................................................39
3.4 MANAGEMENT – SECURITY ACCESS ..................................................................................................39
3.4.1 SSH Server .................................................................................................................................39
3.4.2 SSH Server – Legacy Support ....................................................................................................40
3.4.3 SSH Client ..................................................................................................................................41
3.4.4 TELNET Server ..........................................................................................................................41
3.4.5 TELNET Client ..........................................................................................................................42
3.5 CHANGING THE HOSTNAME ................................................................................................................42
3.6 AUTHENTICATION USERS ...................................................................................................................42
3.6.1 Account Access Levels ...............................................................................................................42
3.6.2 Local User ..................................................................................................................................43
3.6.3 RADIUS .....................................................................................................................................46
3.6.4 TACACS+ ..................................................................................................................................51
3.6.5 Login Preference.........................................................................................................................56
3.7 HOUR, DATE AND TIMEZONE .............................................................................................................56
3.7.1 Clock and Date ...........................................................................................................................56
3.7.2 Time zone ...................................................................................................................................57
3.7.3 Displaying Configuration ...........................................................................................................57
3.8 SIMPLE NETWORK TIME PROTOCOL (SNTP)......................................................................................57
3.8.1 Overview ....................................................................................................................................57
3.8.2 Setting SNTP Server ...................................................................................................................57
3.8.3 Setting Authentication ................................................................................................................58
3.8.4 Setting Pooling Interval ..............................................................................................................58
3.9 SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP).....................................................................59
3.9.1 Overview ....................................................................................................................................59
3.9.2 Setting SNMP Agent ..................................................................................................................60
3.9.3 Setting SNMPv1 and SNMPv2c Communities ..........................................................................62
3.9.4 Setting SNMPv3 User-Based Security Model (USM) ...............................................................64
3.9.5 Setting View-Based Access Control Model (VACM) ................................................................66
DATACOM 204.4006.03 6
3.9.6 Setting Targets for Notifications ................................................................................................68

3.9.7 Default SNMP Settings ..............................................................................................................73
3.10 SYSLOG SERVER .................................................................................................................................73
3.10.1 Overview ....................................................................................................................................73
3.10.2 Setting Syslog IP Address ..........................................................................................................74
3.10.3 Setting Syslog Severity...............................................................................................................74
3.10.4 Default Syslog Settings ..............................................................................................................75
4 GIGABIT PASSIVE OPTICAL NETWORK (GPON) .............................................................................76
4.1 GPON INTERFACES ............................................................................................................................77
4.1.1 Creating a VLAN and Assigning an Uplink Interface ................................................................77
4.1.2 Enabling and Disabling Ports .....................................................................................................77
4.1.3 Setting Downstream FEC and Upstream FEC............................................................................78
4.1.4 Setting Anti-Rogue Mode ...........................................................................................................78
4.1.5 Setting MAC-Limit.....................................................................................................................79
4.1.6 Setting Virtual Ethernet Interface Point (VEIP) .........................................................................79
4.1.7 Default GPON Port State ............................................................................................................80
4.1.8 Displaying GPON State ..............................................................................................................81
4.2 GPON PROFILES .................................................................................................................................81
4.2.1 Overview ....................................................................................................................................81
4.2.2 Default GPON Profiles ...............................................................................................................82
4.2.3 Setting ONU Profile ...................................................................................................................83
4.2.4 Setting Service Profile ................................................................................................................84
4.2.5 Setting Bandwidth Profile ..........................................................................................................85
4.2.6 Setting Line Profile .....................................................................................................................85
4.2.7 Setting SIP Agent Profile ...........................................................................................................87
4.2.8 Setting GEM Rate Traffic Profile ...............................................................................................88
4.3 OPTICAL NETWORK UNIT (ONU) .......................................................................................................93
4.3.1 Starting ONU Discovery Process ...............................................................................................93
4.3.2 Restarting ONU ..........................................................................................................................93
4.3.3 Setting ONU name......................................................................................................................94
4.3.4 Setting Authenticating ................................................................................................................94
4.3.5 Setting User Network Interface (UNI) .....................................................................................101
4.3.6 Displaying an ONU Configuration ...........................................................................................106
4.4 SERVICES APPLICATION....................................................................................................................108
4.4.1 Overview ..................................................................................................................................108
4.4.2 Setting Service Type .................................................................................................................108
4.4.3 Setting Flood Block Downstream.............................................................................................108
4.4.4 Setting Service Port ..................................................................................................................109
4.4.5 Displaying Service-Port Configuration ....................................................................................109
4.5 ALLOWED IP .....................................................................................................................................110
4.5.1 Overview ..................................................................................................................................110
4.5.2 Setting Rules .............................................................................................................................110
4.5.3 Displaying Allowed-IP Table ...................................................................................................111
4.6 DHCP OPTION 82 .............................................................................................................................112
4.6.1 Overview ..................................................................................................................................112
4.6.2 Setting VLAN ...........................................................................................................................112
4.7 PPPOE INTERMEDIATE AGENT .........................................................................................................112
4.7.1 Overview ..................................................................................................................................113
4.7.2 Setting Sub-Option ...................................................................................................................113
DATACOM 204.4006.03 7
5 TUNNELING ...........................................................................................................................................114
5.1 LAYER 2 CONTROL PROTOCOL TUNNELING (L2PT) ........................................................................114
5.1.1 Overview ..................................................................................................................................114
5.1.2 Setting Actions .........................................................................................................................114
5.1.3 Default Actions .........................................................................................................................114
6 ETHERNET .............................................................................................................................................115
6.1 GIGABIT-ETHERNET INTERFACES .....................................................................................................115
6.1.1 Enabling and Disabling Ports ...................................................................................................116
6.1.2 Setting Negotiation Mode and Advertised Abilities .................................................................117
6.1.3 Setting Port Speed ....................................................................................................................117
6.1.4 Setting Flow Control ................................................................................................................118
6.1.5 Setting MDIX Mode .................................................................................................................118
6.2 TEN-GIGABIT-ETHERNET INTERFACES.............................................................................................119
6.2.1 Enabling and Disabling Ports ...................................................................................................119
6.2.2 Setting Negotiation Mode and Advertised Abilities .................................................................120
6.2.3 Setting Port Speed and Duplex Settings ...................................................................................120
6.2.4 Setting Flow Control ................................................................................................................121
6.2.5 Setting MDIX Mode .................................................................................................................121
6.3 LINK AGGREGATION – LAG .............................................................................................................121
6.3.1 Overview ..................................................................................................................................121
6.3.2 Creating a LAG ........................................................................................................................123
6.4 VLAN ...............................................................................................................................................124
6.4.1 Overview ..................................................................................................................................124
6.4.2 Creating a VLAN......................................................................................................................126
6.4.3 Setting Name ............................................................................................................................126
6.4.4 Removing VLANs ....................................................................................................................127
6.4.5 Setting VLANs to Uplink Ports ................................................................................................127
6.4.6 Assigning Ports to VLANs .......................................................................................................127
6.4.7 Setting Native VLAN ...............................................................................................................128
6.4.8 Verifying VLAN Settings .........................................................................................................129
6.5 QINQ .................................................................................................................................................129
6.5.1 Overview ..................................................................................................................................129
6.5.2 Setting QinQ .............................................................................................................................130
6.5.3 Setting Selective QinQ .............................................................................................................131
6.6 MAC ADDRESS TABLE .....................................................................................................................132
6.6.1 Overview ..................................................................................................................................132
6.6.2 Displaying MAC Address Table ..............................................................................................133
6.6.3 Setting Global Aging Time.......................................................................................................133
6.7 RSTP.................................................................................................................................................134
6.7.1 Overview ..................................................................................................................................134
6.7.2 Enabling the spanning-tree .......................................................................................................134
6.7.3 Setting STP Mode.....................................................................................................................135
6.7.4 Setting Name ............................................................................................................................135
6.7.5 Setting Bridge-Priority .............................................................................................................136
6.7.6 Setting Forward-Delay .............................................................................................................136
6.7.7 Setting Hello-Time ...................................................................................................................137
6.7.8 Setting Ethernet Interface .........................................................................................................137
6.7.9 Setting Maximum-Age .............................................................................................................138
6.7.10 Setting Maximum Transmission Rate ......................................................................................138
DATACOM 204.4006.03 8
6.7.11 Default Parameters ...................................................................................................................139

6.7.12 Displaying Spanning Tree State Status.....................................................................................139
7 QUALITY OF SERVICE (QOS) .............................................................................................................140
7.1 QOS – SCHEDULING ..........................................................................................................................141
7.1.1 Overview ..................................................................................................................................141
7.1.2 Creating QoS Profile ................................................................................................................141
7.1.3 Associating QoS Profiles ..........................................................................................................142
8 SECURITY...............................................................................................................................................144
8.1 ACCESS CONTROL LIST (ACL) .........................................................................................................144
8.1.1 Overview ..................................................................................................................................144
8.1.2 Setting Ingress Filter – L2 Access-list ......................................................................................144
8.1.3 Setting Ingress Filter – L3 Access-list ......................................................................................145
8.1.4 Setting a Filter in Ethernet Interface .........................................................................................146
8.1.5 802.1p x CoS Mapping .............................................................................................................147
8.1.6 DSCP x CoS Mapping ..............................................................................................................147
8.2 STORM CONTROL ..............................................................................................................................148
8.2.1 Overview ..................................................................................................................................148
8.2.2 Setting Storm Control ...............................................................................................................148
9 MULTICAST ...........................................................................................................................................149
9.1 IGMP SNOOPING ..............................................................................................................................149
9.1.1 Overview ..................................................................................................................................149
9.1.2 Enabling IGMP Snooping ........................................................................................................149
9.1.3 Creating a Bridge Domain ........................................................................................................150
9.1.4 Adding interface in Bridge Domain .........................................................................................150
9.1.5 Setting interface of IGMP Snooping Instance ..........................................................................151
9.1.6 Default Parameters ...................................................................................................................152
9.1.7 Displaying IGMP Snooping Status...........................................................................................152
10 ROUTING ............................................................................................................................................154
10.1 STATIC ROUTING ..............................................................................................................................155
10.1.1 Overview ..................................................................................................................................155
10.1.2 Adding Static Routes ................................................................................................................155
10.1.3 Deleting Static Routes ..............................................................................................................156
10.1.4 Changing the Static Routes Administrative Status ...................................................................156
10.1.5 Setting a Default Route.............................................................................................................157
10.1.6 Displaying Static Routing Information .....................................................................................159
10.2 VLAN ROUTING ...............................................................................................................................159
10.2.1 Overview ..................................................................................................................................159
10.2.2 Setting a L3 Logical Interface ..................................................................................................160
10.2.3 Removing L3 Logical Interface ................................................................................................161
10.2.4 Displaying L3 Logical Interface Information ...........................................................................161
11 SOFTWARE UPGRADE .....................................................................................................................163
11.1 INSTALLING AND CONFIGURING TFTP SERVER ...............................................................................163
11.2 UPGRADING DMOS FIRMWARE ........................................................................................................165
11.3 ROLLING BACK A DMOS FIRMWARE ................................................................................................168
11.4 DISPLAYING FIRMWARE UPGRADE INFORMATION...........................................................................170
11.5 UPGRADING ONU FIRMWARE ..........................................................................................................170
DATACOM 204.4006.03 9
DmOS – User Guide Introducing the User Guide
1 INTRODUCING THE USER GUIDE
1.1 ABOUT THIS GUIDE

This guide provides features related information, including theoretical and step-by-step configurations
with examples. This document also covers initial configurations, those normally needed after hardware
installation.
The document was designed to serve as a source of eventual queries. Therefore, it does not need be read
sequentially. So, if an information about how to configure specific feature is required, it will be provided
comprehensively, in a specific chapter.
It is assumed that the individual or individuals managing any aspect of this product have basic
understanding of Ethernet and Telecommunications networks.
1.2 INTENDED AUDIENCE

DmOS User Guide is intended for Network Administrators and other qualified service personnel
responsible for configuring and maintaining the device.
1.3 CONVENTIONS
In order to improve the agreement, the following conventions are made throughout this guide:
1.3.1 Icons Convention
Icon Type Description
Note Notes give an explanation about some topic in the foregoing paragraph.
This symbol means that this text is very important and, if the
Caution
orientations were not correct followed, it may cause damage or hazard.
This symbols means that, case the procedure was not correctly followed,
Warning
may exist electrical shock risk.
Represents laser radiation. It is necessary to avoid eye and skin

Warning
exposure.
Indicates that device, or a part is ESDS (Electrostatic Discharge

Caution Sensitive). It should not be handled without grounding wrist strap or
equivalent.
Warning Non-ionizing radiation emission.
DATACOM 204.4006.03 10
DmOS – User Guide Introducing the User Guide
Icon Type Description

WEEE Directive Symbol (Applicable in the European Union and other
European countries with separate collection systems).This symbol on
the product or its packaging indicates that this product must not be
disposed of with other waste. Instead, it is your responsibility to dispose
of your waste device by handing it over to a designated collection point
for the recycling of waste electrical and electronic device. The separate
Note
collection and recycling of your waste device at the time of disposal will
help conserve natural resources and ensure that it is recycled in a manner
that protects human health and the environment. For more information
about where you can drop off your consumer waste device for recycling,
please contact your local city recycling office or the dealer from whom
you originally purchased the product.
A caution type notice calls attention to conditions that, if not avoided, may damage or
destroy hardware or software.
A warning type notice calls attention to conditions that, if not avoided, could result in death
or serious injury.
1.3.2 Text Convention

This guide uses these text conventions to convey instructions and information:
Convention Description
Internet site or an e-mail address. It is also applied to indicate a local

Hyperlink
link inside the document itself (e.g. a chapter)
Screen System commands and screen outputs.
Indicates a reference to something. Used to emphasize this referenced

Object
object.
Menu > Path GUI menu paths
[Key] Keyboard buttons
The text convention shown above differs from Command Line Interface syntax convention.
See the convention related to commands on.
DATACOM 204.4006.03 11
DmOS – User Guide Getting Started
2 GETTING STARTED
2.1 DMOS OVERVIEW

DmOS (DATACOM Operating System) is a reliable and high performance software for switching,
routing and security network applications. DmOS is designed to provide:
• Modularity across all software components
• High reliability and resiliency
• Hierarchical configuration and robust configuration management
DmOS uses a standard format to present the software versions. The general form is x.y.z, and the
versioning are:
• x – Major Release Identifier
• y – Minor Release Identifier
• z – Maintenance Version Identifier
DmOS CLI supports the operational and configuration modes that provide many commands for
configuring and monitoring software, hardware and network connectivity of devices.
2.2 STARTING DMOS SYSTEM

2.2.1 Logging in for First Time
Considering the device correctly installed as described on Installation Guide, the user can manage it
through the Command Line Interface (CLI), where is accessed by using the physical console port or by
using a SSH connection from a remote management terminal.
More information about how to use the physical console and management ports is available
on Using Out-Of-Band Management Interface.
Step 1 • On the PC or laptop, start the terminal emulation program. The initial login prompt
for a username appears:
login:
Step 2 • The default username and password are admin. Type the username followed by
[Enter]:
login: admin [Enter]

Step 3 • Type the password followed by [Enter]:
password: admin [Enter]

Result • The prompt as following will appear, indicating a successful login:
2.2.2 Understanding Cards Position Syntax

The position of each card is based on the backplane connections. The nomenclature adopted is
chassis/slot/port, where:
DATACOM 204.4006.03 12
• Chassis Numbering: The position of chassis is defined by the number of the chassis in stacking
mode. These positions correspond to a defined chassis number that will be used as reference on
the next sections of this document.
• Slot Numbering: The position of slots is defined in the sub-rack, based on the backplane
connections. These positions correspond to a defined slot number that will be used as reference
on the next sections of this document.
• Port Numbering: Many CLI commands require users to enter port numbers as arguments of a
command. The port numbering is a combination of the chassis number, slot number and the
port number.
For example, the DM4610 has eight GPON ports installed in slot 1 of the chassis 1. The valid GPON
ports are:
1/1/1, 1/1/2, 1/1/3, 1/1/4, 1/1/5, 1/1/6, 1/1/7, 1/1/8.
2.2.3 Displaying System Information

You can query your device status, product model, environment and equipment inventory, from CLI
using the commands shown in the following example:
• Show platform
• Show environment
• Show inventory
• Uptime
• Who
2.2.3.1 Show platform

The output of the show platform command may be used to know about product model, status and
firmware version.
# show platform
Chassis/Slot Product model Role Status Firmware version

------------- ----------------- ------- ------------ ---------------------
1 DM4610 - - Not available
1/1 8GPON+8GX+4GT+2XS Master Ready 1.8.0
1/FAN DM4610 FAN Passive Ready Not available
1/PSU1 PSU 120 AC Passive Ready Not available
2.2.3.2 Show environment

The output of the show environment command may be used to know the sensors that monitor the main
parts of the device.
# show environment
Temperature Sensors:
---------------------------------------------------------------------------------
Chassis/ | Sensor | Temp. | Alarm Thresholds | Hyster. | Status
Slot | | | | |
---------------------------------------------------------------------------------
1/1 | Card | 36.0 C | 0.0 C ~ +50.0 C | 5.0 C | NORMAL
1/1 | Switch Fabric | 40.5 C | 0.0 C ~ +75.0 C | 5.0 C | NORMAL
1/1 | GPON PHY/SFP | 46.5 C | 0.0 C ~ +75.0 C | 5.0 C | NORMAL
DATACOM 204.4006.03 13
1/1 | CPU | 43.0 C | 0.0 C ~ +75.0 C | 5.0 C | NORMAL

1/1 | CPU Core | 52.37 C | 0.0 C ~ +110.0 C | 5.0 C | NORMAL
---------------------------------------------------------------------------------
2.2.3.3 Show inventory
The output of the show inventory command may be used to know details about product model,
interfaces, transceivers, FANs and PSUs.
# show inventory
Chassis : 1
Product model : DM4610
Chassis/Slot : 1/1
Product model : 8GPON+8GX+4GT+2XS
Part number : 800.5081.02
Serial number : 3048269
Product revision : 2
PCB revision : 3
Hardware version : 2
Manufacture date : Unknown
Manufacture hour : Unknown
Operat. temp. : 0 - 65 Celsius degrees
System MAC address: 00:04:df:40:8d:d8
Interface gigabit-ethernet 1/1/1

MAC address : 00:04:df:40:8d:e1
Port type : Transceiver
Transceiver information
Presence : Yes
Vendor name : APAC Opto
Serial number : 7B26039324
Part number : LS38-C3S-TC-N
… (continue)
2.2.3.4 Uptime
The output of the uptime command may be used to know the system uptime.
# uptime
18:45:28 up 2 days, 19:42, load average: 0.10, 0.24, 0.28
2.2.3.5 Who
The output of the who command may be used to identify current users sessions.
# who
Session User Context From Proto Date Mode

*4058 admin cli 10.0.120.157 ssh 18:16:50 operational
2.3 OPERATIONAL MODE

Is the initial mode after login to CLI, and it is used for viewing the status, configuration, environment,
monitoring and troubleshooting.
2.3.1 CLI Session Configuration

To configure global default CLI session parameters that will be used while the session stay open (not
persistent). These parameters can be verified by using the command show cli.
• Autowizard
• Complete-on-space
DATACOM 204.4006.03 14
• Display-level
• History
• Idle-timeout
• Ignore-leading-space
• Paginate
• Screen-length
• Screen-width
• Terminal
• Timestamp
2.3.1.1 Autowizard
Enabling the Autowizard, cli will prompt the user for required settings when a new identifier is created
and for mandatory action parameters.
Step 1 • Enable and disable Autowizard

# autowizard [true|false]
Where:
true|false – Enables (true) and disables (false) autowizard
Example: # autowizard true
A configuration example using the autowizard enabled is shown below:
• Setting a new local user with autowizard enabled

DM4610# autowizard true
DM4610# config
Entering configuration mode terminal
DM4610(config)# aaa authentication-order local user datacom
Value for ‘password’ (<hash digest string>): *******
Now, the same configuration example without autowizard:
• Setting a new local user without autowizard

DM4610# autowizard false
DM4610# config
DM4610(config)# aaa authentication-order local user datacom
DM4610(config-user-datacom)#
2.3.1.2 Complete-on-space
When enabled the complete-on-space option, it will auto-complete the commands when <space> is
entered.
Step 1 • Enable and disable completion on space

# complete-on-space [true|false]
Where:
true|false – Enables (true) and disables (false) complete-on-space
DATACOM 204.4006.03 15
Example: # complete-on-space true
Using the <tab> will always result in the command completion.
2.3.1.3 Display-level
Specifies maximum depth to show when displaying configuration
Step 1 • Setting display-level

# display-level depth
Where:
depth – Display level (1 to 64)
Example: # display-level 1
Setting display-level with value 1:
DM4610# display-level 1
DM4610# show running-config interface gpon 1/1/8
Interface gpon 1/1/8
!
The same previous example now setting a display-level 3:
DM4610# display-level 3
DM4610# show running-config interface gpon 1/1/8
interface gpon 1/1/8
upstream-fec
downstream-fec
no shutdown
onu 1
serial-number CIGGD0922958
service-profile service1 line-profile line1
ethernet 1
!
!
!
2.3.1.4 History
Specifies the history size of logs.
Step 1 • Setting history size

# history size
Where:
size – Number of log lines to be displayed (0 to 1,000)
Example: # history 10
DATACOM 204.4006.03 16
Setting the history size with 10:
DM4610# history 10
DM4610# show history
14:15:42 -- show running-config interface gpon 1/1/8
14:15:48 -- display-level 3
14:15:50 -- show running-config interface gpon 1/1/8
14:21:16 -- history
14:21:18 -- history 10
14:21:20 -- show history
14:21:24 -- history 20
14:21:33 -- config
14:22:31 -- history 10
The same previous example now setting a history size 5:
DM4610# history 5
DM4610# show history
14:21:33 -- config
14:22:31 -- history 10
14:22:38 -- history 5
The option no history command restores the size to default value (100 lines).
2.3.1.5 Idle-timeout
Specifies the CLI idle-timeout in seconds.
Step 1 • Set the idle-timeout

# idle-timeout time
Where:
time – Idle timeout set in seconds(from 0 to 8192)
Example: # idle-timeout 600
If set with the 0 (zero) value, the idle-timeout is infinity.
2.3.1.6 Ignore-leading-space
Leading spaces can be ignored or not. This is useful to disable when pasting commands into CLI.
Step 1 • Set ignore-leading-space

# ignore-leading-space [true|false]
DATACOM 204.4006.03 17
Where:
true|false – Enables (true) and disables (false) ignore-leading-space
Example: # ignore-leading-space true
2.3.1.7 Paginate
Paginate output from CLI commands.
Step 1 • Set output paginate
# paginate [true|false]
Where:
true|false – Enables (true) and disables (false) output paginate
Example: # paginate true
2.3.1.8 Screen-length
Specifies the terminal screen length.
Step 1 • Set terminal length

# screen-length length
Where:
length – Number of rows (from 0 to 32,000)
Example: # screen-length 32000
2.3.1.9 Screen-width
Specifies the terminal screen width.
Step 1 • Set terminal width

# screen-width width
Where:
width – Number of columns (from 0 to 512)
Example: # screen-width 512
2.3.1.10 Terminal
Specifies how line editing is performed. Supported terminals are: generic, xterm, vt100, ANSI and
Linux. Other terminals may also work but have no explicit support.
Step 1 • Set terminal type

# terminal [generic|xterm|vt100|ansi|linux]
Example: # terminal linux
DATACOM 204.4006.03 18
2.3.1.11 Timestamp
Specifies to have or not a timestamp after each command is entered. The timestamp is displayed with
time zone UTC+-00:00 by default.
Step 1 • Setting timestamp

# timestamp [enable|disable]
Example: # timestamp enable
An example command without timestamp:
DM4610# timestamp disabled

DM4610# show clock
Mon Mar 21 16:22:20 2016 (/UTC+0)
An example with timestamp enabled:
DM4610# timestamp enabled

DM4610# show clock
Mon Mar 21 16:22:35.997 UTC+00:00
Mon Mar 21 16:22:35 2016 (/UTC+0)
2.3.2 Displaying CLI Session Configuration

The configured values may be displayed by using some show commands in operational mode.
• show cli
• show history
• pwd
2.3.2.1 Show CLI

To display all defined CLI settings.
DM4610# show cli

autowizard true
complete-on-space true
display-level 99999999
history 100
idle-timeout 1800
ignore-leading-space true
output-file terminal
paginate true
prompt1 \h\M#
prompt2 \h(\m)#
screen-length 38
screen-width 147
service prompt config true
show-defaults true
terminal how
timestamp disable
DATACOM 204.4006.03 19
2.3.2.2 Show History

To display a history of commands executed in operational mode or global configuration mode. By
default, the latest 100 commands are shown. The history size can be configured using the CLI settings.
See command for more information.
2.3.2.3 Pwd
To display the current configuration submode from a configuration submode.
DM4610# config
DM4610(config)# interface gigabit-ethernet 1/1/1
DM4610(config-gigabit-ethernet-1/1/1)# pwd
Current submode path:
interface gigabit-ethernet 1/1/1
2.3.3 Default CLI Session Configuration

The following table shows the default CLI parameters:
Parameters or Services Default Value
autowizard true
complete-on-space true
display-level 64
history 100
idle-timeout 1800
ignore-leading-space true
paginate true
screen-length 56
screen-width 239
terminal xterm
timestamp disable
2.3.4 Basic CLI Session Oerations

There are some basic commands through CLI. The description of these commands follows below:
2.3.4.1 Do
To execute an operational mode command from a configuration mode.
2.3.4.2 End
To terminate a configuration session and return directly to operational mode. Entering Ctrl+Z is
functionally equivalent to entering the end command.
DATACOM 204.4006.03 20
2.3.4.3 Exit
To close an active session, or to return to the next higher configuration mode.
2.3.4.4 Send
To send messages to a specific session or all active sessions.
2.3.4.5 No
Negate a command or set its defaults.
2.3.4.6 Quit
To close an active session.
2.3.4.7 Top
To return to the next higher configuration mode.
2.4 CONFIGURATION MODE

To enter configuration mode, use the config terminal command in the operational mode. If the
configure command is entered without keyword, the system is configured from the operational mode.
There are three configuration types in DmOS:
• Config Terminal
• Config Exclusive
• Config Shared
It is also possible to execute the same commands of operational mode in configuration

mode by using the do keyword in the command beginning
2.4.1 Config Terminal

This option edits a private copy of the running configuration for each opened session. To enter into this
configuration type, use the following command:
Step 1 • Enter into terminal configuration type

# config terminal
2.4.2 Config Exclusive

This option locks the running-configuration, so that no other user can commit changes to the running-
configuration. To enter into this configuration type, use the config command with the exclusive
keyword:
Step 1 • Enter into exclusive configuration type

# config exclusive
2.4.3 Config Shared

This option allows to edit a shared copy of the running configuration for all opened sessions. To enter
into this configuration type, use the config command with the shared keyword:
Step 1 • Enter into shared configuration type
DATACOM 204.4006.03 21
# config shared
2.5 COMMIT CONFIGURATION

DmOS uses NETCONF protocol defined in RFC4741. NETCONF defines the existence of one or more
configuration data stores, and allows configuration operations on them. DmOS uses two data stores for
this, but only one configuration data store it is always present on the device.
• Candidate-Configuration: While the user changes the configuration and does not perform the
commit, the configuration will be temporarily saved in the candidate configuration. If the device
reboots or logout the session, the candidate configuration will be lost.
• Running-Configuration: After the user runs the commit command, the candidate-
configuration is applied to the running-configuration that becomes active on device.
The user manipulates the candidate-configuration and just after commits the candidate that
is copied into the running-configuration and thus gets active.
Changes made during a configuration session are inactive until the commit command is entered. By
default, all changes must succeed for the entire commit operation. If any errors are found, none of the
configuration changes takes effect.
2.5.1 Commit and Quit

Commit current set of changes and exit configuration mode.
(config)# commit and-quit

Commit complete.
2.5.2 Commit Check

Validate current configuration.
(config)# commit check

Validation complete.
The commit check does not apply the changes to the running-configuration. It is required
to commit the given changes.
2.5.3 Commit Comment

Assigns a comment to a commit. The comment can later be seen when examining the rollback files.
(config)# commit comment shutdown_eth1

Commit complete.
DATACOM 204.4006.03 22
2.5.4 Commit Confirmed

Commit the current configuration to a running configuration with a timeout set. If no commit confirm
command has been issued before the timeout expires, then the configuration will stays unchanged. If no
timeout is given, then timeout assumes the value of ten minutes.
Only available in exclusive and shared configuration modes.
• Commit confirmed with a timeout of one minute

(config)# commit confirmed 1
Warning: The configuration will be reverted if you exit cli without
performing the commit operation within 1 minutes
(config)#
Message from system at 2016-03-22 12:19:56…
confirmed commit operation not confirmed by admin from cli
configuration rolled back
(config)#
2.5.5 Commit Abort

This option is used to abort a pending commit, and will also be aborted if CLI is terminated without
doing a commit confirmed.
• Commit abort after commit confirmed with timeout = 1 minute
(config)# commit confirmed 1

Warning: The configuration will be reverted if you exit cli without performing
the commit operation within 1 minutes.
(config)# commit abort

Confirmed commit has been aborted. Old configuration will now be restored.
(config)#
Message from system at 2016-03-22 12:24:47…
confirmed commit operation not confirmed by admin from cli
configuration rolled back
(config)#
2.5.6 Commit Label

Assigns a meaningful label. The label can later be seen when examining rollback files.
(config)# commit label shut-eth4

Commit complete.
(config)# do show configuration commit list

2016-03-22 12:27:13
SNo. ID User Client Time Stamp Label Comment
~~~~ ~~ ~~~~ ~~~~~~ ~~~~~~~~~~ ~~~~~ ~~~~~~~
0 10005 admin cli 2016-03-22 12:27:05 shut-eth4
1 10002 admin cli 2016-03-22 11:59:38 shutdown_eth1
2.5.7 Commit No-Confirm

Commit current set of changes without query the user.
DATACOM 204.4006.03 23
(config)# commit no-confirm

Commit complete.
2.5.8 Commit Persist

If the persist-id is not assigned in confirmed commit operation, any subsequent commit MUST be run
in the same session in which it was executed commit confirmed.
If the persist-id is assigned in confirmed commit operation, a next commit can be performed in any
session; however, these commits must include the persist-id with the same value assigned in the initial
commit confirmed.
Only available for commit confirmed operation.
• Session A – Commit confirmed with persist-id

# config shared
Entering configuration mode shared
(config)# interface gigabit-ethernet 1/1/1

(config-gigabit-ethernet-1/1/1)# shutdown
(config-gigabit-ethernet-1/1/1)# exit
(config)# commit confirmed 20 persist-id TEST-TOKEN
Commit complete.
• Session B – Commit with both correct and incorrect persist-id

# config shared
Entering configuration mode shared
(config)# interface gigabit-ethernet 1/1/1

(config-gigabit-ethernet-1/1/1)# no shutdown
(config-gigabit-ethernet-1/1/1)# exit
(config)# commit
Aborted: incorrect persist-id
(config)# commit persist-id TEST

Aborted: incorrect persist-id
(config)# commit persist-id TEST-TOKEN

Commit complete.
2.5.9 Commit Save-Running

Save running to file before performing the commit.
(config)# commit save-running CONFIG_DMOS_1

Commit complete.
(config)# do file list

.ash_history
CONFIG_DMOS_1
DATACOM 204.4006.03 24
2.5.10 Displaying Commit Configuration

To display the changes made to the running-configuration by previous configuration commits, use the
following commands:
Command To verify
# show configuration commit change id • Configuration

• Sno.
• ID
• User
# show configuration commit list • Client
• Timestamp
• Label
• Comment
2.5.11 Compare Configuration

In configuration mode it is possible to compare sub-trees of running configuration. Differences will be
annotated with - (removed) and + (added).
Step 1 • Change to configuration mode

# config terminal
Step 2 • Compare two sub trees of running configuration
#(config)compare cfg subtree-A to subtree-B
Where:
subtree-A – subtree A of running configuration
subtree-B – subtree B of running configuration
Example:# compare cfg interface gigabit-ethernet-1/1/1 to

interface gigabit-ethernet-1/1/10
2.6 ROLLBACK DATABASE

DmOS allows returning the configuration to a previously committed configuration. It is possible to store
a limited number of old configurations (64 configurations). If more than configured number old
configurations are stored, then the oldest configuration is removed before creating a new one. The value
0 is assigned for the most recently commit. There are two options to apply a rollback configuration:
• Configuration
• Selective
2.6.1 Rollback Configuration

The following example shows how to roll back to a specific commit ID.

# config terminal
Step 2 • Select a rollback configuration
#(config)rollback configuration id
DATACOM 204.4006.03 25
Where:
id – Rollback configuration identifier
Example:# rollback configuration 3

Step 3 • Commit the configuration
(config)# commit
2.6.2 Rollback Selective

The following example shows how to roll back to a specific commit ID with selective operation. In this
case, just a part of configuration selected is restored.

# config terminal
Step 2 • Select a rollback selective
#(config)rollback selective id config
Where:
id – Rollback configuration identifier
config – Configuration for rollback selective
Example:# rollback selective 3 hostname

(config)# commit
2.6.3 Displaying Rollback Configuration

To display the changes made to the running-configuration by previous configuration commits, use the
following command:
Command To verify
# show configuration commit change id • Configuration
2.7 HANDLING CONFIGURATION FILES

DmOS supports some commands for the user perform operations with configuration files or some part of
these configurations saved. In the following is shown how these configuration files are handled.
2.7.1 Saving Configurations

The system allows save all configuration or some part of configuration. To save all running
configuration, use the following commands:
There is no limit of saved files. While the device provides available memory space, the files
are able to be saved.
DATACOM 204.4006.03 26

# config terminal
Step 2 • Save a new file
#(config)save filename
Where:
filename – Name of the new file saved
Example:# save config_datacom
To save some part of the running configuration, use the following commands:

# config terminal
#(config)save filename path_filter
Where:
path_filter – Part of the configuration to be saved
Example:# save config_gpon gpon
To save the running configuration in a XML format, use the following commands:

# config terminal
#(config)save filename xml
Where:
xml – Running configuration in XML format
Example:# save config_dtc xml
2.7.2 Deleting Stored Configurations

To delete some file stored in the flash memory, use the following commands:
Step 1 • Delete a file

# file delete filename
Where:
Example:# file delete config_gpon
DATACOM 204.4006.03 27
2.7.3 Listing Stored Configurations

To list the files stored in the flash memory, use the following commands:
Step 1 • List the stored files
# file list
2.7.4 Displaying Stored Configurations

To show the content of the stored file in the flash memory, use the following commands:
Step 1 • Show the content of file stored

# file show filename
Where:
Example:# file show config_gpon
2.7.5 Comparing Stored Configurations

To compare the running configuration to another configuration or file stored on database, use the
following commands:
Step 1 • Compare running configuration to a file

# compare filename
Where:
Example:# compare config_gpon_1
2.8 LOAD CONFIGURATION

DmOS can perform the following operations to load the saved file:
• Factory-config
• Merge
• Override
• Replace
It is required to execute the commit command whenever a configuration is load, so the

new loaded file becomes the running configuration.
2.8.1 Load Factory-config

In some situations, the network administrator may want to restore the configuration to the default factory
settings, erasing all current configurations.
To reset the device to factory default settings, execute the load factory-config command, as
shown below.
DATACOM 204.4006.03 28

# config terminal
Step 2 • Use the command load factory-config to set the factory default settings as next
configuration file to be load in the next boot
#(config)load factory-config
(config)# commit
The management IP Address will be restored to the default value (192.168.0.25/24).
Before performing the commit of the loaded factory-config, it is possible to configure any
protocols such as management IP Address and default static route.
2.8.2 Load Merge

To merge the current configuration and a specific file, use the following commands:
# config terminal
Step 2 • Load the file to be merged
(config)#load merge filename
Where:
filename: Name of the file to be saved
Example:# load merge config_syslog

(config)# commit
2.8.3 Load Override

To override a configuration, use the following commands.
This procedure erases the current configuration, and the configuration inside the specified
file will be loaded.
If the specified file does not contain the required system configurations, the device
operation may be compromised.
DATACOM 204.4006.03 29

# config terminal
Step 2 • Load the file to override the running configuration
(config)#load override filename
Where:
filename - Name of the file to be saved
Example:# load override config_backup

(config)# commit
2.8.4 Load Replace

To replace the content for the corresponding part of the current configuration, use the following
commands:

# config terminal
Step 2 • Replace the specific part of the current configuration
(config)#load replace filename
Where:
filename - Name of the file to be saved
Example:# load replace config_syslog

(config)# commit
2.9 GETTING HELP ABOUT COMMANDS

DmOS offers two ways to learn what commands are available and the correct syntax for a command. The
user can type a question mark (?) to get help about commands or simply type the help command.
Enter the question mark (?) at the prompt, to list all available commands for a particular command mode.
DM4610# ?
Possible completions:
aaa Configure authentication, authorization and accounting
autowizard Automatically query for mandatory elements
clear Clear device settings and counters
commit Confirm a pending commit
compare Compare running configuration to another configuration
or a file
complete-on-space Enable/disable completion on space
config Manipulate software configuration information
copy Copy files to a remote server
display-level Configure show command display level
exit Exit the management session
file Perform file operations
help Provide help information
history Configure history size
DATACOM 204.4006.03 30
id Show user id information

idle-timeout Configure idle timeout
ignore-leading-space Ignore leading whitespace (true/false)
logout Logout a user
multicast Multicast configuration
no Negate a command or set its defaults
paginate Paginate output from CLI commands
ping Send ICMP packets to another device to check the network
reliability
quit Exit the management session
reboot Reboot the system
reboot-forced Reboot the system without any checks
request Request system operations
router-debug
screen-length Configure screen length
screen-width Configure screen width
send Send message to terminal of one or all users
set Configure settings that may be changed by the system
shell
show Show information about the system
show-defaults Show default values when showing the configuration
source File to source
ssh Open a secure shell on another host
ssh-server Configure SSH server
telnet Open a telnet session to another host
terminal Set terminal type
timestamp Enable/disable the display of timestamp
uptime Shows the system uptime.
who Display currently logged on users
Enter the question mark (?) after the keyword to list the next available syntax option for the command.
DM4610# clear ?
core-dump Delete core dump files
history Clear command history
interface Clear device interfaces
log Clear all log files
mac-address-table Request to delete all dynamically learned unicast L2
entries
statistics Clear interface statistics
Enter the question mark (?) at the end of a partial command to list the commands that begin with those
characters.
DM4610# c?
clear Clear device settings and counters
commit Confirm a pending commit
compare Compare running configuration to another
configuration or a file
complete-on-space Enable/disable completion on space
config Manipulate software configuration information
copy Copy files to a remote server
Enter help command to display a help text for a specific command
DM4610# help ssh

Help for command: ssh
Open a secure shell on another host
DATACOM 204.4006.03 31
DM4610# help clear

Help for command: clear
Clear parameter
2.10 ABBREVIATED SYNTAX

A complete command name is not always required to execute a command. When using abbreviated
syntax, the user must enter enough characters for uniquely identifying a given command. For example,
the config terminal command can be abbreviated as config. However, it cannot be abbreviated
as co because it could mean commit, compare, complete-on-space, config or copy.
2.11 CLI ERROR PROMPTS

DmOS checks the command syntax for each command you type, and executes the command if it passes
the check, if the check fails, the system print an error as shown below:
syntax error: incomplete path

syntax error: "parameter" is an invalid value.
syntax error: unknown argument
syntax error: expecting
DATACOM 204.4006.03 32
DmOS – User Guide Managing the Device
3 MANAGING THE DEVICE
The network administrator can use two management tools to configure the DmOS devices:
• CLI – Command-Line Interface that provide a rich set of command to manage the device
through TELNET, SSH or the physical console port.
• DmView – Is a Network Management System (NMS) based on SNMP.
Read Datasheet Guide to see if DmView are available for the specific device.
This chapter intends to help the user to perform basic management functions on DmOS devices.
3.1 COMMAND LINE INTERFACE (CLI)

3.1.1 Using Console Interface
The Console Interface allows the user to manage the device through the command-line interface.
A terminal emulation application and a serial DB9-RJ45 cable are required to access the device via
Console Interface. MacOS X or Linux users can execute applications such as Screen or Minicom in
order to setup the terminal connection. Windows users have applications as Teraterm or Hyper Terminal
to establish a Console connection.
For more information on the physical console port pinouts, read the Installation Guide for
the specific device.
To access the device via Console interface, proceed as shown below:

Step 1 • Connect one end of the console cable to the device and the other end to computer
serial interface or a USB port if an adapter is being used
Step 2
• Start the terminal emulation program
DATACOM 204.4006.03 33
Step 3 • The terminal software must be set with:
Baud rate = 9600 bps

Data = 8 bits
Parity = None
Step 4 • The initial login prompt for a username appears:
login:
Step 5 • Type the username followed by [Enter]:
login:username
Example: login: admin

Step 6 • Type the password followed by [Enter]:
password: password
Example: password: admin

Step 7
• The prompt as following will appear, indicating a successful login:
#
3.1.2 Using Out-Of-Band Management Interface

Some devices have a dedicated front-panel Ethernet port. This port provides remote access using
TCP/IP. It supports TELNET and SSH sessions. There are no differences from CLI using the Console
Port or Ethernet Management Port.
The Ethernet management port is only for management purposes. It is not able to perform switching or
routing.
The Ethernet Management Interface of device is delivered with the default IP address
192.168.0.25/24. It is recommended to change it following the network design
requirements.
Step 1 • On the PC or laptop, start the TELNET or SSH session

ssh IP_address
Where:
IP_address – IP Address of management Interface
Example: ssh 192.168.0.25

Step 2 • Type the username followed by [Enter]
login: username
Example: login: admin

Step 3 • Type the password followed by [Enter]
password: password
Example: password: admin
DATACOM 204.4006.03 34
Step 4 • The prompt as following will appear, indicating a successful login:

#
3.1.2.1 Changing the Management IP Address

To access the device through TELNET, SSH or DmView you must first assign a valid management IP
address.
Enter configuration mode, access the management interface and assign a new IP address as shown
below:
Step 1 • On the PC or laptop, start a management session

# config terminal
Step 3 • Enter into the management interface level
(config)#interface mgmt chassis/slot/port
Where:
chassis/slot/port – Interface MGMT identification
Example: (config)#interface mgmt 1/1/1

Step 4 • Set the management IP address and network mask
(config-if-mgmt-eth)# ipv4 address Ipaddress/mask
Where:
Ipaddress/mask – Management IP Address/Network Mask
Example: (config)#ipv4 address 172.22.1.1/24

(config)# commit
To configure a default route for management interface use the following commands:

# config terminal
Step 2 • Default route for management interface
(config)#router static IPaddress/mask next-hop IPGateway
Where:
IPaddress/mask – MGMT IP Address / Network Mask
IPGateway – Gateway IP Address
Example:(config)#router static 0.0.0.0/0 next-hop

172.22.1.254
DATACOM 204.4006.03 35
(config)# commit
3.1.3 Using In-Band Management Interface

In-band management method allows access the devices through network itself. For using this method is
common to use a specific VLAN.
Using in-band management, any connectivity problem can lead the device to be
unreachable. Therefore, it is important have a secondary access to devices like a
management interface or a console interface.
To configure in-band management, the user need enter configuration mode, create a VLAN interface,
assign a new management IP address and add an ethernet interface, as shown below:
Step 1 • Using a PC or a laptop, start a management session as described in or .

# config terminal
Step 3 • Create a VLAN
(config)#dot1q vlan vlan_id

Where:
vlan_id – VLAN identifier
Example: (config)#dot1q vlan 500

Step 4 • Set the Ethernet interface in VLAN
(config-vlan-vlan_id)# interface gigabit-ethernet-

interface_id
Where:
interface_id – Ethernet interface for in-band management
Example: (config-vlan-500)#interface gigabit-ethernet-

1/1/10
Step 5 • Return to config menu
(config-if-vlan-vlan_id)# top
Step 6 • Create a Logical L3 interface
(config)# interface l3 interface_name
Where:
interface_name – Specified name for in-band management interface
Example: (config)#interface 13 inband-mgmt

Step 7 • Logical L3 interface settings – IPv4 address
DATACOM 204.4006.03 36
(config-l3-inband-mgmt)# description text|ipv4 address

ipv4_address|lower-layer-if vlan vlan_id]
Where:
text – In-band management description interface
ipv4_address – Ipv4 address
vlan_id – VLAN identifier for in-band management interface
Example: (config-l3-inband-mgmt)#ipv4 address 172.22.1.1/24

Step 8 • Logical L3 interface settings – VLAN identifier
(config-l3-inband-mgmt)# [description text|ipv4 address

ipv4_address|lower-layer-if vlan vlan_id]
Where:
text – In-band management description interface
ipv4_address - Ipv4 address
vlan_id – VLAN identifier for in-band management interface
Example: (config-l3-inband-mgmt)#lower-layer-if vlan 500

(config)# commit
To configure a default route for management interface use the following commands:
# config terminal
Step 2 • Default route management interface
(config)#router static ipaddress/mask next-hop ip_gateway

Where:
ipaddress/mask – Management IP address/Network Mask
ip_gateway – Gateway IP address
Example: (config)#route static 0.0.0.0/0 next-hop

172.22.1.254
(config)# commit
3.2 DMVIEW
DmView is a Network Management System (NMS), designed for supervising and configuring
DATACOM devices, offering a main console for network operations in detecting faults in the
infrastructure, can perform a discovery of network devices, also provide management functionalities
related with provisioning, configuration, performance, security, audit, maps and inventory.
A wide range of the DmView installation options are available, from a standalone version running in a
personal computer, up to a multiple High Availability server deployment with separate applications,
database and terminal/presentation servers. DmView also works with third-party NMS and OSS/BSS
frameworks.
DATACOM 204.4006.03 37
To connect the device to DmView, and vice-versa, use the following commands:
Step 1 • Set the management IP, as shown in the chapter

# config terminal
Step 3 • Type the DmView server IP address and SNMP settings
(config)#snmp target name ip IPaddress
Where:
name – Target identifier
IPaddress – Target IP Address
Example: (config)#snmp target DmView ip 192.168.1.10

Step 4 • Defining a SNMPv2c community to the target
(config-target-name)# v2c sec-name community
Where:
community – Community security name
Example: (config-DmView)# v2c sec-name public

Step 5 • Return to configuration menu
(config)# top
Step 6 • Enables SNMP traps sent using the following command
(config)# snmp notify notify_id tag name type

[informs|traps]
Where:
notify_id – Target identifier
name – Target name
[informs|traps]– Notification type
Example: (config)#snmp notify DmView tag DmView_traps type

trap
Step 7 • Return to configuration menu
(config)# top
Step 8 • If the DmView server is installed in a different network segment than device, it will
be necessary to configure a route on device to reach the DmView. The route is
installed as follow:
(config)# route static prefixIP/mask next-hop gatewayIP
Where:
prefixIP/mask – DmView Network prefix and mask
gatewayIP – Notification type
DATACOM 204.4006.03 38
Example: (config)#router static 192.168.1.0/24 next-hop

172.22.1.254
(config)# commit
3.3 CONNECTIVITY TOOLS

DmOS provides some tools to perform checking of network connectivity. A successful network
connection is established between any two devices when data flows from one node to the other. Ping is a
tool that is indispensable when testing TCP/IP network connectivity.
3.3.1 Ping
The ping command is a common method for troubleshooting the accessibility of devices. It uses two
Internet Control Message Protocol (ICMP) query messages, ICMP echo requests, and ICMP echo
replies to determine whether a remote host is active.
In the command line session, perform the following tasks to check connectivity using ping command:
Step 1 • Enter the ping command followed by destination address.

# ping IPaddress
Where:
IPaddress – Destination device IP address
Example: # ping 10.1.192.108

PING 10.1.192.108 (10.1.192.108): 56 (84) bytes of data.
64 bytes from 10.1.192.108: seq=0 ttl=63 time=53.858 ms
--- 10.1.192.108 ping statistics ---

5 packets transmitted, 5 received, 0% packet loss, time 4004ms
rtt min/avg/max/mdev = 4.055/6.820/2.438 ms
3.4 MANAGEMENT – SECURITY ACCESS

It is possible to access device or another host from device using IPv4 through TELNET and SSH
protocols.
• SSH
• TELNET
3.4.1 SSH Server

DmOS supports Secure Shell (SSH) Server to enable an SSH client to make a secure, and encrypted
connection. DmOS supports only SSH version 2 (SSHv2).
SSH server keys can generate public-key cryptography for security requirements. DmOS supports
public-key cryptography, such as: Rivest, Shamir, and Adelman (RSA) and Digital System Algorithm
(DSA).
To configure the public-key cryptography in SSH Server, use the following commands:
DATACOM 204.4006.03 39
Step 1 • Choose public-key cryptography

# ssh-server [all|dsa|rsa]
Where:
all – Generate DAS and RSA keys
dsa – Generate DAS keys
rsa – Generate RSA keys
Example: (config)#ssh-server generate-key dsa

Really want to do this? [yes,no] yes
Generated keys
To display SSH Server Keys, use the following command:
Command To verify
• Type
# show ssh-server public-key • Size
• Date Generate
• Data
3.4.2 SSH Server - Max Connection

By default, the maximum number of SSH connections is 8. To change maximum number of SSH
connections, use the following commands:
# config terminal
Step 2 • Change SSH max connections
(config)#ssh-server max-connections number

Where:
number – <1-16> Specify the maximum number of connections
(config)# commit
3.4.3 SSH Server – Legacy Support

Support for SSH clients running OpenSSH versions older than 7.0.
In case of failure to access via SSH from another device, it may be necessary to enable the SSH
compatibility mode.
To configure legacy support, use the following commands:
# config terminal
DATACOM 204.4006.03 40
Step 2 • Enable SSH legacy support
(config)#ssh-server legacy-support
(config)# commit
3.4.4 SSH Client

To access another host through SSH protocol, use the following command:
Step 1 • Opening a SSH session to another host

# ssh IPaddress
Where:
IPaddress – Destination server/host IP address
Example: # ssh 192.168.1.254
3.4.5 TELNET Server

TELNET protocol enables TCP/IP connections used to transmit data with interspersed TELNET control
information. For security reasons the TELNET server is disabled by default. To enable TELNET server
protocol, use the following commands:
# config terminal
Step 2 • Enable TELNET server
(config)#telnet-server enabled
(config)# commit
To disable the TELNET server protocol, use the following commands:
# config terminal
Step 2 • Disable TELNET server
(config)#telnet-server disabled
(config)# commit
3.4.6 TELNET Server - Max Connection

By default, the maximum number of TELNET connections is 8. To change maximum number of
TELNET connections, use the following commands:
DATACOM 204.4006.03 41
# config terminal
Step 2 • Change SSH max connections
(config)#telnet-server max-connections number

Where:
number – <1-16> Specify the maximum number of connections
(config)# commit
3.4.7 TELNET Client

To access another host through TELNET protocol, use the following commands:
Step 1 • Opening a TELNET session to another host

# telnet IPaddress
Where:
IPaddress – Destination server/host IP address
Example: # telnet 192.168.1.254
3.5 CHANGING THE HOSTNAME

The hostname is the name that identifies a given device. To prevent ID issues at the network management
level, it is important to define a unique hostname for each device. The configured hostname is also part
of the command prompt. To configure the hostname, use the following commands:

# config terminal
Step 2 • Enter the new devices hostname
(config)#hostname name
Where:
name – Devices new hostname
Example: (config)#hostname DmOS-device

(config)# commit
3.6 AUTHENTICATION USERS

3.6.1 Account Access Levels
DmOS uses privilege levels to determine what a user account will have access in the device. DmOS
supports three levels of management access available for users: admin, config and audit.
DATACOM 204.4006.03 42
Account Level Description

Accounts with admin privilege levels are able to view and change all
admin device parameters. It is a complete read-and-write access to the entire
device
Normal access level allows some functions more than read-only, but less
than admin. It allows the user to view all device parameters. The normal
config access level allows all configuration commands, except those for device
administration purpose, such as: hostname, SNMP, monitor, profile,
RADIUS, SNTP, TACACS+ and Local Users
audit Accounts with read-only privileges. Are able only to view the device
parameters
Only one account is configured by default on DmOS: admin.
Account Password Description

admin is an account that has admin privilege levels. So, it can
admin admin view and change all device parameters. It is a complete read-
and-write access to the entire device.
Due to security reasons, it is strongly recommended to change the admin account password
at the first time login. For change password, see Modifying a User Password.
For a complete configuration of a new user, only three parameters of a command are necessary. First
parameter defines the username, the second defines the password and the last defines the privilege levels
(admin, config or audit).
The user account may be created without defining a password (empty).
The default value for access-level is audit. Therefore, when creating a new audit account, the command
aaa user username password pass is enough.
3.6.2 Local User

Local Users mode refers to the internal database, i.e. without the use of an external server. DmOS can
handle authentication and authorization when set as local mode. For detailed information about local
authentication, see Configuring Management Access.
3.6.2.1 Setting a new Local User

To add a new local user in database, use the following commands:
# config terminal
Step 2 • Create a user with password and specify a privileged
(config)#aaa user username password password group
{admin|audit|config}
Where:
username –User identifier name
DATACOM 204.4006.03 43
– User password identifier

password
{admin|audit|config} – User privilege level
Example: (config)#aaa user datacom password datacom-pass

group admin
(config)# commit
3.6.2.2 Modifying a User Password

Just admin privilege can change attributes of all users. To modify the password, use the following
commands:

# config terminal
Step 2 • Modify the password of a user
(config)#aaa user username change-password old-password
old_pass new-password new_pass confirm-password new_pass
Where:
username – User identifier name
old_pass – Old password of the given user
new_pass – New password of the given user
new_pass – New password confirmation
Example: (config)#aaa user datacom change-password old-

password datacom-pass new-password new-datacom-pass
confirm-password new-datacom-pass
(config)# commit
3.6.2.3 Modifying a User Privilege Group

Only admin privilege may modify attributes of all users. To modify the privilege group, use the
following commands:

# config terminal
Step 2 • Modify the user privilege group
(config)#aaa user username group [admin|config|audit]
Where:
admin|config|audit – User privilege
DATACOM 204.4006.03 44
Example: (config)#aaa user datacom group audit
(config)# commit
3.6.2.4 Deleting a User

Only admin privilege is able to delete users. To delete a user, use the following commands:

# config terminal
Step 2 • Delete the given user
(config)#no aaa user username
Where:
Example: (config)# no aaa user datacom

(config)# commit
3.6.2.5 Default Local user Settings

The following table lists the factory default settings for Local User.
user/password/privilege admin/admin/admin
Authentication Login Preference local
3.6.2.6 Displaying Local User Settings

To display information about Local User configuration, perform the following steps:
Command To verify
User
show running-config aaa Privilege Group (Account level)
Password
The password shown on show running-config aaa is encrypted.
DATACOM 204.4006.03 45
3.6.3 RADIUS
RADIUS stands for Remote Authentication Dial-In User Service: a standard for providing
authentication, authorization and accounting services.
The essential RADIUS components are client host (user terminal), RADIUS client (device), and the
RADIUS server. Client host requests access to the RADIUS client resources. The RADIUS client
authenticates client against the RADIUS server and if the credentials are considered valid, the RADIUS
Client then decided what authorization level is appropriate for client host, and grants access
appropriately.
The communication between the RADIUS Client and the RADIUS server is secure, and a unique
keyword, called shared-secret, on both systems is required.
The RADIUS client must be configured to point to the RADIUS server. The RADIUS server will deny
any RADIUS client that it is not configured or when the presented secret key is incorrect.
The following figure shows the sequence to authenticate and authorize a user connection:
1. User tries to establish a management connection to device sending a Connection Request

containing identification and connection information;
2. After the initial negotiation, the RADIUS Client forwards the user information as an
Authentication Request to the RADIUS server;
3. The RADIUS server looks up the user information in a RADIUS database.
4. If a match is found, the RADIUS server returns Access-Accept message and user is considered
Authenticated. In this case, the RADIUS server might also send a list information stored in the
database, such as the user's authorization; if the information provided by user does not match,
the RADIUS server returns an Access-Reject message.
5. The device refuses or accepts the access request based on information received from RADIUS
Server.
Read Datasheet Guide to see if this feature is available for the specific device.
When authorizing via remote servers, the final user group will be a union of the group
provided by the external authorization server and the local authorization information for
the given user.
Example: A user created on the local database with group admin and authorized via remote
server with group audit will be assigned to both groups: admin and audit.
3.6.3.1 Setting RADIUS Server

To use a RADIUS server to authenticate access to a device, the user must designate the server on device.
DATACOM 204.4006.03 46
# config terminal
Step 2
Create new RADIUS host
(config)#aaa server radius server_id host IPaddress
Where:
server_id – RADIUS Server Identifier
IPaddress – IP address of the RADIUS Server
Example: (config)#aaa server radius radius-server host

192.168.1.1
(config)# commit
3.6.3.2 Setting Shared Key

A shared key must be defined between the device and RADIUS server to enforce security. The key is a
case-sensitive password used to validate communications between a RADIUS server and the device.

# config terminal
Step 2 • Join a RADIUS host
Where:

192.168.1.1
Step 3 • Define the RADIUS shared key
(config-radius-radius_id)#shared-secret key
Where:
key – A unique shared key
Example: (config)#shared-secret pass1234

(config)# commit
3.6.3.3 Setting Authentication Port

The network administrator may specify the ports used by device to communicate to the RADIUS server
for authentication purpose.
DATACOM 204.4006.03 47

# config terminal
Where:

192.168.1.1
Step 3 • Define the RADIUS authentication port.
•
(config-radius-radius_id)# authentication-port number
Where:
number – Authentication server port number
•
Example: (config-radius-AAAServer)# authentication-port
1812
(config)# commit
3.6.3.4 Enabling Authentication

To enable RADIUS Authentication Server, use the following commands:

# config terminal
Where:

192.168.1.1
Step 3 • Enable the RADIUS authentication Server
•
(config-radius-radius_id)# authentication
Example: (config-radius-AAAServer)# authentication

(config)# commit
DATACOM 204.4006.03 48
The user authentication process with Authorization service enabled will be return the
permissions as configured in the RADIUS server. Two permission groups are supported on
RADIUS: admin and audit.
3.6.3.5 Setting Accounting Port

The network administrator may specify the ports used by device to communicate to the RADIUS server
for accounting purpose.

# config terminal
Where:
IPaddress – IPv4 address of the RADIUS Server.
Example: (config)#aaa server radius AAAServer host

192.168.1.1
Step 3 • Define the RADIUS accounting port.
•
(config-radius-radius_id)# accounting-port number
Where:
number – Accounting server port number
•
Example: (config-radius-AAAServer)# accounting-port 1813
(config)# commit
3.6.3.6 Enabling Accounting

To enable RADIUS Accounting Server, use the following commands:

# config terminal
Where:
IPaddress – IPv4 address of the RADIUS Server. The host parameter also
accepts IPv6 Address or hostname.
Example: (config)#aaa server radius AAAServer host

192.168.1.1
Step 3 • Enable the RADIUS accounting Server
•
(config-radius-radius_id)#accounting
DATACOM 204.4006.03 49
Example: (config-radius-AAAServer)# accounting

(config)# commit
Whether the accounting service is enabled as shown previously, the device sends
accounting information to the AAA server for every session. DmOS sends the login/logout
data, containing: username, type of service, date and event timestamp.
3.6.3.7 Setting Retry Parameter

The retry parameter specifies the maximum number of retransmission attempts. When an authentication
request t times, the device will retransmit the request up to the maximum number of retransmissions
configured.

# config terminal
Where:

192.168.1.1
Step 3 • Set the retries number
•
(config-radius-radius_id)#retries retries_number
Where:
retries_number – Specifies how many times the device will try the
authentication request
Example: (config)# retries 2

(config)# commit
3.6.3.8 Default RADIUS Settings

The following table lists the factory default settings for RADIUS parameters or services.
DATACOM 204.4006.03 50
Authentication service Disabled
Shared key blank
Authentication Port 1812
Accounting service Disabled
Accounting Port 1813
Retry 2 times
Authentication Login Preference local
When the Authentication service is enabled, the device uses authorization merging local
configuration and remote ones. The permission can be different on Radius and Local, but
the higher level of access will be used for user as your access level.
3.6.3.9 Displaying RADIUS Settings

To display information about RADIUS configuration, use the following command:
Command To verify
RADIUS ID
Host
Shared key
(config)# show running-config aaa server Authentication and Accounting
Service Status
Authentication, and Accounting
Ports
Connection retries and timeout
3.6.4 TACACS+
TACACS stands for Terminal Access Controller Access Control System. It is a protocol developed by
Cisco Systems based on AAA model.
The essential TACACS+ components are the Access Client (user terminal), Network Access Server
(device), and the TACACS+ server.
The device, acting as a NAS (Network Access Server) receives a user's connection request and performs
an initial access negotiation with the user to establish certain data (username, password, port number,
and so on). The device then sends this data to the TACACS+ server and requests authentication. The
TACACS+ server may authenticate the request, and may authorize services over the connection. The
TACACS+ server does this by matching received data from the NAS's request with entries in own
database. Based on this response from the TACACS+ server, the NAS (device) decides whether to
establish the user's connection or terminate the user's connection attempt. At the end of this process,
DmOS issues accounting information to the TACACS+ server to document the transaction.
DATACOM 204.4006.03 51
TACACS+ relies upon Transmission Control Protocol (TCP). TCP port 49 is used by default between
client and the server.
TACACS+ provides security between the communications of the NAS and the TACACS+ Server. The
entire body (header and payload) of the packet is encrypted. This encryption relies on a shared secret
key on each device.
3.6.4.1 Setting TACACS+ Server

To use a TACACS+ server to authenticate access, the administrator must designate the server on device.
Additionally, a shared key between the device and TACACS+ server must be defined to enforce
security.

# config terminal
Step 2
Create new TACACS+ host
(config)#aaa server tacacs server_id host IPaddress
where:
server_id – TACACS+ Server Identifier
IPaddress – IP address of the TACACS+ Server
Example: (config)#aaa server tacacs tacacs_server host

192.168.1.1
(config)# commit
3.6.4.2 Setting Shared Key

A shared key must be defined between the device and TACACS+ server to enforce security. The key is
a case-sensitive password used to validate communications between the device and TACACS+ server:
The character “!” must not be used in the shared key definition. This special character is
interpreted as a comment.

# config terminal
Step 2 • Join a TACACS+ host
where:
IPaddress – IP Address of the TACACS+ Server
DATACOM 204.4006.03 52

192.168.1.1
Step 3 • Define the TACACS+ shared key
(config-tacacs-tacacs_id)#shared-secret key
where:
key – A unique shared key
Example: (config-tacacs-tacacs_id)#shared-secret key_pass

(config)# commit
3.6.4.3 Setting Authentication Port

The device allows modifying default settings regarding TACACS+ services. The default setting takes
place when a specific configuration for TACACS+ server is not set. To modify TACACS+ default
settings related to authentication ports, use the following commands:

# config terminal
where:
server_id –TACACS+ Server Identifier

192.168.1.1
Step 3 • Define the TACACS+ authentication port
(config-tacacs-tacacs_id)#authentication-port number
where:
number – Authentication server port number
Example: (config)# authentication-port 49

(config)# commit
3.6.4.4 Setting Authentication Type

DmOS supports two authentication protocols that TACACS+ can use during the authentication process:
PAP and ASCII.
• PAP – Password Authentication Protocol (PAP) is used to authenticate connections. Transmits
passwords and other user information in clear text
DATACOM 204.4006.03 53
• ASCII – Machine-independent technique. Requires a user to type a username and password, which
are sent in clear text (unencrypted) and matches with an entry in the user database stored in ASCII
format.
To modify TACACS+ settings related to authentication types proceed as follows:

# config terminal
where:

192.168.1.1
Step 3 • Set the authentication type for TACACS+ accounting process
(config-tacacs-tacacs_id)#authentication-type [ascii|pap]
where:
ascii|pap – Accounting type
Example: (config)# authentication-type ascii

(config)# commit
3.6.4.5 Enabling Authentication Server

To enable TACACS Authentication server, use the following commands:

# config terminal
where:

192.168.1.1
Step 3 • Define the TACACS+ authentication server
(config-tacacs-tacacs_id)#authentication
Example: (config-tacacs-AAAServer)#authentication
(config)# commit
DATACOM 204.4006.03 54
3.6.4.6 Setting Timeout Parameter

The timeout parameter specifies how many seconds the device waits for a response from TACACS+
server before either retrying the authentication request, or determining that the TACACS+ server is
unavailable.

# config terminal
where:
IPaddress – IP address of the TACACS Server

192.168.1.1
Step 3 • Define the TACACS+ timeout
(config-tacacs-tacacs_id)#timeout time
where:
time – time set for the device to wait for TACACS+ server response in
seconds.
Example: (config)# time 5

(config)# commit
3.6.4.7 Default TACACS+ Settings

The following table lists the factory default settings for TACACS+ parameters or services.
Authentication Service Disabled
Shared Key blank
Authentication Port 49
Authentication Type PAP
Timeout 5 seconds
Retry 3 times
DATACOM 204.4006.03 55
3.6.4.8 Displaying TACACS+ Settings

To display TACACS+ configuration information, use the following command:
Command To verify
• TACACS+ ID
• Host
# show running-config aaa server • Shared key
• Authentication Status
• Timeout and Retry values
3.6.5 Login Preference

The operator can define the order of authentication sources: local, RADIUS and TACACS+. When a
user tries to log in the system, it will try to authenticate it following the order set by the CLI command
authentication-order.

# config terminal
Step 2 • Choose the preferential login method among local, RADIUS and TACACS+
(config)#aaa authentication-order {local|radius|tacacs}
Example: (config)#aaa authentication-order tacacs

(config)# commit
If only one parameter (local, radius or tacacs) is used in the aaa

authentication-order command it is just inserted in the already existent list. To
change the authentication order includes the list of parameters between brackets (E.g.: aaa
authentication-order [radius tacacs]).
3.7 HOUR, DATE AND TIMEZONE

The device operation is not date and time dependent. However, because the date and time are used for
logging, error detection, and troubleshooting, they should be set correctly.
The Network Administrator can configure the date and time manually or assign a SNTP server to
synchronize the clock.
3.7.1 Clock and Date

SNTP client is disabled by default and it must stays off if the clock will be set manually.
Step 1 • Adjust the clock using the set clock command

# set clock YYYYMMDD HH:MM:SS
Where
YYYYMMDD – Year (4), month (2) and day (2)
HH:MM:SS – Hour (2), minutes (2), seconds (2)
Example:# set clock 20160304 16:05:07
DATACOM 204.4006.03 56
(config)# commit
3.7.2 Time zone

To configure a time zone, use the following commands:

# config terminal
Step 2 • Configure the time zone
(config)# clock timezone name UTC
Where:
name – Time zone name for identification
UTC – Offset from TUC (-12 to +14)
Example:(config)# clock timezone BRA -3

(config)# commit
3.7.3 Displaying Configuration

To verify a time zone configuration, use the following commands:
Step 1 • Verify time and date set

# show clock
Example:# show clock

Tue Mar 04 16:05:07 2016 (/UTC+0)
3.8 SIMPLE NETWORK TIME PROTOCOL (SNTP)

3.8.1 Overview
Simple Network Time Protocol (SNTP) is a simplified version of Network Time Protocol (NTP) that is
used to synchronize clocks of computational nodes on a network. SNTP synchronizes a system time
with a server that has already been synchronized by a source such as a radio or GPS.
3.8.2 Setting SNTP Server

The device time and data can be synchronized through SNTP servers using the following steps:
# config terminal
Step 2 • Enable the NTP/SNTP Client
(config)# sntp client
DATACOM 204.4006.03 57
Example:(config)# sntp client

Step 3 • Indicates the NTP/SNTP Server which will provide the clock synchronization data
(config)# sntp server IPaddress
Where:
IPaddress – NTP/SNTP Server IP
Example:(config)# sntp server 192.168.1.1

(config)# commit
3.8.3 Setting Authentication

To enable SNTP authentication, use the following commands:

# config terminal
Step 2 • Indicates NTP/SNTP Server
(config)# sntp server IPaddress
Where
IPaddress – NTP/SNTP Server IP
Example:(config)# sntp server 192.168.1.1

Step 3 • Defining the authentication for NTP/SNTP Server
(config-server-IPaddress)#authentication [md5|none]
password
Where
[md5|none] – NTP/SNTP authentication method
password – MD-5 password
Example:(config-server-192.168.1.1)# authentication md5

pass123
Step 4 • Enable the authentication
(config)#sntp authenticate
Example:(config)# sntp authenticate

(config)# commit
3.8.4 Setting Pooling Interval

To change the synchronization pooling interval, use the following commands:
# config terminal
DATACOM 204.4006.03 58
Step 2 • Define the pooling interval

(config)# sntp pool-interval time
Where
time – Polling interval in seconds
Example:(config)# sntp pool-interval 30

(config)# commit
3.9 SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP)

3.9.1 Overview
SNMP is a set of protocols that help network administrators to manage network devices and
troubleshooting network problems. The network management system is based on two main elements: a
manager and agents. SNMP provides communication between a managed device (SNMP agent) and an
SNMP Manager or management application. The SNMP agent on the managed device provides access
to data (managed objects) stored on the managed device. The SNMP manager or management
application uses this access to monitor and control the managed device. Therefore, the manager is the
server that enables the network administrator to send management requests and the agents are entities
which making possible to collect information on the different objects.
The SNMP network management application can ask agents for specific information about network
elements and the data exchange is defined as SNMP Protocol Data Units (SNMP PDUs), typically
encapsulated in UDP packets. There are five kinds of operations permitted between managers and
agents. The manager performs four of them:
• Send a GET to obtain information from the agent about an attribute of a managed object.
• Send a GET-NEXT to do the same for the next object in the tree of objects on the managed
device.
• Send a GET-BULK to obtain information about a group of data from the agent.
• Send a SET to set the value of an attribute of a managed object.
Agents perform the last one:
• Send a TRAP to the manager telling it about some event on the managed device.
The following figure illustrates the exchange of messages between the SNMP management system and
an SNMP agent.
To specify to the SNMP agent which are the needed objects, the SNMP manager or management
application, uses a well-defined naming syntax. Object names in this syntax are called object identifiers
DATACOM 204.4006.03 59
(object IDs, or OIDs), and are numbers that uniquely identifies an object to an SNMP agent. For
instance, an object might be something like Interface Status. Querying Interface Status would return a
variable – the interface could be up or down. The collection of OIDs organized hierarchically is called
MIBs (Management Information Base).
Community is another important SNMP concept. It is used to allow authorized users to access the SNMP
agent on a device. Community strings may be configured as read-only (RO), or read-write (RW). As
the name implies, read-only strings only allow information to be pulled from the agent. However, read-
write strings are much more powerful, and can allow re-configuration of many devices properties.
SNMP versions are shown on following table.
SNMP Version Description
Original version of SNMP, community strings sent in plain text, very weak
v1
security.
SNMP v2c was developed to fix some of the problems in v1. However multiple
versions were developed, none truly addressing the problems with v1. V2c is the
v2c most used version, and has enhanced protocol handling over v1, resulting in
slightly improved operations. However, security is still an issue because it uses
plain-text community strings.
The newest version of SNMP, v3 supports full security and authentication. Should
v3
be used if possible, especially on untrusted networks.
Use extreme caution when implementing read-write strings. Some versions of SNMP
transmit strings in clear-text, raising the security risk.
3.9.2 Setting SNMP Agent

3.9.2.1 Enabling SNMP Agent
To enable or disable SNMP agent, use the following commands:

# config terminal
Step 2 • Enable or Disable SNMP Agent
(config)# snmp agent [enable|disable]
Example:(config)# snmp agent enable

(config)# commit
DATACOM 204.4006.03 60
3.9.2.2 Configure Version for SNMP Agent

To configure the SNMP version for SNMP agent, use the following commands:

# config terminal
Step 2 • Set a SNMP Version
(config)# snmp agent version [v1|v2c|v3]
Where
Version [v1|v2c|v3] – SNMP version
Example:(config)# snmp agent version v2c

(config)# commit
3.9.2.3 Configure UDP Port for SNMP Agent

To configure UDP Port for SNMP agent, use the following commands:

# config terminal
Step 2 • Set a UDP Port for SNMP Agent
(config)# snmp agent udp-port port
Where
port – UDP protocol port to be used for communication
Example:(config)# snmp agent udp-port 161

(config)# commit
3.9.2.4 Configure Extra-Listen for SNMP Agent

It is possible to set a list of pairs (IP Address and UDP Port) as extra-listen ports. The pairs must be set
one-by-one. To configure a list of additional pairs (IP Address and UDP port) in which the SNMP Agent
will also listens on, use the following commands:

# config terminal
Step 2 • Set an extra-listen for SNMP Agent
(config)# snmp agent extra-listen IPaddress port
Where
IPaddress – IP Address to be used for communication
port – UDP protocol port to be used for communication
Example:(config)# snmp agent extra-listen 192.168.1.1 4161
DATACOM 204.4006.03 61
(config)# commit
3.9.2.5 Configure Maximum Length of message for SNMP Agent

To configure the maximum length of SNMP message agent can send or receive, use the following
commands:

# config terminal
Step 2 • Set a maximum length of message for SNMP Agent
(config)# snmp agent max-message-size max_size
Where
max_size – Maximum length of SNMP
Example:(config)# snmp agent max-message-size 50000

(config)# commit
3.9.2.6 Configure System Parameters for SNMP Agent

To define system configuration for SNMP Agent, use the following commands:

# config terminal
Step 2 • Define system configuration
(config)# snmp system [contact|location] text
Where
text – Contact or Location identifier
Example:(config)# snmp system location datacom-br

(config)# commit
3.9.3 Setting SNMPv1 and SNMPv2c Communities

It is used to allow authorized users to access the SNMP agent on a device.
3.9.3.1 Configuring System Parameters for SNMP Agent

To create a community, use the following commands:
# config terminal
Step 2 • Define the community Index
(config)# snmp system community_index
DATACOM 204.4006.03 62
Where
community_index – Index to identify the community
Example:(config)# snmp community public_dtc

(config)# commit
3.9.3.2 Configure a Community Name

To configure a name to a community, use the following commands.
Use this parameter when the community is not the same as the index.

# config terminal
Step 2 • Define the Community Index
(config)# snmp community community_index
Where

Step 3 • Define the community Name
(config-community-public_dtc)# name name_id
Where
name_id – Index to identify the community
Example:(config-community-public_dtc)# name public

(config)# commit
3.9.3.3 Configuring a Community Security Name

To configure a security name to a community, use the following commands:

# config terminal
Where
DATACOM 204.4006.03 63

Step 3 • Define the community Name
(config-community-public_dtc)# sec-name sec_name
Where
sec_name – Security model name to identify the community
Example:(config-community-public_dtc)# sec-name public

(config)# commit
3.9.3.4 Configuring a Community Target Tag

To configure a target tag to a community, use the following commands:

# config terminal
Where

Step 3 • Define the Target Tag
(config-community-public_dtc)# target-tag tag_id
Where
tag_id – Index to identify the community
Example:(config-community-public_dtc)# target-tag 5
(config)# commit
3.9.4 Setting SNMPv3 User-Based Security Model (USM)

The SNMPv3 was developed to provide secure access to devices.
SNMPv3 introduces an authentication strategy. Therefore, in order to retrieve data from SNMP agent,
username and password are required. To avoid the password sending as plain text, the SNMP3 supports
SHA and MD5 hashing.
3.9.4.1 Adding a User

To configure a user in SNMPv3, use the following commands:

# config terminal
DATACOM 204.4006.03 64
Step 2 • Create a SNMPv3 user

(config)# snmp usm [local|remote] user user_id
security-name sec_name
Where
user_id – Username string
sec_name – Security name string
Example:(config)# snmp usm local user datacom security-name

datacom
(config)# commit
3.9.4.2 Defining a User Authentication Protocol

To configure an authentication protocol for the SNMPv3 user, use the following commands:

# config terminal
Step 2 • Join a SNMPv3 user
Where
Example:(config)# snmp usm local user datacom

Step 3 • Defining an authentication protocol with password for the user
(config-user-user_id)# auth [md5|sha] password pass
Where
[md5|sha] – Authentication Protocol
pass – Authentication Password String
Example:(config-user-datacom)# auth md5 password 12345

(config)# commit
3.9.4.3 Defining a Authentication Encryption

To configure an encryption for the authentication process, use the following commands:

# config terminal
Step 2 • Join a SNMPv3 user
Where
DATACOM 204.4006.03 65
Example:(config)# snmp usm local user datacom

Step 3 • Defining an encryption for the authentication process
(config-user-user_id)# priv [aes|des] password
pass_id
Where
pass_id – Authentication Password String
Example:(config-user-datacom)# priv aes password 12345

(config)# commit
3.9.5 Setting View-Based Access Control Model (VACM)

It is used to allow authorized users to access the SNMP agent on a device. The Community strings can
be configured as read write and notify. As the name implies, read only allow information to be pulled
from the agent, write also allows to set some configuration on the agent and notify allows to forward
some traps/informs.
3.9.5.1 Configuring VACM View

To configure a new view, use the following commands:

# config terminal
Step 2 • Join a group
(config)# snmp vacm view view_name
Where
view_name – Name of VACM MIB view
Example:(config)# snmp vacm view read_and_notify

Step 3 • Defining subtrees is included or excluded from the MIB view
(config-view-view_name)# subtree subtree_id
[excluded|included]
Where
subtree_id – Subtree OID in MIB view
Example:(config-view-read_and_notify)# subtree 1.3 included

(config)# commit
3.9.5.2 Configuring VACM Group

To configure a new VACM group, use the following commands:
DATACOM 204.4006.03 66
# config terminal
Step 2 • Create a group
(config)# snmp vacm group group_id
Where
group_id – Group name identifier
Example:(config)# snmp vacm group dtc

(config)# commit
3.9.5.3 Configuring VACM Groups members

To define access for groups, use the following commands:

# config terminal
Where

Step 3 • Defining member and security model into a group
(config-group-group_id)# member username sec-model
[usm|v1|v2c]
Where
username – Security name identifier
Example:(config-group-dtc)# member user_1 sec-model

v2c
(config)# commit
3.9.5.4 Configuring VACM Groups Views

To define views for groups, use the following commands:

# config terminal
Where
DATACOM 204.4006.03 67

Step 3 • Defining SNMP version allowed with authentication and encryption
(config-group-group_id)# snmp vacm group group_id
access [any|usm|v1|v2c] [auth-no-priv|auth-priv|no-
auth-no-priv]
Where
Example:(config)# snmp vacm group dtc access v2c

auth-no-priv
Step 4 • Defining Views for Group
(config-access-v2c/auth-no-priv)# [notify-
view|read-view|write-view] view_name
Where
view_name – Name of the MIB view
Example: (config-access-v2c/auth-no-priv)# write-view root

(config)# commit
3.9.6 Setting Targets for Notifications

SNMP allows sending traps and informs for targets. Each target to receive notifications must have an
IP address and a SNMP version associated. Other parameters also configurable like: UDP Port, timeout,
retries and Engine ID.
3.9.6.1 Configuring Server Target

To create a target, use the following commands:
# config terminal
Step 2 • Define target identifier and target IP address
(config)# snmp target name ip IPaddress
Where
name – Target identifier
IPaddress – Target IP address
Example:(config)# snmp target server ip 192.168.1.1

(config)# commit
3.9.6.2 Configuring SNMPv1 Parameters

To define a SMNPv1 parameters type for target, use the following commands:
DATACOM 204.4006.03 68

# config terminal
Step 2 • Join a target identifier
(config)# snmp target target_id
Where
target_id – Target identifier
Example:(config)# snmp target server-trap

Step 3 • Define a SNMPv1 community to the target
(config-trap-name)# v1 sec-name community
Where
Example:(config-target-server)# v1 sec-name public

(config)# commit
3.9.6.3 Configuring SNMPv2c Parameters

To define a SMNPv2c parameters type for target, use the following commands:

# config terminal
Where
Example:(config)# snmp target server

Step 3 • Define a SNMPv2c community to the target
(config-trap-name)# v2c sec-name community
Where
Example:(config-target-server)# v2c sec-name public

(config)# commit
3.9.6.4 Configuring SNMPv3 Parameters

To define a SMNPv3 parameters type for target, use the following commands:
DATACOM 204.4006.03 69
# config terminal
Where

Step 3 • Define a SNMPv3 user to the target
(config-trap-name)# usm sec-level sec_id [auth-no-
priv|auth-priv|no-auth-no-priv] user-name user_id
Where
sec_id – Authentication and encryption
user_id – User name identifier
Example:(config-target-server-trap)# usm sec-level auth-priv

user-name userTest
(config)# commit
3.9.6.5 Configuring UDP Port

To define a UDP port for target, use the following commands:

# config terminal
Where

Step 3 • Define a SNMPv3 user to the target
(config-trap-name)# udp-port port
Where
port – UDP Port identifier
Example:(config-target-server-trap)# udp-port 162

(config)# commit
3.9.6.6 Configuring Timeout

To define a timeout, use the following commands.
DATACOM 204.4006.03 70
This parameter is only required if the target is able to receive v3 informs messages.

# config terminal
Where

Step 3 • Define a timeout to the target
(config-trap-name)# timeout time
Where
time – Timeout configuration
Example:(config-target-server-trap)# timeout 1500

(config)# commit
3.9.6.7 Configuring Retries

To define retries number, use the following commands.

# config terminal
Where

Step 3 • Define retries number
(config-trap-name)# retries number
Where
number – Number of retries
DATACOM 204.4006.03 71
Example:(config-target-server-trap)# retries 3
(config)# commit
3.9.6.8 Configuring Engine ID

To define engine-id, use the following commands.

# config terminal
Where

Step 3 • Define an engine-id to the target
(config-trap-name)# engine-id id
Where
id – Engine Identifier
Example:(config-target-server-trap)# engine-id
80:00:0E:7D:03:00:04:DF:40:8D:D8
(config)# commit
3.9.6.9 Configuring Notifications Table

This table is used to select management targets which should receive notifications, as well as the type
of notification which should be sent to each selected management target.
To management targets, use the following commands:

# config terminal
Step 2 • Define an engine-id to the target
(config)# snmp notify notify_id tag name type
[informs|traps]
Where
notify_id – Target Identifier
DATACOM 204.4006.03 72
name – Target name
Example:(config)# snmp notify target_A tag server_traps type

traps
(config)# commit
3.9.7 Default SNMP Settings

The following table lists the factory default settings for SNMP parameters.
SNMP agent Disable
SNMP agent version v2c, v3
SNMP agent max-message-size 50000
SNMP community public
SNMP VACM group public
SNMP VACM view root subtree 1.3
3.10 SYSLOG SERVER

This chapter describes how to configure the Syslog feature in DmOS.
3.10.1 Overview
According RFC5424, the Syslog Protocol is used to transport event notification messages. This protocol
uses a layered architecture. The layers are: syslog content, syslog application and syslog transport.
Syslog is used by network devices to send event messages to an external server – usually called Syslog
Server. For example, if an Ethernet interface is enabled, a message is sent for external server configured
alerting this change.
The following figure illustrates the message exchanges between the Device (Syslog Agent) and the
Syslog Server.
DATACOM 204.4006.03 73
3.10.2 Setting Syslog IP Address

The command log syslog is used to configure a Syslog Server.

# config terminal
Step 2 • Type the Syslog Server IP Address
(config)# log syslog IPaddress
Where
IPaddress – IP Address of the Syslog Server
Example:(config)# log syslog 10.1.1.1

(config)# commit
The no form of the log syslog command removes Syslog Server

# config terminal
Step 2 • Erase Syslog server from device database
(config)# no log syslog IPaddress
Where
IPaddress – IP Address of the Syslog Server
Example:(config)# no log syslog 10.1.1.1

(config)# commit
By default DmOS only sends error logs after enabling this feature. The other options are
warning, notice, informational, error, emergency, critical and alert.
3.10.3 Setting Syslog Severity

The command log syslog can be used to set a security level of the log messages.

# config terminal
Step 2 • Set the severity level
(config)# log severity level
Where
level – IP Address of the Syslog Server
Example:(config)# log severity emergency
DATACOM 204.4006.03 74
(config)# commit
3.10.4 Default Syslog Settings

The following table lists the factory default settings for Syslog parameters.
Remote host(s) None
History logging to remote (option appears after

Informational
syslog activation)
DATACOM 204.4006.03 75
DmOS – User Guide Gigabit Passive Optical Network (GPON)
4 GIGABIT PASSIVE OPTICAL NETWORK (GPON)
The main characteristic of a Passive Optical Network (PON) is the non-use of electrical components to
signal distribution. The passive architecture is mainly used as a solution for access to the last mile, leading
optical fiber cabling and signals nearest to end-user. A PON system has the ability to deliver high rates of
speed for broadband access.
The first PON was based on ATM (called APON then, now renamed to broadband or BPON) and it has
evolved to today's dominants Gigabit PON (GPON) and Ethernet PON (EPON). All of these optical
technologies create split multi-site connection paths, they are built using a similar topology and components
like shown by following figure.
PON uses a network point-to-multipoint configuration. So, a single fiber is shared by several end points
(e.g.: homes and offices). This sharing is possible using a passive optical splitter, resulting in division
of 4, 8, 16, 32 or 64 for outgoing fibers. But this depends on the optical splitter manufacturing process
and distances involved.
Active transmission device in PON network consists only of Optical Line Termination (OLT) and
Optical Network Unit (ONU). OLT is responsible to provide the uplink port, which is connected to the
core network, and meanwhile offers the downlink PON ports.
GPON uses WDM (Wavelength Division Multiplexing) technology, allowing bidirectional
transmission over a single fiber (different wavelength for downstream and upstream). To segregate
traffic of multiple users, GPON uses broadcast in downstream direction (OLT to ONU) and TDMA in
upstream direction (ONU to OLT).
Since, data are broadcasted from OLT to ONU, the ONUs (Optical Networks Units) should filter the
user’s data traffic and also coordinate, by multiplexing the signals, output from client to does not conflict
with other user’s data.
As the data packets are transmitted in a broadcast manner to all ONUs, GPON standard uses AES
(Advanced Encryption Standard) to encrypt the data flow in downstream direction (OLT to ONU). The
encryption is a secure way to avoid eavesdropping and assure that only the allowed user will access the
information.
DATACOM 204.4006.03 76
4.1 GPON INTERFACES

This chapter describes how to deploy GPON Interfaces.
4.1.1 Creating a VLAN and Assigning an Uplink Interface

Before start the GPON configuration, create a VLAN and assign it to an Uplink interface. Read
Configuring Ethernet Ports and Setting VLANs to Uplink Ports.
4.1.2 Enabling and Disabling Ports

GPON interfaces are administratively disabled by default. To enable them, use the following
commands:

# config terminal
Step 2 • Select the GPON interface to be enabled
(config)# interface gpon chassis/slot/port
Where
chassis/slot/port – Chassis, slot and port position
Example:(config)# interface gpon 1/1/1

Step 3 • Enable the port configuration
(config-gpon-chassis/slot/port)#no shutdown
Example:(config-gpon-1/1/1)# no shutdown
(config)# commit
To disable a GPON interface:

# config terminal
Step 2 • Select the GPON interface to be disabled
Where

Step 3 • Disable the port configuration
(config-gpon-chassis/slot/port)#shutdown
Example:(config-gpon-1/1/1)# shutdown
DATACOM 204.4006.03 77
(config)# commit
4.1.3 Setting Downstream FEC and Upstream FEC

By default, FEC is enabled on GPON interfaces for downstream and upstream flows. To disable FEC
use the following commands:

# config terminal
Step 2 • Select the GPON interface to be configured
Where

Step 3 • Disable downstream FEC
(config-gpon-chassis/slot/port)#no downstream-fec
Example:(config-gpon-1/1/1)# no downstream-fec
Step 4 • Disable upstream FEC
(config-gpon-chassis/slot/port)# no upstream-fec
Example:(config-gpon-1/1/1)# no upstream-fec
(config)# commit
4.1.4 Setting Anti-Rogue Mode

To configure anti-rogue mode for ONUs at GPON interfaces, use the following commands:

# config terminal
Where

Step 3 • Set anti-rogue mode to the interface
(config-gpon-chassis/slot/port)#anti-rogue onu-isolate
onu_id
Example:(config-gpon-1/1/1)# anti-rogue onu-isolate 1
DATACOM 204.4006.03 78
(config)# commit
4.1.5 Setting MAC-Limit

The MAC-Address Limit functionality allows limiting how many MAC Addresses each ONU can learn.
It is possible to change the value from 1 to 255 addresses. The value 0 (zero) is used to configure it as
unlimited. To configure this functionality, use the following commands:
tep 1 • Change to configuration mode

# config terminal
Where

Step 3 • Choose the ONU interface to apply the MAC limit rule
(config-gpon-chassis/slot/port)#onu onu_id
Where
onu_id – ONU interface number
Example:(config-gpon-1/1/1)#onu 1
Step 4 • Set the required MAC limit for the interface
(config-gpon-onu-onu_id)#mac-limit mac-limit-number
Where
mac-limit-number – Number of MACs allowed to be learned in the given
ONU interface (1-255)
Example:(config-gpon-onu-1)#mac-limit 255
(config)# commit
The MAC limitation is a configuration performed in each port individually.
4.1.6 Setting Virtual Ethernet Interface Point (VEIP)

Virtual Ethernet Interface Point (VEIP) is designed to separate the CPE and ONU functions with a
logical, rather than physical, Ethernet interface between the functions. It provides a centralized
infrastructure provisioning and management for OLT device, be it integrated to an ONU or in a
standalone mode. To perform the VEIP configuration setup, use the following commands:
DATACOM 204.4006.03 79

# config terminal
Step 2 • Define a GPON interface
Where
chassis/slot/port – Identifies the related interface according its
place on the device

Step 3 • Define the ONU interface identification
(config-gpon-1/1/1)#onu onu_id
Where
onu_id – ONU identification number
Step 4 • Define the VEIP port to set
(config-gpon-onu-1)#veip veip_port
Where
veip_port – Port available for configuration
Example:(config-gpon-onu-1)#veip 1
Step 5 • Configure the VEIP port as Native VLAN and set a CoS value
(config-veip-1)#native vlan vlan-id vlan_id cos

cos_value
Where
vlan_id – VLAN number (1-4093)
cos_value – Class of Service value (0-7)
Example:(config-gpon-onu-1)#native vlan vlan-id 100

cos 7
(config)# commit
4.1.7 Default GPON Port State

The table below lists the default settings for GPON ports:
DATACOM 204.4006.03 80
Administrative State Shutdown
Downstream FEC Enabled
Upstream FEC Enabled
4.1.8 Displaying GPON State

To display GPON port status information, use the following commands:
Command To Verify
• Physical interface
• Downstream FEC
# show interface gpon chassis/slot/port • Upstream FEC
• Transceiver type
• Allocated upstream
• Bandwidth
• Interface
• Downstream FEC
# show interface gpon chassis/slot/port • Upstream FEC
brief • Admin
• Link
4.2 GPON PROFILES

This chapter describes how to deploy GPON profiles.
4.2.1 Overview
On a typical PON Network, there are many end-users, but few service types and ONU models. Thus, in
order to avoid massive provisioning tasks, the GPON Profiles allows defining common attributes that
may be reused lot of times, and apply to multiple service ports.
DmOS supports the following profiles types:

• ONU Profile: Describes the ONU physical attributes such as the number of Ethernet ports
and POTS ports.
• Service Profile: Defines service attributes that will be applied to an ONU as VLAN mapping,
CoS and transparency of L2 protocols.
• Bandwidth Profile: Defines the available bandwidth to a specific Transmission Container (T-
CONT). A Transmission Container (T-CONT) is an ONU object, representing a group of
logical connections that appears as a single entity and they are used for management of upstream
DATACOM 204.4006.03 81
bandwidth on the PON Link. For a given ONU, the number of supported T-CONTs is fixed and
defined by ONU profile.
o Type 1: Fixed bandwidth type only. The assured bandwidth equals the maximum
bandwidth and has the highest priority. All bandwidth is allocated regardless of
demand. All exceeding traffic is discarded. Mainly used for services sensitive to delay
and high priority, such as Voice over IP applications.
o Type 2: Guaranteed bandwidth type. It has assured bandwidth. The assured traffic can
be allocated to maximum as the fixed, however only on demand. This type is mainly
used for video services and data services of higher priorities.
o Type 3: Guaranteed bandwidth type. It has assured bandwidth and non-assured
bandwidth. The non-assured traffic only is allocated when a remaining bandwidth is
available. This type is mainly used for video services and data services of higher
priorities.
o Type 4: Best-effort type only. The bandwidth that has not been allocated as fixed or
guaranteed is used. Mainly used for data services such as Internet and services of low
priority.
o Type 5: Mixed type. It is a superset of all other T-CONTs types. Involves all bandwidth
types, such as fixed, guaranteed and best effort.
• Line Profile: Defines association between GEM Ports with a T-CONT and also maps a GEM
Port with ONU services. The GEM Port represents a flow of data, which must associate to a
bandwidth profile.
• SIP Agent Profile: Defines the settings of SIP Agent that will register the analog line and
control the call process. The SIP Agent Profile is associated a POTS interface.
• GEM Traffic Profile: Define a quality of service on ONU. This profile allows limiting the data
traffic at upstream and downstream with the parameters CIR (Committed Information Rate) and
EIR (Excess Information Rate).
• Media Profile: Defines the media parameters for VoIP services, allowing to set a priority
ordered codec list, where is set the codec type, packet-period and silence-suppression for each
entry on the list. Media-profile command is also
used to enable/disable out-of-band DTMF, configure the target of the jitter buffer, and
the maximum depth of the jitter buffer.
4.2.2 Default GPON Profiles

It is possible to load default GPON profiles for bandwidth profile, line profile, onu profile and service
profile to be used in GPON circuit configuration. It is possible load profiles to be used with bridge or
router ONUs.
Load profiles bridge:

# config terminal
Step 2 • Enter the command to load bridge profile
(config)# load default-gpon-profiles-bridge
DATACOM 204.4006.03 82
(config)# commit
Load profiles router:

# config terminal
Step 2 • Enter the command to load router profile
(config)# load default-gpon-profiles-router
(config)# commit
4.2.3 Setting ONU Profile

Every ONU model must have your own ONU-profile. This profile defines the user’s interfaces.
Therefore, it should be create based on ONU characteristics, such as number of Ethernet and POTS
ports. The ONU profile can be created as shown:
# config terminal
Step 2 • Enter the command to create an ONU profile
(config)# profile gpon onu profilename
Where
profilename – ONU profile identification
Example:(config)# profile gpon onu onu-1-port

Step 3 • Enter the number of Ethernet port on the ONU
(config-onu-profile-profilename)#ethernet max_eth
Where
max_eth – Number of ONU Ethernet ports
Example:(config-onu-profile-onu-1-port)# ethernet 4
Step 4 • Enter the number of POTS port on the ONU
(config-onu-profile-profilename)#pots pots_ID
Where
pots_ID –POTS Identifier
Example:(config-onu-profile-onu-1-port)# pots 2
(config)# commit
DATACOM 204.4006.03 83
Before creating an ONU profile, it is recommended to consult the ONU documentation to

get all required information listed above.
4.2.4 Setting Service Profile

Defines service attributes that will be applied to an ONU as VLAN mapping, CoS and transparency of
L2 protocols.
To create a Service profile, the related ONU profile must be previously created. Read the
chapter .

# config terminal
Step 2 • Enter the command to create a Service profile
(config)# profile gpon service-profile profilename
Where
profilename – Service profile identification
Example:(config)# profile gpon service-profile 1-port-

residential
Step 3 • Setting a ONU profile for association
(config-service-profile-profilename)#onu profilename
Where
profilename – Identify a ONU profile
Example:(config-service-profile-1-port-residential)# onu-
profile 1-port
Step 4 • Setting a VLAN mapping
(config-onu-profile-profilename)#vlan-mapping map_name
symmetric ethernet eth_port match vlan vlan-id vlan_id_A
cos cos_A action vlan [add|replace] vlan-id vlan_id_B cos
cos_B
Where
map_name – Map identification name
eth_port – ONU Ethernet port
vlan_id_A – VLAN identifier to perform the match
cos_A – Traffic priority (0-7) to perform the match
vlan_id_B – VLAN identification for the new tag inserted or replaced
cos_B – Traffic priority (0-7) for the new tag inserted or replaced
DATACOM 204.4006.03 84
Example:(config-service-profile-1-port-residential)# vlan-
mapping map simmetryc ethernet 1 match vlan vlan-id 10 cos
3 action vlan add vlan-id 20 cos 7
(config)# commit
4.2.5 Setting Bandwidth Profile

This profile defines the available bandwidth to a specific Transmission Container (T-CONT). A
Transmission Container (T-CONT) is an ONU object, representing a group of logical connections that
appears as a single entity and they are used for management of upstream bandwidth on the PON Link.
For a given ONU, the number of supported T-CONTs is fixed and defined by ONU profile.
The bandwidth can be set using granularity of 64kbit/s.

# config terminal
Step 2 • Enter the command to create a Bandwidth profile
(config)# profile gpon bandwidth-profile
profilename
Where
profilename – Bandwidth profile identification
Example:(config)# profile gpon bandwidth-profile 2m-cir_10m-

pir
Step 3 • Enter the T-CONT type and related traffic bandwidth
(config-bandwidth-profile-profilename)#traffic [type-
1|type-2|type-3|type-4|type-5] bandwidth
Where
bandwidth – Defines the fixed, assured or maximum bandwidth (depends on
the selected T-CONT type)
Example:(config-bandwidth-profile-2m-cir_10m-pir)# traffic
type-3 assured-bw 2048 max-bw 9984
(config)# commit
4.2.6 Setting Line Profile

This profile defines association between GEM (GPON Encapsulation Method) ports with a T-CONT,
and also maps a GEM Port with ONU services. The GEM Port represents a flow of data, which must be
associated to a bandwidth profile.
To create a Line profile, the related Bandwidth profile must be previously created. Read
about the Bandwidth profile creation in the chapter
DATACOM 204.4006.03 85

# config terminal
Step 2 • Enter the command to create a Line profile
(config)# profile gpon line-profile profilename
Where
profilename – Line profile identification
Example:(config)# profile gpon line-profile internet_10m

Step 3 • Setting a bandwidth profile in T-CONT
(config-line-profile-profilename)# tcont tcont_id

bandwidth-profile profilename
Where
tcont_id – Identification of a T-CONT port
profilename – Bandwidth profile identification name
Example:(config-line-profile-internet-10m)# tcont 4
bandwidth-profile 2m-cir_10m-pir
Step 4 • Setting an Ethernet port for GEM port in line profile
(config-line-profile-profilename)# gem gem_id map map_id

ethernet ethernet_port vlan [vlan_id|any] cos [cos_id|any]
Where
gem_id – Identification of a GEM port
map_id – Mapping name for mapping configuration in a GEM port
ethernet_port – Identification of a ONU Ethernet
Example:(config-line-profile-internet-10m)# gem 1 map

map_eth1_vlan_10 iphost vlan 10 cos 3
Step 5 • Setting IP host interface for VoIP applications in line profiles

iphost vlan [vlan_id | any] cos [cos_id | any]
Where
map_id – Mapping name for a GEM port configuration

map_eth1_vlan_10 iphost vlan 10 cos 3
Step 6 • Setting a VEIP interface

veip veip_id vlan [vlan_id | any] cos [cos_id | any]
Where
map_id – Mapping name for a GEM port configuration
veip_id – Virtual Ethernet Interface Point number
DATACOM 204.4006.03 86

map_eth1_vlan_10 veip 1 vlan 10 cos 3
Step 7 • Setting upstream GEM port priority and GEM Rate Traffic Control in line profile
(config-line-profile-profilename)# gem gem_id tcont

tcont_name [priority priority_id|gem-traffic-profile
profile_name]
Where
tcont_name – Identification of a T-CONT port
priority_id – Line profile priority
profile_name – GEM Rate Traffic Profile
Example:(config-line-profile-internet-10m)# gem 1 tcont 4

priority 3
Step 8 • Setting an upstream-fec profile in T-CONT
(config-line-profile-profilename)# upstream-fec
Example:(config-line-profile-internet-10m)# upstream-fec
(config)# commit
4.2.7 Setting SIP Agent Profile

This profile defines the settings of SIP Agent that will register the analog line and control the call
process. There are three servers to configure.
• Registrar Server: Registrar Server accepts REGISTER requests and places the information it
receives in those requests into the location service for the domain it handles.
• Proxy Server: Proxy Server is an intermediary entity that acts as both a server and a client for
the purpose of making requests on behalf of other clients. A proxy server primarily plays the
role of routing, which means its job is to ensure that a request is sent to another entity "closer"
to the targeted user.
• Outbound Proxy: Outbound Proxy receives request from a client, even though it may not be
the server resolved by the Request-URI.
To configure the SIP Agent Profile, use the following commands:

# config terminal
Step 2 • Create a SIP Agent Profile
(config)#profile gpon sip-agent-profile profile_name
Where
profile_name – Identification of a SIP Agent profile
Example:(config)# profile sip-agent-profile SIP-Agent
DATACOM 204.4006.03 87
Step 3 • Setting the Outbound-proxy, Proxy-server and Registrar Server
(config-sip-agent-profile-profile_name)#outbound-proxy
outbound_IP|proxy-server proxy_IP|registrar registrar_IP
Where:
outbound_IP – identify a Outbound Proxy IP Address
proxy_IP – identify a Proxy Server IP Address
registrar_IP – identify a Registrar Server IP Address
Example: (config-sip-agent-profile-SIP-Agent)# registrar

192.168.1.10
(config)# commit
4.2.8 Setting GEM Rate Traffic Profile

GEM Traffic Profile aims to configure CIR and EIR at ONU in order to provide traffic limit. It allows
limiting rate according to the service contracted. Two parameters must be configured:
• CIR – Committed Information Rate: Is the traffic bandwidth (in Kbits/s) that is guaranteed
to pass through the interface
• EIR – Excess Information Rate: Is the maximum traffic bandwidth (in Kbits/s) that can pass
through the interface. It must be greater than the CIR.
The GEM Rate Traffic profile can be created as shown:

# config terminal
Step 2 • Enter the command to create a GEM Traffic Control profile
(config)# profile gpon gem-traffic-profile
profilename
Where
profilename – GEM traffic profile identification
Example:(config)# profile gpon gem-traffic-profile Traffic-

Rate
Step 3 • Setting GEM Traffic Control Profile
(config-gem-traffic-profile-profilename)# cir cir_rate|eir

eir_rate|upstream-gem-priority priority
Where
cir_rate – Committed Information Rate
eir_rate – Excess Information Rate
priority – Upstream GEM port priority
Example:(config-gem-traffic-profile-Traffic-Rate)# cir 2048

DATACOM 204.4006.03 88
(config)# commit
4.2.9 Setting Media Profile

The media-profile command is used to configure media parameters for VoIP services, allowing the
user to set a priority ordered codec list, where is set the codec type, packetperiod and silence
suppression for each entry on the list. Media profile command is also used to enable/disable out-of-
band DTMF, configure the target of the jitter buffer, and the maximum depth of the jitter buffer. There
are nine parameters to configure:
• Codec-order: Indicates the codec selection order which will be configured.
The list can be filled in any order.
• Type: Select the codec type defined by IETF RFC 3551.
• Packet-Period: Select the packet period interval in milliseconds.
• Silence-Suppression: Enable or disable silence suppression for the codec entry.
• Jitter Target Dynamic-Buffer: Set the target value of the jitter buffer as dynamic.
• Jitter Target Buffer: Select the target value of the jitter buffer in milliseconds.
• Jitter Maximum onu-internal-buffer: Configure the ONU to use its internal default value for
the maximum jitter buffer.
• Jitter Maximum Buffer: Select the maximum depth of the jitter buffer in milliseconds.
• Oob-dtmf: Enable or disable out-of-band DTMF. When enabled, DTMF signals are carried
out-of-band. When disabled, DTMF signals are
carried in the PCM stream.
First check the ONU capabilities before configuring the codec list, because some ONU
models do not support all the codecs listed. There must be 4 codecs configured in a Media
Profile
To configure the SIP Agent Profile, use the following commands:

# config terminal
Step 2 • Enter the command to create a Media Profile
(config)# profile gpon media-profile profilename
Where
profilename – Media profile identification
Example:(config)# profile gpon media-profile MediaName

Step 3 • Set the codec selection order
(config-media-profile-profilename)# codec-order
order_index
Where
Order_index – Codec Order
Example:( config-media-profile-MediaName)# codec-order 1
DATACOM 204.4006.03 89
Step 4 • Set the codec type
(config-codec-order-order_index)# type codec_type
Where
Codec_type – Codec Order
Example:( config-codec-order-1)# type g729

order_index
Where
• Example:( config-media-profile-MediaName)# codec-order 2

Where
• Example:( config-codec-order-1)# type g723

order_index
Where

Where
• Example:( config-codec-order-1)# type pcmu

order_index
Where

DATACOM 204.4006.03 90
Where
• Example:( config-codec-order-1)# type pcma

Step 11 • Configure the packet period interval in milliseconds
(config-codec-order-order_index)#packet-period period_time
Where
period_time – Packet period interval in milliseconds
Example:( config-codec-order-1)# packet-period 20

Step 12 • Enable silence suppression for the codec entry
(config-codec-order-order_index)# silence-suppression
Example:( config-codec-order-1)# silence-suppression

Step 13 • Return to profile configuration level
(config-codec-order-order_index)# exit
Example:( config-codec-order-1)# exit

Step 14 • Set the target value of the jitter buffer as dynamic
(config-media-profile-profilename)# jitter target dynamic-

buffer
Example:( config-media-profile-MediaName)# jitter target

dynamic-buffer
Step 15 • Select the target value of the jitter buffer in milliseconds
(config-media-profile-profilename)# jitter target buffer

value
Where
value – Value of the jitter buffer
Example:( config-media-profile-MediaName)# jitter target

buffer 200
Step 16 • Configure the ONU to use its internal default value for the maximum jitter buffer
(config-media-profile-profilename)# jitter maximum onu-

internal-buffer
Example:( config-media-profile-MediaName)# jitter maximum

onu-internal-buffer
Step 17 • Set the maximum depth of the jitter buffer in milliseconds
(config-media-profile-profilename)# jitter maximum buffer

maxvalue
Where
maxvalue – Value of the maximum jitter buffer
DATACOM 204.4006.03 91
Example:( config-media-profile-MediaName)# jitter maximum

buffer 200
Step 18 • Enable out-of-band DTMF
(config-media-profile-profilename)# oob-dtmf
Example:( config-media-profile-MediaName)# oob-dtmf

• (config)# commit
4.2.10 Displaying GPON Profiles

To display GPON profiles configuration, use the following commands:
Command To Verify
• Profile name
# show running-config profile gpon onu-
profile onu_profilename • Ethernet
• Pots
• Profile name
# show running-config profile gpon service-
profile service_profilename • ONU Profile
• VLAN Mapping
• Profile name
• Type
# show running-config profile gpon
bandwidth-profile bw_profilename • Fixed-bw
• Assured-bw
• Maximum-bw
• Profile name
# show running-config profile gpon line- • Upstream-FERC
profile line_profilename • T-CONT
• GEM
• Registrar Server
# show running-config profile gpon sip-
agent-profile SIP-Agent • Proxy Server
• Outbound Proxy
# show running-config profile gpon gem- • CIR
traffic-profile Traffic-Rate • EIR
• Codec Order
• Type
• Packet Period
• Silence Suppression
• Jitter Target Dynamic
# show running-config profile gpon media- Buffer
profile MediaName • Jitter Target Buffer
• Jitter Maximum ONU
Internal Buffer
• Jitter Maximum
Buffer
• Oob dtmf
DATACOM 204.4006.03 92
4.3 OPTICAL NETWORK UNIT (ONU)

This chapter describes how to deploy an ONU.
4.3.1 Starting ONU Discovery Process

To start the discovery process for ONUs or if an ONU joins on an emergency state, the command onu-
enable allows the user to restart the ONU and forward it to standby state:

# config terminal
Where

Step 3 • Restart all ONUs or a given ONU by its serial number
(config-gpon-chassis/slot/port)# onu enable [all|serial-

number serial_number]
Where
serial-number – Serial number of the given ONU
Example:(config-gpon-1/1/1)# onu-enable serial-number

PNDD00B88986
(config)# commit
4.3.2 Restarting ONU

For restart an ONU, use the following commands:

# config terminal
Step 2 • Select the GPON interface to be restarted
Where

Step 3 • Restart the ONU
(config-gpon-chassis/slot/port)# onu-reset onu onu_id
Where
onu_id – ONU identification
Example:(config-gpon-1/1/1)# onu-reset onu 1
DATACOM 204.4006.03 93
(config)# commit
4.3.3 Setting ONU name

To configure the name of an ONU, use the following commands:

# config terminal
Step 2 • Enter the GPON interface configuration
Where
chassis/slot/port – Chassis, slot and port of the device

Step 3 • Enter into the ONU ID
Where
onu_id – ONU identification name
Example:(config-gpon-1/1/1)# onu 1
Step 4 • Set the ONU name
(config-gpon-onu-onu_id)#name onu_name
Where
onu_name – ONU identification name
Example:(config-gpon-onu-1)# name datacom-onu-1

(config)# commit
4.3.4 Setting Authenticating

The ONU authentication method is a global GPON configuration. Therefore, it is applied on all GPON
interfaces. There are three authentication methods:
• Serial Number Only
• Password Only
• Serial Number and Password
4.3.4.1 Setting ONU Authentication Method

GPON supports automatic ONU discovery and activation mechanisms. As part of these mechanisms,
GPON may use the Serial Number (SN), Password or both for ONU authentication.

# config terminal
DATACOM 204.4006.03 94
Step 2 • Enter the GPON unit configuration

(config)#gpon slot/port
Where
slot/port – Slot position and GPON port
Example:(config)# gpon 1/1

Step 3 • Enter the authentication method
(config-gpon-slot/port)#onu-auth-method [password|serial-
number|serial-number-and-password]
Example:(config-gpon-1/1)# onu auth-method serial-number-

and-password
(config)# commit
Before creating an ONU profile, it is recommended to consult the ONU documentation to

get all required information listed above.
4.3.4.2 Configuring AES Key Exchange

To configure the interval for AES Key exchanging, use the following commands:

# config terminal
Step 2 • Enter the GPON unit configuration
(config)# gpon slot/port
Where
slot/port – Slot position and GPON port
Example:(config)# gpon 1/1

Step 3 • Enter the authentication method
(config-gpon-slot/port)#aes-key-exchange interval
Where
interval – Time (in seconds) for AES key exchanging
Example:(config-gpon-1/1)# aes-key-exchange 30
(config)# commit
4.3.4.3 Configuring ONU Serial Number and Password

The general tasks involved in configuring ONU Serial Number and Password are shown below:
DATACOM 204.4006.03 95

# config terminal
Step 2 • Enter into GPON interface configuration
Where
chassis/slot/port – Device, slot position and GPON port

Step 3 • Enter into ONU configuration mode
(config-gpon-slot/port)#onu onu_id
Where
Example:(config-gpon-1/1)# onu 1
Step 4 • Enter into ONU credentials
(config-gpon-slot/port)#serial-number onu_sn password

onu_password
Where
onu_sn – ONU serial number
onu_ password – ONU Password
Example:(config-gpon-onu-1)# serial-number DTCMD3506944

password 00d3506944
(config)# commit
The authentication method using Serial Number and Password represents only one ONU authentication
method. As described in , another two methods are available: Serial Number Only and Password
Only. Therefore, Step 3 may suffer some changes for the Serial Number Authentication, as follow:

# config terminal
Where

Where
DATACOM 204.4006.03 96
Step 4 • Enter into serial number
(config-gpon-slot/port)#serial-number onu_sn
Where
onu_sn – ONU serial number
Example:(config-gpon-onu-1)# serial-number DTCMD3506944

(config)# commit
Or for Password Only Authentication:

# config terminal
Where

Where
Step 4 • Enter into ONU password
(config-gpon-onu_id)#serial-number onu_sn password

onu_pass
Where
onu_pass – ONU Password
Example:(config-gpon-onu-1)#password 00d3506944
(config)# commit
The password must be unique on the system. Only one ONU will be activated if multiple
devices use the same password.
DATACOM 204.4006.03 97
The password is defined by ONU’s manufacturer. Consult ONU documentation to know

how to determine the password.
4.3.4.4 Displaying ONU Authentication Configuration

To display ONU authentication configuration, use the following commands:
Command To Verify
• Chassis/Slot
• ONU authentication
# show gpon chassis/slot
method
• AES key exchange
4.3.4.5 Configuring POTS Interface

To configure POTS interfaces, use the following commands:

# config terminal
Where

Where
Step 4 • Enter on the POTS interface
(config-gpon-chassis/slot/port)#pots pots_id
Where
pots_id – POTS identification number
Example:(config-gpon-onu-1)# pots 1
Step 5 • Setting SIP Agent Profile on POTS interface
(config-pots-port_id)#sip-agent-profile profile_name
Where
profile_name – SIP Agent Profile identification
DATACOM 204.4006.03 98
Example:(config-pots-1)# sip-agent-profile SIP-Agent

Step 6 • Setting SIP User Agent on POTS interface
(config-pots-port_id)#sip-user-agent [display-name
name|password password|user-part-aor address|username
username]
Where
name – identify a SIP User Agent
password – password of SIP Agent Profile
address – user part address of record (AOR)
username – authentication username of SIP User Agent
Example:(config-pots-1)# sip-user-agent display-name SIP-

Agent1
(config)# commit
4.3.4.6 Configuring a Virtual Ethernet Interface Point (VEIP)

To perform the VEIP configuration setup, use the following commands:

# config terminal
Step 2 • Define a GPON interface
Where
chassis/slot/port – Identifies the related interface according its place
on the device

Step 3 • Define the ONU interface identification
(config-gpon-1/1/1)#onu onu_id
Where
Step 4 • Define the VEIP port to set
(config-gpon-onu-1)#veip veip_port
Where
veip_port – Port available for configuration
Example:(config-gpon-onu-1)#veip 1
DATACOM 204.4006.03 99
Step 5 • Configure the VEIP port as Native VLAN and set a CoS value
(config-veip-1)#native vlan vlan-id vlan_id cos cos_value
Where
vlan_id – VLAN number (1-4093)
cos_value – Class of Service value (0-7)
Example:(config-gpon-onu-1)#native vlan vlan-id 100 cos 7

(config)# commit
4.3.4.7 Default SIP Server Settings

The following table lists the default settings for a SIP Server.

Hostname
Empty
IP Address
0.0.0.0
Port
5060
4.3.4.8 Associating Profiles to an ONU

The GPON profiles define many characteristics associated to customer. To these definition take effect,
they must be assigned to an ONU. See , for more information about how to create profiles at the device.
# config terminal
Where

Where
Step 4 • Associate the Service profile and Line profile to ONU
(config-gpon-onu-onu_id)#service-profile profilename line-

profile profilename2
DATACOM 204.4006.03 100

Where
profilename – Service profile name
profilename2 – Line profile name
Example:(config-gpon-onu-1)#service-profile 1-port-
residential line-profile internet_10m
(config)# commit
4.3.5 Setting User Network Interface (UNI)

The following steps are mandatory to correct operation of a GPON solution with end-to-end clients.
The ONU may have several Ethernet interfaces, known as UNI (User Network Interface).
On UNI interface configuration level, the following settings can be modified:
• Administrative State (Shutdown)
• Negotiation
• Native VLAN
4.3.5.1 Enabling and Disabling Ports

The UNI interfaces are administratively disabled by default. To enable them, use the following
commands:

# config terminal
Where

Where
Step 4 • Enter into UNI interface
(config-gpon-onu-onu_id)#ethernet port
Where
port – UNI port identification
Example:(config-gpon-onu-1)#ethernet 1
Step 5 • Enable the UNI
DATACOM 204.4006.03 101

(config-ethernet-port)#no shutdown
Example:(config-ethernet-1)#no shutdown
(config)# commit
To disable a UNI:

# config terminal
Where

Where
Where
Step 5 • Disable the UNI
(config-ethernet-port)# shutdown
Example:(config-ethernet-1)# shutdown
(config)# commit
4.3.5.2 Configuring Negotiation Mode

The UNI interface can use the auto-negotiation mode. To enable it, use the following commands:
# config terminal
DATACOM 204.4006.03 102

Where

Where
Where
Step 5 • Enable negotiation
(config-ethernet-port)#negotiation
Example:(config-ethernet-1)#negotiation
(config)# commit
To disable auto-negotiation:

# config terminal
Where

Where
DATACOM 204.4006.03 103

Where
Step 5 • Disable negotiation
(config-ethernet-port)#no negotiation
Example:(config-ethernet-1)#no negotiation
(config)# commit
4.3.5.3 Setting the Native VLAN

To configure native VLAN on UNI interface, use the following commands:

# config terminal
Where

Where
Where
Step 5 • Set the native VLAN and CoS
(config-ethernet-port)#native vlan vlan_id vlan_id cos

cos_id
Where
vlan_id – VLAN Identification
cos_id – Traffic priority identifier (0 to 7)
DATACOM 204.4006.03 104

Example:(config-ethernet-1)#native vlan vlan_id 20 cos 6
(config)# commit
4.3.5.4 IPv4 ONU Attributes

The allowed IP address must be set on the ONU configuration in order to permit IP traffic. There are
two ways to set the IP traffic permission in an ONU:
• Static IP Address: it is configured to customer with router or another L3 device on the network
interface. In this case, the IP address of the L3 device must be listed as an allowed IP address.
• DHCP: for costumer that uses a DHCP configuration.
4.3.5.4.1 Configuring the Static IP Router

To enable IP traffic on ONU for a host IP address, use the following commands:
# config terminal
Where

Where
Step 4 • Set static IP for ONU
(config-gpon-onu-onu_id)#ipv4 static address

IPaddress/mask default-gateway default_gw
Where
IPaddress/mask – Allowed IP address and mask
default_gw – IP address of default gateway
Example:(config-gpon-onu-1)#ipv4 static address

192.168.1.1/24 default-gateway 192.168.1.254
(config)# commit
DATACOM 204.4006.03 105

4.3.5.4.2 Configuring DHCP Client

To set an ONU as a DHCP client, use the following commands:

# config terminal
Where

Where
Step 4 • Set the ONU as DHCP client with an outer VLAN
(config-gpon-onu-onu_id)#ipv4 dhcp vlan vlan-id vlan_id

cos cos_id
Where
vlan_id – VLAN identification
cos_id – Traffic priority identification (0 to 7)
Example:(config-gpon-onu-1)#ipv4 dhcp vlan vlan-id 10cos 7

(config)# commit
4.3.6 Displaying an ONU Configuration

To display an ONU configuration, use the following commands:
DATACOM 204.4006.03 106

Command To Verify
• Physical interface
• Downstream FEC
# show interface gpon chassis/slot/ onu • Upstream FEC
• Allocated upstream
• Bandwidth
• ID
• Serial Number
• Vendor ID
• Device ID
• Name
• Operational state
• Primary state
• IPv4 mode
• IPv4 address
• IPv4 default gateway
• IPv4 VLAN
• IPv4 CoS
• Line Profile
# show interface gpon chassis/slot/ onu • Service Profile
onu_id • Allocated bandwidth
• Upstream-FEC
• Anti Rogue ONU
isolate
• Version
• Active FW
• Standby FW
• Software Download
State
• RX Optical Power -
dBm-
• TX Optical Power -
dBm-
• ID
• Serial Number
• Vendor ID
• Device ID
• Name
• Operational state
# show interface gpon chassis/slot/ onu
onu_id brief • Primary state
• Line Profile
• Service Profile
• Allocated bandwidth
• Upstream-FEC
• Anti Rogue ONU
isolate
• Link-level type
# show interface gpon chassis/slot/ onu • Speed
onu_id ethernet • Duplex
• Negotiation
DATACOM 204.4006.03 107

4.4 SERVICES APPLICATION

This chapter describes how to deploy services applications.
4.4.1 Overview
This chapter describes how to configure the available services for GPON applications. DmOS supports
the following services:
• N:1 Service: This kind of service is usually deployed to provide internet access for residential
customers, since only one VLAN is used to transport the internet service across the network.
• 1:1 Service: This kind of service is usually deployed to provide business applications or
residential internet access, since a different VLAN is used to transport each client’s service
across the network. Each Traffic Class of the same subscriber must have the same VLAN.
• TLS Service: This kind of service is usually deployed to provide business applications or
residential Internet access, since a different VLAN is used to transport each client’s service
across the network. Each Traffic Class of the same subscriber can have the same or different
VLAN.
4.4.2 Setting Service Type

To configure the service type for GPON applications, use the following commands:
# config terminal
Step 2 • Enter the service VLAN
(config)# service vlan vlan-id vlan_id
Where
Example:(config)# service vlan vlan-id 100

Step 3 • Set the service type in the service VLAN
(config-vlan-vlan_id)#type [1:1|n:1|tls]
Example:(config-vlan-100)# type 1:1

(config)# commit
4.4.3 Setting Flood Block Downstream

This service is only available for N:1 services type in downstream traffic. The upstream traffic is not
affected. To configure the flood block downstream, use the following commands:

# config terminal
Step 2 • Enter the service VLAN
DATACOM 204.4006.03 108

(config)# service vlan vlan-id vlan_id
Where
Example:(config)# service vlan vlan-id 100

Step 3 • Set the flood block downstream in the n:1 service type
(config)#type n:1 block [broadcast|multicast|unicast]
Where
n:1 – Service type
Example:(config-vlan-100)# type n:1 block broadcast

(config)# commit
4.4.4 Setting Service Port

Service port is used to bridge the gap between the GEM Port traffic and the service VLAN. To configure,
use the following commands:
# config terminal
Step 2 • Enter the GPON interface configuration
(config)# service-port service_port_id gpon
chassis/slot/port onu onu_id gem gem_id match vlan
vlan-id vlan_id action vlan [add|replace] vlan
vlan-id vlan_id
Where
service_port_id – Service port identification number
gem_id – GEM identification number
Example:(config)# service-port 1 gpon 1/1/1 onu 1 gem 1 match

vlan vlan-id 100 action vlan replace vlan vlan-id 200
(config)# commit
4.4.5 Displaying Service-Port Configuration

To display Service-Port configuration, use the following command:
DATACOM 204.4006.03 109

Command To Verify
• Service-Port
• Interface GPON
• ONU
• GEM
# show service-port service-port_id • VLAN
• Action
• VLAN
• Inner Action
• Inner VLAN
4.5 ALLOWED IP
This chapter describes how to deploy the allowed IP.
4.5.1 Overview
The allowed IP addresses have to be set on service Port in order to permit IP traffic. There are four ways
to configure the IP traffic permission on Service Port:
• Static IP Address – It is configured to customer with router or another L3 device on the
network interface. In this case, the IP address of the L3 device must be listed as an allowed IP
address.
• All IP Address – For customer that needs a bridge connection.
• All IPV4 Address – For customer that needs IPV4 traffic only.
• All IPV6 Address – For customer that needs IPV6 traffic only.
4.5.2 Setting Rules

To configure IP traffic rules, use the following commands:

# config terminal
Step 2 • Enter the Anti IP Spoofing
(config)# anti-ip-spoofing
Example:(config)# anti-ip-spoofing
Step 3 • Enter the Service Port
(config-ip-spoofing)#interface interface
Where:
interface – Interface type and chassis/slot/port or ID
Example:(config-ip-spoofing)# interface service-port-2

Step 4 • Setting the allowed IP rules
(config-ip-spoofing-service-port-number)#allowed-ip
[all|ipv4-all|ipv6-all|ipv4 IPaddress vlan VLAN_ID mac
mac_address]
DATACOM 204.4006.03 110

Where:
IPaddress – allowed ip address
VLAN_ID – allowed VLAN
mac_address – allowed MAC address
Example:(config-ip-spoofing-service-port-2)# allowed-ip
ipv4 1.1.1.1 vlan 10 mac 00:AA:10:20:30:41
(config)# commit
The network uses DHCP or PPPoE servers to authenticate GPON clients, allowed IP
address are set automatically and these steps are not necessary.
It is not possible to disable anti-ip-spoofing on GPON interfaces.
4.5.3 Displaying Allowed-IP Table

To display Allowed-IP Table, use the following commands:
Command To Verify
• MAC-Address
• IP-Address
# show allowed-ip • VLAN
• Entry Type
• Interface
• Status
• MAC-Address
• IP-Address
# show allowed-ip address IPaddress • VLAN
• Entry Type
• Interface
• Status
• MAC-Address
• IP-Address
# show allowed-ip entry-type type • VLAN
• Entry Type
• Interface
• Status
• MAC-Address
• IP-Address
# show allowed-ip mac MAC_address • VLAN
• Entry Type
• Interface
• Status
• MAC-Address
# show allowed-ip status status • IP-Address
• VLAN
• Entry Type
DATACOM 204.4006.03 111

• Interface
• Status
• MAC-Address
• IP-Address
# show allowed-ip vlan VLAN-ID • VLAN
• Entry Type
• Interface
• Status
4.6 DHCP OPTION 82

This chapter describes how to deploy DHCP Option 82.
4.6.1 Overview
DHCP Relay L2 Agent implements the snooping of DHCP packets for security and subscriber
management purposes by keeping track of IP leases assigned by a trusted DHCP server to downstream
untrusted network devices. The DHCP option 82 (DHCP Relay Agent Information Option) appended
by the relay agent could be used to keep user traceability on IPoE scenarios and to provide network
configuration based on location of network clients.
Default configuration has DHCP disabled.
4.6.2 Setting VLAN

To configure DHCP Relay on VLAN, use the following commands:

# config terminal
Step 2 • Setting DHCP Relay on VLAN
(config)#dhcp relay vlan VLAN_ID
Where:
VLAN_ID – VLAN identifier
Example:(config)# dhcp relay vlan 10

(config)# commit
4.7 PPPOE INTERMEDIATE AGENT

This chapter describes how to deploy PPPoE-IA.
DATACOM 204.4006.03 112

4.7.1 Overview
The PPPoE Intermediate Agent protocol allows identification of subscriber line of different users
through keys access. The protocol is configured between the subscriber and Broadband Remote Access
Server (BRAS).
Default configuration has PPPoE-IA enabled.
4.7.2 Setting Sub-Option

To configure PPPoE with Circuit-ID and Remote-ID of sub-option, use the following commands:

# config terminal
Step 2 • Enter the PPPoE-IA
(config)#pppoe intermediate-agent Chassis/Slots
Where:
chassis/slot – Chassis and slot identifier
Example:(config)# pppoe intermediate-agent 1/1

Step 3 • Setting sub-option of PPPoE-IA
(config-intermediate-agent-chassis/slot)#sub-option
[circuit-id|remote-id ]
Example:(config)# sub-option circuit-id

(config)# commit
DATACOM 204.4006.03 113

DmOS – User Guide Tunneling
5 TUNNELING
5.1 LAYER 2 CONTROL PROTOCOL TUNNELING (L2PT)
This chapter describes how to deploy L2PT.
5.1.1 Overview
The Layer 2 Control Protocol Tunneling perform the forward or drop of BPDU packets based on
destination MAC Address. The tunneling provides interoperability with other vendors and also allows
that core switches do not process some PDUs (Protocol Data Units) for connect customers switches on
different sites.
For Layer 2 Control Protocol Tunneling take effect, must be configured the TLS service
on service-vlan.
5.1.2 Setting Actions

To configure layer 2 Control Protocol Tunneling, use the following commands:
# config terminal
Step 2 • Configure BPDU Transparency
(config)# layer2-control-protocol vlan vlan-id
extended action [drop|forward]
Where
vlan-id – VLAN identification
Example:(config)# layer2-contro-protocol vlan 100 extended

action forward
(config)# commit
5.1.3 Default Actions

By default, DmOS follows the behavior bellow:
BPDU Type MAC Address Action
IEEE 01:80:C2:00:00:XX DROP
EAPS 00:E0:2B:00:00:04 FORWARD
RRPP 00:0F:E2:07:82:XX FORWARD
Cisco Protocols 01:00:0C:CC:XX:XX and 01:00:0C:CD:XX:XX FORWARD
DATACOM 204.4006.03 114

DmOS – User Guide Ethernet
6 ETHERNET
Ethernet standard (802.3) was defined by IEEE (Institute for Electrical and Electronic Engineers). This
standard defines many rules for protocols and network devices can communicate efficiently. Since the first
publication (1985), updates about functionality or provides maintenances were added in the standard.
There are some others standards like Fast-Ethernet (IEEE802.3u), Gigabit-Ethernet (IEEE 802.3z) and 10-
Gigabit-Ethernet (IEEE 802.3ae) that originated of main standard IEEE802.3 due new protocols or higher
speeds.
The media access control (MAC) protocol for IEEE802.3 standard is Carrier Sense Multiple Access with
Collision Detection (CSMA/CD). The CSMA/CD is responsible To detect collision between the frames
and realize the retransmission through Back-Off Algorithm. IEEE802.3 standard also defines the frame
structure for data communication.
The preamble field is a 7-octect that is used to allow the PLS circuitry to reach its steady state
synchronization with the received frame timing. The Start Frame Delimiter (SFD) indicates the start of
frame through the sequence 10101011. The Destination and Source MAC specifies the station of should
be received the frame and which originated the frame, respectively. The 802.1Q field is an optional tag that
carries information like, priority and VLAN identifier. The EtherType or 802.3 Length field indicates the
type or length of the frame. Payload field contains octet’s sequence of information transmitted by the source
station. The frame check sequence (FCS) field is used by the transmission and receiving algorithm to
generate a CRC value. This value is computed and encoding by a function polynomial. The inter-frame
gap (IFG) is the space between one frame and its subsequent one.
6.1 GIGABIT-ETHERNET INTERFACES

Each Ethernet interface has the following settings that can be modified:
• Administrative State
• Negotiation
• Advertising Abilities
• Speed and Duplex
• Flow Control
• MDIX
DmOS does not support Half Duplex configuration.
DATACOM 204.4006.03 115


The Gigabit Ethernet interfaces are administratively enabled by default. To disable them, use the
following commands:

# config terminal
Step 2 • Define the Gigabit Ethernet interface to set up
(config)# interface gigabit-ethernet
chassis/slot/port
Where
on the device
Example:(config)# interface gigabit-ethernet 1/1/1

Step 3 • Disable the gigabit-ethernet interface
(config-gigabit-ethernet-chassis/slot/port)#shutdown
Example:(config-gigabit-ethernet-1/1/1)# shutdown
(config)# commit
To enable the Gigabit Ethernet interfaces, use the following commands:

# config terminal
chassis/slot/port
Where
on the device

Step 3 • Enable the gigabit-ethernet interface
(config-gigabit-ethernet-chassis/slot/port)# no shutdown
Example:(config-gigabit-ethernet-1/1/1)# no shutdown
(config)# commit
DATACOM 204.4006.03 116

6.1.2 Setting Negotiation Mode and Advertised Abilities

The Gigabit Ethernet interfaces can use auto-negotiation mode with the advertised abilities. To enable
negotiation and to configure advertised abilities, use the following commands:

# config terminal
chassis/slot/port
Where
on the device

Step 3 • Enable negotiation
(config-gigabit-ethernet-chassis/slot/port)#negotiation
Example:(config-gigabit-ethernet-1/1/1)# negotiation
Step 4 • Define the advertised abilities
(config-gigabit-ethernet-chassis/slot/port)# advertising-
abilities [1Gfull|10Mfull|100Mfull|rx-pause|tx-pause]
Example:(config-gigabit-ethernet-1/1/1)# advertising-
abilities 1Gfull
(config)# commit
6.1.3 Setting Port Speed

For the Ethernet interfaces, it is possible to set speed. However, the auto-negotiation in the device ports
is enabled by default. So, it is able to automatically match the transmit rate of the attached device. To
configure port speed, use the following commands:

# config terminal
chassis/slot/port
Where
on the device

Step 3 • Define the speed
DATACOM 204.4006.03 117

(config-gigabit-ethernet-chassis/slot/port)#speed
[1G|10M|10G]
Example:(config-gigabit-ethernet-1/1/1)# speed 1G
(config)# commit
6.1.4 Setting Flow Control

For the Ethernet interfaces, it is possible to configure flow control. However, by default, flow-control
for a port is disabled. To configure flow-control, use the following command:

# config terminal
chassis/slot/port
Where
on the device

Step 3 • Enable flow control
(config-gigabit-ethernet-chassis/slot/port)#flow control
[rx-pause|tx-pause]
Example:(config-gigabit-ethernet-1/1/1)# flow-control tx-

pause
(config)# commit
6.1.5 Setting MDIX Mode

For the Ethernet interfaces, it is possible to configure MDIX. However, by default, MDIX for a port is
configured at Normal mode. To configure MDIX mode, use the following command:
Only MDIX Normal mode is supported on Optical Interfaces.

# config terminal
chassis/slot/port
DATACOM 204.4006.03 118

Where
on the device

Step 3 • Define the MDIX setting
(config-gigabit-ethernet-chassis/slot/port)# mdix
[auto|normal|xover]
Example:(config-gigabit-ethernet-1/1/11)# mdix xover

(config)# commit
6.2 TEN-GIGABIT-ETHERNET INTERFACES

Each Ten-Gigabit-Ethernet interface has the following settings that can be modified:
• Administrative State (Shutdown)
• Negotiation
• Advertising Abilities
• Speed and Duplex
• Flow Control
• MDIX
DmOS does not support Half Duplex configuration.

The Ten Gigabit Ethernet interfaces are administratively enabled by default. To disable them, use the
following commands:

# config terminal
Step 2 • Define the Ten Gigabit Ethernet interface to disable
(config)# interface ten-gigabit-ethernet
chassis/slot/port
Where
on the device
Example:(config)# interface ten-gigabit-ethernet 1/1/1

Step 3 • Disable the Ten-Gigabit Ethernet interface
(config-ten-gigabit-ethernet-chassis/slot/port)#shutdown
Example:(config-gigabit-ethernet-1/1/1)# shutdown
DATACOM 204.4006.03 119

(config)# commit
To enable the Ten Gigabit Ethernet interfaces, use the following commands:

# config terminal
Step 2 • Define the Ten Gigabit Ethernet interface to enable
chassis/slot/port
Where
on the device

Step 3 • Enable the Ten-Gigabit Ethernet interface
(config-ten-gigabit-ethernet-chassis/slot/port)#no
shutdown
Example:(config-gigabit-ethernet-1/1/1)# no shutdown
(config)# commit
6.2.2 Setting Negotiation Mode and Advertised Abilities
Ten-Gigabit-Ethernet interfaces does not supported negotiation and advertised abilities.

The commit will display the following message: “Aborted: 'interface ten-gigabit-ethernet
1/1/1 negotiation': Negotiation unavailable for this port.”
6.2.3 Setting Port Speed and Duplex Settings

For the Ten-Gigabit Ethernet interfaces, it is possible to set speed. However, the auto-negotiation in the
device ports is enabled by default. So, it is able to automatically match the transmit rate of the attached
device. To configure port speed, use the following commands:

# config terminal
Step 2 • Define the Ten-Gigabit Ethernet interface to set up
chassis/slot/port
Where
on the device
DATACOM 204.4006.03 120

Step 3 • Define the speed
(config-ten-gigabit-ethernet-chassis/slot/port)#speed 10G
Example:(config-gigabit-ethernet-1/1/1)# speed 10G

(config)# commit
6.2.4 Setting Flow Control

For the Ten-Gigabit Ethernet interfaces, it is possible to configure flow control. However, by default,
flow-control for a port is disabled. To configure flow-control, use the following commands:

# config terminal
Step 2 • Define the Ten-Gigabit Ethernet interface to set up
chassis/slot/port
Where
on the device

Step 3 • Enable flow control
(config-ten-gigabit-ethernet-chassis/slot/port)#flow
control [rx-pause|tx-pause]
Example:(config-ten-gigabit-ethernet-1/1/1)# flow-control
tx-pause
(config)# commit
6.2.5 Setting MDIX Mode

For the Ten-Gigabit Ethernet interfaces, it is not possible to configure MDIX. Only Normal mode is
supported.
6.3 LINK AGGREGATION

6.3.1 Overview
IEEE 802.3ad link aggregation enables to group Ethernet interfaces to form a single link layer interface,
also known as a link aggregation group (LAG) or bundle.
Aggregating multiple links between physical interfaces creates a single logical point-to-point trunk link
or a LAG. The LAG balances traffic across the member links within an aggregated Ethernet bundle and
effectively increases the uplink bandwidth. Another advantage of link aggregation is increased
DATACOM 204.4006.03 121

availability, because the LAG is composed of multiple member links. If one member link fails, the LAG
continues to carry traffic over the remaining links.
LACP (Link Aggregation Control Protocol) is the standards based protocol used to signal LAGs. It
detects and protects the network from a variety of misconfiguration, ensuring that links are only
aggregated into a bundle if they are consistently configured and cabled. LACP can be configured in one
of two modes:
Active mode – Device immediately sends LACP messages (LACP PDUs) when the interface comes up.
Passive mode – Places a interface into a passive negotiating state, in which the interface only responds
to LACP PDUs it receives but does not initiate LACP negotiation.
If both sides are configured as active, LAG can be formed assuming successful negotiation of the other
parameters. If one side is configured as active and the other one as passive, LAG can be formed as the
passive port will respond to the LACP PDUs received from the active side. If both sides are passive,
LACP will fail to negotiate the bundle. In practice it is rare to find passive mode used as it should be
clearly and consistently defined which links will use LACP/LAG ahead of deployment.
Bellow you can see the LAG limits per platform:
Platform Limits DM4610

Maximum Interface per LAG 8
4
Maximum LAGs
Bellow you can see the LAG matches supported in enhanced balance mode:
Load Balance DM4610

Source / Destination MACs Yes
Yes
Source / Destination IPv4
Yes
Source / Destination IPv6
Yes
TCP Ports
Yes
UDP Ports
Yes
TCP Ports whith IPv6
Yes
UDP Ports whith IPv6
When the packet is identified as having IP or IPv6 header, the source / destination MAC is
not taken in consideration.
DATACOM 204.4006.03 122

6.3.2 Creating a LAG

In order to configure a new LAG, use the following commands:

# config terminal
Step 2 • Create a LAG
(config)# link-aggregation interface lag lag_id
Where
lag_id – LAG identifier (From 1 to 4)
Example:(config)# link-aggregation interface lag 1

Step 3 • Assing ports to LAG. Maximum 8 ethernet interfaces.
(config-la-if-lag-id)# interface gigabit-ethernet
chassis/slot/port
Where
on the device
• Example:( config-la-if-lag-id)# interface gigabit-ethernet 1/1/1

Step 4 • To assing the next interfaces into LAG it is necessary to return to the last level.
(config-la-if-gigabit-ethernet-1/1/1)# exit
(config)# commit
6.3.3 Enabling LACP (Link Aggregation Control Protocol)

In order to enable LACP protocol in a LAG, use the following commands:
# config terminal
Step 2 • Create a LAG
(config)# link-aggregation interface lag lag_id
Where
lag_id – LAG identifier (From 1 to 4)
Example:(config)# link-aggregation interface lag 1

Step 3 • Change mode.
(config-la-if-lag-id)# mode [active|passive|static]
Where
active - Indicates that the interface initiates
transmission of LACP packets.
passive - Indicates that the interface only
responds to LACP packets.
static - Configure LACP in static mode (disabled)
DATACOM 204.4006.03 123

• Example:( config-la-if-lag-id)# mode active

(config)# commit
6.3.4 Displaying LACP Status
To display IGMP Snooping status, use the following commands:
Command To verify
• Member
• Mode
• Rate
# show link-aggregation lacp brief • State
• Port Priority
• Port ID
• Key
• System Priority
• Local Interface
• Admin State
# show link-aggregation lacp
extensive • Aggreg. State
• MAC
• Remote Interface Info
• Member
• LACPDUs Sent
# show link-aggregation lacp
statistics • LACPDUs Received
• Pkt Errors
• Cleared(s)
6.4 VLAN
6.4.1 Overview
In a Layer 2 switched network, each network segment has its own collision domain and all segments
are in same broadcast domain. Every broadcast is seen by every device on the network. Virtual Local
Area Network (VLAN) is used to segment a single broadcast domain to multiple broadcast domains.
There are many reasons for using VLANs including the following:
• Separate large broadcast domains into smaller ones, reducing processing resources;
• Grouping user by interesting traffic;
• Isolate sensitive traffic, providing security;
• Work independently of physical layer topology.
The following figure shows a Layer 2 switched network where all network devices are in a single
broadcast domain.
DATACOM 204.4006.03 124

The same network can be segment using VLAN technology. In the following example, there are two
VLANs, and consequently two different broadcast domains.
VLANs are not restricted to any physical location in the switched network whether the devices are
interconnected using switching device like an Ethernet switch. To do this connection, trunk links are
used. Trunk links are able to carry multiple VLANs traffic. To identify one given VLAN among many
DATACOM 204.4006.03 125

others, it is used a technique called VLAN Framing Tagging, and the IEEE 802.1Q is the protocol
developed to perform it.
In other side, there is the access link. The access link is part of a single VLAN, and is a link used by
end-device.
The 802.1Q trunks support tagged and untagged Ethernet frames. An untagged Ethernet frame is a
standard unaltered Ethernet frame. Untagged Ethernet frames are generally used for native VLAN
communication. If a switch receives untagged Ethernet frames, they are considered as part of the native
VLAN and frames from a native VLAN access port are not tagged when exiting the switch via a native
VLAN trunk port.
The normal range of available VLAN IDs goes from 1 to 4094, and, on the most L2 devices, including
DmOS, the default VLAN is the number 1 on all ports.
6.4.2 Creating a VLAN

VLANs provide logical segmentation of networks by creating separate broadcast domains. At DmOS,
VLANs are created or modified using the dot1q command.
To configure a new VLAN, use the following commands:

# config terminal
Step 2 • Create a VLAN
(config)# dot1q vlan vlan_id
Where
vlan_id – VLAN identifier (From 1 to 4094)
Example:(config)# dot1q vlan 500

(config)# commit
6.4.3 Setting Name

To set or to modify a VLAN name, use the following commands:

# config terminal
Step 2 • Access the VLAN to name or to modify its name
Where
DATACOM 204.4006.03 126

Step 3 • Modify the VLAN name

(config-vlan-vlan_id)# name_vlan_name
Where
vlan_name – The new name of the VLAN
Example:(config-vlan-500)# name south_region

(config)# commit
6.4.4 Removing VLANs

To remove a VLAN, use the following commands:

# config terminal
Step 2 • Remove the existing VLAN
(config)# no dot1q vlan vlan_id
Where
Example:(config)# no dot1q vlan 500

(config)# commit
6.4.5 Setting VLANs to Uplink Ports

The 802.1Q trunks support tagged and untagged Ethernet frames. An untagged Ethernet frame is a
standard unaltered Ethernet frame. Untagged Ethernet frames are generally used for native VLAN
communication.
6.4.6 Assigning Ports to VLANs

To enable ports to participate in a specific VLAN, the administrator must first assign the ports. The
following ports can be member a VLAN:
• Gigabit Ethernet
• Ten-Gigabit Ethernet
To set a Gigabit port as member of a VLAN, use the following commands:

# config terminal
Step 2 • Choose a VLAN to the Ethernet port to take part of
Where
DATACOM 204.4006.03 127


Step 3 • Define the Ethernet ports to join the VLAN
(config-vlan-vlan_id)# interface gigabit-ethernet
chassis/slot/port [tagged|untagged]
Where
on the device
Example:(config-vlan-500)# interface gigabit-ethernet 1/1/1

tagged
(config)# commit
To set a Ten Gigabit port as member of a VLAN, use the following commands:

# config terminal
Step 2 • Choose a VLAN to the Ethernet port to take part of
Where

Step 3 • Define the Ethernet ports to join the VLAN
(config-vlan-vlan_id)# interface ten-gigabit-
ethernet chassis/slot/port [tagged|untagged]
Where
on the device
Example:(config-vlan-500)# interface ten-gigabit-ethernet

1/1/1 tagged
(config)# commit
6.4.7 Setting Native VLAN

Native VLAN is the VLAN that receives untagged frames, as explained on chapter. To set a native
VLAN on Ethernet ports, use the following commands:

# config terminal
DATACOM 204.4006.03 128

Step 2 • Choose the interface port and a native VLAN ID

(config)# switchport interface interface_type-
chassis/slot/port native-vlan vlan-id
Where
interface_type – Interface types available according the device model
on the device
vlan-id – Native VLAN identification number
Example:(config)# switchport interface gigabit-ethernet-

1/1/1 native-vlan 10
(config)# commit
6.4.8 Verifying VLAN Settings

To display VLAN settings, use the following command:
Command To verify
List all VLANs
VLAN ID
# show vlan brief
VLAN Name
Type
VLAN ID
# show vlan brief vlan_entity vlan_id VLAN Name
Type
List all VLANs
VLAN I
# show vlan detail VLAN Name
Type
Interface Count
VLAN ID
# show vlan detail vlan_entity vlan_id VLAN Name
Type
Interface Count
List all VLANs
# show vlan membership detail VLAN ID
Interface Name
Type
VLAN ID
# show vlan membership detail vlan_entity
vlan_id Interface Name
Type
6.5 QINQ
6.5.1 Overview
QinQ is a L2 technology also known as QinQ tunneling, 802.1Q tunnel, VLAN stacking or double
tagging. Using double tagging, a service provider can assign different service VLANs (S-VLANs) to
different customer traffic. This allows a separation between each customer’s traffic within the service
provider network. Customer’s VLANs are then moved transparently inside the service provider’s
network.
DATACOM 204.4006.03 129

The original customer’s VLANs (C-VLANs) get encapsulated by the S-VLAN, allowing transparent
LAN service (TLS). This is represented on following figure.
The following figure, both customer have multiple locations and the sites are connected via a Service
Provider using QinQ technology. The result is that the two sites are logically trunked, meaning that they
are able to send VLAN’s across to each other through the service providers dedicated QinQ VLAN.
6.5.2 Setting QinQ

To set a QinQ it is necessary to have a VLAN already created. After created the given VLAN, a QinQ
is able to be configured. To configure QinQ, use the following commands:

# config terminal
Step 2 • Access switchport configuration
(config)# switchport interface interface_name
Where
DATACOM 204.4006.03 130

interface_name – Gigabit or Ten Gigabit interface

1/1/1
Step 3 • Set qinq configuration
(config-switchport-gigabit-ethernet-1/1/1)# qinq
Example:( config-switchport-gigabit-ethernet-1/1/1)# qinq

Step 4 • Set native vlan on interface
(config-switchport-gigabit-ethernet-1/1/1)# native-
vlan vlan-id vlan-id
Where
vlan-id – Identifies the S-VLAN to be added in the packets. VLAN must
exist in the configuration
• Example:( config-switchport-gigabit-ethernet-1/1/1)# native-vlan vlan-

id 110
(config)# commit
6.5.3 Setting Selective QinQ

To set a Selective Q-in-Q it is necessary to have an action VLAN already created in order to configure
the Selective Q-in-Q rule using the required VLAN. To create an action VLAN, refer to chapter:
After created the given VLAN, a Selective Q-in-Q is able to be configured. To configure QinQ
Selective, use the following commands:

# config terminal
Step 2 • Enter into VLAN-Mapping configuration mode
(config)# vlan-mapping
Step 3 • Select the required interface to apply the Selective QinQ rule
(config-vlan-mapping)# interface gigabit-ethernet
chassis/slot/port
Where
on the device
Example:(config-vlan-mapping)# interface gigabit-ethernet

1/1/1
Step 4 • Choose a name for the rule to be created
(config-interface-gigabit-ethernet-1/1/1)# rule
rule_name
DATACOM 204.4006.03 131

Where
rule_name – Name of the rule to be created (Max: 48 characters)
Example:(config-interface-gigabit-ethernet-1/1/1)# rule my-

rule
Step 5 • Choose the mapping mode and match in order to select the required VLAN or
VLAN range to apply the rule
(config-rule-my-rule)# ingress match vlan
Where
vlan – Represents the VLAN or VLAN range to apply the ingress match rule.
To choose a VLAN range, use the following syntax:
 List: 1000-2000 (VLANs from 1000 to 2000)
 List with specific VLANs: 200,300-500 (VLANs 200 and from
300 to 500)
Example:(config-rule-my-rule)# ingress match vlan vlan-id

20
Step 6 • Inform the action of the rule and the VLAN tag to be applied
(config-rule-my-rule)# action add vlan vlan-id
vlan_id
Where
vlan_id – VLAN tag to apply to ingress packets
Example:(config-rule-my-rule)# action add vlan-vlan-id 100

(config)# commit
6.6 MAC ADDRESS TABLE

6.6.1 Overview
The switch device works in a layer 2 and performs the forwarding of filtering frames through MAC
Addresses. MAC Address Table stores MAC addresses learned by device associating with an interface
port.
MAC addresses are learned dynamically or statically by the device. On the statically mode, the user
saves an entry with MAC address and port. This entry will persist in the table until the user removes it.
In dynamically mode, the switch receives a frame and, in the first time, it will forward this frame for all
ports (flooding). After the destination replies, the switch saves the MAC address and interface port into
a table and forwards next frames to a port without flooding. This address will be saved while exist traffic
or will wait the aging time for clean this entry in the table.
DATACOM 204.4006.03 132

6.6.2 Displaying MAC Address Table

To display MAC Address Table, use the following commands:
Command To verify
Chassis/Slot
Interface Type
Interface
# show mac-address-table
MAC Address
VLAN
Type
Chassis/Slot
Interface Type
Interface
# show mac-address-table mac address MAC Address
VLAN
Type
Chassis/Slot
Interface Type
Interface
# show mac-address-table type MAC Address
VLAN
Type
Chassis/Slot
Interface Type
Interface
# show mac-address-table unit MAC Address
VLAN
Type
Chassis/Slot
Interface Type
Interface
# show mac-address-table vlan MAC Address
VLAN
Type
6.6.3 Setting Global Aging Time

To set Global Aging Time, use the following commands:
# config terminal
Step 2 • Change the MAC address aging time
(config)# mac-address-table aging-time seconds
Where
seconds – Aging time in global mode [0 | 10-1000000]
Example:(config)# mac-address-table aging-time 600

(config)# commit
DATACOM 204.4006.03 133

The table below lists the default settings for Aging Time Global
Aging time global 600
6.7 RSTP
This chapter describes how to deploy Rapid Spanning Tree Protocol (RSTP).
6.7.1 Overview
The Spanning Tree Protocol (STP) provides a tree topology for any arrangement of bridges. STP also
provides one path between end stations on a network, eliminating loops. There are three variants of the
protocol that we need to consider.
• STP (Spanning Tree Protocol – IEEE 802.1d) is the original protocol.
• RSTP (Rapid Spanning Tree Protocol - IEEE 802.1w) is an update to STP to provide faster
convergence.
• MSTP (Multiple Spanning Tree Protocol – IEEE 802.1s) is an update to RSTP to allow separate
topologies for different groups of VLANs, which allows load balancing across the network.
DmOS supports RSTP with coexistence of STP.
DmOS does not support MSTP.
Classic STP provides a single path between end stations, avoiding and eliminating loops. The difference
between STP and RSTP is the speed with which the topology converges.
Determining the resulting topology is quite straightforward in STP/RSTP. The bridge with the lowest
bridge identifier is the root bridge, which has root path cost zero. Note that all of the ports on the root
bridge are designated ports. For each bridge (other than the root bridge), the root path cost is the sum of
the outgoing port path costs on the least cost path to the root bridge. The port with the lowest root path
cost is the root port. If multiple ports all have the lowest root path cost, then the port with the lowest
port identifier is chosen as the root port. Each LAN also has a root path cost, which is the root path cost
of the lowest cost bridge attached to the LAN. The lowest cost bridge is selected as the designated
bridge. The port on that bridge that is connected to LAN is the designated port for the LAN. If the
designated bridge has multiple ports on the LAN, the port with the lowest port identifier is the designated
ports and the other ports on the LAN become backup ports. Any port that has not been selected as root
port, designated port or backup port is an alternate port.
6.7.2 Enabling the spanning-tree

To enable spanning tree on DmOS, use the following commands:
DATACOM 204.4006.03 134

# config terminal
Step 2 • Enter on Spanning Tree configuration menu
(config)# spanning-tree
Example:(config)# spanning-tree
(config)# commit
6.7.3 Setting STP Mode

To configure STP mode on DmOS, use the following commands:
# config terminal
Step 3 • Configure STP mode
(config-spanning-tree)#mode stp_mode
Where
stp_mode – Spanning Tree Protocol mode selection [rstp]
Example:(config-spanning-tree)# mode rstp

(config)# commit
6.7.4 Setting Name

To configure the RSTP instance name on DmOS, use the following commands:
# config terminal
Step 3 • Configure STP name
(config-spanning-tree)#name name
Where
name – Name of STP instance
DATACOM 204.4006.03 135

Example:(config-spanning-tree)# name RSTP_DATACOM

(config)# commit
6.7.5 Setting Bridge-Priority

To configure the bridge-priority on DmOS, use the following commands:
# config terminal
Step 3 • Define the bridge priority
(config-spanning-tree)#bridge-priority priority
Where
priority – Bridge Priority
Example:(config-spanning-tree)# bridge-priority 10
(config)# commit
6.7.6 Setting Forward-Delay

To configure the forward-delay on DmOS, use the following commands:
# config terminal
Step 3 • Define the forward delay
(config-spanning-tree)#forward-delay delay
Where
delay – Used by root to set the number in seconds, that interfaces of all
bridges should wait to change from its listening and learning states to
forwarding state
Example:(config-spanning-tree)# bridge-priority 10
DATACOM 204.4006.03 136

(config)# commit
6.7.7 Setting Hello-Time

To configure the hello-time on DmOS, use the following commands:
# config terminal
Step 3 • Configure Hello Time
(config-spanning-tree)#hello-time time
Where
time – Value (in seconds) that all bridges will use for the hello time if this
bridge is working as root
Example:(config-spanning-tree)# hello-time 5
(config)# commit
6.7.8 Setting Ethernet Interface

To assign an ethernet interface for STP on DmOS, use the following commands:
# config terminal
Step 3 • Configure Ethernet Interfaces
(config-spanning-tree)#interface interface [auto-edge|cost

cost_value|edge-port|link-type {auto|not-point-to-
point|point-to-point}|port-priority priority]
Where
interface – Ethernet interface [chassis/slot/port]
cost_value – Path cost configuration for the port
priority – Priority configuration for the port
Example:(config-spanning-tree)# interface gigabit-ethernet

1/1/1 cost 20000
DATACOM 204.4006.03 137

(config)# commit
6.7.9 Setting Maximum-Age

To configure the maximum-age on DmOS, use the following commands:
# config terminal
Step 3 • Configure Maximum Age
(config-spanning-tree)# maximum age max_age
Where
max_age – Maximum age values for age and hop
Example:(config-spanning-tree)# maximum age 6

(config)# commit
6.7.10 Setting Maximum Transmission Rate

To configure the maximum transmission rate for RSTP on DmOS, use the following commands:
# config terminal
Step 3 • Set the maximum transmission rate
(config-spanning-tree)#transmit hold-count rate
Where
rate – Maximum BPDU transmission rate on ports
Example:(config-spanning-tree)# transmit hold-count 5

(config)# commit
DATACOM 204.4006.03 138

6.7.11 Default Parameters

The table below lists the default settings for Spanning Tree Configuration
bridge-priority 32768
forward-delay 15
hello-time 2
maximum age 20
mode rstp
transmit hold-count 6
6.7.12 Displaying Spanning Tree State Status

To display Spanning Tree status, use the following commands:
Command To verify
• Interface
• Priority
# show spanning-tree • Cost
• Status
• Bridge ID
• Port
• Interface
• Priority
# show spanning-tree brief • Cost
• Status
• Bridge ID
• Port
# show spanning-tree detail • Spanning Tree Status
• Port Status
# show spanning-tree extensive • Spanning Tree Status

• Port Status
DATACOM 204.4006.03 139

DmOS – User Guide Quality Of Service (QoS)
7 QUALITY OF SERVICE (QOS)
QoS (Quality of Service) is a set of mechanisms and algorithms used to classify and to organize the network
traffic. The main goal is to ensure that the elements that determine the network transmission quality
(latency, jitter and bandwidth) work properly and predictably.
The following example shows the QoS basic process. The voice and video packets are organized on high
priority queues to minimize the latency and jitter effects. The data traffic receives the low priority treatment
and is sent after the high priority traffic.
To achieve the quality of service, the IEEE developed the 802.1p standard. This method works classifying
the traffic at MAC (Media Access Control) level by marking the class of service (CoS) on Ethernet header.
The figure below shows the priority field at the Ethernet header.
These services classes are nothing more than the classification of the type of traffic that is sent by the
network user’s applications. The IEEE 802.1p provides 8 traffic classes (range is from 0 to 7). The class 7
is the highest priority and class 0 the lowest.
Each of these classes can be associated to a priority queue and receive special treatment in accordance with
the service sensibility regarding to latency, jitter and bandwidth. Services more sensitive to these elements,
as voice and video, shall be placed in priority queues that have preference to access the network, while
lower priority services, as internet traffic, will be forwarded in lower priority queues being subjected even
to be discarded.
DATACOM 204.4006.03 140

This classification of classes of service to priority queues is called CoS mapping.

Another way to implement the class of service is using the Differentiated Services (Diffserv) developed by
IETF. The Diffserv architecture works on network layer of OSI model and uses the marking of
differentiated services codepoint (DSCP) field of IP header to classify the traffic to queues. The figure
below shows the IP header. The classification of service classes in the priority queues uses the same idea
of COS map presented to 802.1p.
Using the 802.1p classification the QoS is performed on layer 2. This approach is used when layer 2 QoS
is demanded, knowing that when the frame are transmitted through a layer 3 network this mark can be
replaced or lost. This approach is used on local area network, such as the access network.
If end-to-end QoS mark is demanded, requiring to be maintained over layer 3 network or another networks
that use different approaches to Ethernet, the DSCP mark should be used. The application of DSCP is more
used for wide area networks, such as the internet.
7.1 QOS – SCHEDULING

This chapter describes how to deploy a scheduling.
7.1.1 Overview
DmOS provides the WFQ (Weighted Fair Queueing) scheduling. This scheduler ensures fairness in the
processing queue, ensuring that the lower priority queues are not overlooked in congestion conditions.
The algorithm ensures that a minimum bandwidth is guaranteed for each of the queues congestion
conditions, making the scheduling of traffic over a round robin or priority to the limit configured. When
a queue reaches its maximum allocated bandwidth and the port is already running at maximum speed,
the traffic will +be shaped. Thus, bursts that go beyond the maximum bandwidth specified are stored in
the transmit buffer. If the buffer runs out, packets will be dropped.
7.1.2 Creating QoS Profile

To create a QoS profile, use the following commands:

# config terminal
DATACOM 204.4006.03 141

Step 2 • Create a QoS scheduler profile

(config)# qos scheduler-profile profile_name
Where
profile_name – Scheduler profile identifier
Example:(config)# qos scheduler-profile wfq-test

Step 3 • Configure the scheduler profile mode
(config-qos-scheduler-profile-profile_name)#mode
profile_mode
Example:(config-qos-scheduler-profile-wfq-test)# mode wfq

Step 4 • Configure the scheduler profile queues
(config-qos-scheduler-profile-profile_name)#queue
queue_index weight weight_value
Where
queue_index – Queue index number
weight_value – Percent bandwidth weight value or SP (Strict Priority)
Example:(config-qos-scheduler-profile-wfq-test)# queue 5
weight 20
(config)# commit
7.1.3 Associating QoS Profiles

To associate a QoS profile with some interface, use the following commands:

# config terminal
Step 2 • Associate the scheduler profile with some interface
(config)# qos interface interface scheduler-profile
profile_name
Where:
interface – Interface identifier
profile_name – Scheduler profile identifier
Example:(config)# qos interface gigabit-ethernet-1/1/1

scheduler-profile wfq-test
(config)# commit
DATACOM 204.4006.03 142

7.2 QOS TRAFFIC SHAPING

7.2.1 Overview
Traffic shaping allows to shape traffic on a per-physical port basis. Rate limiting can be applied to
individual interfaces. Non-conforming traffic is dropped, conforming traffic passes through without any
changes.
7.2.2 Setting Rate Limit Egress

To create an traffic shaping for egress traffic on the interface Ethernet, use the following commands:

# config terminal
Step 2 • Create shaping on the interface Ethernet.
(config)# qos interface interface rate-limit egress
bandwidth bandwidth
Where:
interface – Interface Ethernet
bandwidth - <100-10000000> Bandwidth in kbit/s
Example:(config)# qos interface gigabit-ethernet-1/1/1

rate-limit egress bandwidth 100000
Step 3 • Configure a burst size.
(config-rate-limit-egress) # burst burst_size
Where:
burst_size – <2-2000> burst size in kbytes
Example:(config-rate-limit-egress)# burst 2000

(config)# commit
DmOS version 1.12.0 do not supports rate limit ingress.
DATACOM 204.4006.03 143

DmOS – User Guide Security
8 SECURITY
8.1 ACCESS CONTROL LIST (ACL)
This chapter describes how to deploy the ACLs.
8.1.1 Overview
Access Control Lists (ACLs) ensure that only authorized users have access to specific resources while
blocking off any unwarranted attempts to reach network resources. ACLs are used to provide traffic
flow control, restrict contents of routing updates, decide which types of traffic are forwarded or blocked,
and above all, provide security for the network.
DmOS supports ingress filters that allows dropping (deny), forwarding (permit) or changing (set)
packets based on L2 and L3 matches. The maximum number of filters are 512 (256 for L2 matches and
256 for L3 matches) in DM4610 platform. ACLs supports the following matches:
• L2 matches: 802.1p, source and destination MAC, Ethertype and VLAN ID
• L3 Matches: source and destination IPv4 and DSCP.
8.1.2 Setting Ingress Filter – L2 Access-list

To create an ingress filter with L2 match, use the following commands:

# config terminal
Step 2 • Create an ingress filter
(config)# access-list acl-profile ingress l2|l3
filter_name
Where
filter_name – Ingress filter identifier
Example:(config)# access-list ingress l2 l2-filter

Step 3 • Set the priority of ingress filter
(config-acl-profile-l2-filter_name)# priority
priority_value
Where
priority_value – L2 ACL priority [0 to 255]. Value 0 means highest
priority
Example:(config-acl-profile-l2-l2-filter)# priority 0
Step 4 • Configure a rule entry priority
(config-acl-profile-l2-filter_name)# access-list-entry
priority_entry
Where
DATACOM 204.4006.03 144

priority_entry – Rule entry priority [0 to 255]. Value 0 means highest

priority
• Example:( config-acl-profile-l3-l3-filter)# access-list-

entry 1
Step 5 • Configure a match for an access list entry
(config-access-list-entry-priority_entry)# match
[destination-mac-address destination_mac |ethertype
ethertype_value | pcp pcp_value |source-mac-address
source_mac |vlan vlan_id]
Where
destination_mac – Destination IEEE 802 MAC address
ethertype_value – Ethernet type code
pcp_value – PCP priority (0 to 7)
source_mac – Source IEEE 802 MAC address
vlan_id – VLAN identification number
Example:(config-access-list-entry-1)# match vlan 10

Step 6 • Configure an action to an access list entry
(config-access-list-entry-priority_entry)# action [deny|

permit|set pcp pcp_value]
Where
Example:(config-acl-l2-l2-filter)# action set pcp 4

(config)# commit
8.1.3 Setting Ingress Filter – L3 Access-list

To create an ingress filter with L3 match, use the following commands:

# config terminal
Step 2 • Create an ingress filter
(config)# access-list acl-profile ingress l2|l3
filter_name
Where
filter_name – Ingress filter identifier
Example:(config)# access-list ingress l3 l3-filter

Step 3 • Set the priority of ingress filter
(config-acl-profile-l3-filter_name)# priority
priority_value
DATACOM 204.4006.03 145

Where
priority_value – L3 ACL priority [256 to 511]. Value 256 means
highest priority
Example:(config-acl-profile-l3-l3-filter)# priority 256

Step 4 • Configure a rule entry priority
(config-acl-profile-l3-filter_name)# access-list-entry
priority_entry
Where
priority_entry – Rule entry priority [0 to 255]. Value 0 means highest
priority
Example:( config-acl-profile-l3-l3-filter)# access-list-

entry 1
Step 5 • Configure a match for an access list entry
(config-access-list-entry-priority_entry)# match
[destination-ipv4-address destination_ipv4|dscp dscp_value
|source-ipv4-address source_ipv4]
Where
destination_ipv4 – Destination IEEE 802 MAC address
dscp_value – DSCP value
source_ipv4 – Source IPv4 address
Example:(config-acl-l3-l3-filter)# match destination-ipv4-

address 172.22.100.1
Step 6 • Configure an action to an access list entry
(config-access-list-entry-priority_entry)# action
[deny|permit|set pcp pcp_value]
Where
Example:(config-acl-l3-l3-filter)# action deny

(config)# commit
8.1.4 Setting a Filter in Ethernet Interface

To apply some filter in Ethernet Interface, use the following commands:
# config terminal
Step 2 • Associate a filter profile with some interface
(config)# access-list interface interface ingress
filter_name
DATACOM 204.4006.03 146

Where:
interface – Interface identifier
filter_name – ACL profile identifier
• Example:(config)# access-list interface gigabit-ethernet-

1/1/1 ingress l2-filter
(config)# commit
8.1.5 802.1p x CoS Mapping

DmOS allows users to map Class of Service (CoS) to 8 priorities. The traffic classification to priority
queues (CoS map) is done by P-bit field from Ethernet frame. The classification is done on ingress
traffic. Therefore, the CoS mapping is done respecting the mapping set on the interface where the frame
has entered.
The default CoS Mapping is set to map the P-bits of the Ethernet to queues following the table below:
CoS Mapping
Priority Queue
0 (best-effort data) 0
1 (medium-priority data) 1
2 (high-priority data) 2
3 (call-signaling) 3
4 (videoconferencing) 4
5 (voice bearer) 5
6 (reserved) 6
7 (reserved) 7
8.1.6 DSCP x CoS Mapping

DmOS also supports the Differentiated Services (Diffserv) architecture. It is possible to map any value
(0 to 64) of DSCP/TOS to any priority queue configuring the Diffserv feature. The DSCP CoS Mapping
uses the same structure of 802.1p CoS mapping, but using the DSCP field of IP header.
DmOS uses ACLs to perform DSCP CoS Mapping. Use the steps presented in for this
configuration.
DATACOM 204.4006.03 147

8.2 STORM CONTROL

This chapter describes how to deploy storm control.
8.2.1 Overview
A traffic storm is generated when messages are broadcasted on a network and each message prompts a
receiving node to respond by broadcasting its own messages on the network. This, in turn, prompts
further responses, creating a snowball effect. The LAN is suddenly flooded with packets, creating
unnecessary traffic that leads to poor network performance or even a complete loss of network service.
Storm control enables the switch to monitor traffic levels and to drop broadcast, multicast, and
unknown unicast packets when a specified traffic level is exceeded, thus preventing packets from
proliferating and degrading the LAN.
Traffic storm control uses a bandwidth-based method to measure traffic. You set the percentage of total
available bandwidth that the controlled traffic can use. Because packets do not arrive at uniform
intervals, the second interval can affect the behavior of traffic storm control.
Specify the level as a percentage of the total interface bandwidth;
• The level can be from 0.01 to 100.
• The optional fraction of a level can be from 0 to 99.
• 100 percent suppresses all traffic.
8.2.2 Setting Storm Control

To configure storm control broadcast, multicast, unicast on a per interface bases as follows:
# config terminal
Step 2 • Access switchport configuration
(config)# switchport interface interface_name
Where
interface_name – Gigabit or Ten Gigabit interface

1/1/1
Step 3 • Set the storm control speed.
(config-switchport-gigabit-ethernet-1/1/1)# storm-control
broadcast|multicast|unicast percentage
Where
percentage – Percentage of interface nominal speed in steps of 0.01
Example:( config-switchport-gigabit-ethernet-1/1/1)# storm-

control broadcast 5.5
(config)# commit
DATACOM 204.4006.03 148

DmOS – User Guide Multicast
9 MULTICAST
Multicast is a bandwidth-conserving technology that reduces traffic by simultaneously delivering a single
stream of information to many receivers. One of the most important applications of multicast is video
streaming. Multicast traffic is replicated in the network just at the point where paths diverge, resulting in
the most efficient delivery of traffic data to many receivers.
One important concept for multicast is the group formation. A multicast group is a one or more receivers
that expresses an interest in receiving the same specific traffic. These receivers can be located anywhere
on the Internet or private network. Each receiver interested in receiving a specific traffic must report the
group using IGMP (Internet Group Management Protocol).
All IP multicast addresses are in the range from 224.0.0.0 though 239.255.255.255. The table below
presents multicast addresses range assignments.
IP Multicast Addresses
Description Addresses
Reserved Link Local 224.0.0.0/24

Addresses (Used by network protocols like OSPF)
Globally Scoped 224.0.1.0 to 238.255.255.255

Addresses (Used to multicast data between organization and Internet like NTP)
Source Specific 232.0.0.0/8

Multicast (Used for Souce Specific Multicast – SSM)
233.0.0.0/8
GLOP Addresses (Used for statically defined addresses by organizations tha already have
an AS number reserved)
Limited Scope 239.0.0.0/8

Addresses (Used for a local group or organization in theirs local applications)
9.1 IGMP SNOOPING

9.1.1 Overview
IGMP snooping allows a network switch to listen to the IGMP protocol messages exchanged between
routers and hosts, with the purpose of identifying which host ports are interested on a specific multicast
traffic, and sending that traffic only to those ports. DmOS supports IGMP Snooping v1, v2 and v3.
DmOS supports the IGMP Snooping with proxy reporting.
9.1.2 Enabling IGMP Snooping

To enable IGMP Snooping, use the following commands:
DATACOM 204.4006.03 149


# config terminal
Step 2 • Enter the instance for IGMP Snooping
(config)# multicast igmp snooping ID
Where
ID – Specifies the IGMP Snooping Instance
Example:(config)# multicast igmp snooping 1

Step 3 • Set administrative state
(config-igmp-snooping-ID)# administrative state up|down
Example: (config-igmp-snooping-1)# administrative state up

(config)# commit
9.1.3 Creating a Bridge Domain

To create a Bridge Domain for multicast group, use the following commands:

# config terminal
Where

Step 3 • Set bridge domain
(config-igmp-snooping-ID)# bridge-domain ID
Where
ID – Specifies the VLAN for multicast group
Example: (config-igmp-snooping-1)# bridge-domain 4000

(config)# commit
9.1.4 Adding interface in Bridge Domain

To add some interface for IGMP Snooping Instance, use the following commands:
DATACOM 204.4006.03 150


# config terminal
Where

(config-igmp-snooping-ID)# interface interface
Where
interface – Ethernet or service-port interface [chassis/slot/port]
Example: (config-igmp-snooping-1)# interface ten-gigabit-

ethernet-1/1/1
(config)# commit
9.1.5 Setting interface of IGMP Snooping Instance

To configure some interface of IGMP Snooping Instance, use the following commands

# config terminal
Where

(config-igmp-snooping-ID)# interface interface
Where
interface – Ethernet or service-port interface [chassis/slot/port]
Example: (config-igmp-snooping-1)# interface ten-gigabit-

ethernet-1/1/1
Step 4 • Setting Interface of IGMP Snooping
(config-igmp-snooping-ID-interface)# administrative-status
{up|down} | group-limit limit | ignore version | |
immediate-leave | last-member-query interval | | max-
response-time time | mrouter {always|learn-queries|never}
DATACOM 204.4006.03 151

| query-interval queryint | robustness-variable value |

version {1|2|3}
Where
limit – Specifies the number of group allowed
version – Specifies the version of IGMP
interval – Specifies the time between the query messages
time – Specifies the maximum response time
queryint – Specifies the maximum response time
value – Interval for the expected packet loss on a subnetwork
Example: (config-igmp-snooping-1-ten-gigabit-ethernet-
1/1/1)# group-limit 5
(config)# commit
9.1.6 Default Parameters

The table below lists the default settings for interface of IGMP Snooping configuration
administrative-status up
group-limit 0
ignore 1
immediate-leave Disabled
last-member-query 20
max-response-time 10
mrouter learn-queries
query-interval 125
robustness-variable 2
version 3
9.1.7 Displaying IGMP Snooping Status

To display IGMP Snooping status, use the following commands:
DATACOM 204.4006.03 152

Command To verify
• IGMP Snooping Instance
• Bridge Domain
• Administrative State
# show multicast igmp snooping • Operational State
Instance • Interface
• Query Interval
• Query Maximum Response Time
• Immediate Leave
• ID
• Group address
# show multicast igmp snooping • Interface
groups • Uptime
• Expires
• Last Reporter
• VLAN
# show multicast igmp snooping • Interface
mroute • MRouter
• Learned
• ID
• Interface
• Ad
• Op
• Ver
# show multicast igmp snooping port
• Joins
• General Queries
• Specific Queries
• Invalid Msgs
• Total
• IGMP Snooping
# show multicast igmp snooping
statistics • Bridge Domain
• IGMP messages
DATACOM 204.4006.03 153

DmOS – User Guide Routing
10 ROUTING
Routing is a process that forward IP traffic to its destination using network addresses. Routing is performed
by devices capable of exchanging information needed to build tables containing path information to reach
a destination, using specific protocols or manually assigned entries.
Dynamic routing protocols, such as OSPF, gather the necessary information from neighbor’s devices to
build its routing table, which is used to determine where the traffic will be sent to.
As alternatives to dynamic methods, there are static routes and default routes techniques. Static routes are
recommended on routers that have few networks and fewer paths to the destination. The biggest advantage
of static routes is the low computational overhead costs associated with them. Despite of low computation
costs, the network growing may lead to increase operational costs to maintain it. Default routes are also
known default gateway or gateway of last resort. Default routes are routes to which traffic having no
particular route is sent. The assumption is that the next hop has information where to send such traffic.
A router can receive numerous routes through dynamic routing protocols or via static routes. Many times,
these routes are different paths to same destination. Therefore, this information must be used as input to
build a unique and best path to the destination.
The routing information that a router device receives via routing protocols are added to a table called RIB
(Routing Information Base) and it is the base to route computing (algorithm to define the best path). The
result of the route computation is the FIB (Forwarding Information Base). The FIB contains the information
that the devices use to select the path to forward the traffic to the destination.
Summarizing, the RIB contains all routing information received from routing peers or manually entered
and the FIB holds the best available paths only (i.e. it does not contain secondary paths).
DmOS provides resources to the user to check FIB and RIB tables. The RIB can be check using the
command show ip rib. The FIB is listed by the command show ip route.
Consult DmOS - Command Reference to know about additional parameters for the show
ip rib and show ip route commands.
The routers use the Administrative Distance (AD) concept To choose the best path when there are two or
more different routes to the same destination from two different routing protocols (or static and directly
connected routes).
DmOS considers the following default Administrative Distance values:
DATACOM 204.4006.03 154

Route Source Default Administrative Distance
Directly Connected interface 0
Static Route 1
The Administrative Distance is used to define the reliability of a routing protocol. Each routing protocol is
classified in order of most (smaller AD value) to least reliable (higher AD value) with the assistance of an
administrative distance value. Therefore, by default, DmOS considers routes created from directly
connected interface more reliable than a created manually via static route as shown above.
Directly Connected routes are created from networks associated on interfaces of the own
device.
On DmOs, only the L3 logical interfaces can receive IPv4 addresses and for consequence,
be able to route packets. Therefore, when necessary, the physical interfaces must be
associated to L3 logical interfaces (see for more information).
10.1 STATIC ROUTING

10.1.1 Overview
Static routing is a form of routing that occurs when a router uses a manually-configured routing entry
to the RIB. The forwarding decision is taken based on entries added to the FIB. The static route consists
to point, manually, the next hop to reach a network.
10.1.2 Adding Static Routes

To configure a static route, use the following commands:

# config terminal
Step 2 • Enter the network and mask for the route
(config)# router static network_prefix/mask next-
hop next_hop_address
Where
network_prefix/mask – Specifies the IPv4 network prefix for the
destination and the respective mask.
next_hop_address – Specifies the IPv4 address of the next hop for this
static route.
Example:(config)# router static 192.168.1.0/24 next-hop

10.0.0.1
Step 3 • List the static routes and verify whether the previoulsy inserted route is included in
the list:
(config-network_prefix/mask/next_hop_address)# show router

static
DATACOM 204.4006.03 155

Example:(config-192.168.1.0/0/10.0.0.1)# show router static
router static 192.168.1.0/0 next-hop 10.0.0.1
!
(config)# commit
10.1.3 Deleting Static Routes

To delete a static route, use the following commands:

# config terminal
Step 2 • Verify the information about existent static routes
(config)# show router static
Example:(config)# show router static

Step 3 • To delete a static route, use the no form of creation command as shown below
(config)# no router static network_prefix/mask

next-hop next_hop_address
Where
static route.
Example:(config)#no router static 192.168.1.0/24 next-hop

10.0.0.1
Step 4 • List the static routes and verify whether the previoulsy inserted route is now
deleted:
!
(config)# commit
10.1.4 Changing the Static Routes Administrative Status

DmOS allows to enable or disable administratively a static route, i.e. a route to a destination may be
blocked without to be deleted from device’s database. To change the Administrative Status use the
following commands:
DATACOM 204.4006.03 156


# config terminal
Step 2 • Verify the information about existent static routes

Step 3 • Choose the route to be changed:
(config)# router static network_prefix/mask next-
hop next_hop_address
Where
static route.
Example:(config)# router static 192.168.1.0/24 next-hop

10.0.0.1
Step 4 • List the static routes and verify whether the previoulsy inserted route is now
deleted:
(config-network_prefix/mas/next_hop_address)#
administrative-status { up | down }
Example:(config-192.168.1.0/0/10.0.0.1)# administrative-status
down
(config-network_prefix/mask/next_hop_address)# commit
10.1.5 Setting a Default Route

Default Route is a particular type of Static Route. It identifies the default router interface to which all
packets are routed when the routing table does not contain a route to the destination. Installing a default
router, the network administrator assumes that next-hop gateway knows how to find the destination.
A default route is also called as default gateway or gateway of last resort.
DATACOM 204.4006.03 157

To create a default route use the same command to create a static route. Specifies the default route as a
network 0.0.0.0 with a subnet mask of 0 and the IP address of the next hop (gateway). To configure a
default route, use the following commands:

# config terminal
Step 2 • Enter the to a network and mask route
(config)# router static 0.0.0.0/0 next-hop
next_hop_address
Where
static route.
Example:(config)# router static 0.0.0.0/0 next-hop 10.0.0.1

Step 3 • List the static routes and verify whether the previoulsy inserted route is included in
the list:
(config-network_prefix/mask/next_hop_address)# show router

static
Example:(config-0.0.0.0/0/0.0.0.0)# show router static
!
(config)# commit
To remove a default route use the same steps shown on .
DATACOM 204.4006.03 158

10.1.6 Displaying Static Routing Information

To display Static Routing information, use the following command:
Command To verify
• Static routing configuration
(static route and next-hop)
# (config) show router static
• Administrative Status
• Configured default routes
# show ip rib • RIB table entries
# show ip route • FIB table entries
10.2 VLAN ROUTING

10.2.1 Overview
VLANs are used to segment networks, limiting network broadcasts (see the chapter for more details).
The network segmentation may follow different criterias. However, when one broadcast domain
(VLAN) needs to use services provided by another broadcast domain it is necessary the VLAN routing.
There are some possible solutions to route packets between VLANs. The first one involves a router as
shown on following figure. In this case it is assumed that the switch is only L2 capable, i.e, without
routing features. On this solution, the packets from VLAN1 needs to go to the router to be forwarded
to VLAN2 and vice-versa. In the router, IP addresses are assigned to both VLANs through L3 Logical
interfaces.
DmOS capable switches support L3 features. Therefore, to route inter-VLAN traffic, the router is not
necessary. The network deployment with a L3 switch ensures a fast and reliable solution for VLAN
routing.
DATACOM 204.4006.03 159

The VLAN routing is not used only for routing between VLANs, but also to assign an IP address to a
L3 interface. The associated network to this interface is inserted to routing table and become reachable
by other networks (local or remote).
A DmOS switch with L3 capabilities is suitable to replace the router on first solution shown
above.
10.2.2 Setting a L3 Logical Interface

L3 Logical interfaces allow DmOS switch to send or receive traffic to other networks. To configure L3
logical interface, use the following commands:

# config terminal
Step 2
• Create a VLAN. See chapter for more details about VLANs.
Where

Step 3 • Assign interfaces to the VLAN:
(config-vlan-vlan_id)# interface gigabit-ethernet
chassis/slot/port [tagged|untagged]
Where
on the device
Example:(config-vlan-500)# interface gigabit-ethernet 1/1/1

tagged
Step 4 • Create a Logical Layer 3 interface
(config)# interface l3 if_name
Where
if_name – Specifies the name of the logical interface. The name must be
unique on the system.
Example:(config)# interface l3 vlan500ifL3

Step 5 • Assign the L3 logical interface to the VLAN
(config-if_name)# lower-layer-if vlan vlan_id
Where
Example:(config-l3-vlanifL3)# lower-layer-if vlan 500
DATACOM 204.4006.03 160

Step 6 • Assign the IP address to the L3 logical interface associated to VLAN
(config-l3-vlanifL3)# ipv4 address ip_address

Where
ip_address – IPv4 addres in a.b.c.d/x format.
Example:(config-l3-vlanifL3)# ipv4 address 192.168.1.1/24

Step 7 • Verify the configuration.
(config)# show interface l3 all

(config)# commit
Step 9 • Check if related VLAN network is inserted on RIB.
# show ip rib
Step 10 • Check if related VLAN network is inserted on FIB.
# show ip route
10.2.3 Removing L3 Logical Interface

L3 Logical interfaces removal will delete entries related to the VLAN network from routing table. To
remove L3 Logical interface, use the following commands:

# config terminal
Step 2 • Delete the L3 logical interface
(config)#no interface l3 if_name
Where
if_name – Specifies the name of the logical interface. The name must be
unique on the system.
Example:(config)#no interface l3 vlan500ifL3

Step 3 • Verify if entire configuration regarding to L3 logical interface was removed
(config)# show interface l3 all

(config)# commit
Step 5 • Check if the network was removed from RIB.
# show ip rib
Step 6 • Check if the network was removed from FIB.
# show ip route
10.2.4 Displaying L3 Logical Interface Information

To display L3 Logical Interface information, use the following commands:
DATACOM 204.4006.03 161

Command To verify
# (config) show interface l3 • Interface L3 configuration
# show ip rib • RIB table entries
# show ip route • FIB table entries
DATACOM 204.4006.03 162

DmOS – User Guide Software Upgrade
11 SOFTWARE UPGRADE
DmOS has flash memory positions for firmware storage and automatically save the new firmware version
in the position not used.
For this process of download and manual installation is necessary a TFTP server with connectivity at
Management Network of device to save the firmware image. The next session explains the procedures to
prepare a TFTP server.
Once there is a TFTP server configured follow to the session.
Contact DATACOM Technical Support to verify the firmware images available for
download and installation according your product and requirements.
11.1 INSTALLING AND CONFIGURING TFTP SERVER

The firmware upgrade requires a TFTP server for download and storage.
For demonstration purposes, the PumpKIN TFTP server will be used on this document. However, the
preferred FTP server of the administrator can be used instead of the suggested one.
The software can be freely downloaded from .
Step 1 • After setting up Pumpkin, the screen below will be presented
Step 2 • Click in the Options button to display the next screen
DATACOM 204.4006.03 163

Step 3 • Change the field TFTP file system root for the directory where the firmware
images were saved. And also change the Read Request Behavior to give all files
option and the field Write Request Behavior to take all files as shown below.
Step 4 • Now at Options > Network tab, verify that both UDP ports are set with the value
69. And press OK.
DATACOM 204.4006.03 164

Step 5 • At the main screen, select the option Server is running as the next screen.
DmOS devices are able to negotiate TFTP block size. Smaller blocksize is not efficient for
use on LAN, whose MTU may be 1500 octects or greater. Therefore, the network
administrators should evaluate their networks conditions to set a more appropriate value
for this parameter.
11.2 UPGRADING DMOS FIRMWARE

With the TFTP Server configured and running as explained before, the Software Upgrade can be started.
The firmware images for DmOS can be downloaded to device using CLI. For the next steps all firmware
image files must be available at TFTP, SCP or HTTP server.
The firmware file must be extracted and available with .im extension.
DATACOM 204.4006.03 165

11.2.1 Using TFTP protocol

In order to download the firmware image, use the following commands:
Step 1 • Verify the images are loaded in device and check the version and state of them
# show firmware local
DM4610# show firmware local
Chassis: 1
Slot: 1
Version State
-------------------------- --------
1.2.0 Active/startup
1.0.0 Inactive
State:
Active - Running firmware

Inactive - Firmware is not running
startup - Firmware to be used in the next boot
Step 2 • Copy the firmware image from TFTP server. The new firmware will override the
build that is in Inactive State
# request firmware local add
protocol://server/fw_name
Where
protocol – Specifies the protocol (tftp, http, scp) and firmware url
server – IP or hostname
fw_name – Build name
Example: # request firmware local add

tftp://192.168.1.250/firmware_1_4_0.im
• After the download is completed, the following message will be displayed:

Firmware upgrade: Successful operation.
Step 3 • Verify the downloaded image is now in Inactive state

Chassis: 1
Slot: 1
Version State
-------------------------- --------
1.4.0 Inactive
State:

DATACOM 204.4006.03 166

Step 4 • Set the startup state for the other position. In this case the startup state will change
for 1.4.0 version.
# request firmware local activate
Step 5 • Verify that image downloaded is now in Inactive/Startup state

Chassis: 1
Slot: 1
Version State
-------------------------- --------
1.2.0 Active
1.4.0 Inactive/startup
State:

Step 6 • Reboot in order to the reload device with the new firmware
# reboot
Step 7 • Verify that after rebooting, the downloaded image is now in Active/Startup state

Chassis: 1
Slot: 1
Version State
-------------------------- --------
1.2.0 Inactive
State:

11.2.2 Using SCP protocol

Step 1 • The previous and following steps are the same as those used for the FTP protocol
Step 2 • Copy the firmware image from SCP server. The new firmware will override the
# request firmware local add
protocol://server/path/fw_name username username
password password
Where
DATACOM 204.4006.03 167

server – IP or hostname
path – Relative path of the firmware image in the SCP server
username – Username for authentication in the SCP server.
password – Password for authentication in the SCP server.

scp://172.22.107.2/temp/firmware_1.12.0.im username user
password pass

11.2.3 Using HTTP protocol

Step 1 • The previous and following steps are the same as those used for the FTP protocol
Step 2 • Copy the firmware image from TFTP server. The new firmware will override the
# request firmware local add protocol://url/fw_name
Where
url – Relative URL of the firmware image in the HTTP server

http://172.22.107.2:8000/0962-1.12.0-232.im

11.3 ROLLING BACK A DMOS FIRMWARE

DmOS devices are able to rollback firmware to previous version. The rollback procedure is similar to an
upgrade. The procedure differs from a upgrade because the desired firmware image is already on the
device. Therefore, it is not necessary to download the previous firmware again.
Step 1 • Verify the images loaded in device and check the version and state of them. Check
that target image (older) is in Inactive state

Status: Idle
Chassis: 1
Slot: 1
DATACOM 204.4006.03 168

Version State
-------------------------- --------
1.6.2 Inactive
State:

Step 2 • Set the startup state for the other position. In this case the startup state will change
for 1.6.2 version.
# request firmware local activate
Step 3 • Verify the older image is now in Inactive/Startup state

Status: Idle
Chassis: 1
Slot: 1
Version State
-------------------------- --------
1.8.0 Active
1.6.2 Inactive/startup
State:

Startup - Firmware to be used in the next boot
Step 4 • Reboot in order to the reload device with the new firmware
# reboot
Step 5 • Verify that after rebooting, the firmware was rolled back and it is now in
Active/Startup state
Chassis: 1
Slot: 1
Version State
-------------------------- --------
1.8.0 Inactive
State:

Startup - Firmware to be used in the next boot
DATACOM 204.4006.03 169

11.4 DISPLAYING FIRMWARE UPGRADE INFORMATION

To display Firmware Upgrade information, use the following command:
Command To verify
• Firmware version
# show firmware local • Firmware state
• Upgrade Status
The field Status in show firmware local output enables the network administrator
to verify whether there is ongoing firmware upgrade. Upgrade Status information is
available on DmOS versions equal or higher than 1.8.0.
11.5 UPGRADING ONU FIRMWARE

The firmware images for ONU can be downloaded to device using CLI. For the next steps ensure that all
ONU to be updated are in operational state UP.
The firmware file must be extracted and available with .bin extension.
The Software Download State must be as Download in progress and after a few minutes the ONU restart
automatically changing the status to Complete.
In order to download the firmware image, use the following steps:
Step 1 • Copying the ONU firmware image from TFTP server. The new firmware will
override the active build
# request firmware remote onu
protocol://path/ONU_fw_name
DM4610# request firmware remote onu add

tftp://192.168.0.1/fw_onu.bin
! wait message,ONU firmware file download has succeeded.
Step 2 • After de message “ONU firmware file download has succeeded”, it is possible to
install de new firmware on ONU. After a few minutes the ONU restart
automatically.
# request firmware remote onu install ONU_fw_name
interface gpon chassis/slot/port onu onu_id
DM4610# request firmware remote onu install fw_onu.bin

interface gpon 1/1/1 onu 1
Step 3 • To check the firmware status after reboot, use the following command.
# show interface gpon chassis/slot/port onu onu_id
DM4610# show interface gpon 1/1/1 onu 1
DATACOM 204.4006.03 170

DATACOM 204.4006.03 171

DmOS UserGuide CLI PDF

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

DmOS UserGuide CLI PDF

Caricato da

Copyright:

Formati disponibili

DmOS

USER GUIDE - CLI

© 2017 DATACOM - All rights reserved.

Quality Management System

certified by DQS in compliance with

ISO9001 Registration No. (287097 QM)

AVAILABLE PRODUCT DOCUMENTATION

The availability of certain documents may vary depending on the product.

LEGAL NOTICE .................................................................................................................................................2

2.7 HANDLING CONFIGURATION FILES ....................................................................................................26

3.9.6 Setting Targets for Notifications ................................................................................................68

6.7.11 Default Parameters ...................................................................................................................139

1 INTRODUCING THE USER GUIDE

1.1 ABOUT THIS GUIDE

1.2 INTENDED AUDIENCE

1.3.1 Icons Convention

Icon Type Description

Represents laser radiation. It is necessary to avoid eye and skin

Indicates that device, or a part is ESDS (Electrostatic Discharge

Warning Non-ionizing radiation emission.

Icon Type Description

1.3.2 Text Convention

Internet site or an e-mail address. It is also applied to indicate a local

Screen System commands and screen outputs.

Indicates a reference to something. Used to emphasize this referenced

Menu > Path GUI menu paths

[Key] Keyboard buttons

2.1 DMOS OVERVIEW

2.2 STARTING DMOS SYSTEM

login: admin [Enter]

password: admin [Enter]

2.2.2 Understanding Cards Position Syntax

2.2.3 Displaying System Information

2.2.3.1 Show platform

Chassis/Slot Product model Role Status Firmware version

2.2.3.2 Show environment

1/1 | CPU | 43.0 C | 0.0 C ~ +75.0 C | 5.0 C | NORMAL

Interface gigabit-ethernet 1/1/1

18:45:28 up 2 days, 19:42, load average: 0.10, 0.24, 0.28

Session User Context From Proto Date Mode

2.3 OPERATIONAL MODE

2.3.1 CLI Session Configuration

Step 1 • Enable and disable Autowizard

Example: # autowizard true

A configuration example using the autowizard enabled is shown below:

• Setting a new local user with autowizard enabled

Now, the same configuration example without autowizard:

• Setting a new local user without autowizard

Step 1 • Enable and disable completion on space

Example: # complete-on-space true

Using the <tab> will always result in the command completion.

Step 1 • Setting display-level

Setting display-level with value 1:

The same previous example now setting a display-level 3:

Step 1 • Setting history size

Setting the history size with 10:

The same previous example now setting a history size 5:

Step 1 • Set the idle-timeout

Example: # idle-timeout 600

If set with the 0 (zero) value, the idle-timeout is infinity.

Step 1 • Set ignore-leading-space

Example: # ignore-leading-space true

Example: # paginate true