Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Release 1.12.0
LEGAL NOTICE
Although every precaution has been taken in the preparation of this document, DATACOM takes no
responsibility for possible errors or omissions, and it will accept no obligation for damages resulting
from the use of the information contained in this manual. The specifications provided in this manual are
subject to changes without notice, and they will not be recognized as any kind of contract.
WARRANTY
This product is warranted against material and workmanship defects for the period specified in the sales
invoice.
The warranty only includes the repair and replacement of defective components and parts without any
resulting burden to the customer. Defects resulting from the following are not covered: improper use of
device, faulty electrical power network, nature-related events (lightning discharges, for instance), failure
in devices connected to this product, installations with improper grounding or repairs made by personnel
not authorized by DATACOM.
This warranty does not cover repairs at the customer’s facilities. Device must be forwarded for repairs
to DATACOM.
DATACOM 204.4006.03 2
DmOS – User Guide Contacts
CONTACTS
TECHNICAL SUPPORT
DATACOM offers a technical support call center to support customers during configuration and use of
its device, and also to provide a technical assistance for product maintenance and repair.
DATACOM Technical Support can be reached through the following channels:
e-mail: support@datacom.ind.br
phone: +55 51 3933-3122
Website: www.datacom.ind.br/en/support
GENERAL INFORMATION
For any additional information, visit http://www.datacom.ind.br/en or contact:
DATACOM
Rua América, 1000
92990-000 - Eldorado do Sul - RS – Brazil
+55 51 3933-3000
DATACOM 204.4006.03 3
DmOS – User Guide Available Product Documentation
DMOS
• Command Reference - Lists and describes all CLI commands
• User Guide – Provides technology and product resources overview, product level set up
instructions and examples
• Quick Start Guides – Guides the user to install and interconnect the device
• Release Notes - Informs the user about new features, resolved bugs and compatibility in a new
Software and/or Hardware
DM4610
• Datasheet - Presents product data and technical characteristics
• Installation Guide – Provides safety and detailed information regarding product installation
and basic connection via terminal
• Quick Start Installation – Provides to the user guidelines of how performe the initial
installation of the device
DATACOM 204.4006.03 4
DmOS – User Guide Contents
CONTENTS
DATACOM 204.4006.03 5
DmOS – User Guide Contents
DATACOM 204.4006.03 6
DmOS – User Guide Contents
DATACOM 204.4006.03 7
DmOS – User Guide Contents
5 TUNNELING ...........................................................................................................................................114
5.1 LAYER 2 CONTROL PROTOCOL TUNNELING (L2PT) ........................................................................114
5.1.1 Overview ..................................................................................................................................114
5.1.2 Setting Actions .........................................................................................................................114
5.1.3 Default Actions .........................................................................................................................114
6 ETHERNET .............................................................................................................................................115
6.1 GIGABIT-ETHERNET INTERFACES .....................................................................................................115
6.1.1 Enabling and Disabling Ports ...................................................................................................116
6.1.2 Setting Negotiation Mode and Advertised Abilities .................................................................117
6.1.3 Setting Port Speed ....................................................................................................................117
6.1.4 Setting Flow Control ................................................................................................................118
6.1.5 Setting MDIX Mode .................................................................................................................118
6.2 TEN-GIGABIT-ETHERNET INTERFACES.............................................................................................119
6.2.1 Enabling and Disabling Ports ...................................................................................................119
6.2.2 Setting Negotiation Mode and Advertised Abilities .................................................................120
6.2.3 Setting Port Speed and Duplex Settings ...................................................................................120
6.2.4 Setting Flow Control ................................................................................................................121
6.2.5 Setting MDIX Mode .................................................................................................................121
6.3 LINK AGGREGATION – LAG .............................................................................................................121
6.3.1 Overview ..................................................................................................................................121
6.3.2 Creating a LAG ........................................................................................................................123
6.4 VLAN ...............................................................................................................................................124
6.4.1 Overview ..................................................................................................................................124
6.4.2 Creating a VLAN......................................................................................................................126
6.4.3 Setting Name ............................................................................................................................126
6.4.4 Removing VLANs ....................................................................................................................127
6.4.5 Setting VLANs to Uplink Ports ................................................................................................127
6.4.6 Assigning Ports to VLANs .......................................................................................................127
6.4.7 Setting Native VLAN ...............................................................................................................128
6.4.8 Verifying VLAN Settings .........................................................................................................129
6.5 QINQ .................................................................................................................................................129
6.5.1 Overview ..................................................................................................................................129
6.5.2 Setting QinQ .............................................................................................................................130
6.5.3 Setting Selective QinQ .............................................................................................................131
6.6 MAC ADDRESS TABLE .....................................................................................................................132
6.6.1 Overview ..................................................................................................................................132
6.6.2 Displaying MAC Address Table ..............................................................................................133
6.6.3 Setting Global Aging Time.......................................................................................................133
6.7 RSTP.................................................................................................................................................134
6.7.1 Overview ..................................................................................................................................134
6.7.2 Enabling the spanning-tree .......................................................................................................134
6.7.3 Setting STP Mode.....................................................................................................................135
6.7.4 Setting Name ............................................................................................................................135
6.7.5 Setting Bridge-Priority .............................................................................................................136
6.7.6 Setting Forward-Delay .............................................................................................................136
6.7.7 Setting Hello-Time ...................................................................................................................137
6.7.8 Setting Ethernet Interface .........................................................................................................137
6.7.9 Setting Maximum-Age .............................................................................................................138
6.7.10 Setting Maximum Transmission Rate ......................................................................................138
DATACOM 204.4006.03 8
DmOS – User Guide Contents
DATACOM 204.4006.03 9
DmOS – User Guide Introducing the User Guide
1.3 CONVENTIONS
In order to improve the agreement, the following conventions are made throughout this guide:
Note Notes give an explanation about some topic in the foregoing paragraph.
This symbol means that this text is very important and, if the
Caution
orientations were not correct followed, it may cause damage or hazard.
This symbols means that, case the procedure was not correctly followed,
Warning
may exist electrical shock risk.
DATACOM 204.4006.03 10
DmOS – User Guide Introducing the User Guide
A caution type notice calls attention to conditions that, if not avoided, may damage or
destroy hardware or software.
A warning type notice calls attention to conditions that, if not avoided, could result in death
or serious injury.
Convention Description
The text convention shown above differs from Command Line Interface syntax convention.
See the convention related to commands on.
DATACOM 204.4006.03 11
DmOS – User Guide Getting Started
2 GETTING STARTED
More information about how to use the physical console and management ports is available
on Using Out-Of-Band Management Interface.
Step 1 • On the PC or laptop, start the terminal emulation program. The initial login prompt
for a username appears:
login:
Step 2 • The default username and password are admin. Type the username followed by
[Enter]:
DATACOM 204.4006.03 12
DmOS – User Guide Getting Started
• Chassis Numbering: The position of chassis is defined by the number of the chassis in stacking
mode. These positions correspond to a defined chassis number that will be used as reference on
the next sections of this document.
• Slot Numbering: The position of slots is defined in the sub-rack, based on the backplane
connections. These positions correspond to a defined slot number that will be used as reference
on the next sections of this document.
• Port Numbering: Many CLI commands require users to enter port numbers as arguments of a
command. The port numbering is a combination of the chassis number, slot number and the
port number.
For example, the DM4610 has eight GPON ports installed in slot 1 of the chassis 1. The valid GPON
ports are:
1/1/1, 1/1/2, 1/1/3, 1/1/4, 1/1/5, 1/1/6, 1/1/7, 1/1/8.
Temperature Sensors:
---------------------------------------------------------------------------------
Chassis/ | Sensor | Temp. | Alarm Thresholds | Hyster. | Status
Slot | | | | |
---------------------------------------------------------------------------------
1/1 | Card | 36.0 C | 0.0 C ~ +50.0 C | 5.0 C | NORMAL
1/1 | Switch Fabric | 40.5 C | 0.0 C ~ +75.0 C | 5.0 C | NORMAL
1/1 | GPON PHY/SFP | 46.5 C | 0.0 C ~ +75.0 C | 5.0 C | NORMAL
DATACOM 204.4006.03 13
DmOS – User Guide Getting Started
Chassis : 1
Product model : DM4610
Chassis/Slot : 1/1
Product model : 8GPON+8GX+4GT+2XS
Part number : 800.5081.02
Serial number : 3048269
Product revision : 2
PCB revision : 3
Hardware version : 2
Manufacture date : Unknown
Manufacture hour : Unknown
Operat. temp. : 0 - 65 Celsius degrees
System MAC address: 00:04:df:40:8d:d8
2.2.3.4 Uptime
The output of the uptime command may be used to know the system uptime.
# uptime
2.2.3.5 Who
The output of the who command may be used to identify current users sessions.
# who
DATACOM 204.4006.03 14
DmOS – User Guide Getting Started
• Display-level
• History
• Idle-timeout
• Ignore-leading-space
• Paginate
• Screen-length
• Screen-width
• Terminal
• Timestamp
2.3.1.1 Autowizard
Enabling the Autowizard, cli will prompt the user for required settings when a new identifier is created
and for mandatory action parameters.
Where:
true|false – Enables (true) and disables (false) autowizard
2.3.1.2 Complete-on-space
When enabled the complete-on-space option, it will auto-complete the commands when <space> is
entered.
Where:
true|false – Enables (true) and disables (false) complete-on-space
DATACOM 204.4006.03 15
DmOS – User Guide Getting Started
2.3.1.3 Display-level
Specifies maximum depth to show when displaying configuration
Where:
depth – Display level (1 to 64)
Example: # display-level 1
DM4610# display-level 1
DM4610# show running-config interface gpon 1/1/8
Interface gpon 1/1/8
!
DM4610# display-level 3
DM4610# show running-config interface gpon 1/1/8
interface gpon 1/1/8
upstream-fec
downstream-fec
no shutdown
onu 1
serial-number CIGGD0922958
service-profile service1 line-profile line1
ethernet 1
!
!
!
2.3.1.4 History
Specifies the history size of logs.
Where:
size – Number of log lines to be displayed (0 to 1,000)
Example: # history 10
DATACOM 204.4006.03 16
DmOS – User Guide Getting Started
DM4610# history 10
DM4610# show history
14:15:42 -- show running-config interface gpon 1/1/8
14:15:48 -- display-level 3
14:15:50 -- show running-config interface gpon 1/1/8
14:21:16 -- history
14:21:18 -- history 10
14:21:20 -- show history
14:21:24 -- history 20
14:21:26 -- show history
14:21:33 -- config
14:22:31 -- history 10
DM4610# history 5
DM4610# show history
14:21:26 -- show history
14:21:33 -- config
14:22:31 -- history 10
14:22:33 -- show history
14:22:38 -- history 5
The option no history command restores the size to default value (100 lines).
2.3.1.5 Idle-timeout
Specifies the CLI idle-timeout in seconds.
Where:
time – Idle timeout set in seconds(from 0 to 8192)
2.3.1.6 Ignore-leading-space
Leading spaces can be ignored or not. This is useful to disable when pasting commands into CLI.
DATACOM 204.4006.03 17
DmOS – User Guide Getting Started
Where:
true|false – Enables (true) and disables (false) ignore-leading-space
2.3.1.7 Paginate
Paginate output from CLI commands.
Step 1 • Set output paginate
# paginate [true|false]
Where:
true|false – Enables (true) and disables (false) output paginate
2.3.1.8 Screen-length
Specifies the terminal screen length.
Where:
length – Number of rows (from 0 to 32,000)
2.3.1.9 Screen-width
Specifies the terminal screen width.
Where:
width – Number of columns (from 0 to 512)
2.3.1.10 Terminal
Specifies how line editing is performed. Supported terminals are: generic, xterm, vt100, ANSI and
Linux. Other terminals may also work but have no explicit support.
DATACOM 204.4006.03 18
DmOS – User Guide Getting Started
2.3.1.11 Timestamp
Specifies to have or not a timestamp after each command is entered. The timestamp is displayed with
time zone UTC+-00:00 by default.
• show cli
• show history
• pwd
DATACOM 204.4006.03 19
DmOS – User Guide Getting Started
2.3.2.3 Pwd
To display the current configuration submode from a configuration submode.
DM4610# config
Entering configuration mode terminal
DM4610(config)# interface gigabit-ethernet 1/1/1
DM4610(config-gigabit-ethernet-1/1/1)# pwd
Current submode path:
interface gigabit-ethernet 1/1/1
autowizard true
complete-on-space true
display-level 64
history 100
idle-timeout 1800
ignore-leading-space true
paginate true
screen-length 56
screen-width 239
terminal xterm
timestamp disable
2.3.4.1 Do
To execute an operational mode command from a configuration mode.
2.3.4.2 End
To terminate a configuration session and return directly to operational mode. Entering Ctrl+Z is
functionally equivalent to entering the end command.
DATACOM 204.4006.03 20
DmOS – User Guide Getting Started
2.3.4.3 Exit
To close an active session, or to return to the next higher configuration mode.
2.3.4.4 Send
To send messages to a specific session or all active sessions.
2.3.4.5 No
Negate a command or set its defaults.
2.3.4.6 Quit
To close an active session.
2.3.4.7 Top
To return to the next higher configuration mode.
DATACOM 204.4006.03 21
DmOS – User Guide Getting Started
# config shared
The user manipulates the candidate-configuration and just after commits the candidate that
is copied into the running-configuration and thus gets active.
Changes made during a configuration session are inactive until the commit command is entered. By
default, all changes must succeed for the entire commit operation. If any errors are found, none of the
configuration changes takes effect.
The commit check does not apply the changes to the running-configuration. It is required
to commit the given changes.
DATACOM 204.4006.03 22
DmOS – User Guide Getting Started
DATACOM 204.4006.03 23
DmOS – User Guide Getting Started
(config)# commit
Aborted: incorrect persist-id
DATACOM 204.4006.03 24
DmOS – User Guide Getting Started
Command To verify
Where:
subtree-A – subtree A of running configuration
subtree-B – subtree B of running configuration
#(config)rollback configuration id
DATACOM 204.4006.03 25
DmOS – User Guide Getting Started
Where:
id – Rollback configuration identifier
(config)# commit
Where:
id – Rollback configuration identifier
config – Configuration for rollback selective
(config)# commit
Command To verify
There is no limit of saved files. While the device provides available memory space, the files
are able to be saved.
DATACOM 204.4006.03 26
DmOS – User Guide Getting Started
#(config)save filename
Where:
filename – Name of the new file saved
To save some part of the running configuration, use the following commands:
Where:
filename – Name of the new file saved
path_filter – Part of the configuration to be saved
To save the running configuration in a XML format, use the following commands:
Where:
filename – Name of the new file saved
xml – Running configuration in XML format
Where:
filename – Name of the new file saved
DATACOM 204.4006.03 27
DmOS – User Guide Getting Started
Where:
filename – Name of the new file saved
Where:
filename – Name of the new file saved
DATACOM 204.4006.03 28
DmOS – User Guide Getting Started
#(config)load factory-config
Step 3 • Commit the configuration
(config)# commit
Before performing the commit of the loaded factory-config, it is possible to configure any
protocols such as management IP Address and default static route.
Where:
filename: Name of the file to be saved
(config)# commit
This procedure erases the current configuration, and the configuration inside the specified
file will be loaded.
If the specified file does not contain the required system configurations, the device
operation may be compromised.
DATACOM 204.4006.03 29
DmOS – User Guide Getting Started
Where:
filename - Name of the file to be saved
(config)# commit
Where:
filename - Name of the file to be saved
(config)# commit
DM4610# ?
Possible completions:
aaa Configure authentication, authorization and accounting
autowizard Automatically query for mandatory elements
clear Clear device settings and counters
commit Confirm a pending commit
compare Compare running configuration to another configuration
or a file
complete-on-space Enable/disable completion on space
config Manipulate software configuration information
copy Copy files to a remote server
display-level Configure show command display level
exit Exit the management session
file Perform file operations
help Provide help information
history Configure history size
DATACOM 204.4006.03 30
DmOS – User Guide Getting Started
Enter the question mark (?) after the keyword to list the next available syntax option for the command.
DM4610# clear ?
Possible completions:
core-dump Delete core dump files
history Clear command history
interface Clear device interfaces
log Clear all log files
mac-address-table Request to delete all dynamically learned unicast L2
entries
statistics Clear interface statistics
Enter the question mark (?) at the end of a partial command to list the commands that begin with those
characters.
DM4610# c?
Possible completions:
clear Clear device settings and counters
commit Confirm a pending commit
compare Compare running configuration to another
configuration or a file
complete-on-space Enable/disable completion on space
config Manipulate software configuration information
copy Copy files to a remote server
DATACOM 204.4006.03 31
DmOS – User Guide Getting Started
DATACOM 204.4006.03 32
DmOS – User Guide Managing the Device
The network administrator can use two management tools to configure the DmOS devices:
• CLI – Command-Line Interface that provide a rich set of command to manage the device
through TELNET, SSH or the physical console port.
• DmView – Is a Network Management System (NMS) based on SNMP.
Read Datasheet Guide to see if DmView are available for the specific device.
This chapter intends to help the user to perform basic management functions on DmOS devices.
For more information on the physical console port pinouts, read the Installation Guide for
the specific device.
DATACOM 204.4006.03 33
DmOS – User Guide Managing the Device
login:
Step 5 • Type the username followed by [Enter]:
login:username
password: password
The Ethernet Management Interface of device is delivered with the default IP address
192.168.0.25/24. It is recommended to change it following the network design
requirements.
Where:
IP_address – IP Address of management Interface
DATACOM 204.4006.03 34
DmOS – User Guide Managing the Device
Where:
chassis/slot/port – Interface MGMT identification
Where:
Ipaddress/mask – Management IP Address/Network Mask
(config)# commit
To configure a default route for management interface use the following commands:
Where:
IPaddress/mask – MGMT IP Address / Network Mask
IPGateway – Gateway IP Address
DATACOM 204.4006.03 35
DmOS – User Guide Managing the Device
(config)# commit
Using in-band management, any connectivity problem can lead the device to be
unreachable. Therefore, it is important have a secondary access to devices like a
management interface or a console interface.
To configure in-band management, the user need enter configuration mode, create a VLAN interface,
assign a new management IP address and add an ethernet interface, as shown below:
Where:
interface_id – Ethernet interface for in-band management
(config-if-vlan-vlan_id)# top
Step 6 • Create a Logical L3 interface
Where:
interface_name – Specified name for in-band management interface
DATACOM 204.4006.03 36
DmOS – User Guide Managing the Device
Where:
text – In-band management description interface
ipv4_address – Ipv4 address
vlan_id – VLAN identifier for in-band management interface
Where:
text – In-band management description interface
ipv4_address - Ipv4 address
vlan_id – VLAN identifier for in-band management interface
(config)# commit
To configure a default route for management interface use the following commands:
Step 1 • Change to configuration mode
# config terminal
Step 2 • Default route management interface
(config)# commit
3.2 DMVIEW
DmView is a Network Management System (NMS), designed for supervising and configuring
DATACOM devices, offering a main console for network operations in detecting faults in the
infrastructure, can perform a discovery of network devices, also provide management functionalities
related with provisioning, configuration, performance, security, audit, maps and inventory.
A wide range of the DmView installation options are available, from a standalone version running in a
personal computer, up to a multiple High Availability server deployment with separate applications,
database and terminal/presentation servers. DmView also works with third-party NMS and OSS/BSS
frameworks.
DATACOM 204.4006.03 37
DmOS – User Guide Managing the Device
To connect the device to DmView, and vice-versa, use the following commands:
Where:
name – Target identifier
IPaddress – Target IP Address
Where:
community – Community security name
(config)# top
Step 6 • Enables SNMP traps sent using the following command
Where:
notify_id – Target identifier
name – Target name
[informs|traps]– Notification type
(config)# top
Step 8 • If the DmView server is installed in a different network segment than device, it will
be necessary to configure a route on device to reach the DmView. The route is
installed as follow:
Where:
prefixIP/mask – DmView Network prefix and mask
gatewayIP – Notification type
DATACOM 204.4006.03 38
DmOS – User Guide Managing the Device
(config)# commit
3.3.1 Ping
The ping command is a common method for troubleshooting the accessibility of devices. It uses two
Internet Control Message Protocol (ICMP) query messages, ICMP echo requests, and ICMP echo
replies to determine whether a remote host is active.
In the command line session, perform the following tasks to check connectivity using ping command:
DATACOM 204.4006.03 39
DmOS – User Guide Managing the Device
Where:
all – Generate DAS and RSA keys
dsa – Generate DAS keys
rsa – Generate RSA keys
Command To verify
• Type
# show ssh-server public-key • Size
• Date Generate
• Data
# config terminal
Step 2 • Change SSH max connections
(config)# commit
# config terminal
DATACOM 204.4006.03 40
DmOS – User Guide Managing the Device
(config)#ssh-server legacy-support
Step 3 • Commit the configuration
(config)# commit
# config terminal
Step 2 • Enable TELNET server
(config)#telnet-server enabled
Step 3 • Commit the configuration
(config)# commit
# config terminal
Step 2 • Disable TELNET server
(config)#telnet-server disabled
Step 3 • Commit the configuration
(config)# commit
DATACOM 204.4006.03 41
DmOS – User Guide Managing the Device
# config terminal
Step 2 • Change SSH max connections
(config)# commit
(config)# commit
DATACOM 204.4006.03 42
DmOS – User Guide Managing the Device
audit Accounts with read-only privileges. Are able only to view the device
parameters
Due to security reasons, it is strongly recommended to change the admin account password
at the first time login. For change password, see Modifying a User Password.
For a complete configuration of a new user, only three parameters of a command are necessary. First
parameter defines the username, the second defines the password and the last defines the privilege levels
(admin, config or audit).
The user account may be created without defining a password (empty).
The default value for access-level is audit. Therefore, when creating a new audit account, the command
aaa user username password pass is enough.
Where:
username –User identifier name
DATACOM 204.4006.03 43
DmOS – User Guide Managing the Device
(config)# commit
Where:
username – User identifier name
old_pass – Old password of the given user
new_pass – New password of the given user
new_pass – New password confirmation
(config)# commit
Where:
username – User identifier name
admin|config|audit – User privilege
DATACOM 204.4006.03 44
DmOS – User Guide Managing the Device
(config)# commit
Where:
username – User identifier name
(config)# commit
user/password/privilege admin/admin/admin
Command To verify
User
show running-config aaa Privilege Group (Account level)
Password
DATACOM 204.4006.03 45
DmOS – User Guide Managing the Device
3.6.3 RADIUS
RADIUS stands for Remote Authentication Dial-In User Service: a standard for providing
authentication, authorization and accounting services.
The essential RADIUS components are client host (user terminal), RADIUS client (device), and the
RADIUS server. Client host requests access to the RADIUS client resources. The RADIUS client
authenticates client against the RADIUS server and if the credentials are considered valid, the RADIUS
Client then decided what authorization level is appropriate for client host, and grants access
appropriately.
The communication between the RADIUS Client and the RADIUS server is secure, and a unique
keyword, called shared-secret, on both systems is required.
The RADIUS client must be configured to point to the RADIUS server. The RADIUS server will deny
any RADIUS client that it is not configured or when the presented secret key is incorrect.
The following figure shows the sequence to authenticate and authorize a user connection:
Read Datasheet Guide to see if this feature is available for the specific device.
When authorizing via remote servers, the final user group will be a union of the group
provided by the external authorization server and the local authorization information for
the given user.
Example: A user created on the local database with group admin and authorized via remote
server with group audit will be assigned to both groups: admin and audit.
DATACOM 204.4006.03 46
DmOS – User Guide Managing the Device
# config terminal
Step 2
Create new RADIUS host
(config)#aaa server radius server_id host IPaddress
Where:
server_id – RADIUS Server Identifier
IPaddress – IP address of the RADIUS Server
(config)# commit
Where:
server_id – RADIUS Server Identifier
IPaddress – IP address of the RADIUS Server
(config-radius-radius_id)#shared-secret key
Where:
key – A unique shared key
(config)# commit
DATACOM 204.4006.03 47
DmOS – User Guide Managing the Device
Where:
server_id – RADIUS Server Identifier
IPaddress – IP address of the RADIUS Server
Where:
number – Authentication server port number
•
Example: (config-radius-AAAServer)# authentication-port
1812
Step 4 • Commit the configuration
(config)# commit
Where:
server_id – RADIUS Server Identifier
IPaddress – IP address of the RADIUS Server
(config)# commit
DATACOM 204.4006.03 48
DmOS – User Guide Managing the Device
The user authentication process with Authorization service enabled will be return the
permissions as configured in the RADIUS server. Two permission groups are supported on
RADIUS: admin and audit.
Where:
server_id – RADIUS Server Identifier
IPaddress – IPv4 address of the RADIUS Server.
Where:
number – Accounting server port number
•
Example: (config-radius-AAAServer)# accounting-port 1813
Step 4 • Commit the configuration
(config)# commit
Where:
server_id – RADIUS Server Identifier
IPaddress – IPv4 address of the RADIUS Server. The host parameter also
accepts IPv6 Address or hostname.
DATACOM 204.4006.03 49
DmOS – User Guide Managing the Device
(config)# commit
Whether the accounting service is enabled as shown previously, the device sends
accounting information to the AAA server for every session. DmOS sends the login/logout
data, containing: username, type of service, date and event timestamp.
Where:
server_id – RADIUS Server Identifier
IPaddress – IP address of the RADIUS Server
Where:
retries_number – Specifies how many times the device will try the
authentication request
(config)# commit
DATACOM 204.4006.03 50
DmOS – User Guide Managing the Device
Retry 2 times
When the Authentication service is enabled, the device uses authorization merging local
configuration and remote ones. The permission can be different on Radius and Local, but
the higher level of access will be used for user as your access level.
Command To verify
RADIUS ID
Host
Shared key
(config)# show running-config aaa server Authentication and Accounting
Service Status
Authentication, and Accounting
Ports
Connection retries and timeout
3.6.4 TACACS+
TACACS stands for Terminal Access Controller Access Control System. It is a protocol developed by
Cisco Systems based on AAA model.
The essential TACACS+ components are the Access Client (user terminal), Network Access Server
(device), and the TACACS+ server.
The device, acting as a NAS (Network Access Server) receives a user's connection request and performs
an initial access negotiation with the user to establish certain data (username, password, port number,
and so on). The device then sends this data to the TACACS+ server and requests authentication. The
TACACS+ server may authenticate the request, and may authorize services over the connection. The
TACACS+ server does this by matching received data from the NAS's request with entries in own
database. Based on this response from the TACACS+ server, the NAS (device) decides whether to
establish the user's connection or terminate the user's connection attempt. At the end of this process,
DmOS issues accounting information to the TACACS+ server to document the transaction.
DATACOM 204.4006.03 51
DmOS – User Guide Managing the Device
TACACS+ relies upon Transmission Control Protocol (TCP). TCP port 49 is used by default between
client and the server.
TACACS+ provides security between the communications of the NAS and the TACACS+ Server. The
entire body (header and payload) of the packet is encrypted. This encryption relies on a shared secret
key on each device.
Read Datasheet Guide to see if this feature is available for the specific device.
where:
server_id – TACACS+ Server Identifier
IPaddress – IP address of the TACACS+ Server
(config)# commit
The character “!” must not be used in the shared key definition. This special character is
interpreted as a comment.
where:
server_id – TACACS+ Server Identifier
IPaddress – IP Address of the TACACS+ Server
DATACOM 204.4006.03 52
DmOS – User Guide Managing the Device
(config-tacacs-tacacs_id)#shared-secret key
where:
key – A unique shared key
(config)# commit
where:
server_id –TACACS+ Server Identifier
IPaddress – IP address of the TACACS+ Server
(config-tacacs-tacacs_id)#authentication-port number
where:
number – Authentication server port number
(config)# commit
DATACOM 204.4006.03 53
DmOS – User Guide Managing the Device
• ASCII – Machine-independent technique. Requires a user to type a username and password, which
are sent in clear text (unencrypted) and matches with an entry in the user database stored in ASCII
format.
To modify TACACS+ settings related to authentication types proceed as follows:
where:
server_id – TACACS+ Server Identifier
IPaddress – IP address of the TACACS+ Server
(config-tacacs-tacacs_id)#authentication-type [ascii|pap]
where:
ascii|pap – Accounting type
(config)# commit
where:
server_id – TACACS+ Server Identifier
IPaddress – IP address of the TACACS+ Server
(config-tacacs-tacacs_id)#authentication
Example: (config-tacacs-AAAServer)#authentication
Step 4 • Commit the configuration
(config)# commit
DATACOM 204.4006.03 54
DmOS – User Guide Managing the Device
where:
server_id – TACACS+ Server Identifier
IPaddress – IP address of the TACACS Server
(config-tacacs-tacacs_id)#timeout time
where:
time – time set for the device to wait for TACACS+ server response in
seconds.
(config)# commit
Authentication Port 49
Timeout 5 seconds
Retry 3 times
DATACOM 204.4006.03 55
DmOS – User Guide Managing the Device
Command To verify
• TACACS+ ID
• Host
# show running-config aaa server • Shared key
• Authentication Status
• Timeout and Retry values
(config)# commit
Where
YYYYMMDD – Year (4), month (2) and day (2)
HH:MM:SS – Hour (2), minutes (2), seconds (2)
DATACOM 204.4006.03 56
DmOS – User Guide Managing the Device
(config)# commit
Where:
name – Time zone name for identification
UTC – Offset from TUC (-12 to +14)
(config)# commit
Read Datasheet Guide to see if this feature is available for the specific device.
DATACOM 204.4006.03 57
DmOS – User Guide Managing the Device
Where:
IPaddress – NTP/SNTP Server IP
(config)# commit
Where
IPaddress – NTP/SNTP Server IP
Where
[md5|none] – NTP/SNTP authentication method
password – MD-5 password
(config)# commit
DATACOM 204.4006.03 58
DmOS – User Guide Managing the Device
Where
time – Polling interval in seconds
(config)# commit
To specify to the SNMP agent which are the needed objects, the SNMP manager or management
application, uses a well-defined naming syntax. Object names in this syntax are called object identifiers
DATACOM 204.4006.03 59
DmOS – User Guide Managing the Device
(object IDs, or OIDs), and are numbers that uniquely identifies an object to an SNMP agent. For
instance, an object might be something like Interface Status. Querying Interface Status would return a
variable – the interface could be up or down. The collection of OIDs organized hierarchically is called
MIBs (Management Information Base).
Community is another important SNMP concept. It is used to allow authorized users to access the SNMP
agent on a device. Community strings may be configured as read-only (RO), or read-write (RW). As
the name implies, read-only strings only allow information to be pulled from the agent. However, read-
write strings are much more powerful, and can allow re-configuration of many devices properties.
SNMP versions are shown on following table.
Original version of SNMP, community strings sent in plain text, very weak
v1
security.
SNMP v2c was developed to fix some of the problems in v1. However multiple
versions were developed, none truly addressing the problems with v1. V2c is the
v2c most used version, and has enhanced protocol handling over v1, resulting in
slightly improved operations. However, security is still an issue because it uses
plain-text community strings.
The newest version of SNMP, v3 supports full security and authentication. Should
v3
be used if possible, especially on untrusted networks.
Use extreme caution when implementing read-write strings. Some versions of SNMP
transmit strings in clear-text, raising the security risk.
Read Datasheet Guide to see if this feature is available for the specific device.
(config)# commit
DATACOM 204.4006.03 60
DmOS – User Guide Managing the Device
Where
Version [v1|v2c|v3] – SNMP version
(config)# commit
Where
port – UDP protocol port to be used for communication
(config)# commit
Where
IPaddress – IP Address to be used for communication
port – UDP protocol port to be used for communication
DATACOM 204.4006.03 61
DmOS – User Guide Managing the Device
(config)# commit
Where
max_size – Maximum length of SNMP
(config)# commit
Where
text – Contact or Location identifier
(config)# commit
DATACOM 204.4006.03 62
DmOS – User Guide Managing the Device
Where
community_index – Index to identify the community
(config)# commit
Use this parameter when the community is not the same as the index.
Where
community_index – Index to identify the community
Where
name_id – Index to identify the community
(config)# commit
Where
community_index – Index to identify the community
DATACOM 204.4006.03 63
DmOS – User Guide Managing the Device
Where
sec_name – Security model name to identify the community
(config)# commit
Where
community_index – Index to identify the community
Where
tag_id – Index to identify the community
Example:(config-community-public_dtc)# target-tag 5
Step 4 • Commit the configuration
(config)# commit
DATACOM 204.4006.03 64
DmOS – User Guide Managing the Device
Where
user_id – Username string
sec_name – Security name string
(config)# commit
Where
user_id – Username string
Where
[md5|sha] – Authentication Protocol
pass – Authentication Password String
(config)# commit
Where
user_id – Username string
DATACOM 204.4006.03 65
DmOS – User Guide Managing the Device
Where
pass_id – Authentication Password String
(config)# commit
Where
view_name – Name of VACM MIB view
Where
subtree_id – Subtree OID in MIB view
(config)# commit
DATACOM 204.4006.03 66
DmOS – User Guide Managing the Device
# config terminal
Step 2 • Create a group
(config)# snmp vacm group group_id
Where
group_id – Group name identifier
(config)# commit
Where
group_id – Group name identifier
Where
username – Security name identifier
(config)# commit
Where
group_id – Group name identifier
DATACOM 204.4006.03 67
DmOS – User Guide Managing the Device
Where
group_id – Group name identifier
Where
view_name – Name of the MIB view
(config)# commit
Where
name – Target identifier
IPaddress – Target IP address
(config)# commit
DATACOM 204.4006.03 68
DmOS – User Guide Managing the Device
Where
target_id – Target identifier
Where
community – Community security name
(config)# commit
Where
target_id – Target identifier
Where
community – Community security name
(config)# commit
DATACOM 204.4006.03 69
DmOS – User Guide Managing the Device
# config terminal
Step 2 • Join a target identifier
(config)# snmp target target_id
Where
target_id – Target identifier
Where
sec_id – Authentication and encryption
user_id – User name identifier
(config)# commit
Where
target_id – Target identifier
Where
port – UDP Port identifier
(config)# commit
DATACOM 204.4006.03 70
DmOS – User Guide Managing the Device
This parameter is only required if the target is able to receive v3 informs messages.
Where
target_id – Target identifier
Where
time – Timeout configuration
(config)# commit
This parameter is only required if the target is able to receive v3 informs messages.
Where
target_id – Target identifier
Where
number – Number of retries
DATACOM 204.4006.03 71
DmOS – User Guide Managing the Device
Example:(config-target-server-trap)# retries 3
(config)# commit
This parameter is only required if the target is able to receive v3 informs messages.
Where
target_id – Target identifier
Where
id – Engine Identifier
Example:(config-target-server-trap)# engine-id
80:00:0E:7D:03:00:04:DF:40:8D:D8
Step 4 • Commit the configuration
(config)# commit
Where
notify_id – Target Identifier
DATACOM 204.4006.03 72
DmOS – User Guide Managing the Device
(config)# commit
3.10.1 Overview
According RFC5424, the Syslog Protocol is used to transport event notification messages. This protocol
uses a layered architecture. The layers are: syslog content, syslog application and syslog transport.
Syslog is used by network devices to send event messages to an external server – usually called Syslog
Server. For example, if an Ethernet interface is enabled, a message is sent for external server configured
alerting this change.
The following figure illustrates the message exchanges between the Device (Syslog Agent) and the
Syslog Server.
Read Datasheet Guide to see if this feature is available for the specific device.
DATACOM 204.4006.03 73
DmOS – User Guide Managing the Device
Where
IPaddress – IP Address of the Syslog Server
(config)# commit
Where
IPaddress – IP Address of the Syslog Server
(config)# commit
By default DmOS only sends error logs after enabling this feature. The other options are
warning, notice, informational, error, emergency, critical and alert.
Where
level – IP Address of the Syslog Server
DATACOM 204.4006.03 74
DmOS – User Guide Managing the Device
(config)# commit
DATACOM 204.4006.03 75
DmOS – User Guide Gigabit Passive Optical Network (GPON)
The main characteristic of a Passive Optical Network (PON) is the non-use of electrical components to
signal distribution. The passive architecture is mainly used as a solution for access to the last mile, leading
optical fiber cabling and signals nearest to end-user. A PON system has the ability to deliver high rates of
speed for broadband access.
The first PON was based on ATM (called APON then, now renamed to broadband or BPON) and it has
evolved to today's dominants Gigabit PON (GPON) and Ethernet PON (EPON). All of these optical
technologies create split multi-site connection paths, they are built using a similar topology and components
like shown by following figure.
PON uses a network point-to-multipoint configuration. So, a single fiber is shared by several end points
(e.g.: homes and offices). This sharing is possible using a passive optical splitter, resulting in division
of 4, 8, 16, 32 or 64 for outgoing fibers. But this depends on the optical splitter manufacturing process
and distances involved.
Active transmission device in PON network consists only of Optical Line Termination (OLT) and
Optical Network Unit (ONU). OLT is responsible to provide the uplink port, which is connected to the
core network, and meanwhile offers the downlink PON ports.
GPON uses WDM (Wavelength Division Multiplexing) technology, allowing bidirectional
transmission over a single fiber (different wavelength for downstream and upstream). To segregate
traffic of multiple users, GPON uses broadcast in downstream direction (OLT to ONU) and TDMA in
upstream direction (ONU to OLT).
Since, data are broadcasted from OLT to ONU, the ONUs (Optical Networks Units) should filter the
user’s data traffic and also coordinate, by multiplexing the signals, output from client to does not conflict
with other user’s data.
As the data packets are transmitted in a broadcast manner to all ONUs, GPON standard uses AES
(Advanced Encryption Standard) to encrypt the data flow in downstream direction (OLT to ONU). The
encryption is a secure way to avoid eavesdropping and assure that only the allowed user will access the
information.
DATACOM 204.4006.03 76
DmOS – User Guide Gigabit Passive Optical Network (GPON)
Read Datasheet Guide to see if this feature is available for the specific device.
Where
chassis/slot/port – Chassis, slot and port position
(config-gpon-chassis/slot/port)#no shutdown
Example:(config-gpon-1/1/1)# no shutdown
Step 4 • Commit the configuration
(config)# commit
Where
chassis/slot/port – Chassis, slot and port position
(config-gpon-chassis/slot/port)#shutdown
Example:(config-gpon-1/1/1)# shutdown
DATACOM 204.4006.03 77
DmOS – User Guide Gigabit Passive Optical Network (GPON)
(config)# commit
Where
chassis/slot/port – Chassis, slot and port position
(config-gpon-chassis/slot/port)#no downstream-fec
Example:(config-gpon-1/1/1)# no downstream-fec
Step 4 • Disable upstream FEC
(config-gpon-chassis/slot/port)# no upstream-fec
Example:(config-gpon-1/1/1)# no upstream-fec
Step 5 • Commit the configuration
(config)# commit
Where
chassis/slot/port – Chassis, slot and port position
(config-gpon-chassis/slot/port)#anti-rogue onu-isolate
onu_id
DATACOM 204.4006.03 78
DmOS – User Guide Gigabit Passive Optical Network (GPON)
(config)# commit
Where
chassis/slot/port – Chassis, slot and port position
(config-gpon-chassis/slot/port)#onu onu_id
Where
onu_id – ONU interface number
Example:(config-gpon-1/1/1)#onu 1
Step 4 • Set the required MAC limit for the interface
(config-gpon-onu-onu_id)#mac-limit mac-limit-number
Where
mac-limit-number – Number of MACs allowed to be learned in the given
ONU interface (1-255)
Example:(config-gpon-onu-1)#mac-limit 255
Step 5 • Commit the configuration
(config)# commit
DATACOM 204.4006.03 79
DmOS – User Guide Gigabit Passive Optical Network (GPON)
Where
chassis/slot/port – Identifies the related interface according its
place on the device
(config-gpon-1/1/1)#onu onu_id
Where
onu_id – ONU identification number
Example:(config-gpon-1/1/1)#onu 1
Step 4 • Define the VEIP port to set
(config-gpon-onu-1)#veip veip_port
Where
veip_port – Port available for configuration
Example:(config-gpon-onu-1)#veip 1
Step 5 • Configure the VEIP port as Native VLAN and set a CoS value
Where
vlan_id – VLAN number (1-4093)
cos_value – Class of Service value (0-7)
(config)# commit
DATACOM 204.4006.03 80
DmOS – User Guide Gigabit Passive Optical Network (GPON)
Command To Verify
• Physical interface
• Downstream FEC
# show interface gpon chassis/slot/port • Upstream FEC
• Transceiver type
• Allocated upstream
• Bandwidth
• Interface
• Downstream FEC
# show interface gpon chassis/slot/port • Upstream FEC
brief • Admin
• Link
• Transceiver type
4.2.1 Overview
On a typical PON Network, there are many end-users, but few service types and ONU models. Thus, in
order to avoid massive provisioning tasks, the GPON Profiles allows defining common attributes that
may be reused lot of times, and apply to multiple service ports.
Read Datasheet Guide to see if this feature is available for the specific device.
• Service Profile: Defines service attributes that will be applied to an ONU as VLAN mapping,
CoS and transparency of L2 protocols.
• Bandwidth Profile: Defines the available bandwidth to a specific Transmission Container (T-
CONT). A Transmission Container (T-CONT) is an ONU object, representing a group of
logical connections that appears as a single entity and they are used for management of upstream
DATACOM 204.4006.03 81
DmOS – User Guide Gigabit Passive Optical Network (GPON)
bandwidth on the PON Link. For a given ONU, the number of supported T-CONTs is fixed and
defined by ONU profile.
o Type 1: Fixed bandwidth type only. The assured bandwidth equals the maximum
bandwidth and has the highest priority. All bandwidth is allocated regardless of
demand. All exceeding traffic is discarded. Mainly used for services sensitive to delay
and high priority, such as Voice over IP applications.
o Type 2: Guaranteed bandwidth type. It has assured bandwidth. The assured traffic can
be allocated to maximum as the fixed, however only on demand. This type is mainly
used for video services and data services of higher priorities.
o Type 3: Guaranteed bandwidth type. It has assured bandwidth and non-assured
bandwidth. The non-assured traffic only is allocated when a remaining bandwidth is
available. This type is mainly used for video services and data services of higher
priorities.
o Type 4: Best-effort type only. The bandwidth that has not been allocated as fixed or
guaranteed is used. Mainly used for data services such as Internet and services of low
priority.
o Type 5: Mixed type. It is a superset of all other T-CONTs types. Involves all bandwidth
types, such as fixed, guaranteed and best effort.
• Line Profile: Defines association between GEM Ports with a T-CONT and also maps a GEM
Port with ONU services. The GEM Port represents a flow of data, which must associate to a
bandwidth profile.
• SIP Agent Profile: Defines the settings of SIP Agent that will register the analog line and
control the call process. The SIP Agent Profile is associated a POTS interface.
• GEM Traffic Profile: Define a quality of service on ONU. This profile allows limiting the data
traffic at upstream and downstream with the parameters CIR (Committed Information Rate) and
EIR (Excess Information Rate).
• Media Profile: Defines the media parameters for VoIP services, allowing to set a priority
ordered codec list, where is set the codec type, packet-period and silence-suppression for each
entry on the list. Media-profile command is also
used to enable/disable out-of-band DTMF, configure the target of the jitter buffer, and
the maximum depth of the jitter buffer.
DATACOM 204.4006.03 82
DmOS – User Guide Gigabit Passive Optical Network (GPON)
(config)# commit
(config)# commit
Where
profilename – ONU profile identification
(config-onu-profile-profilename)#ethernet max_eth
Where
max_eth – Number of ONU Ethernet ports
Example:(config-onu-profile-onu-1-port)# ethernet 4
Step 4 • Enter the number of POTS port on the ONU
(config-onu-profile-profilename)#pots pots_ID
Where
pots_ID –POTS Identifier
Example:(config-onu-profile-onu-1-port)# pots 2
Step 5 • Commit the configuration
(config)# commit
DATACOM 204.4006.03 83
DmOS – User Guide Gigabit Passive Optical Network (GPON)
To create a Service profile, the related ONU profile must be previously created. Read the
chapter .
Where
profilename – Service profile identification
(config-service-profile-profilename)#onu profilename
Where
profilename – Identify a ONU profile
Example:(config-service-profile-1-port-residential)# onu-
profile 1-port
Step 4 • Setting a VLAN mapping
(config-onu-profile-profilename)#vlan-mapping map_name
symmetric ethernet eth_port match vlan vlan-id vlan_id_A
cos cos_A action vlan [add|replace] vlan-id vlan_id_B cos
cos_B
Where
map_name – Map identification name
eth_port – ONU Ethernet port
vlan_id_A – VLAN identifier to perform the match
cos_A – Traffic priority (0-7) to perform the match
vlan_id_B – VLAN identification for the new tag inserted or replaced
cos_B – Traffic priority (0-7) for the new tag inserted or replaced
DATACOM 204.4006.03 84
DmOS – User Guide Gigabit Passive Optical Network (GPON)
Example:(config-service-profile-1-port-residential)# vlan-
mapping map simmetryc ethernet 1 match vlan vlan-id 10 cos
3 action vlan add vlan-id 20 cos 7
Step 5 • Commit the configuration
(config)# commit
Where
profilename – Bandwidth profile identification
(config-bandwidth-profile-profilename)#traffic [type-
1|type-2|type-3|type-4|type-5] bandwidth
Where
bandwidth – Defines the fixed, assured or maximum bandwidth (depends on
the selected T-CONT type)
Example:(config-bandwidth-profile-2m-cir_10m-pir)# traffic
type-3 assured-bw 2048 max-bw 9984
Step 4 • Commit the configuration
(config)# commit
To create a Line profile, the related Bandwidth profile must be previously created. Read
about the Bandwidth profile creation in the chapter
DATACOM 204.4006.03 85
DmOS – User Guide Gigabit Passive Optical Network (GPON)
Where
profilename – Line profile identification
Where
tcont_id – Identification of a T-CONT port
profilename – Bandwidth profile identification name
Example:(config-line-profile-internet-10m)# tcont 4
bandwidth-profile 2m-cir_10m-pir
Step 4 • Setting an Ethernet port for GEM port in line profile
Where
gem_id – Identification of a GEM port
map_id – Mapping name for mapping configuration in a GEM port
ethernet_port – Identification of a ONU Ethernet
Where
gem_id – Identification of a GEM port
map_id – Mapping name for a GEM port configuration
Where
gem_id – Identification of a GEM port
map_id – Mapping name for a GEM port configuration
veip_id – Virtual Ethernet Interface Point number
DATACOM 204.4006.03 86
DmOS – User Guide Gigabit Passive Optical Network (GPON)
Where
gem_id – Identification of a GEM port
tcont_name – Identification of a T-CONT port
priority_id – Line profile priority
profile_name – GEM Rate Traffic Profile
(config-line-profile-profilename)# upstream-fec
Example:(config-line-profile-internet-10m)# upstream-fec
Step 9 • Commit the configuration
(config)# commit
Where
profile_name – Identification of a SIP Agent profile
DATACOM 204.4006.03 87
DmOS – User Guide Gigabit Passive Optical Network (GPON)
(config-sip-agent-profile-profile_name)#outbound-proxy
outbound_IP|proxy-server proxy_IP|registrar registrar_IP
Where:
outbound_IP – identify a Outbound Proxy IP Address
proxy_IP – identify a Proxy Server IP Address
registrar_IP – identify a Registrar Server IP Address
(config)# commit
Where
profilename – GEM traffic profile identification
Where
cir_rate – Committed Information Rate
eir_rate – Excess Information Rate
priority – Upstream GEM port priority
DATACOM 204.4006.03 88
DmOS – User Guide Gigabit Passive Optical Network (GPON)
(config)# commit
First check the ONU capabilities before configuring the codec list, because some ONU
models do not support all the codecs listed. There must be 4 codecs configured in a Media
Profile
Where
profilename – Media profile identification
(config-media-profile-profilename)# codec-order
order_index
Where
Order_index – Codec Order
DATACOM 204.4006.03 89
DmOS – User Guide Gigabit Passive Optical Network (GPON)
Where
Codec_type – Codec Order
(config-media-profile-profilename)# codec-order
order_index
Where
Order_index – Codec Order
Where
Codec_type – Codec Order
(config-media-profile-profilename)# codec-order
order_index
Where
Order_index – Codec Order
Where
Codec_type – Codec Order
(config-media-profile-profilename)# codec-order
order_index
Where
Order_index – Codec Order
DATACOM 204.4006.03 90
DmOS – User Guide Gigabit Passive Optical Network (GPON)
Where
Codec_type – Codec Order
(config-codec-order-order_index)#packet-period period_time
Where
period_time – Packet period interval in milliseconds
(config-codec-order-order_index)# silence-suppression
(config-codec-order-order_index)# exit
Where
value – Value of the jitter buffer
Where
maxvalue – Value of the maximum jitter buffer
DATACOM 204.4006.03 91
DmOS – User Guide Gigabit Passive Optical Network (GPON)
(config-media-profile-profilename)# oob-dtmf
• (config)# commit
Command To Verify
• Profile name
# show running-config profile gpon onu-
profile onu_profilename • Ethernet
• Pots
• Profile name
# show running-config profile gpon service-
profile service_profilename • ONU Profile
• VLAN Mapping
• Profile name
• Type
# show running-config profile gpon
bandwidth-profile bw_profilename • Fixed-bw
• Assured-bw
• Maximum-bw
• Profile name
# show running-config profile gpon line- • Upstream-FERC
profile line_profilename • T-CONT
• GEM
• Registrar Server
# show running-config profile gpon sip-
agent-profile SIP-Agent • Proxy Server
• Outbound Proxy
# show running-config profile gpon gem- • CIR
traffic-profile Traffic-Rate • EIR
• Codec Order
• Type
• Packet Period
• Silence Suppression
• Jitter Target Dynamic
# show running-config profile gpon media- Buffer
profile MediaName • Jitter Target Buffer
• Jitter Maximum ONU
Internal Buffer
• Jitter Maximum
Buffer
• Oob dtmf
DATACOM 204.4006.03 92
DmOS – User Guide Gigabit Passive Optical Network (GPON)
Where
chassis/slot/port – Chassis, slot and port position
Where
serial-number – Serial number of the given ONU
(config)# commit
Where
chassis/slot/port – Chassis, slot and port position
Where
onu_id – ONU identification
DATACOM 204.4006.03 93
DmOS – User Guide Gigabit Passive Optical Network (GPON)
(config)# commit
Where
chassis/slot/port – Chassis, slot and port of the device
(config-gpon-chassis/slot/port)#onu onu_id
Where
onu_id – ONU identification name
Example:(config-gpon-1/1/1)# onu 1
Step 4 • Set the ONU name
(config-gpon-onu-onu_id)#name onu_name
Where
onu_name – ONU identification name
(config)# commit
DATACOM 204.4006.03 94
DmOS – User Guide Gigabit Passive Optical Network (GPON)
Where
slot/port – Slot position and GPON port
(config-gpon-slot/port)#onu-auth-method [password|serial-
number|serial-number-and-password]
(config)# commit
Where
slot/port – Slot position and GPON port
(config-gpon-slot/port)#aes-key-exchange interval
Where
interval – Time (in seconds) for AES key exchanging
Example:(config-gpon-1/1)# aes-key-exchange 30
Step 4 • Commit the configuration
(config)# commit
DATACOM 204.4006.03 95
DmOS – User Guide Gigabit Passive Optical Network (GPON)
Where
chassis/slot/port – Device, slot position and GPON port
(config-gpon-slot/port)#onu onu_id
Where
onu_id – ONU identification
Example:(config-gpon-1/1)# onu 1
Step 4 • Enter into ONU credentials
Where
onu_sn – ONU serial number
onu_ password – ONU Password
(config)# commit
The authentication method using Serial Number and Password represents only one ONU authentication
method. As described in , another two methods are available: Serial Number Only and Password
Only. Therefore, Step 3 may suffer some changes for the Serial Number Authentication, as follow:
Where
chassis/slot/port – Device, slot position and GPON port
(config-gpon-chassis/slot/port)#onu onu_id
Where
DATACOM 204.4006.03 96
DmOS – User Guide Gigabit Passive Optical Network (GPON)
Example:(config-gpon-1/1/1)# onu 1
Step 4 • Enter into serial number
(config-gpon-slot/port)#serial-number onu_sn
Where
onu_sn – ONU serial number
(config)# commit
Where
chassis/slot/port – Device, slot position and GPON port
(config-gpon-slot/port)#onu onu_id
Where
onu_id – ONU identification
Example:(config-gpon-1/1)# onu 1
Step 4 • Enter into ONU password
Where
onu_pass – ONU Password
Example:(config-gpon-onu-1)#password 00d3506944
Step 5 • Commit the configuration
(config)# commit
The password must be unique on the system. Only one ONU will be activated if multiple
devices use the same password.
DATACOM 204.4006.03 97
DmOS – User Guide Gigabit Passive Optical Network (GPON)
Command To Verify
• Chassis/Slot
• ONU authentication
# show gpon chassis/slot
method
• AES key exchange
Where
chassis/slot/port – Device, slot position and GPON port
(config-gpon-chassis/slot/port)#onu onu_id
Where
onu_id – ONU identification
Example:(config-gpon-1/1/1)# onu 1
Step 4 • Enter on the POTS interface
(config-gpon-chassis/slot/port)#pots pots_id
Where
pots_id – POTS identification number
Example:(config-gpon-onu-1)# pots 1
Step 5 • Setting SIP Agent Profile on POTS interface
(config-pots-port_id)#sip-agent-profile profile_name
Where
profile_name – SIP Agent Profile identification
DATACOM 204.4006.03 98
DmOS – User Guide Gigabit Passive Optical Network (GPON)
(config-pots-port_id)#sip-user-agent [display-name
name|password password|user-part-aor address|username
username]
Where
name – identify a SIP User Agent
password – password of SIP Agent Profile
address – user part address of record (AOR)
username – authentication username of SIP User Agent
(config)# commit
Where
chassis/slot/port – Identifies the related interface according its place
on the device
(config-gpon-1/1/1)#onu onu_id
Where
onu_id – ONU identification number
Example:(config-gpon-1/1/1)#onu 1
Step 4 • Define the VEIP port to set
(config-gpon-onu-1)#veip veip_port
Where
veip_port – Port available for configuration
Example:(config-gpon-onu-1)#veip 1
DATACOM 204.4006.03 99
DmOS – User Guide Gigabit Passive Optical Network (GPON)
Step 5 • Configure the VEIP port as Native VLAN and set a CoS value
Where
vlan_id – VLAN number (1-4093)
cos_value – Class of Service value (0-7)
(config)# commit
Where
chassis/slot/port – Device, slot position and GPON port
(config-gpon-slot/port)#onu onu_id
Where
onu_id – ONU identification
Example:(config-gpon-1/1)# onu 1
Step 4 • Associate the Service profile and Line profile to ONU
Where
profilename – Service profile name
profilename2 – Line profile name
Example:(config-gpon-onu-1)#service-profile 1-port-
residential line-profile internet_10m
Step 5 • Commit the configuration
(config)# commit
Where
chassis/slot/port – Device, slot position and GPON port
(config-gpon-chassis/slot/port)#onu onu_id
Where
onu_id – ONU identification
Example:(config-gpon-1/1/1)# onu 1
Step 4 • Enter into UNI interface
(config-gpon-onu-onu_id)#ethernet port
Where
port – UNI port identification
Example:(config-gpon-onu-1)#ethernet 1
Step 5 • Enable the UNI
(config-ethernet-port)#no shutdown
Example:(config-ethernet-1)#no shutdown
Step 6 • Commit the configuration
(config)# commit
To disable a UNI:
Where
chassis/slot/port – Device, slot position and GPON port
(config-gpon-chassis/slot/port)#onu onu_id
Where
onu_id – ONU identification
Example:(config-gpon-1/1/1)# onu 1
Step 4 • Enter into UNI interface
(config-gpon-onu-onu_id)#ethernet port
Where
port – UNI port identification
Example:(config-gpon-onu-1)#ethernet 1
Step 5 • Disable the UNI
(config-ethernet-port)# shutdown
Example:(config-ethernet-1)# shutdown
Step 6 • Commit the configuration
(config)# commit
Where
chassis/slot/port – Device, slot position and GPON port
(config-gpon-chassis/slot/port)#onu onu_id
Where
onu_id – ONU identification
Example:(config-gpon-1/1/1)# onu 1
Step 4 • Enter into UNI interface
(config-gpon-onu-onu_id)#ethernet port
Where
port – UNI port identification
Example:(config-gpon-onu-1)#ethernet 1
Step 5 • Enable negotiation
(config-ethernet-port)#negotiation
Example:(config-ethernet-1)#negotiation
Step 6 • Commit the configuration
(config)# commit
To disable auto-negotiation:
Where
chassis/slot/port – Device, slot position and GPON port
(config-gpon-chassis/slot/port)#onu onu_id
Where
onu_id – ONU identification
Example:(config-gpon-1/1/1)# onu 1
Step 4 • Enter into UNI interface
(config-gpon-onu-onu_id)#ethernet port
Where
port – UNI port identification
Example:(config-gpon-onu-1)#ethernet 1
Step 5 • Disable negotiation
(config-ethernet-port)#no negotiation
Example:(config-ethernet-1)#no negotiation
Step 6 • Commit the configuration
(config)# commit
Where
chassis/slot/port – Device, slot position and GPON port
(config-gpon-chassis/slot/port)#onu onu_id
Where
onu_id – ONU identification
Example:(config-gpon-1/1/1)# onu 1
Step 4 • Enter into UNI interface
(config-gpon-onu-onu_id)#ethernet port
Where
port – UNI port identification
Example:(config-gpon-onu-1)#ethernet 1
Step 5 • Set the native VLAN and CoS
Where
vlan_id – VLAN Identification
cos_id – Traffic priority identifier (0 to 7)
(config)# commit
Where
chassis/slot/port – Device, slot position and GPON port
(config-gpon-chassis/slot/port)#onu onu_id
Where
onu_id – ONU identification
Example:(config-gpon-1/1/1)# onu 1
Step 4 • Set static IP for ONU
Where
IPaddress/mask – Allowed IP address and mask
default_gw – IP address of default gateway
(config)# commit
Where
chassis/slot/port – Device, slot position and GPON port
(config-gpon-chassis/slot/port)#onu onu_id
Where
onu_id – ONU identification
Example:(config-gpon-1/1/1)# onu 1
Step 4 • Set the ONU as DHCP client with an outer VLAN
Where
vlan_id – VLAN identification
cos_id – Traffic priority identification (0 to 7)
(config)# commit
Command To Verify
• Physical interface
• Downstream FEC
# show interface gpon chassis/slot/ onu • Upstream FEC
• Transceiver type
• Allocated upstream
• Bandwidth
• ID
• Serial Number
• Vendor ID
• Device ID
• Name
• Operational state
• Primary state
• IPv4 mode
• IPv4 address
• IPv4 default gateway
• IPv4 VLAN
• IPv4 CoS
• Line Profile
# show interface gpon chassis/slot/ onu • Service Profile
onu_id • Allocated bandwidth
• Upstream-FEC
• Anti Rogue ONU
isolate
• Version
• Active FW
• Standby FW
• Software Download
State
• RX Optical Power -
dBm-
• TX Optical Power -
dBm-
• ID
• Serial Number
• Vendor ID
• Device ID
• Name
• Operational state
# show interface gpon chassis/slot/ onu
onu_id brief • Primary state
• Line Profile
• Service Profile
• Allocated bandwidth
• Upstream-FEC
• Anti Rogue ONU
isolate
• Link-level type
# show interface gpon chassis/slot/ onu • Speed
onu_id ethernet • Duplex
• Negotiation
4.4.1 Overview
This chapter describes how to configure the available services for GPON applications. DmOS supports
the following services:
• N:1 Service: This kind of service is usually deployed to provide internet access for residential
customers, since only one VLAN is used to transport the internet service across the network.
• 1:1 Service: This kind of service is usually deployed to provide business applications or
residential internet access, since a different VLAN is used to transport each client’s service
across the network. Each Traffic Class of the same subscriber must have the same VLAN.
• TLS Service: This kind of service is usually deployed to provide business applications or
residential Internet access, since a different VLAN is used to transport each client’s service
across the network. Each Traffic Class of the same subscriber can have the same or different
VLAN.
Read Datasheet Guide to see if this feature is available for the specific device.
Where
vlan_id – VLAN identification
(config-vlan-vlan_id)#type [1:1|n:1|tls]
(config)# commit
Where
vlan_id – VLAN identification
Where
n:1 – Service type
(config)# commit
Where
service_port_id – Service port identification number
chassis/slot/port – Chassis, slot and port position
onu_id – ONU identification number
gem_id – GEM identification number
vlan_id – VLAN identification
(config)# commit
Command To Verify
• Service-Port
• Interface GPON
• ONU
• GEM
# show service-port service-port_id • VLAN
• Action
• VLAN
• Inner Action
• Inner VLAN
4.5 ALLOWED IP
This chapter describes how to deploy the allowed IP.
4.5.1 Overview
The allowed IP addresses have to be set on service Port in order to permit IP traffic. There are four ways
to configure the IP traffic permission on Service Port:
• Static IP Address – It is configured to customer with router or another L3 device on the
network interface. In this case, the IP address of the L3 device must be listed as an allowed IP
address.
• All IP Address – For customer that needs a bridge connection.
• All IPV4 Address – For customer that needs IPV4 traffic only.
• All IPV6 Address – For customer that needs IPV6 traffic only.
Read Datasheet Guide to see if this feature is available for the specific device.
Example:(config)# anti-ip-spoofing
Step 3 • Enter the Service Port
(config-ip-spoofing)#interface interface
Where:
interface – Interface type and chassis/slot/port or ID
(config-ip-spoofing-service-port-number)#allowed-ip
[all|ipv4-all|ipv6-all|ipv4 IPaddress vlan VLAN_ID mac
mac_address]
Where:
IPaddress – allowed ip address
VLAN_ID – allowed VLAN
mac_address – allowed MAC address
Example:(config-ip-spoofing-service-port-2)# allowed-ip
ipv4 1.1.1.1 vlan 10 mac 00:AA:10:20:30:41
Step 5 • Commit the configuration
(config)# commit
The network uses DHCP or PPPoE servers to authenticate GPON clients, allowed IP
address are set automatically and these steps are not necessary.
• Interface
• Status
• MAC-Address
• IP-Address
# show allowed-ip vlan VLAN-ID • VLAN
• Entry Type
• Interface
• Status
4.6.1 Overview
DHCP Relay L2 Agent implements the snooping of DHCP packets for security and subscriber
management purposes by keeping track of IP leases assigned by a trusted DHCP server to downstream
untrusted network devices. The DHCP option 82 (DHCP Relay Agent Information Option) appended
by the relay agent could be used to keep user traceability on IPoE scenarios and to provide network
configuration based on location of network clients.
Read Datasheet Guide to see if this feature is available for the specific device.
Where:
VLAN_ID – VLAN identifier
(config)# commit
4.7.1 Overview
The PPPoE Intermediate Agent protocol allows identification of subscriber line of different users
through keys access. The protocol is configured between the subscriber and Broadband Remote Access
Server (BRAS).
Where:
chassis/slot – Chassis and slot identifier
(config-intermediate-agent-chassis/slot)#sub-option
[circuit-id|remote-id ]
(config)# commit
5 TUNNELING
5.1 LAYER 2 CONTROL PROTOCOL TUNNELING (L2PT)
This chapter describes how to deploy L2PT.
5.1.1 Overview
The Layer 2 Control Protocol Tunneling perform the forward or drop of BPDU packets based on
destination MAC Address. The tunneling provides interoperability with other vendors and also allows
that core switches do not process some PDUs (Protocol Data Units) for connect customers switches on
different sites.
Read Datasheet Guide to see if this feature is available for the specific device.
For Layer 2 Control Protocol Tunneling take effect, must be configured the TLS service
on service-vlan.
Where
vlan-id – VLAN identification
6 ETHERNET
Ethernet standard (802.3) was defined by IEEE (Institute for Electrical and Electronic Engineers). This
standard defines many rules for protocols and network devices can communicate efficiently. Since the first
publication (1985), updates about functionality or provides maintenances were added in the standard.
There are some others standards like Fast-Ethernet (IEEE802.3u), Gigabit-Ethernet (IEEE 802.3z) and 10-
Gigabit-Ethernet (IEEE 802.3ae) that originated of main standard IEEE802.3 due new protocols or higher
speeds.
The media access control (MAC) protocol for IEEE802.3 standard is Carrier Sense Multiple Access with
Collision Detection (CSMA/CD). The CSMA/CD is responsible To detect collision between the frames
and realize the retransmission through Back-Off Algorithm. IEEE802.3 standard also defines the frame
structure for data communication.
The preamble field is a 7-octect that is used to allow the PLS circuitry to reach its steady state
synchronization with the received frame timing. The Start Frame Delimiter (SFD) indicates the start of
frame through the sequence 10101011. The Destination and Source MAC specifies the station of should
be received the frame and which originated the frame, respectively. The 802.1Q field is an optional tag that
carries information like, priority and VLAN identifier. The EtherType or 802.3 Length field indicates the
type or length of the frame. Payload field contains octet’s sequence of information transmitted by the source
station. The frame check sequence (FCS) field is used by the transmission and receiving algorithm to
generate a CRC value. This value is computed and encoding by a function polynomial. The inter-frame
gap (IFG) is the space between one frame and its subsequent one.
Where
chassis/slot/port – Identifies the related interface according its place
on the device
(config-gigabit-ethernet-chassis/slot/port)#shutdown
Example:(config-gigabit-ethernet-1/1/1)# shutdown
Step 4 • Commit the configuration
(config)# commit
Where
chassis/slot/port – Identifies the related interface according its place
on the device
(config-gigabit-ethernet-chassis/slot/port)# no shutdown
Example:(config-gigabit-ethernet-1/1/1)# no shutdown
Step 4 • Commit the configuration
(config)# commit
Where
chassis/slot/port – Identifies the related interface according its place
on the device
(config-gigabit-ethernet-chassis/slot/port)#negotiation
Example:(config-gigabit-ethernet-1/1/1)# negotiation
Step 4 • Define the advertised abilities
(config-gigabit-ethernet-chassis/slot/port)# advertising-
abilities [1Gfull|10Mfull|100Mfull|rx-pause|tx-pause]
Example:(config-gigabit-ethernet-1/1/1)# advertising-
abilities 1Gfull
Step 5 • Commit the configuration
(config)# commit
Where
chassis/slot/port – Identifies the related interface according its place
on the device
(config-gigabit-ethernet-chassis/slot/port)#speed
[1G|10M|10G]
Example:(config-gigabit-ethernet-1/1/1)# speed 1G
Step 4 • Commit the configuration
(config)# commit
Where
chassis/slot/port – Identifies the related interface according its place
on the device
(config-gigabit-ethernet-chassis/slot/port)#flow control
[rx-pause|tx-pause]
(config)# commit
Where
chassis/slot/port – Identifies the related interface according its place
on the device
(config-gigabit-ethernet-chassis/slot/port)# mdix
[auto|normal|xover]
(config)# commit
Where
chassis/slot/port – Identifies the related interface according its place
on the device
(config-ten-gigabit-ethernet-chassis/slot/port)#shutdown
Example:(config-gigabit-ethernet-1/1/1)# shutdown
(config)# commit
To enable the Ten Gigabit Ethernet interfaces, use the following commands:
Where
chassis/slot/port – Identifies the related interface according its place
on the device
(config-ten-gigabit-ethernet-chassis/slot/port)#no
shutdown
Example:(config-gigabit-ethernet-1/1/1)# no shutdown
Step 4 • Commit the configuration
(config)# commit
Where
chassis/slot/port – Identifies the related interface according its place
on the device
(config-ten-gigabit-ethernet-chassis/slot/port)#speed 10G
(config)# commit
Where
chassis/slot/port – Identifies the related interface according its place
on the device
(config-ten-gigabit-ethernet-chassis/slot/port)#flow
control [rx-pause|tx-pause]
Example:(config-ten-gigabit-ethernet-1/1/1)# flow-control
tx-pause
Step 4 • Commit the configuration
(config)# commit
availability, because the LAG is composed of multiple member links. If one member link fails, the LAG
continues to carry traffic over the remaining links.
LACP (Link Aggregation Control Protocol) is the standards based protocol used to signal LAGs. It
detects and protects the network from a variety of misconfiguration, ensuring that links are only
aggregated into a bundle if they are consistently configured and cabled. LACP can be configured in one
of two modes:
Active mode – Device immediately sends LACP messages (LACP PDUs) when the interface comes up.
Passive mode – Places a interface into a passive negotiating state, in which the interface only responds
to LACP PDUs it receives but does not initiate LACP negotiation.
If both sides are configured as active, LAG can be formed assuming successful negotiation of the other
parameters. If one side is configured as active and the other one as passive, LAG can be formed as the
passive port will respond to the LACP PDUs received from the active side. If both sides are passive,
LACP will fail to negotiate the bundle. In practice it is rare to find passive mode used as it should be
clearly and consistently defined which links will use LACP/LAG ahead of deployment.
Bellow you can see the LAG matches supported in enhanced balance mode:
When the packet is identified as having IP or IPv6 header, the source / destination MAC is
not taken in consideration.
Where
lag_id – LAG identifier (From 1 to 4)
Where
chassis/slot/port – Identifies the related interface according its place
on the device
(config)# commit
Where
lag_id – LAG identifier (From 1 to 4)
Where
active - Indicates that the interface initiates
transmission of LACP packets.
passive - Indicates that the interface only
responds to LACP packets.
static - Configure LACP in static mode (disabled)
(config)# commit
6.3.4 Displaying LACP Status
To display IGMP Snooping status, use the following commands:
Command To verify
• Member
• Mode
• Rate
# show link-aggregation lacp brief • State
• Port Priority
• Port ID
• Key
• System Priority
• Local Interface
• Admin State
# show link-aggregation lacp
extensive • Aggreg. State
• MAC
• Remote Interface Info
• Member
• LACPDUs Sent
# show link-aggregation lacp
statistics • LACPDUs Received
• Pkt Errors
• Cleared(s)
6.4 VLAN
6.4.1 Overview
In a Layer 2 switched network, each network segment has its own collision domain and all segments
are in same broadcast domain. Every broadcast is seen by every device on the network. Virtual Local
Area Network (VLAN) is used to segment a single broadcast domain to multiple broadcast domains.
There are many reasons for using VLANs including the following:
• Separate large broadcast domains into smaller ones, reducing processing resources;
• Grouping user by interesting traffic;
• Isolate sensitive traffic, providing security;
• Work independently of physical layer topology.
The following figure shows a Layer 2 switched network where all network devices are in a single
broadcast domain.
The same network can be segment using VLAN technology. In the following example, there are two
VLANs, and consequently two different broadcast domains.
VLANs are not restricted to any physical location in the switched network whether the devices are
interconnected using switching device like an Ethernet switch. To do this connection, trunk links are
used. Trunk links are able to carry multiple VLANs traffic. To identify one given VLAN among many
others, it is used a technique called VLAN Framing Tagging, and the IEEE 802.1Q is the protocol
developed to perform it.
In other side, there is the access link. The access link is part of a single VLAN, and is a link used by
end-device.
The 802.1Q trunks support tagged and untagged Ethernet frames. An untagged Ethernet frame is a
standard unaltered Ethernet frame. Untagged Ethernet frames are generally used for native VLAN
communication. If a switch receives untagged Ethernet frames, they are considered as part of the native
VLAN and frames from a native VLAN access port are not tagged when exiting the switch via a native
VLAN trunk port.
The normal range of available VLAN IDs goes from 1 to 4094, and, on the most L2 devices, including
DmOS, the default VLAN is the number 1 on all ports.
Read Datasheet Guide to see if this feature is available for the specific device.
Where
vlan_id – VLAN identifier (From 1 to 4094)
(config)# commit
Where
vlan_id – VLAN identifier (From 1 to 4094)
Where
vlan_name – The new name of the VLAN
(config)# commit
Where
vlan_id – VLAN identifier (From 1 to 4094)
(config)# commit
Where
Where
chassis/slot/port – Identifies the related interface according its place
on the device
(config)# commit
To set a Ten Gigabit port as member of a VLAN, use the following commands:
Where
vlan_id – VLAN identifier (From 1 to 4094)
Where
chassis/slot/port – Identifies the related interface according its place
on the device
(config)# commit
Where
interface_type – Interface types available according the device model
chassis/slot/port – Identifies the related interface according its place
on the device
vlan-id – Native VLAN identification number
(config)# commit
Command To verify
List all VLANs
VLAN ID
# show vlan brief
VLAN Name
Type
VLAN ID
# show vlan brief vlan_entity vlan_id VLAN Name
Type
List all VLANs
VLAN I
# show vlan detail VLAN Name
Type
Interface Count
VLAN ID
# show vlan detail vlan_entity vlan_id VLAN Name
Type
Interface Count
List all VLANs
# show vlan membership detail VLAN ID
Interface Name
Type
VLAN ID
# show vlan membership detail vlan_entity
vlan_id Interface Name
Type
6.5 QINQ
6.5.1 Overview
QinQ is a L2 technology also known as QinQ tunneling, 802.1Q tunnel, VLAN stacking or double
tagging. Using double tagging, a service provider can assign different service VLANs (S-VLANs) to
different customer traffic. This allows a separation between each customer’s traffic within the service
provider network. Customer’s VLANs are then moved transparently inside the service provider’s
network.
The original customer’s VLANs (C-VLANs) get encapsulated by the S-VLAN, allowing transparent
LAN service (TLS). This is represented on following figure.
The following figure, both customer have multiple locations and the sites are connected via a Service
Provider using QinQ technology. The result is that the two sites are logically trunked, meaning that they
are able to send VLAN’s across to each other through the service providers dedicated QinQ VLAN.
Read Datasheet Guide to see if this feature is available for the specific device.
Where
Where
vlan-id – Identifies the S-VLAN to be added in the packets. VLAN must
exist in the configuration
(config)# commit
Step 3 • Select the required interface to apply the Selective QinQ rule
(config-vlan-mapping)# interface gigabit-ethernet
chassis/slot/port
Where
chassis/slot/port – Identifies the related interface according its place
on the device
Where
rule_name – Name of the rule to be created (Max: 48 characters)
Where
vlan – Represents the VLAN or VLAN range to apply the ingress match rule.
To choose a VLAN range, use the following syntax:
List: 1000-2000 (VLANs from 1000 to 2000)
List with specific VLANs: 200,300-500 (VLANs 200 and from
300 to 500)
Where
vlan_id – VLAN tag to apply to ingress packets
(config)# commit
Read Datasheet Guide to see if this feature is available for the specific device.
Command To verify
Chassis/Slot
Interface Type
Interface
# show mac-address-table
MAC Address
VLAN
Type
Chassis/Slot
Interface Type
Interface
# show mac-address-table mac address MAC Address
VLAN
Type
Chassis/Slot
Interface Type
Interface
# show mac-address-table type MAC Address
VLAN
Type
Chassis/Slot
Interface Type
Interface
# show mac-address-table unit MAC Address
VLAN
Type
Chassis/Slot
Interface Type
Interface
# show mac-address-table vlan MAC Address
VLAN
Type
Where
seconds – Aging time in global mode [0 | 10-1000000]
(config)# commit
The table below lists the default settings for Aging Time Global
6.7 RSTP
This chapter describes how to deploy Rapid Spanning Tree Protocol (RSTP).
6.7.1 Overview
The Spanning Tree Protocol (STP) provides a tree topology for any arrangement of bridges. STP also
provides one path between end stations on a network, eliminating loops. There are three variants of the
protocol that we need to consider.
• STP (Spanning Tree Protocol – IEEE 802.1d) is the original protocol.
• RSTP (Rapid Spanning Tree Protocol - IEEE 802.1w) is an update to STP to provide faster
convergence.
• MSTP (Multiple Spanning Tree Protocol – IEEE 802.1s) is an update to RSTP to allow separate
topologies for different groups of VLANs, which allows load balancing across the network.
Classic STP provides a single path between end stations, avoiding and eliminating loops. The difference
between STP and RSTP is the speed with which the topology converges.
Determining the resulting topology is quite straightforward in STP/RSTP. The bridge with the lowest
bridge identifier is the root bridge, which has root path cost zero. Note that all of the ports on the root
bridge are designated ports. For each bridge (other than the root bridge), the root path cost is the sum of
the outgoing port path costs on the least cost path to the root bridge. The port with the lowest root path
cost is the root port. If multiple ports all have the lowest root path cost, then the port with the lowest
port identifier is chosen as the root port. Each LAN also has a root path cost, which is the root path cost
of the lowest cost bridge attached to the LAN. The lowest cost bridge is selected as the designated
bridge. The port on that bridge that is connected to LAN is the designated port for the LAN. If the
designated bridge has multiple ports on the LAN, the port with the lowest port identifier is the designated
ports and the other ports on the LAN become backup ports. Any port that has not been selected as root
port, designated port or backup port is an alternate port.
Read Datasheet Guide to see if this feature is available for the specific device.
# config terminal
Step 2 • Enter on Spanning Tree configuration menu
(config)# spanning-tree
Example:(config)# spanning-tree
Step 3 • Commit the configuration
(config)# commit
# config terminal
Step 2 • Enter on Spanning Tree configuration menu
(config)# spanning-tree
Example:(config)# spanning-tree
Step 3 • Configure STP mode
(config-spanning-tree)#mode stp_mode
Where
stp_mode – Spanning Tree Protocol mode selection [rstp]
(config)# commit
# config terminal
Step 2 • Enter on Spanning Tree configuration menu
(config)# spanning-tree
Example:(config)# spanning-tree
Step 3 • Configure STP name
(config-spanning-tree)#name name
Where
name – Name of STP instance
(config)# commit
# config terminal
Step 2 • Enter on Spanning Tree configuration menu
(config)# spanning-tree
Example:(config)# spanning-tree
Step 3 • Define the bridge priority
(config-spanning-tree)#bridge-priority priority
Where
priority – Bridge Priority
Example:(config-spanning-tree)# bridge-priority 10
Step 4 • Commit the configuration
(config)# commit
# config terminal
Step 2 • Enter on Spanning Tree configuration menu
(config)# spanning-tree
Example:(config)# spanning-tree
Step 3 • Define the forward delay
(config-spanning-tree)#forward-delay delay
Where
delay – Used by root to set the number in seconds, that interfaces of all
bridges should wait to change from its listening and learning states to
forwarding state
Example:(config-spanning-tree)# bridge-priority 10
Step 4 • Commit the configuration
(config)# commit
# config terminal
Step 2 • Enter on Spanning Tree configuration menu
(config)# spanning-tree
Example:(config)# spanning-tree
Step 3 • Configure Hello Time
(config-spanning-tree)#hello-time time
Where
time – Value (in seconds) that all bridges will use for the hello time if this
bridge is working as root
Example:(config-spanning-tree)# hello-time 5
Step 4 • Commit the configuration
(config)# commit
# config terminal
Step 2 • Enter on Spanning Tree configuration menu
(config)# spanning-tree
Example:(config)# spanning-tree
Step 3 • Configure Ethernet Interfaces
Where
interface – Ethernet interface [chassis/slot/port]
cost_value – Path cost configuration for the port
priority – Priority configuration for the port
(config)# commit
# config terminal
Step 2 • Enter on Spanning Tree configuration menu
(config)# spanning-tree
Example:(config)# spanning-tree
Step 3 • Configure Maximum Age
Where
max_age – Maximum age values for age and hop
(config)# commit
# config terminal
Step 2 • Enter on Spanning Tree configuration menu
(config)# spanning-tree
Example:(config)# spanning-tree
Step 3 • Set the maximum transmission rate
Where
rate – Maximum BPDU transmission rate on ports
(config)# commit
bridge-priority 32768
forward-delay 15
hello-time 2
maximum age 20
mode rstp
transmit hold-count 6
Command To verify
• Interface
• Priority
# show spanning-tree • Cost
• Status
• Bridge ID
• Port
• Interface
• Priority
# show spanning-tree brief • Cost
• Status
• Bridge ID
• Port
# show spanning-tree detail • Spanning Tree Status
• Port Status
QoS (Quality of Service) is a set of mechanisms and algorithms used to classify and to organize the network
traffic. The main goal is to ensure that the elements that determine the network transmission quality
(latency, jitter and bandwidth) work properly and predictably.
The following example shows the QoS basic process. The voice and video packets are organized on high
priority queues to minimize the latency and jitter effects. The data traffic receives the low priority treatment
and is sent after the high priority traffic.
To achieve the quality of service, the IEEE developed the 802.1p standard. This method works classifying
the traffic at MAC (Media Access Control) level by marking the class of service (CoS) on Ethernet header.
The figure below shows the priority field at the Ethernet header.
These services classes are nothing more than the classification of the type of traffic that is sent by the
network user’s applications. The IEEE 802.1p provides 8 traffic classes (range is from 0 to 7). The class 7
is the highest priority and class 0 the lowest.
Each of these classes can be associated to a priority queue and receive special treatment in accordance with
the service sensibility regarding to latency, jitter and bandwidth. Services more sensitive to these elements,
as voice and video, shall be placed in priority queues that have preference to access the network, while
lower priority services, as internet traffic, will be forwarded in lower priority queues being subjected even
to be discarded.
Using the 802.1p classification the QoS is performed on layer 2. This approach is used when layer 2 QoS
is demanded, knowing that when the frame are transmitted through a layer 3 network this mark can be
replaced or lost. This approach is used on local area network, such as the access network.
If end-to-end QoS mark is demanded, requiring to be maintained over layer 3 network or another networks
that use different approaches to Ethernet, the DSCP mark should be used. The application of DSCP is more
used for wide area networks, such as the internet.
7.1.1 Overview
DmOS provides the WFQ (Weighted Fair Queueing) scheduling. This scheduler ensures fairness in the
processing queue, ensuring that the lower priority queues are not overlooked in congestion conditions.
The algorithm ensures that a minimum bandwidth is guaranteed for each of the queues congestion
conditions, making the scheduling of traffic over a round robin or priority to the limit configured. When
a queue reaches its maximum allocated bandwidth and the port is already running at maximum speed,
the traffic will +be shaped. Thus, bursts that go beyond the maximum bandwidth specified are stored in
the transmit buffer. If the buffer runs out, packets will be dropped.
Read Datasheet Guide to see if this feature is available for the specific device.
Where
profile_name – Scheduler profile identifier
(config-qos-scheduler-profile-profile_name)#mode
profile_mode
(config-qos-scheduler-profile-profile_name)#queue
queue_index weight weight_value
Where
queue_index – Queue index number
weight_value – Percent bandwidth weight value or SP (Strict Priority)
Example:(config-qos-scheduler-profile-wfq-test)# queue 5
weight 20
Step 5 • Commit the configuration
(config)# commit
Where:
interface – Interface identifier
profile_name – Scheduler profile identifier
(config)# commit
Where:
interface – Interface Ethernet
bandwidth - <100-10000000> Bandwidth in kbit/s
Where:
burst_size – <2-2000> burst size in kbytes
(config)# commit
8 SECURITY
8.1 ACCESS CONTROL LIST (ACL)
This chapter describes how to deploy the ACLs.
8.1.1 Overview
Access Control Lists (ACLs) ensure that only authorized users have access to specific resources while
blocking off any unwarranted attempts to reach network resources. ACLs are used to provide traffic
flow control, restrict contents of routing updates, decide which types of traffic are forwarded or blocked,
and above all, provide security for the network.
DmOS supports ingress filters that allows dropping (deny), forwarding (permit) or changing (set)
packets based on L2 and L3 matches. The maximum number of filters are 512 (256 for L2 matches and
256 for L3 matches) in DM4610 platform. ACLs supports the following matches:
• L2 matches: 802.1p, source and destination MAC, Ethertype and VLAN ID
• L3 Matches: source and destination IPv4 and DSCP.
Read Datasheet Guide to see if this feature is available for the specific device.
Where
filter_name – Ingress filter identifier
(config-acl-profile-l2-filter_name)# priority
priority_value
Where
priority_value – L2 ACL priority [0 to 255]. Value 0 means highest
priority
Example:(config-acl-profile-l2-l2-filter)# priority 0
Step 4 • Configure a rule entry priority
(config-acl-profile-l2-filter_name)# access-list-entry
priority_entry
Where
(config-access-list-entry-priority_entry)# match
[destination-mac-address destination_mac |ethertype
ethertype_value | pcp pcp_value |source-mac-address
source_mac |vlan vlan_id]
Where
destination_mac – Destination IEEE 802 MAC address
ethertype_value – Ethernet type code
pcp_value – PCP priority (0 to 7)
source_mac – Source IEEE 802 MAC address
vlan_id – VLAN identification number
Where
pcp_value – PCP priority (0 to 7)
(config)# commit
Where
filter_name – Ingress filter identifier
(config-acl-profile-l3-filter_name)# priority
priority_value
Where
priority_value – L3 ACL priority [256 to 511]. Value 256 means
highest priority
(config-acl-profile-l3-filter_name)# access-list-entry
priority_entry
Where
priority_entry – Rule entry priority [0 to 255]. Value 0 means highest
priority
(config-access-list-entry-priority_entry)# match
[destination-ipv4-address destination_ipv4|dscp dscp_value
|source-ipv4-address source_ipv4]
Where
destination_ipv4 – Destination IEEE 802 MAC address
dscp_value – DSCP value
source_ipv4 – Source IPv4 address
(config-access-list-entry-priority_entry)# action
[deny|permit|set pcp pcp_value]
Where
pcp_value – PCP priority (0 to 7)
(config)# commit
Where:
interface – Interface identifier
filter_name – ACL profile identifier
(config)# commit
CoS Mapping
Priority Queue
0 (best-effort data) 0
1 (medium-priority data) 1
2 (high-priority data) 2
3 (call-signaling) 3
4 (videoconferencing) 4
5 (voice bearer) 5
6 (reserved) 6
7 (reserved) 7
DmOS uses ACLs to perform DSCP CoS Mapping. Use the steps presented in for this
configuration.
8.2.1 Overview
A traffic storm is generated when messages are broadcasted on a network and each message prompts a
receiving node to respond by broadcasting its own messages on the network. This, in turn, prompts
further responses, creating a snowball effect. The LAN is suddenly flooded with packets, creating
unnecessary traffic that leads to poor network performance or even a complete loss of network service.
Storm control enables the switch to monitor traffic levels and to drop broadcast, multicast, and
unknown unicast packets when a specified traffic level is exceeded, thus preventing packets from
proliferating and degrading the LAN.
Traffic storm control uses a bandwidth-based method to measure traffic. You set the percentage of total
available bandwidth that the controlled traffic can use. Because packets do not arrive at uniform
intervals, the second interval can affect the behavior of traffic storm control.
Specify the level as a percentage of the total interface bandwidth;
• The level can be from 0.01 to 100.
• The optional fraction of a level can be from 0 to 99.
• 100 percent suppresses all traffic.
Where
interface_name – Gigabit or Ten Gigabit interface
(config-switchport-gigabit-ethernet-1/1/1)# storm-control
broadcast|multicast|unicast percentage
Where
percentage – Percentage of interface nominal speed in steps of 0.01
(config)# commit
9 MULTICAST
Multicast is a bandwidth-conserving technology that reduces traffic by simultaneously delivering a single
stream of information to many receivers. One of the most important applications of multicast is video
streaming. Multicast traffic is replicated in the network just at the point where paths diverge, resulting in
the most efficient delivery of traffic data to many receivers.
One important concept for multicast is the group formation. A multicast group is a one or more receivers
that expresses an interest in receiving the same specific traffic. These receivers can be located anywhere
on the Internet or private network. Each receiver interested in receiving a specific traffic must report the
group using IGMP (Internet Group Management Protocol).
All IP multicast addresses are in the range from 224.0.0.0 though 239.255.255.255. The table below
presents multicast addresses range assignments.
IP Multicast Addresses
Description Addresses
Read Datasheet Guide to see if this feature is available for the specific device.
Where
ID – Specifies the IGMP Snooping Instance
(config)# commit
Where
ID – Specifies the IGMP Snooping Instance
(config-igmp-snooping-ID)# bridge-domain ID
Where
ID – Specifies the VLAN for multicast group
(config)# commit
Where
ID – Specifies the IGMP Snooping Instance
Where
interface – Ethernet or service-port interface [chassis/slot/port]
(config)# commit
Where
ID – Specifies the IGMP Snooping Instance
Where
interface – Ethernet or service-port interface [chassis/slot/port]
(config-igmp-snooping-ID-interface)# administrative-status
{up|down} | group-limit limit | ignore version | |
immediate-leave | last-member-query interval | | max-
response-time time | mrouter {always|learn-queries|never}
Where
limit – Specifies the number of group allowed
version – Specifies the version of IGMP
interval – Specifies the time between the query messages
time – Specifies the maximum response time
queryint – Specifies the maximum response time
value – Interval for the expected packet loss on a subnetwork
Example: (config-igmp-snooping-1-ten-gigabit-ethernet-
1/1/1)# group-limit 5
Step 5 • Commit the configuration
(config)# commit
administrative-status up
group-limit 0
ignore 1
immediate-leave Disabled
last-member-query 20
max-response-time 10
mrouter learn-queries
query-interval 125
robustness-variable 2
version 3
Command To verify
• IGMP Snooping Instance
• Bridge Domain
• Administrative State
# show multicast igmp snooping • Operational State
Instance • Interface
• Query Interval
• Query Maximum Response Time
• Immediate Leave
• ID
• Group address
# show multicast igmp snooping • Interface
groups • Uptime
• Expires
• Last Reporter
• VLAN
# show multicast igmp snooping • Interface
mroute • MRouter
• Learned
• ID
• Interface
• Ad
• Op
• Ver
# show multicast igmp snooping port
• Joins
• General Queries
• Specific Queries
• Invalid Msgs
• Total
• IGMP Snooping
# show multicast igmp snooping
statistics • Bridge Domain
• IGMP messages
10 ROUTING
Routing is a process that forward IP traffic to its destination using network addresses. Routing is performed
by devices capable of exchanging information needed to build tables containing path information to reach
a destination, using specific protocols or manually assigned entries.
Dynamic routing protocols, such as OSPF, gather the necessary information from neighbor’s devices to
build its routing table, which is used to determine where the traffic will be sent to.
As alternatives to dynamic methods, there are static routes and default routes techniques. Static routes are
recommended on routers that have few networks and fewer paths to the destination. The biggest advantage
of static routes is the low computational overhead costs associated with them. Despite of low computation
costs, the network growing may lead to increase operational costs to maintain it. Default routes are also
known default gateway or gateway of last resort. Default routes are routes to which traffic having no
particular route is sent. The assumption is that the next hop has information where to send such traffic.
A router can receive numerous routes through dynamic routing protocols or via static routes. Many times,
these routes are different paths to same destination. Therefore, this information must be used as input to
build a unique and best path to the destination.
The routing information that a router device receives via routing protocols are added to a table called RIB
(Routing Information Base) and it is the base to route computing (algorithm to define the best path). The
result of the route computation is the FIB (Forwarding Information Base). The FIB contains the information
that the devices use to select the path to forward the traffic to the destination.
Summarizing, the RIB contains all routing information received from routing peers or manually entered
and the FIB holds the best available paths only (i.e. it does not contain secondary paths).
DmOS provides resources to the user to check FIB and RIB tables. The RIB can be check using the
command show ip rib. The FIB is listed by the command show ip route.
Consult DmOS - Command Reference to know about additional parameters for the show
ip rib and show ip route commands.
The routers use the Administrative Distance (AD) concept To choose the best path when there are two or
more different routes to the same destination from two different routing protocols (or static and directly
connected routes).
DmOS considers the following default Administrative Distance values:
Static Route 1
The Administrative Distance is used to define the reliability of a routing protocol. Each routing protocol is
classified in order of most (smaller AD value) to least reliable (higher AD value) with the assistance of an
administrative distance value. Therefore, by default, DmOS considers routes created from directly
connected interface more reliable than a created manually via static route as shown above.
Directly Connected routes are created from networks associated on interfaces of the own
device.
On DmOs, only the L3 logical interfaces can receive IPv4 addresses and for consequence,
be able to route packets. Therefore, when necessary, the physical interfaces must be
associated to L3 logical interfaces (see for more information).
Where
network_prefix/mask – Specifies the IPv4 network prefix for the
destination and the respective mask.
next_hop_address – Specifies the IPv4 address of the next hop for this
static route.
!
Step 4 • Commit the configuration
(config)# commit
Where
network_prefix/mask – Specifies the IPv4 network prefix for the
destination and the respective mask.
next_hop_address – Specifies the IPv4 address of the next hop for this
static route.
!
Step 5 • Commit the configuration
(config)# commit
Where
network_prefix/mask – Specifies the IPv4 network prefix for the
destination and the respective mask.
next_hop_address – Specifies the IPv4 address of the next hop for this
static route.
(config-network_prefix/mas/next_hop_address)#
administrative-status { up | down }
Example:(config-192.168.1.0/0/10.0.0.1)# administrative-status
down
Step 5 • Commit the configuration
(config-network_prefix/mask/next_hop_address)# commit
To create a default route use the same command to create a static route. Specifies the default route as a
network 0.0.0.0 with a subnet mask of 0 and the IP address of the next hop (gateway). To configure a
default route, use the following commands:
Where
next_hop_address – Specifies the IPv4 address of the next hop for this
static route.
!
Step 4 • Commit the configuration
(config)# commit
Command To verify
• Static routing configuration
(static route and next-hop)
# (config) show router static
• Administrative Status
• Configured default routes
# show ip rib • RIB table entries
DmOS capable switches support L3 features. Therefore, to route inter-VLAN traffic, the router is not
necessary. The network deployment with a L3 switch ensures a fast and reliable solution for VLAN
routing.
The VLAN routing is not used only for routing between VLANs, but also to assign an IP address to a
L3 interface. The associated network to this interface is inserted to routing table and become reachable
by other networks (local or remote).
A DmOS switch with L3 capabilities is suitable to replace the router on first solution shown
above.
Where
vlan_id – VLAN identifier (From 1 to 4094)
Where
chassis/slot/port – Identifies the related interface according its place
on the device
Where
if_name – Specifies the name of the logical interface. The name must be
unique on the system.
(config)# commit
Step 9 • Check if related VLAN network is inserted on RIB.
# show ip rib
Step 10 • Check if related VLAN network is inserted on FIB.
# show ip route
Where
if_name – Specifies the name of the logical interface. The name must be
unique on the system.
(config)# commit
Step 5 • Check if the network was removed from RIB.
# show ip rib
Step 6 • Check if the network was removed from FIB.
# show ip route
Command To verify
11 SOFTWARE UPGRADE
DmOS has flash memory positions for firmware storage and automatically save the new firmware version
in the position not used.
For this process of download and manual installation is necessary a TFTP server with connectivity at
Management Network of device to save the firmware image. The next session explains the procedures to
prepare a TFTP server.
Once there is a TFTP server configured follow to the session.
Contact DATACOM Technical Support to verify the firmware images available for
download and installation according your product and requirements.
Step 3 • Change the field TFTP file system root for the directory where the firmware
images were saved. And also change the Read Request Behavior to give all files
option and the field Write Request Behavior to take all files as shown below.
Step 4 • Now at Options > Network tab, verify that both UDP ports are set with the value
69. And press OK.
Step 5 • At the main screen, select the option Server is running as the next screen.
DmOS devices are able to negotiate TFTP block size. Smaller blocksize is not efficient for
use on LAN, whose MTU may be 1500 octects or greater. Therefore, the network
administrators should evaluate their networks conditions to set a more appropriate value
for this parameter.
The firmware file must be extracted and available with .im extension.
Step 1 • Verify the images are loaded in device and check the version and state of them
# show firmware local
Chassis: 1
Slot: 1
Version State
-------------------------- --------
1.2.0 Active/startup
1.0.0 Inactive
State:
Where
protocol – Specifies the protocol (tftp, http, scp) and firmware url
server – IP or hostname
fw_name – Build name
Chassis: 1
Slot: 1
Version State
-------------------------- --------
1.2.0 Active/startup
1.4.0 Inactive
State:
Step 4 • Set the startup state for the other position. In this case the startup state will change
for 1.4.0 version.
Chassis: 1
Slot: 1
Version State
-------------------------- --------
1.2.0 Active
1.4.0 Inactive/startup
State:
Slot: 1
Version State
-------------------------- --------
1.4.0 Active/startup
1.2.0 Inactive
State:
Step 1 • The previous and following steps are the same as those used for the FTP protocol
Step 2 • Copy the firmware image from SCP server. The new firmware will override the
build that is in Inactive State
# request firmware local add
protocol://server/path/fw_name username username
password password
Where
protocol – Specifies the protocol (tftp, http, scp) and firmware url
server – IP or hostname
path – Relative path of the firmware image in the SCP server
fw_name – Build name
username – Username for authentication in the SCP server.
password – Password for authentication in the SCP server.
Step 1 • The previous and following steps are the same as those used for the FTP protocol
Step 2 • Copy the firmware image from TFTP server. The new firmware will override the
build that is in Inactive State
# request firmware local add protocol://url/fw_name
Where
protocol – Specifies the protocol (tftp, http, scp) and firmware url
url – Relative URL of the firmware image in the HTTP server
fw_name – Build name
Step 1 • Verify the images loaded in device and check the version and state of them. Check
that target image (older) is in Inactive state
Chassis: 1
Slot: 1
Version State
-------------------------- --------
1.8.0 Active/startup
1.6.2 Inactive
State:
Step 2 • Set the startup state for the other position. In this case the startup state will change
for 1.6.2 version.
Chassis: 1
Slot: 1
Version State
-------------------------- --------
1.8.0 Active
1.6.2 Inactive/startup
State:
Step 4 • Reboot in order to the reload device with the new firmware
# reboot
Step 5 • Verify that after rebooting, the firmware was rolled back and it is now in
Active/Startup state
# show firmware local
Chassis: 1
Slot: 1
Version State
-------------------------- --------
1.6.2 Active/startup
1.8.0 Inactive
State:
Command To verify
• Firmware version
# show firmware local • Firmware state
• Upgrade Status
The field Status in show firmware local output enables the network administrator
to verify whether there is ongoing firmware upgrade. Upgrade Status information is
available on DmOS versions equal or higher than 1.8.0.
The firmware file must be extracted and available with .bin extension.
The Software Download State must be as Download in progress and after a few minutes the ONU restart
automatically changing the status to Complete.
In order to download the firmware image, use the following steps:
Step 1 • Copying the ONU firmware image from TFTP server. The new firmware will
override the active build
# request firmware remote onu
protocol://path/ONU_fw_name