Zxsec Ghid de Administrare

Operator Logo
ZXR10 5250 Product

Description
ZXR10 5250 Product Description
Version Date Author Approved By Remarks

Liu
V1.0 2011-07-25 Not open to the Third Party
Sheng
Liu
V1.1 2012-12-05 Modified according to feedbacks
Sheng
Add types for enterprise networks:
Liu 5250-28TS-L,5250-52TS-L,5250-28TC-H
V1.2 2013-03-05
Sheng
5250-52TC-H,5250-52PM-H
Liu
V1.3 2013-6-28 Modify the diagram of 5250-28SM
Sheng
Liu
V1.4 2013-9-15 Add 2511 series description
Sheng
Add equipment highlights and
Ding
V1.5 2014-4-29 value-added functions; modify hardware
Haowei
description
© 2015 ZTE Corporation. All rights reserved.

ZTE CONFIDENTIAL: This document contains proprietary information of ZTE and is not to be
disclosed or used without the prior written permission of ZTE.
Due to update and improvement of ZTE products and technologies, information in this document is
subjected to change without notice.
ZTE Confidential Proprietary © 2015 ZTE CORPORATION. All rights reserved. I

TABLE OF CONTENTS
1 Overview ......................................................................................................... 1
2 Highlights ........................................................................................................ 2
2.1 Energy saving and green .................................................................................. 2
2.2 Easy deployment and easy management ......................................................... 2
2.3 POE Features ................................................................................................... 3
2.4 Better video service experience ........................................................................ 3
2.5 Perfect security design ..................................................................................... 3
2.6 Smart VLAN...................................................................................................... 4
2.7 Overall supervision ........................................................................................... 4
2.8 Bidirectional ACL .............................................................................................. 4
2.9 Precision user locating ...................................................................................... 4
2.10 IPV6 ................................................................................................................. 5
2.11 Ethernet OAM ................................................................................................... 5
2.12 Off-power alarm ................................................................................................ 5
2.13 Free seating networking ................................................................................... 5
2.14 Supporting ERPS (G.8032)............................................................................... 5
2.15 Broadcast storm prevention and restoration ..................................................... 6
3 Functions ........................................................................................................ 7
3.1 Basic service functions ..................................................................................... 7
3.1.1 MAC address management .............................................................................. 7
3.1.2 VLAN ................................................................................................................ 8
3.1.3 STP features..................................................................................................... 9
3.1.4 Link aggregation ............................................................................................... 9
3.1.5 Basic Ethernet features .................................................................................... 9
3.2 Value-Added Service (VAS) ............................................................................ 10
3.2.1 DHCP-based batch upgrade ........................................................................... 10
3.2.2 IPTV ............................................................................................................... 10
3.2.3 ACL ................................................................................................................ 11
3.2.4 SFLOW........................................................................................................... 11
3.2.5 RSPAN ........................................................................................................... 12
3.2.6 Global counter ................................................................................................ 13
3.2.7 IP source guard .............................................................................................. 13
3.2.8 Dynamic ARP Inspection (DAI) ....................................................................... 13
3.2.9 LLDP .............................................................................................................. 14
3.2.10 UDLD ............................................................................................................. 14
3.2.11 Voice vlan ....................................................................................................... 14
3.2.12 802.1x authentication...................................................................................... 14
3.2.13 Ring protection ............................................................................................... 15
3.2.14 ZESS smart switching ..................................................................................... 15
3.2.15 DHCP relay .................................................................................................... 16
3.2.16 TACACS+ ....................................................................................................... 16
3.2.17 SSH ................................................................................................................ 17
3.2.18 Port loopback check ....................................................................................... 17
3.2.19 MButton .......................................................................................................... 17
3.2.20 SFTP .............................................................................................................. 18
II ©2015ZTE CORPORATION. All rights reserved. ZTE Confidential Proprietary

3.2.21 SSL ................................................................................................................ 18
4 System Architecture ..................................................................................... 18

4.1 Appearance .................................................................................................... 18
4.2 Hardware Architecture .................................................................................... 20
4.2.1 Overall Hardware Architecture ........................................................................ 20
4.2.2 Working Principle of Hardware System ........................................................... 20
4.2.3 Introduction to Card ........................................................................................ 20
4.3 Software Architecture ..................................................................................... 22
4.3.1 Operation Support Sub-system ....................................................................... 23
4.3.2 MUX Sub-system ............................................................................................ 23
4.3.3 L2 Sub-system................................................................................................ 24
4.3.4 NM and Maintenance Sub-system .................................................................. 24
5 Technical Indexes and Specifications......................................................... 25

5.1 Physical Indexes ............................................................................................. 25
5.2 Basic Specifications ........................................................................................ 28
6 Operation and Maintenance ......................................................................... 35

6.1 NetNumen U31 Integrated NM Platform ......................................................... 35
6.1.1 NM Networking ............................................................................................... 35
6.1.2 NetNumen U31 NM System............................................................................ 36
7 Comprehensive Networking Applications .................................................. 39

7.1 Community Access for Enterprise network ..................................................... 39
7.2 Corridor Access for MAN ................................................................................ 39
8 Abbreviations................................................................................................ 41
ZTE Confidential Proprietary © 2015 ZTE CORPORATION. All rights reserved. III
FIGURES
Figure 3-1 Typical QinQ networking ..................................................................................... 8

Figure 3-2 sFlow frame ...................................................................................................... 12
Figure 3-3 ZESS network topology..................................................................................... 16
Figure 4-1 ZXR10 5250-28TC-H ........................................................................................ 18
Figure 4-2 ZXR10 5250-52TC-H ........................................................................................ 18
Figure 4-3 ZXR10 5250-52PM-H........................................................................................ 18
Figure 4-4 ZXR10 5250-28PM-H........................................................................................ 18
Figure 4-5 ZXR10 5250-28TM-H ........................................................................................ 19
Figure 4-6 ZXR10 5250-52TM-H ........................................................................................ 19
Figure 4-7 ZXR10 5250-28TC ............................................................................................ 19
Figure 4-8 ZXR10 5250-52TC ............................................................................................ 19
Figure 4-9 ZXR10 5250-28SM ........................................................................................... 19
Figure 4-10 ZXR10 5250-52PM ......................................................................................... 19
Figure 4-11 ZXR10 5250-28PM ......................................................................................... 19
Figure 4-12 ZXR10 5250-28TS-L ....................................................................................... 19
Figure 4-13 ZXR10 5250-52TS-L ....................................................................................... 20
Figure 4-14 Working principle of the system....................................................................... 20
Figure 4-15 Control principle .............................................................................................. 21
Figure 4-16 System framework diagram............................................................................. 23
Figure 4-17 L2 system structure ......................................................................................... 24
Figure 7-1 Desktop access for enterprise network.............................................................. 39
Figure 7-2 MAN access ...................................................................................................... 39
TABLES
Table 5-1 5250-H series physical indexes .......................................................................... 25

Table 5-2 5250 standard series physical indexes ............................................................... 26
Table 5-3 5250 TS-L series physical indexes ..................................................................... 27
Table 5-4 5250-H series system specifications .................................................................. 28
Table 5-5 5250 standard series system specifications ....................................................... 30
Table 5-6 5250-L series system specifications ................................................................... 33
IV ©2015ZTE CORPORATION. All rights reserved. ZTE Confidential Proprietary

Table 8-1 Abbreviations ..................................................................................................... 41
ZTE Confidential Proprietary © 2015 ZTE CORPORATION. All rights reserved. V

1 Overview
As a new-generation GE access L2 Ethernet intelligent switch introduced by ZTE, ZXR10
5250 series enhances its features in energy saving, user information security, access
control as well as management and maintenance. 5250 when compared with similar
products are outstanding for its powerful forwarding capability, flexible ACL and rich
monitoring manners. It supports Ethernet OAM and voice vlan, so that is can satisfy MAN
and enterprise network access needs.
ZXR10 5250 include 4 models: ZXR10 5250-28TC, ZXR10 5250-52TC, ZXR10

5250-28SM and ZXR10 5250-52PM
ZTE Confidential Proprietary 2015 ZTE CORPORATION. All rights reserved 1

2 Highlights
2.1 Energy saving and green

ZXR10 5250 perfectly supports 802.3az. It can dynamically set port as idle when there’s
no traffic goes through so as to save the power. It functions well to save the consumption
at single port by reducing 70% consumption at single port. Meanwhile, the device can
provide the statistics of consumption saved by the port and the device so as to provide a
practical effect of energy saving to the customer.
ZXR10 5250 supports dynamic fan adjustment. It can adjust fan speed dynamically
based on the temperature inside the equipment. It raises the fan speed and increases air
flow when the temperature is high. It reduces fan speed when the temperature is low.
By using multiple energy-saving technologies, for example, disable idle ports and adjust
port power consumption as per cable length, ZXR10 5250 try their best to decrease the
power consumption for the customer maximally.
The material used for the product conforms to Europe RoHS environment protection
standard. The environment pollution of the materials is reduced to the least. We make
certain contribution to protection of the whole environment.
2.2 Easy deployment and easy management

Automatic remote batch upgrade can upgrade the equipment of the same type at one
time, which avoids the hardship of the OAM staff going up and down the building carrying
their computers.
Creative M-Button enables the administrator to obtain the status of equipment port,
memory and CPU without logging in the system.
It supports system information display. Via one command, the system operation
information can be collected, which gives conveniences to information collection and
failure location.
It supports off-power warning. When the device is out of power, it is still capable of
sending off-power warning to remote server. In this way, the administration center can be
informed of the failure in the shortest time.
At the same time, the device supports multiple management manners, e.g., web, telnet
and snmp, etc. Also, the equipment can carry out local or remote authority authentication
to guarantee the reliability of the operation.
2 2015 ZTE CORPORATION. All rights reserved ZTE Confidential Proprietary

2.3 POE Features

ZXR10 5250 series supports full-port POE and POE+ power supply, conforming to
802.3af and 802.3at standard. It is also compatible with PD equipment which doesn’t
conform to 802.3af or 802.3at standard. The maximal power supply of POE is 15.4W and
the maximal power supply of POE+ is 30W.
The port supports time-sharing POE power supply configuration. It can automatically
forcefully shut down POE power supply of the electrical interface during the period when
power supply is unneeded.
2.4 Better video service experience

ZXR10 5250 supports MVR, provides various rules and channel combination, and
supports multicast QoS. It solves traffic engineering management problem brought by
multiple egress duplication of multicast services, optimizes delay, jitter and packet loss
problem of video flow, and reduces join-in and offline delay of users’ video services. At
the same time, it supports multicast service access control, which guarantees security of
multicast service access and users’ high-quality video service experience.
2.5 Perfect security design

The security design of ZXR10 5250 is based upon two aspects: one is to guarantee the
normal operation of the device, the other is to ensure the security of the data.
For self security design, some restrictions to peer-end broadcasting message, multicast
message, unknown unicast message. Therefore, these messages will have less impact
to CPU. For CPU, the device uses control plane security service to classify and control
the speed of the protocol messages that CPU needs to process. This mechanism makes
sure that the speed of the delivered the message for the protocol stacking is within a
proper range, which avoids the breakdown of CPU caused by exceeding messages.
Besides common user name and password management, ZXR10 5250 supports multiple
logins such as SSH to prevent the administrative users being spoofed.
For user data security, besides PVLAN service, ZXR10 5250 also uses DHCP snooping
plus IP source guard to make sure user’s validity. For the messages which do not satisfy
bounding table, they will be discarded.
The device is also capable of DAI service. So that it can effectively restrict ARP-based
DOS attack. The device not only can discard arp message which does not accord with
the condition, but also can restrict the number of arp one port learns. This mechanism
successfully prevents equipment table entity from being occupied maliciously, which
makes sure other people can use the resource normally.

2.6 Smart VLAN

ZXR10 5250 not only gives support to 1:1 vlan map, but also supports N: 1 VLAN map.
In this way, by aggregating vlan at the access side, the device greatly enhances the
usability of vlan resource.
ZXR10 5250 supports standard QinQ service and flexible SVLAN service, which enables
the operator to distinguish user and service at the access side effectively. In this way, the
units can implement different processing policies as per different users and services.
ZXR10 5250 supports dynamic distribution of independent vlan to voice device, and
provide higher priority to data in this vlan by configuring QoS strategy to guarantee voice
quality.
2.7 Overall supervision

 ZXR10 5250 supports message mirroring service. It can classify mirroring image
of different messages, so that different message mirroring image can go to
different port.
 ZXR10 5250 supports sFlow service. It can sample the message and send it to
the designated server.
 ZXR10 5250 support RSPAN service. It is used for the extension of common
mirroring. So that, all the messages on the monitored port will be completely sent
to the remote receiver.
 The device also supports intelligent statistic service. Being different from the
traditional accounting service which can only collect the number of the port or
queue, the intelligent statistic service can count any interested traffic or port. The
counting service can be as precise as one user‘s one service, which accordingly
provides effective monitoring way for precise operation.
2.8 Bidirectional ACL

In the course of further developing similar products, ZXR10 5250 at the same time
supports incoming and outgoing ACL. User can implement both incoming and outgoing
traffic classification and speed restriction at the same time. This mechanism enables
more comprehensive and flexible ACL.
2.9 Precision user locating

Via multiple methods like DHCP, option82, PPPOE+ and VBAS, ZXR10 5250 can
provide user’s accurate location for the network management center. The field with user
location information can be configured freely to meet different operators’ requirements.

2.10 IPV6
ZXR10 5250 supports a number of essential IPV6 functions, including IPV6/IPV4 dual
protocol stack, ND (neighbor discovery), ICMPV6, DHCPV6 snooping and MLD
snooping.
2.11 Ethernet OAM

Ethernet Operations, Administration, and Maintenance (OAM) is a guarantee to provide
high-quality carrier-class network. It monitors link status change, makes evaluation of
service quality provided by the link, so as to provide great convenience for network
maintenance staff to locate network failures. ZXR10 5250 supports three OAM protocols:
802.1ag, 802.3ah, and Y1731.
2.12 Off-power alarm

When the power supply is off-power, the device sends alarm message to the designated
server, notifying the server that the device stops working because the power supply is off.
Power supply failure is the major failure of the access device. This function can help OAM
staff to make quick decision on device failure and speed up the processing and failure
recovery.
2.13 Free seating networking

ZXR10 5250 series enables the users find desired new services easily with mouse on the
interface platform provided by the operators by enabling MFF, IPTV, ZESR and
MAC-based vlan functions, to implement free selection, free switching and free
accounting. With the Free-seating solution, operators have a new role – a platform
connecting service providers and final users. In Free-seating platform, Internet service
providers and IPTV media providers can adjust their marketing strategies flexibly and
carry out “preview” service promotion; they can rank the services according to user
click-through rate and adjust their service direction without worrying about the trouble of
user payment.
2.14 Supporting ERPS (G.8032)

ZXR10 5250 series supports ERPS (Ethernet Ring Protection Switching). It can prevent
broadcast storm caused by data loop in an Ethernet ring. When one link is disconnected
in the Ethernet ring, it can enable the standby link rapidly to restore communication
between the nodes on the Ethernet rings. Compared with STP protocol, ERPS protocol
has the following features: typology convergence is fast (less than 50ms); convergence
time is unrelated to the number of nodes on the Ethernet ring.

2.15 Broadcast storm prevention and restoration

ZXR10 5250 supports broadcast storm prevention and restoration. When the broadcast
frames received reach the preset threshold, the port will drop the broadcast frames
automatically and generate alarms at the same time. When the broadcast frames are
under the preset threshold, it will report the restoration alarm.

3 Functions
3.1 Basic service functions
3.1.1 MAC address management
ZXR10 5250 series fulfills the following MAC functions:
 Convert dynamic MAC address into static one
On one hand, the administrator expects that the user is fixed only to a port; on the other
hand, he does not want to configure too many static addresses. The function can be used
to reach the goal.
 Bind MAC address to a port
Dynamic, static or permanent MAC address can be added to MAC address table. The
correspondence relation between static or permanent MAC address and port is fixed, and
cannot be cancelled until the address is deleted manually.
 Limit MAC address number of a port
MAC address table capacity of a switch is limited. When many users are available and
MAC address table will reach the capacity limit, the MAC address number of low-priority
user port will be restricted.
The restriction can prevent MAC address broadcast to drive MAC address table to
overflow the network attack.
 Port MAC address learning protection
When abnormal MAC address learning of a port is checked out, the switch will protect the
MAC address learning for some time. New address learning cannot be done in the
protection. When the protection expires, the port will be in the state of MAC learning
again.
 Unknown-source MAC address filtering of a port
Unknown-source MAC address filtering of a switch port is closed by default, and the port
does not filter the unknown-source MAC address. If a switch port is configured with
enabling the unknown-source MAC address filtering, relative port will discard the packet
of unknown-source MAC address received at the port and learn it.
 MAC address filtering

Data frame can be filtered according to MAC address in the following ways:
1 Only the source MAC address of data frame is matched. If the source MAC
address is the set MAC address, the data frame will be filtered.
2 Only the destination MAC address of data frame is matched. If the destination
MAC address is the set MAC address, the data frame will be filtered.
3 The source or destination MAC address of data frame is matched. If the source
or destination MAC address is the set MAC address, the data frame will be
filtered.
3.1.2 VLAN
Support port-based vlan, 1:1 and N:1 vlan translation, PVLAN, QinQ and SVLAN.
QinQ, known as the tunnel protocol based on IEEE 802.1Q encapsulation, is also called
VLAN stack. QinQ adds a VLAN label (external label) outside the existing VLAN label
(internal label). The external label can shield the internal label.
QinQ without protocol support can implement simple L2VPN, and is suitable for mini-
LAN taking L3 switch as the backbone.
Typical QinQ networking is as follows. The port connecting user network is Customer port,
the port connecting SP network is Uplink port, and SP network edge access equipment is
called PE (Provider Edge).
Figure 3-1 Typical QinQ networking
SPVLAN 10
customer
port
User network SPVLAN 10
1 Uplink port
CVLAN1- Switch A
100 PE Switch B
SP network PE User network
2
SPVLAN 10 CVLAN1-
Uplink port 100
SPVLAN 10
customer
port
User network accesses PE via Trunk VLAN. Uplink ports in SP network are connected
symmetrically via Trunk VLAN.
When the packet comes from user network 1 to switch A customer port, no matter
whether the packet is tagged or untagged, switch A will forcedly insert the external label
(VLAN ID is 10). In SP network, the packet reaches switch B via VLAN 10 ports. Switch B

finds out the port connected to user network 2 is customer port, removes the external
label according to the conventional 802.1Q protocol, restores it to the original packet, and
sends it to user network 2.
The data between user network 1 and 2 can be transmitted transparently via SP network.
User networks can freely plan their own private network VLAN ID to avoid the conflict with
SP network VLAN ID.
3.1.3 STP features
Support RSTP and MSTP as well as such protection features as bpdu guard, root guard
and loop guard.
3.1.4 Link aggregation
Link aggregation, known as Trunk, binds several physical ports into one logic port to
share incoming/outgoing traffic load among member ports. The switch decides according
to port load sharing policy configured by the user via which member port the packet is
sent to the opposite switch. When detecting that a fault occurs to the link of a member
port, the switch will stop sending the packet via the port, and recalculate and decide a
port for packet transport according to load sharing policy. After the faulty port restores,
the switch will recalculate and decide a port for packet transport again. Link aggregation
is an important technology to increase link bandwidth and support link transport resilience
and redundancy.
ZXR10 5250 supports static Trunk and LACP link aggregation.
Static Trunk adds several physical ports directly to Trunk group to form one logic port, but
it is not good at observing the status of link aggregation port.
LACP (Link Aggregation Control Protocol), following IEEE 802.3ad, dynamically

aggregates several physical ports into Trunk group through the protocol to form one logic
port. LACP automatically aggregates to get the maximum bandwidth.
3.1.5 Basic Ethernet features
ZXR10 5250 supports the following basic Ethernet features:
 Support port mirroring
Port mirroring copies the data of one or several switch ports (mirrored port) to one
designated destination port (monitored port) to get the data of the monitored port for
traffic analysis and wrong diagnosis port data. The mirroring (RSPAN) of
cross-equipment ports is supported.
 Support broadcast storm suppression

It can limit the number of broadcast packet allowed to pass Ethernet port per second.
When broadcast traffic exceeds the value set by the user, the system will discard
broadcast traffic, thus broadcast traffic will be reduced to a reasonable range to suppress
broadcast storm and avoid network congestion to assure network services of normal
operation. Broadcast storm suppression takes the set rate as the parameter. The smaller
rate means the smaller broadcast traffic allowed to pass.
 Support such configuration as port rate, duplex mode and adaptation.
 Support line diagnosis analysis and test
ZXR10 5250 supports cable line diagnosis analysis and test. It can check line and
connection and find the location of cable fault to facilitate network management and fault
locating.
GE electrical interface is connected to other devices via network cable. Network cable
has 4 twisted pairs. 100M network cable uses twisted pair 1-2 and 3-6, and 1000M 1-2,
3-6, 4-5 and 7-8. The status of each twisted pair can be detected in line check. Line
statuses are as follows:
1 Open: Open-circuit line

2 Short: Short-circuit line
3 Good: Normal line
4 Broken: Open-circuit or short-circuit line
5 Unknown: Unknown or no result
6 Crosstalk: Line coupling
7 Fail: Failed detection
3.2 Value-Added Service (VAS)
3.2.1 DHCP-based batch upgrade
ZXR10 5250 supports the DHCP-based batch upgrade. By supporting DHCP option66,
67 and 150, the device gets the server address, catalog and filename storing the version.
Option150 stores the server IP address, option66 the version path, and option67 the
version filename. With the information, the device can automatically get the version from
the designated location via FTP or TFTP, which simplifies upgrade procedure, facilitate
operation & maintenance and increase working efficiency.
3.2.2 IPTV
IPTV, known as interactive network TV and launched by carriers based on broadband,

uses IP broadband network and integrates Internet, multimedia and telecom technologies

to provide for the user such interactive services as live TV, video VOD and Internet
browse. The user gets the services via PC or “IP set top box+TV”.
Controllable multicast is one of key technologies of ZTE’s IPTV system structure, and
usually works at the broadband access network side. The equipment (BRAS, access
equipment or switch) implementing the multicast control policy is called the multicast
control point. As the termination point of user multicast IGMP request, the multicast
control point decides according to relative IGMP request and control policy whether to
copy multicast flow to user port. The closer the multicast control point is, the more
network bandwidth the user can save. As the key equipment to implement the multicast
control policy, Multicast control point supports the following services: IGMP V1/V2,
IGMP Snooping, IGMP Filter, IGMP Proxy, IGMP Fastleave, MVR(Multicast Vlan
Register), SGR(Static Group Register), UGAC(User Group Access Control) and
UGAR(User Group Access Record). User’s on-demand authority can be controlled by
binding rules and channels.
3.2.3 ACL
ZXR10 5250 supports egress and ingress ACL.
ZXR10 5250 offers the following four types of ACL.
 Basic ACL: Only match source IP address.
 Extension ACL: Match source IP address, destination IP address, IP protocol

type, TCP source port No., TCP destination port No., UDP source port No., UDP
destination port No., ICMP type, ICMP Code, DSCP (DiffServ Code Point), and
ToS.
 L2 ACL: Match source MAC address, destination MAC address, source VLAN ID,
L2 Ethernet protocol type, and 802.1p priority value.
 Mixed ACL: Match source MAC address, destination MAC address, source VLAN
ID, source IP address, destination IP address, TCP source port No., TCP
destination port No., UDP source port No., and UDP destination port No.,
including all matching fields of the above types.
3.2.4 SFLOW
sFlow is the IETF standard traffic monitoring technology. It has low hardware
requirements, less equipment resource consumption and high technical commonality, so
it is now used by multiple vendors.
sFlow service mainly consists of three parts: sFlow message sampling unit, sFlow proxy
unit and sFlow collector (or named analyzer ). The sampling and proxy units of sFlow are
integrated in the network equipment; while sFlow collector which analyzes messages of

multiple sFlow proxies is out of the system structure. The entire basic system architecture
is as shown in the following figure:
Figure 3-2 sFlow frame
sFlow sampling unit is the basis of sFlow mechanism. sFlow samples network packets
at the network interface supporting sFlow and sends sampled packets to sFlow agent
equipment for processing. sFlow Collector is the network equipment sFlow uses to
manage, monitor, collect and analyze. It stores and analyzes network packets from sFlow
Agents, and gives equipment traffic and service analysis reports and tables.
3.2.5 RSPAN
Remote Switched Port Analyzer (RSPAN), i.e. remote port mirroring, without asking the
mirrored port and the mirroring port on the same switch, enables cross-network mirrored
port and mirroring port. This gives great conveniences to the administrator for remote
switch management.
The following switches can fulfill the RSPAN function.

 Source switch: The switch of the monitored port makes L2 forwarding of the traffic,
which needs to be mirrored, at Remote-probe VLAN L2 and forwards it to
intermediate switch or destination switch.
 Intermediate switch: The switch between source switch and destination switch in
the network transports the mirroring traffic to the next intermediate switch or
destination switch via Remote-probe VLAN. If source switch and destination
switch are directly connected, there will be no intermediate switch.
 Destination switch: The switch of destination port for remote mirroring forwards
the mirroring traffic received from Remote-probe VLAN to the monitoring
equipment via the mirroring destination port.
3.2.6 Global counter
ZXR10 5250 has unique global counter. The port and flow to be monitored can be bound
to a separate global counter. The specific flow can be decided according to flow
classification. For example, monitor a specific source IP and destination IP. After binding,
global counter separately counts the packets matching the flow.
Global counter provides the carriers with an effective way to monitor network traffic status,
which may be for a specific traffic of each user, so as to offer more data for network
structure planning.
3.2.7 IP source guard
IP source guard is a policy control technology. Based upon dynamic DHCP snooping
table entry or manual static table entry, it is mainly responsible for checking if IP+MAC
the same as DHCP snooping table entry or manual static table entry. If they are not the
same, the message will be judged as illegal. Then it will be discarded or sent to CPU.
3.2.8 Dynamic ARP Inspection (DAI)
ARP attack is the most commonly seen means in the network. It has two ways: One is to
transmit a lot of ARP packets which is beyond normal processing capability and break
down the equipment; the other is to transmit faked ARP packets and make the equipment
learn wrong table items, thus the packets of a normal user are wrongly forwarded to the
hacker faking the ARP packets and let him get private information of the user.
DAI service can effectively process ARP attack. After initiating DAI, the equipment can
restrict the number of ARP sent by the port, which guarantees adequate processing
capability of the equipment. Also, DAI service can check the legality of the received ARP
message according to user table entry generated dynamically. When the received ARP
message does not accord with the user dynamic table entry of this port, this message will
be dropped to make sure the correctness of the forwarding table entry.

3.2.9 LLDP
LLDP (Link Layer Discovery Protocol) is a kind of neighbor discovery protocol. With LLDP,
network device notifies its information to other devices and establish neighbor
relationship with different devices. ZXR10 5250 supports multiple LLDP TLV attributes. It
can correctly notify its port and system information to its neighbors.
At the same time ZXR10 5250 supports LLDP MED (LLDP for Media Endpoint Devices).
The switch uses this protocol to configure the terminal device that connected to it.
3.2.10 UDLD
UDLD is a L2 network protocol used to detect the single-pass on physical link between
the devices. Sometimes only receiving is normal or only transmitting is normal on the
physical link between two devices. At this time, the link status may be normal but the
packet transmission is abnormal. Detecting the abnormality, UDLD can send alarm or
close the port, which is decided based on the configuration.
3.2.11 Voice vlan
Voice VLAN provides high forwarding priority for voice data packet. When voice device
access is detected, no matter what the default priority for the voice data flow is, ZXR10
5250 transfers the legal voice data to the specified voice VLAN and distributes a high
priority to it, so as to guarantee the voice packet is forwarded with priority.
3.2.12 802.1x authentication
DOT1X (IEEE 802.1x) is the port-based network access control protocol. It optimizes
authentication means and authentication architecture and resolves the issues caused by
conventional PPPoE and Web/Portal authentication, so it is more suitable for broadband
Ethernet.
IEEE 802.1x protocol architecture consists of three major parts: Supplicant System,
Authenticator System and Authentication Server System.
1 Supplicant system is a user terminal system which is usually installed with a

supplicant software. The user starts the software to initiate the authentication in
IEEE802.1x protocol. In order to support the port-based access control,
supplicant system needs to support EAPOL (Extensible Authentication Protocol
Over LAN).
2 Authenticator system is usually the network equipment supporting IEEE802.1x
protocol, such as switch. The equipment corresponds to the ports of different
users (They may be physical ports, or MAC address, VLAN and IP of user
equipment). Two logic ports are available: controlled port and uncontrolled port.

1) Uncontrolled port is always in bidirectional connection status and transmits

EAPOL protocol frame to ensure that the supplicant can always send or
receive the authentication.
2) Only when the authentication is passed, can controlled port be opened to
transmit network resource and service. Controlled port can be configured to
bidirectional control or input control for different applications. If the user
does not pass the authentication, controlled port will be in authentication
status, and the user will not access the service provided by authenticator
system
3 Authentication server is usually RADIUS server. It can store the user-related
information, e.g., user VLAN, CAR parameters, priority, and user access control
list. When the user passes the authentication, authentication server passes the
user-related information to authenticator system which creates the dynamic
access control list, and subsequent user traffic will be under the supervision of
the above parameters. Device communicates with RADIUS server through
RADIUS protocol.
3.2.13 Ring protection

ZTE Ethernet Smart Ring (ZESR) based upon EAPS principle of rfc3619 protocol makes
some progresses. It makes sure if the ring works smoothly. Also it confirms there’s only
one logic smooth path between two nodes. The port status can be changed between
block and forward status according to the situation of the ring (through-break,
break-through), which enables fast switchover of the logical path.
ZESR supports multiple such as network topologies as tangent ring and intersecting ring
as well as multi-domain configuration. ZXR10 5250 ZESR supports to work with PVLAN
to comply with MEF networking model.
3.2.14 ZESS smart switching
ZTE Ethernet Smart Switch (ZESS), providing an Ethernet intelligent switchover

technology introduced by ZTE, describes a highly efficient link switchover mechanism.
When the active link breaks down, traffic can be switched over to the standby link, which
makes sure normal data transmission.
As shown in Figure 3, node 1 supports ZESS. Port 1 is master port and port 2 is slave
port. When node 1 finds that master port and slave port are UP, the protection service
VLAN forwarding of slave port will be blocked. When node 1 finds that master port is
DOWN, the protection service VLAN forwarding of master port will be blocked, and the
protection service VLAN forwarding of slave port will be opened. When node 1 finds that
master port restores to UP, inversion and non-inversion modes are available. In inversion
mode, master port is opened and slave port is blocked again. In non-inversion mode,

master port is still blocked and slave port is still opened. Furthermore, when ZESS is
switched, FDB of the blocked port will be upgraded.
Figure 3-3 ZESS network topology
Upper-level
network
Node 2 Node 3
Master port Slave port
Node 1
3.2.15 DHCP relay
DHCP relay forwards users’ DHCP request packet to the designated DHCP server by L3
interface, and forwards the packet returned by the server to the user. ZXR10 5250 DHCP
relay supports configuration of multiple server. It supports identification and processing of
option82. Many different actions of forwarding, dropping or substitution can be adopted
for packets carrying option82.
3.2.16 TACACS+
Besides common radius authentication, ZXR10 5250 also supports TACACS+

authentication of administrative user. TACACS+ seems similar to radius in usage. It is
also an authentication method with client plus server. The device works as client and
sends the username and password to remote TACACS+ server, who takes
authentication and then returns the result to the client. Besides the difference in
authentication process and packet attribute, the biggest difference between TACACS+
and radius lies in the fact that TACACS+ takes encapsulation of the forwarded packet,
which greatly improves the system security.

3.2.17 SSH
SSH mainly provides a secure login passage for the administrative user. The device
provides SSH server function for the user logs in as client. Client and server will negotiate
about the encrypted key before they establish the connection, with which server and
client can encrypt and de-encrypt the packet they send to each other to make the packet
unidentifiable by others during the process of transmission.
3.2.18 Port loopback check
Port loopback check works to separate the network. The device will block the port when it
finds loopback in the downlinked network of the port to avoid the influence on the whole
network of the loopback. Port loopback check can work only with the support of a single
node without the same protocol run in the whole network. ZXR10 5250 supports single
port and multi-port loopback check.
3.2.19 MButton
ZXR10 5250 switch can provide the MButton function without increasing user cost. The
function makes use of existing port indicators to indicate the run status of the switch.
MButton can switch different modes. When a mode is switched, port indicator shows
system status of the mode according to relative rules. The following statuses are
available now:
 Port link status
 Port duplex status
 Port rate status
 Memory utilization rate
 CPU utilization rate
 Port of packets with CRC error
 Port generating broadcast storm
 Uplink interface bandwidth occupancy
 Port which does not learn MAC address
 Ping NM server
 POE status

3.2.20 SFTP
SFTP is actually an SSH-based file transmission mode supporting file transmission

encryption. Its real name is SSH File Transfer Protocol.
3.2.21 SSL
Secure Socket Layer is used to guarantee the safety of data transmission on Internet. It
adopts data Encryption technology to prevent data interception during transmission.
The current version is V 3.0. It has been widely used in identify authentication and
encrypted data transmission between Web browser and servers.
4 System Architecture
4.1 Appearance
ZXR10 5250 is a sort of cassette Ethernet switch. Its hardware is composed by chassis,
control switching fabric unit, line interface unit and power supply unit. The size of the
chassis goes in line with European standard.
Figure 4-1 ZXR10 5250-28TC-H
Figure 4-2 ZXR10 5250-52TC-H
Figure 4-3 ZXR10 5250-52PM-H
Figure 4-4 ZXR10 5250-28PM-H

Figure 4-5 ZXR10 5250-28TM-H
Figure 4-6 ZXR10 5250-52TM-H
Figure 4-7 ZXR10 5250-28TC
Figure 4-8 ZXR10 5250-52TC
Figure 4-9 ZXR10 5250-28SM
Figure 4-10 ZXR10 5250-52PM
Figure 4-11 ZXR10 5250-28PM
Figure 4-12 ZXR10 5250-28TS-L

Figure 4-13 ZXR10 5250-52TS-L
4.2 Hardware Architecture
4.2.1 Overall Hardware Architecture
ZXR10 5250 is a cassette product that adopts centralized hardware architecture design.
All service interfaces are directly connected to switching main control card.
4.2.2 Working Principle of Hardware System
Figure 4-14 Working principle of the system
4.2.3 Introduction to Card
ZXR10 5250 system can be divided into switching control module, power supply module
and interface module based on the responsibilities they assume.

4.2.3.1 Control Card
Control card is the core component of ZXR10 5250. It mainly implements two functions of
control module and switch module.
In ZXR10 5250 system, control switch card is installed in the cassette structure with no
independent panel. Its related interface and indicator are on the front panel of the system.
The principle is shown in the following diagram:
Figure 4-15 Control principle
4.2.3.2 Control Module
Control module is composed of main processor and some external functional chips. It
provides various external operation interfaces such as serial interface, and Ethernet
interface to implement processing of various applications by the system. The main
processor adopts high-performance CPU processor to implement the following tasks:
 System network management protocol such as SNMP.
 Network protocol such as STP.
 Provides operation and management interfaces for each line card.
 Takes data operation and maintenance.

4.2.3.3 Switch Module
Switch module adopts the private Switch chip with multiple GE bi-directional interfaces
integrated. It can process multi-port wire-speed switching. The switch chip can implement
the following functions:
 Storage, forwarding, and switching
 Support 10KB jumbo frame
 Support priority queuing. When CoS queue is in congestion, it drops frames

selectively.
4.3 Software Architecture

Ethernet switch ZXR10 5250 series switch is capable of L2 switching, providing L2
wire-speed switching and QoS guarantee. The system software implements
management, control and data forwarding of system. Its basic tasks include system start,
system configuration and management, protocol operation, table maintenance, switching
chip setting and state control, and some special packet software forwarding. System
software mainly implements the following functions:
It implements major L2 protocol functions including 802.1D STP protocol, 802.1P priority
control, 802.1Q VLAN functions, and 802.3ad link aggregation. It supports IPv4 protocol
stacking. It realizes multi-layer services of ACL and DHCP. It implements part of
broadband access functions and network management protocol.
Users can take network management of Ethernet switch by serial interface terminal,
Telnet, and SNMP Manager, covering network configuration management, failure
management, performance management, and security management.
System software can be divided into the following four sub-systems based on the above
system function requirements.
 Operation support sub-system. It includes software modules of BSP, ROS, and

SSP.
 MUX sub-system. It includes data distributing module, statistics monitoring

module and drive encapsulating module. Data distributing module takes charge of
distribution of data packets in the drive and upper layer software. Statistics
monitoring module takes charge of statistics data forwarding message and drive
software table monitoring.
 L2 sub-system. It includes STP, LACP, IGMP SNOOPING, MAC address

management, VLAN management, and L2 data forwarding.

 Network management and operation maintenance sub-system. It implements

Agent function of SNMP network management. It supports command line
management, provides operation maintenance interface and provides MIB
information.
4.3.1 Operation Support Sub-system
Operation support sub-system drives and encapsulates hardware in the lower layer to
provide support for other software systems in the upper layer. Operation support
sub-system mainly provides support for hardware operation, distributes operation
resource for hardware, and provides related interface for software in upper layer.
Operation support sub-system uses ZXR10 ROS platform including system support,
system control, version loading control, BSP, and SSP. System support can be further
divided into modules of operation system kernel, process scheduling, process
communication, timer management, and memory management. The system diagram of
operation support sub-system is shown in the following figure:
Figure 4-16 System framework diagram
4.3.2 MUX Sub-system
MUX sub-system implements information switching of drive and upper layer software,
and takes statistics and monitoring of software table of switching chip. The main functions
of MUX sub-system are data forwarding and statistics monitoring. MUX layer receives
data packets from drive module and distributes data packets based on ETHER TYPES

field in MAC frame. MUX data forwarding also takes charge of encapsulating data
forwarding function of the drive. It provides new data forwarding function invoking for
each module in upper layer, which invokes data forwarding function provided by MUX to
implement forwarding when there’s data packet or protocol packet needs to be forwarded.
Statistics monitoring takes charge of state statistics of drive layer, physical layer and
MUX layer, receiving and sending packets statistics, register reading monitoring, and
data packet sniffer. It provides OAM module with interface function.
4.3.3 L2 Sub-system
L2 sub-system mainly implements configuration management (management layer) of
data link layer, L2 protocol processing (control layer), and data forwarding (data layer or
service layer).
Figure 4-17 L2 system structure
4.3.4 NM and Maintenance Sub-system
Foreground network management and operation maintenance sub-system use TCP/IP to

work as SNMP network management agent. They use the executive body of managed
entity in lower layer to implement management. By network communication background
and foreground network management take management of foreground system and
realize separation of management network and transport network.

5 Technical Indexes and Specifications
5.1 Physical Indexes
Table 5-1 5250-H series physical indexes

Phy
sical 5250-28TC- 5250-52TC 5250-52PM 5250-28PM 5250-28TM 5250-52TM
inde H -H -H -H -H -H
xes
Dim
ensi
on
(widt
442×220×4 442×220×4 442×440×4 442×440×4 442×440×4 442×440×4
h×de
3.6 3.6 3.6 3.6 3.6 3.6
pth×
heig
ht)m
m
Max
weig
ht of
<2.9kg <3.0kg <7.5kg <7.5kg <6.4kg <6.4kg
the
whol
e set
POE Not support Not support Support Support Not support Not support
Support AC Support AC Support Support Support Support
and DC and DC inserting inserting two two
input; input; two two modular AC modular AC
Support Support modular AC modular AC or DC or DC
RPS RPS power power power power
Pow AC: AC: modules modules supply supply
er 100V~240V 100V~240V (each (each
sup , , 535W); 535W);
ply 50Hz~60Hz 50Hz~60Hz rated rated
DC: DC: voltage: voltage:
-48V~-60V -48V~-60V 100V~240V 100V~240V
RPS:12V RPS:12V AC; AC;
DC DC 50Hz~60Hz 50Hz~60Hz
<180 W <111 W
Max (consumpti (consumpti
pow on upon full on upon full
er load PoE load PoE
<27W <53W output), the output), the <51W <70W
cons
ump max. PoE max. PoE
tion output output
power is power is
840 W, in 720W, in

normal normal
working working
environmen environmen
t AC 220 V t AC 220 V
input input
condition) condition)
Wor
king Long-term working temperature: -5℃~+50℃: short-term working temperature:
tem -5℃~+55℃;
pera Storage temperature: -40℃~+70℃
ture
Wor
king
Relative humidity 20%~90%, no coagulation
hum
idity
Eart
hqu
ake 8 earthquake intensity
proo
f
Reli MTBF: >100,000 hours; MTTR: <30 minutes
abilit
y
Table 5-2 5250 standard series physical indexes
Physical 5250-28T
5250-52TC 5250-28SM 5250-28PM 5250-52PM
indexes C
Dimensio
n
442×220× 442×220×4 442×220×43. 442×440×4 442×440×4
(width×d
43.6 3.6 6 3.6 3.6
epth×hei
ght)mm
Max
weight of
the <2.9kg <3.0kg <4.0kg <7.5kg <7.5kg
whole
set
Not
POE Not support Not support Support Support
support
Support AC
Support AC, DC and DC and DC
RPS input; input:
AC: rated voltage: 100 AC: rated
V~240 V AC; 50/60 Hz Support AC input: rated
Power voltage: 100 voltage: 100 V ~240 V AC;
supply DC: rated voltage:-48 V ~240 V 50/60 Hz
V/-60 V DC AC ; 50/60
DC RPS: rated voltage: Hz
+12 V DC DC: rated
voltage: -48

V DC
<111 W <180 W
(consumpti (consumpti
on upon full on upon full
load PoE load PoE
output), the output), the
max. PoE max. PoE
Max
output output
power
27W 53W 39W power is power is
consump
720W, in 840 W, in
tion
normal normal
working working
environmen environmen
t AC 220 V t AC 220 V
input input
condition) condition)
Working Long-term working temperature: -5℃~+50℃: short-term working
temperat temperature: -5℃~+55℃;
ure Storage temperature: -40℃~+70℃
Working
humidity
Earthqua
8 earthquake intensity
ke proof
Reliabilit MTBF: >100,000 hours; MTTR: <30 minutes
y
Table 5-3 5250 TS-L series physical indexes

Phys
ical
5250-28TS-L 5250-52TS-L
inde
xes
Dime
nsio
n
(widt
h×de 442×220×43.6 442×220×43.6
pth×
heig
ht)m
m
Max
weig
ht of
<2.9kg <3.0kg
the
whol
e set
POE Not support Not support
Pow Support AC and DC RPS input; Support AC and DC RPS input;

er AC: 100V~240V, 50Hz~60Hz AC: 100V~240V, 50Hz~60Hz

supp RPS:12V DC RPS:12V DC
ly
Max
pow
er
<27W <53W
cons
umpt
ion
Wor
king Long-term working temperature: -5℃~+50℃: short-term working
temp temperature: -5℃~+55℃;
eratu Storage temperature: -40℃~+70℃
re
Wor
king
humi
dity
Eart
hqua
ke 8 earthquake intensity
proo
f
Relia MTBF: >100,000 hours; MTTR: <30 minutes
bility
5.2 Basic Specifications
Table 5-4 5250-H series system specifications
5250-28TC- 5250-52TC 5250-52PM 5250-28PM 5250-28TM 5250-52TM

Item
H -H -H -H -H -H
20 20
24 48 48
48 10/100/100 10/100/100
10/100/1000 10/100/100 10/100/100
U 10/100/100 0Base-TX 0Base-TX
Base-T 0Base-TX 0Base-TX
N 0Base-T Ethernet Ethernet
Ethernet Ethernet Ethernet
I Ethernet ports(PoE) ports
ports ports(PoE) ports
ports +4GE +4GE
COMBO COMBO
P 2 GE 2 GE Support Support Support Support
o Combo Combo uplink uplink uplink uplink
rt (10/100/100 (10/100/10 subcard, subcard, subcard, subcard,
0Base-T 00Base-T which which which which
N
Ethernet Ethernet includes includes includes includes
N
ports or ports or 4-port 10G 4-port 10G 4-port 10G 4-port 10G
I
1000Base-X 1000Base- optical, optical, optical, optical,
SFP port); X SFP 4-port GE 4-port GE 4-port GE 4-port GE
2 fixed port); electrical, electrical, electrical, electrical,
1000Base-X 2 fixed 4-port GE 4-port GE 4-port GE 4-port GE

5250-28TC- 5250-52TC 5250-52PM 5250-28PM 5250-28TM 5250-52TM

Item
H -H -H -H -H -H
SFP ports; 1000Base- optical optical optical optical
X SFP ports. ports. ports. ports.
ports
Forw
ardin
g
42Mpps 78Mpps 132Mpps 96Mpps 96Mpps 132Mpps
perfo
rman
ce
Port
switc
hing 56Gbps 104Gbps 176Gbps 128Gbps 128Gbps 176Gbps
capa
city
Support MAC address learning, aging and conversion from dynamic to static
Support static MAC address setting
MAC
Support MAC address attack protection
Support 16K address table items
4k for the whole set
Support port-based VLAN
VLAN Support VLAN translation (1:1, N:1)
Support PVLAN
Support macbased vlan
Support ingress ACl
ACL
Support egress ACl
Support QinQ-based forwarding
Support ordinary QinQ, outer layer label tagging based on port
QinQ Support Selective QinQ, outer layer label tagging based on traffic
Support Selective QinQ inner layer priority mapping
Support TPID modification
Support dynamic LACP
LACP Support traffic-based load balancing
Stor Support broadcast packet suppression

m Support multicast packet suppression
suppr Support unknown packet suppression
essio Support unknown unicast/multicast packet dropping
n Support unknown unicast/multicast broadcasting
L2 Support IGMP Snooping/proxy
multi Support IGMP rate limit, IGMP rate filter, IGMP rate shaping
cast Support cross-VLAN multicast duplication
Support port rate limit and traffic rate limit
Support 8 queues with different priorities at each port
QOS Support mapping to different queues based on packet 802.1p
Support SP, WRR, and SP+WRR algorithm
Support traffic classification based on source MAC address, destination MAC

5250-28TC- 5250-52TC 5250-52PM 5250-28PM 5250-28TM 5250-52TM

Item
H -H -H -H -H -H
address, source IP address, and destination IP address
Traffic classification of L4 port, protocol type, VLAN, Ethernet frame protocol, and
CoS information
Support traffic-based label priority and packet re-orientation
Anti-l
ighte Anti-lightening capability at all service ports: 6KV6KV
ning
Support DHCP snooping and DHCP relay
Support 802.1x, and maximal user limit at single port
Support dynamic ARP detection (DAI)
Secur Support IP Source Guard
ity
Support MAC address filtering
featur
es Support local or remote authentication of login user
Support CPU protection
Support SSH V2
Support TACACS+ and radius authentication of administrative user
Support LLDP neighbor discovery
LLDP
Support LLDP MED
UDLD Support UDLD unidirectional link detection
Support 802.1ag
OAM
Support 802.3ah
Support IPV6 host management
Support IPV6 ND
Support IPV6 MLD snooping
IPV6
Support IPV6 ICMPV6
Support IPV6 DHCPV6 snooping
Support IPV6 ACL
Support SFLOW
Monit
Support RSPAN
oring
Support mirror
Maint Support DHCP-based auto configuration and loading
enan
ce Support MButton
Voice
Support voice vlan
vlan
Netw
ork
mana Support SNMP V2,V3
geme
nt
Table 5-5 5250 standard series system specifications

Item 5250-28TC 5250-52TC 5250-28SM 5250-28PM 5250-52PM

20
24 48
48 24 fixed 10/100/1000
10/100/1000 10/100/100
10/100/1000 10/100/100 Base-TX
U Base-T 0Base-TX
Base-T 0Base-X Ethernet
NI Ethernet Ethernet
Ethernet SFP ports ports (PoE)
ports ports (PoE)
ports +4GE
COMBO
Support
two uplink
subcards: Support
P 2 GE Combo 2 GE Combo Support
One is 4 uplink
or (10/100/1000 (10/100/1000 uplink
fixed subcard,
t Base-T Base-T subcard,
10/100/100 which
Ethernet Ethernet which
0 Base-T includes
ports or ports or includes
N Ethernet 4-port 10G
1000Base-X 1000Base-X 4-port 10G
NI port optical,
SFP port); SFP port); optical,
subcard, 4-port GE
4-port GE
2 fixed 2 fixed the other is electrical,
electrical,
1000Base-X 1000Base-X 4 fixed 4-port GE
4-port GE
SFP ports SFP ports 100/1000 optical
optical ports.
Base-X ports.
SFP port
subcards
Forwa
rding
42Mpps 78Mpps 42Mpps 96Mpps 132Mpps
perfor
mance
Port
switch
ing 56Gbps 104Gbps 56Gbps 128Gbps 176Gbps
capaci
ty
Support MAC address learning, aging and conversion from dynamic to
static
MAC Support static MAC address setting
Support port-based VLAN
VLAN Support VLAN translation (1:1, N:1)
Support PVLAN
Support macbased vlan
Support ingress ACl
ACL
Support egress ACl
Support ordinary QinQ, outer layer label tagging based on port
QinQ Support Selective QinQ, outer layer label tagging based on traffic
Support Selective QinQ inner layer priority mapping

Item 5250-28TC 5250-52TC 5250-28SM 5250-28PM 5250-52PM

LACP
Support traffic-based load balancing
Support broadcast packet suppression
Storm Support multicast packet suppression
ession Support unknown unicast/multicast packet dropping
Support unknown unicast/multicast broadcasting
L2 Support IGMP Snooping/proxy
multic Support IGMP rate limit, IGMP rate filter, IGMP rate shaping
ast Support cross-VLAN multicast duplication
Support mapping to different queues based on packet 802.1p
QOS Support traffic classification based on source MAC address, destination
MAC address, source IP address, and destination IP address
Traffic classification of L4 port, protocol type, VLAN, Ethernet frame
protocol, and CoS information
Anti-li
ghteni Anti-lightening capability at all service ports: 6KV6KV
ng
Support DHCP snooping and DHCP relay
Securi Support IP Source Guard
ty
featur
Support SSH V2
LLDP
Support LLDP MED
Support IPV6 ND
Support IPV6 MLD snooping
IPV6
Support IPV6 ICMPV6
Support IPV6 DHCPV6 snooping
Support IPV6 ACL
Support SFLOW
Monit
Support RSPAN
oring
Support mirror
Mainte Support DHCP-based auto configuration and loading
nance Support MButton

Item 5250-28TC 5250-52TC 5250-28SM 5250-28PM 5250-52PM

Voice
Support voice vlan
vlan
Netwo
rk
geme
nt
Table 5-6 5250-L series system specifications

Item 5250-28TS-L 5250-52TS-L
24 10/100/1000Base-T Ethernet
U ports
P 48 10/100/1000Base-T Ethernet ports
NI
or
t N
4 fixed 1000Base-X SFP ports 4 fixed 1000Base-X SFP ports
NI
Forwa
rding
42Mpps 78Mpps
perfor
mance
Port
switch
ing 56Gbps 104Gbps
capaci
ty
Support MAC address learning, aging and conversion from dynamic to static
Support static MAC address setting
MAC
VLAN Support port-based VLAN
Support PVLAN
ACL Support ingress ACl
QinQ
LACP
Support traffic-based load balancing
Support broadcast packet suppression
Storm Support multicast packet suppression
ession Support unknown unicast/multicast packet dropping
Support unknown unicast/multicast broadcasting

Item 5250-28TS-L 5250-52TS-L

L2 Support IGMP Snooping
multic
ast Support IGMP rate limit, IGMP rate filter, IGMP rate shaping

Support mapping to different queues based on packet 802.1p
QOS Support traffic classification based on source MAC address, destination
MAC address, source IP address, and destination IP address
Traffic classification of L4 port, protocol type, VLAN, Ethernet frame protocol,
and CoS information
Anti-li
ghteni Anti-lightening capability at all service ports: 6KV6KV
ng
Support DHCP snooping
Securi Support IP Source Guard
ty
featur
Support SSH V2
LLDP
Support LLDP MED
Support IPV6 ND
IPV6
Support IPV6 ICMPV6
Support IPV6 ACL
Monit Support RSPAN
oring Support mirror
Mainte
Support DHCP-based auto configuration and loading
nance
Voice
Support voice vlan
vlan
Netwo
rk
geme
nt

6 Operation and Maintenance
6.1 NetNumen U31 Integrated NM Platform

IP network is bearing more and more services. At the same time it covers large area with
complicated configuration. Users have high expectation for the network. Network
management difficulty and workload become rather great. Only artificial management
with passive checking maintenance can no long meet the needs of reliable operation of
the network.
How to quickly deploy services in the network, how to guarantee reliable and stable
network operation, how to foresee the network operation quality, and how to detect the
failure point as soon as possible when failure occurs in the network are all present before
OAM staff. Thus active monitoring is urgently needed for the network to automatically
detect and solve network failure, to maintain smooth operation of the network, so as to
realize network value maximization.
To achieve this ZTE developed NetNumen U31 integrated network management system.
NetNumen U31 is an centralized network management system integrating multiple
products of router and switch. It integrates network element management, network
management, and service management in one, supporting multiple databases. It has
graphic interface of many languages, providing direct and easy operation. Offering
flexible northbound interface, it supports powerful interconnection integration capability.
6.1.1 NM Networking
Inband management and outband management can be adopted for networking between
NetNumen U31 network management system and ZXR10 5250.
Inband management
Inband management. Network management and service data are transported through
one channel with no need to build extra DCN network. NetNumen U31 network
management system can perform management when it is connected with the network
equipment nearby with related SNMP parameters configured.
The advantage of inband management is flexible networking without extra investment.

The disadvantage is network management information occupies service bandwidth,
which may influence service quality.
Outband management
Outband management. Network management information is transported inside network

management network, separated from service data. Extra DCN network is needed.

NetNumen U31 network management system is connected to outband management

interface on ZXR10 5250 so that network management information is transmitted
independently from service information.
The advantage is the interruption of service channel doesn’t influence management of

equipment by the network management station. Network management information
transmission is more reliable. The disadvantage is that network management network
built independently is influenced greatly by territory restriction so that extra investment is
necessary.
6.1.2 NetNumen U31 NM System
NetNumen U31 network management system is an integrated router, switch, and CE

management system developed by ZTE. Covering network management, network
management and service management, network management system provides the
following functions:
 Failure management guarantees stable network operation
In network management maintenance, the management staff has an urgent need to know
the network operation to make sure the network works stably. Failure management in
NetNumen U31 mainly takes charge of realtime receiving of various equipment alarm
and network event reported by all network elements. It can notify the maintenance staff in
an audible and visual way. The maintenance staff confirms and deals with the event.
They save the collected alarm reports in the base for various statistic and query. Failure
management is the most important and most usual management measure in network
operation and maintenance. With failure management, users can implement query,
realtime monitoring, failure filtering, failure location, failure confirmation, failure clearance,
and failure analysis etc. NetNumen U31 system also provides audio prompt, graphic
display of alarm, accessible alarm box, Email system, and SMS system. It notifies users
with sound and light, Email, and message for users to have easy daily maintenance.
 Performance management obtains a complete understanding of network services
Network traffic flow, network load are the most focused concern in network management.
NetNumen U31 performance management module mainly takes charge of performance
monitoring and analysis of network and equipment. It provides maintenance and
management department with information to supervise network engineering, planning
and adjusting to improve network operation quality by collecting various performance
data from network elements and generating performance report after processing. With
performance management, users can perform statistics of equipment load, traffic flow,
and interface load to learn about network service quality, assess and adjust network
resource configuration as soon as possible.
 Resource management makes good use of network resource

Resource management system implements physical resource and logic resource

management. It is a basic ineligible system in service process of the operators. It is an
important premise for two key service processes of service launching and service
guarantee to become automatic. With resource management, users can learn about not
only management of resource such as equipment, card, interface, and link, but also the
utilization of logic resource such as VLAN and MAC address.
 View management makes network operation state clear
View management provides integrated network topology and multi-view management,

which enables users to clearly grasp the topology structure and network equipment
operation state of the whole network. At the same time it provides operation and
maintenance ingress of the network and equipment. with view management users can
get network equipment operation state and alarm, and quickly transfer to other
management systems.
 Configuration management makes quick service deployment
Configuration management performs configuration of ZXR10 5250 including equipment

management, interface management, VLAN management, L2 feature management, QoS
management, software upgrade management, and configuration file management. It
supports multiple humanistic configuration including end-to-end configuration, batch
configuration, guide configuration. It also provides corresponding default configuration
templates for different management.
 Security management guarantees network security
Security management guarantees valid use of the system by the user. Security
management implements management of user, user group and role. By properly arrange
the relation between user, user group and role, it provides security control for operator to
perform security management operation. With login authentication it prevents illegal
users from entering the system. With operation authentication it provides security control
for operators to perform operation.
 Northbound interface provides easy integration
With the rapid development of telecom service, one operator usually needs to take
control of multiple equipment-level and network-level professional network management
systems of network element. The professional network management systems cannot
exchange information. The limit brought about by complicated management contents and
various operation interfaces become more and more obvious. To improve the
comprehensive management level and effect of the whole network for telecom
enterprises, one network management station can perform various management and
control over interconnected networks so as to realize the comprehensive management of
the whole network.

Comprehensive network management and professional network is connected via

interface. Professional network management needs to provide comprehensive network
management system with standard open northbound interface to perform quick and
reliable integration with comprehensive network management. NetNumen U31 supports
multiple northbound interfaces such as CORBA, SNMP, TL1, XMLand FTP.

7 Comprehensive Networking
Applications
7.1 Community Access for Enterprise network
Figure 7-1 Desktop access for enterprise network
It provides GE access to desktop and GE comb uplink port. Working with 802.1x
authentication, IP source guard, DAI, security port and conversion from dynamic MAC to
static, it can satisfy most of the requirements of enterprise network access.
7.2 Corridor Access for MAN
Figure 7-2 MAN access

MAN access can adopt ordinary tree type and ZESR plus PVLAN. Working with DHCP
snooping and ip source guard, it provides users with high security guarantee. At the
same time, ZXR10 5250 can use QinQ or SVLAN to further distinguish users and
services, and to provide rich control information for service planning of the whole
network.

8 Abbreviations
Table 8-1 Abbreviations
Full form
Abbreviation
ABR Area Border Router

ARP Address Resolution Protocol
AS Autonomous System
ASBR Autonomous System Border Router
ASN Abstract Syntax Notation
ATM Asynchronous Transfer mode
BIC Bridge interface & Alarm monitor card
BFEIE Fast Ethernet Interface- Electric for BRAS
BFEIO Fast Ethernet Interface-Optical for BRAS
BGEI Gigabit Ethernet Interface for BRAS
BGP Border Gateway Protocol
BNPC Network Processing Card for BRAS
BSFC Switch Fabric Card for BRAS
BTSR Back plane for Terabit Switch Router
BUPC Ultra Protocol processor control card for BRAS
CHAP Challenge Handshake Authentication Protocol
CIDR Classless Inter-Domain Routing
COS Class of Service
CRC Cyclic Redundancy Check
abbreviation English full name
CSN Cryptographic Sequence Number
DDN Digit Data Network
DNS Domain Name System
EBGP External Border Gateway Protocol
EGP Exterior Gateway Protocol
FDDI Fiber Distributed Data Interface
FEI Fast Ethernet Interface
FEIOE Fast Ethernet Interface-Optical/Electric
FIFO First In and First Out
FPGA Domain Programmable Gate Array
FTP File Transfer Protocol
FTP6 File Transfer Protocol Version 6
GEI Gigabit Ethernet Interface

HDLC High-Level Data Link Control

ICMP Internet Control Message Protocol
ICMP6 Internet Control Message Protocol 6
IETF Internet Engineering Task Force
IGMP Internet Group Management Protocol
IGP Interior Gateway Protocol
IP Internet Protocol
IS-IS Intermediate System -to- Intermediate System
LAN Local Area Network
LSA Link State Advertisement
MAC Media Access Control
MD5 Message Digest 5
MIB Management Information Base
MPLS Multi-Protocol Label Switch
MTU Maximum Transmission Unit
NIC Network Information Center
NLRI Network Layer Reachable Information
NMS Network Management System
OID Object ID
OSI Open Systems Interconnection
OSPF Open Shortest Path First
PAP Passwork Authentication Protocol
PCB Process Control Block
POS Packet over SDH
PPP Point-to-Point Protocol
PRT Process Registry Table
QOS Quality of Service
RFC Request For Comments
RARP Reverse Address Resolution Protocol
RIP Routing Information Protocol
RLE Route lookup engine
RMON Remote Monitoring
SDH Synchronous Digital Hierarchy
SMTP Simple Mail Transfer Protocol
SNMP Simple Network Management Protocol
TCP Transmission Control Protocol
TFTP Trivial File Transfer Protocol
TOS Type Of Service
42 © 2015ZTE CORPORATION. All rights reserved. ZTE Confidential Proprietary

TELNET Telecommunication Network Protocol

TTL Time-To-Live
UDP User Datagram Protocol
VLSM Variable Length Subnet Mask
VPLS Virtual Private Lan Service
VPN Virtual Private Network
VPWS Virtual Private Wire Service
WAN Wide Area Network
WWW World Wide Web

Zxsec Ghid de Administrare

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Zxsec Ghid de Administrare

Caricato da

Copyright:

Formati disponibili

Operator Logo

ZXR10 5250 Product

ZXR10 5250 Product Description

Version Date Author Approved By Remarks

© 2015 ZTE Corporation. All rights reserved.

ZTE Confidential Proprietary © 2015 ZTE CORPORATION. All rights reserved. I

II ©2015ZTE CORPORATION. All rights reserved. ZTE Confidential Proprietary

3.2.21 SSL ................................................................................................................ 18

4 System Architecture ..................................................................................... 18

5 Technical Indexes and Specifications......................................................... 25

6 Operation and Maintenance ......................................................................... 35

7 Comprehensive Networking Applications .................................................. 39

Figure 3-1 Typical QinQ networking ..................................................................................... 8

Table 5-1 5250-H series physical indexes .......................................................................... 25

IV ©2015ZTE CORPORATION. All rights reserved. ZTE Confidential Proprietary

Table 8-1 Abbreviations ..................................................................................................... 41

ZTE Confidential Proprietary © 2015 ZTE CORPORATION. All rights reserved. V

ZXR10 5250 include 4 models: ZXR10 5250-28TC, ZXR10 5250-52TC, ZXR10

ZTE Confidential Proprietary 2015 ZTE CORPORATION. All rights reserved 1

2.1 Energy saving and green

2.2 Easy deployment and easy management

2 2015 ZTE CORPORATION. All rights reserved ZTE Confidential Proprietary

2.3 POE Features

2.4 Better video service experience

2.5 Perfect security design

ZTE Confidential Proprietary 2015 ZTE CORPORATION. All rights reserved 3

2.6 Smart VLAN

2.7 Overall supervision

2.8 Bidirectional ACL

2.9 Precision user locating

4 2015 ZTE CORPORATION. All rights reserved ZTE Confidential Proprietary

2.11 Ethernet OAM

2.12 Off-power alarm

2.13 Free seating networking

2.14 Supporting ERPS (G.8032)

ZTE Confidential Proprietary 2015 ZTE CORPORATION. All rights reserved 5

2.15 Broadcast storm prevention and restoration

6 2015 ZTE CORPORATION. All rights reserved ZTE Confidential Proprietary

3.1 Basic service functions

3.1.1 MAC address management

ZXR10 5250 series fulfills the following MAC functions:

 Convert dynamic MAC address into static one

 Bind MAC address to a port

 Limit MAC address number of a port

 Port MAC address learning protection

 Unknown-source MAC address filtering of a port

 MAC address filtering

ZTE Confidential Proprietary 2015 ZTE CORPORATION. All rights reserved 7

Figure 3-1 Typical QinQ networking

8 2015 ZTE CORPORATION. All rights reserved ZTE Confidential Proprietary

3.1.3 STP features

3.1.4 Link aggregation

ZXR10 5250 supports static Trunk and LACP link aggregation.

LACP (Link Aggregation Control Protocol), following IEEE 802.3ad, dynamically

3.1.5 Basic Ethernet features

ZXR10 5250 supports the following basic Ethernet features:

 Support port mirroring

 Support broadcast storm suppression

ZTE Confidential Proprietary 2015 ZTE CORPORATION. All rights reserved 9

 Support such configuration as port rate, duplex mode and adaptation.

 Support line diagnosis analysis and test

1 Open: Open-circuit line

3.2 Value-Added Service (VAS)