Siemens S223 User's Manual
Contents
1. ssesse m 287 Arm HH 288 IGMP Snooping Basic Configuration seeeen 288 Enabling IGMP Snooping per VLAN ssseeeeem mem 288 Robustness Count for IGMP v2 Snooping sssssse 289 IGMP V2 Snoopinig eid alien ad ied el ed eee diet tne 289 IGMP v2 Snooping Fast Leave sse 290 IGMP v2 Snooping Querier sssssseeeenemeeneeennn 291 IGMP v2 Snooping Last Member Interval seeeenee 293 IGMP v2 Snooping Report Method sssssssseeemm 294 13 UMN CLI 14 9 2 5 5 9 2 5 6 9 2 6 9 2 6 1 9 2 6 2 9 2 6 3 9 2 7 9 2 7 1 9 2 7 2 9 2 7 3 9 2 7 4 9 2 7 5 9 2 8 9 2 8 1 9 2 8 2 9 2 8 3 9 2 8 4 9 2 8 5 9 2 9 9 3 9 3 1 9 3 1 1 9 3 1 2 9 3 1 3 9 3 1 4 9 3 1 5 9 3 2 9 3 3 9 3 4 9 3 4 1 9 3 4 2 9 3 4 3 9 3 4 4 9 3 5 9 3 5 1 9 3 5 2 9 3 5 3 9 3 5 4 9 3 5 5 9 3 6 9 3 7 9 3 8 9 3 8 1 9 3 8 2 9 3 8 3 9 3 9 9 3 10 9 3 11 10 10 1 User Manual SURPASS hiD 6615 S223 8323 R1 5 Mrouter Port tee a ae olen der ee 294 Multicast TCN Flooding seen a e 295 IGMP2V3 SNOOPING sei etie ett php imei 297 IGMP Snooping Version ois iot eth tie tel rece et e i tte dea eed 297 Join Host Management osre renk rA eene eene nnns 297 Immediate BIOK wists iy aT uia rehigndt N 298 Multicast VLAN Registration MVR ssss eene2. sss 23 Fig 3 1 Software mode structure ceesre eana aE AEREE ATE nennen enne 28 Fig 4 1 Process of 802 1x Authentication ssssseeee enne 64 Fig 4 2 Multiple Authentication Servers sssseeeee eene 65 Fig 5 1 hiD 6615 8223 8323 Interface ssssssssseee eee 73 Fig 5 2 Port MIFTOTIDQ s Stet att aide alti ade a den ada a eet amp 81 Fig 6 1 Ping Test for Network Status esssssee eene emere 97 Fig 6 2 IP Source Routing eene edited ed tnde edd edi de ps 97 Fig 7 1 Weighted Round Robin sssssssssseee eene nennen nnnm 147 Fig 7 2 Weighted Fair Queuing eee eene emnes 148 Fig 7 3 Strict Priority Queuing 2 i etin eter atit ben rene ei ice cupa 148 Fig 7 4 NetBIOS F iltering iere e ob d e tera te edepol 155 Fig 8 1 Port based VLAN 2 ibo tiu tie RH cd 179 Fig 8 2 Example of QinQ Configuration sssee enne 184 Fig 8 3 Qin Q Eramiezs iss semen tet e ete tte ie in federa 184 Fig 8 4 In Case Packets Going Outside in Layer 2 environment 187 Fig 8 5 In Case External Packets Enter under Layer 2 environment 1 188 Fig 8 6 In Case External Packets Enter under Layer 2 environment 2 188 Fig 8 7 Link Aggregation euer ee et E un Ne eae 193 Fig 8 8 Example of E O0p 2 rtr rer eot RU ane fts 200 Fig 8 9 Principle of
3. sssssssssssssseeeene ene 175 Debug Packet Dum pis xot tee reat ne date ed re rou Rn 177 Displaying the usage of the packet routing table sssssessssss 177 System Main Functions sssssse eene nemen mnes 178 9 UMN CLI 10 8 1 8 1 1 8 1 1 1 8 1 1 2 8 1 1 3 8 1 1 4 8 1 1 5 8 1 2 8 1 3 8 1 4 8 1 5 8 1 6 8 1 7 8 1 8 8 1 8 1 8 1 8 2 8 1 8 3 8 1 9 8 1 9 1 8 1 9 2 8 1 10 8 1 11 8 2 8 2 1 8 2 1 1 8 2 1 2 8 2 1 3 8 2 2 8 2 2 1 8 2 2 2 8 2 2 3 8 2 2 4 8 2 2 5 8 2 2 6 8 2 2 7 8 2 2 8 8 2 2 9 8 3 8 3 1 8 3 2 8 3 3 8 3 4 8 3 5 8 3 5 1 8 3 5 2 8 3 5 3 8 3 5 4 8 3 5 5 8 3 5 6 8 3 5 7 8 3 5 8 User Manual SURPASS hiD 6615 S223 S323 R1 5 WLAN EE 178 Port Based VLAN iet ptr e e eL E Ed 179 Creating VEAN 3 c ict it RD HE et RD HR Det n bere 180 SPSCHYINGIP VID iret bte e aeta hei ee o ped fec la ceci Led ead 180 Assigning Port TO WLAN i EP PR ERE ERE 180 Deleting VLAN tits aiken anata inhi aaa eie digis 180 Displaying VEAN iind E b e E PER ERE dr td 181 Protocol Based VLAN bi 2 dct bcne ne C HE eb bd nit er doe ehe 181 MAC address based VLAN ssseseeee eene 181 Subnet based VLAN eerte ree ede teer et ee d v mede d edd t 182 Tagged VLAN 2 niin Petri imd eatem d ire rds 182 VLAN Description 5 ei ede edi n ided ees e do Ue atelier ele 183 Displaying VLAN Information ssssssseenn nmm 183 epe 184
4. ssssssseeeeee nee 69 Initializing Authentication Status sesenm mee 70 UMN CLI 4 5 4 4 5 5 4 5 6 4 5 7 5 1 5 1 1 5 2 5 2 1 5 2 2 5 2 3 5 2 4 5 2 5 5 2 6 5 2 7 5 2 7 1 5 2 7 2 5 2 7 3 5 2 8 5 2 9 5 3 6 1 6 1 1 6 1 2 6 1 3 6 1 4 6 1 5 6 1 6 6 1 7 6 1 8 6 1 9 6 1 10 6 1 11 6 1 12 6 1 12 1 6 1 12 2 6 1 12 3 6 1 12 4 6 1 12 5 6 1 13 6 1 14 6 2 6 2 1 6 2 2 6 2 3 6 2 4 6 2 5 6 3 6 3 1 User Manual SURPASS hiD 6615 S223 S323 R1 5 Applying Default Value ssssssssseee emm emen ennemis 70 Displaying 802 1x Configuration sm em 70 802 1x User Authentication Statistic sssseeene 70 Sample Gonfigu ratiori 22 otc ttbi tre tr bec n o Bet e E PDC ER M OE RR d 71 Port Configuration tn rH ene 73 Port Basler nitet t tni ete duit T echec E uds 73 Selecting Port Type cett te ato t to Ge a ee ecd 73 Ethernet Port Configuration sess EATARRA 74 Enabling Ethernet Port essssssssse eee eene nennen 74 Auto negotlatiOlm 5L e Ede ero D ae 75 Transmit Fate iiie de eue ce ee ue tue ee ded os 75 IBS 76 Flow Control nece oet edet tede eh dee tiri cud eed E aia ev belied 76 Pott DeScrption ioo ot ae Hee en T o eme 77 Wrafiic StatistiGs ee ote pe t AA R E P ete od 78 The Packets Statistics niinc ien see Hn ber ki a se a ae EAA 78 The CPU statistics seas aia RR ERU RR AM RE 79 The Prot
5. Disables LACP for designated Aggregator number no lacp aggregator select the aggregator ID that should be disabled for AGGREGATIONS LACP Step 2 Configure the physical port that is a member of aggregated port In order to configure the member port use the following command Command Description Configures physical port that is member port of aggre lacp port PORTS gator select the port number s that should be enabled Bridge for LACP Deletes member port of Aggregator select the port number s that should be disabled for LACP no lacp port PORTS Packet Route When packets enter to logical port integrating several ports if there s no process to de cide the packet route it is not possible to use logical port effectively from focusing pack ets on a particular member port If these packets enter to logical port aggregating several ports and there s no way to de cide packet route the packets could be gathered on particular member port so that it is not possible to use logical port effectively Therefore the hiD 6615 S223 S323 is configured to decide the way of packet route in or der to divide on member port effectively when packets are transmitted It can be selected with Source IP address destination IP address source MAC address destination MAC address and the user could get the information of packets to decided packet route A50010 Y3 C 150 2 7619 195 UMN CLI 8 2 2 3 1
6. After configuring configuration ID in the hiD 6615 8223 8323 you should apply the con figuration to the switch After changing or deleting the configuration you must apply it to the switch If not it does not being injected into the switch To apply the configuration to the switch after configuring configuration ID use the follow ing command Command Description stp mst config id commit Commits the configuration of the region After deleting the configured configuration ID apply it to the switch using the above com mand A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 8 3 5 6 8 3 5 7 8 3 5 8 MSTP Protocol MSTP protocol has a backward compatibility MSTP is compatible with STP and RSTP If some other bridge runs with STP mode and send BPDU version of STP or RSTP MSTP automatically changes to STP mode STP mode can not be changed to MSTP mode automatically If administrator wants to change network topology to MSTP mode adminis trator has to clear previous detected protocol manually To configure the protocol use the following command Command Description Clears detected protocol and trys administrative proto stp clear detected protocol PORTS col PORTS select the port number Point to point MAC Parameters The internal sub layer service makes available a pair of parameters that permit inspection of and control over the administrative and operationa
7. match ip address _prefix list Transmits the information matched with prefix list NAME NAME IP prefix list name Route map Transmits information to only neighbor router in ac cess list match ip next hop lt 1 199 gt 1300 2699 NAME 1 199 IP access list number 1300 2699 IP access list number expanded range NAME IP access list name m Transmits information to only neighbor router in prefix match ip next hop prefix list NAME list NAME IP prefix list name Command Description A Transmits information matched with specified metric match metric lt 0 4294967295 gt enter the metric value Configures Neighbor router s address set ip next hop A B C D Route map A B C D IP address of next hop Sets the metric value for destination routing protocol 1 2147483647 metric value set metric 1 2147483647 10 3 6 Metrics for Redistributed Routes The metrics of one routing protocol do not necessarily translate into the metrics of another For example the RIP metric is a hop count and the OSPF metric is a combination of five quantities In such situations an artificial metric is assigned to the redistributed route Be cause of this unavoidable tampering with dynamic information carelessly exchanging routing information between different routing protocols can create routing loops which can seriously degrade network operation To prevent this situation w
8. show status power Global Shows power status Bridge show status temp Shows temperature of switch Tech Support In hiD 6615 8223 8323 you can display the configuration and configuration file log information register memory debugging information using the following commands By checking tech supporting check the system errors and use it for solving the problem Command Description tech Support tal sepasnainioy Check tech support on console console Enable tech support all crash info Save the contents of tech support in a specified ad remote P ADDRESS ftp tftp dress Tech support contents displayed on console are showed at once regardless of the num ber of display lines of terminal screen A50010 Y3 C 150 2 7619 103 UMN CLI 104 7 1 7 1 1 User Manual SURPASS hiD 6615 8223 8323 R1 5 Network Management Simple Network Management Protocol SNMP Simple Network Management Protocol SNMP system is consisted of three parts SNMP manager a managed device and SNMP agent SNMP is an application layer protocol that allows SNMP manager and agent stations to communicate with each other SNMP pro vides a message format for sending information between SNMP manager and SNMP agent The agent and MIB reside on the switch In configuring SNMP on the switch you define the relationship between the manager and the agent According to community you can give rig
9. user add NAME DESCRIPTION Creates a system account user add NAME level 0 15 Creates a system account with a security level DESCRIPTION The account of level 0 to level 14 without any configuring authority only can use exit and help in Privileged EXEC View mode and cannot access to Privileged EXEC Enable mode The account with the highest level 15 has a read write authority A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 4 1 4 2 To delete the created account use the following command Command Description user del NAME Delete the created account To display the created account use the following command Command Mode Description show user Enable Global Shows the created account Configuring Security Level For the hiD 6615 223 S323 it is possible to configure the security level from 0 to 15 for a system account The level 15 as the highest level has a read write authority The ad ministrator can configure from level O to level 14 The administrator decides which level user uses which commands in which level As the basic right from level 0 to level 14 it is possible to use exit and help command in Privileged EXEC Enable mode and it is not possible to access to Privileged EXEC Enable mode To define the security level and its authority use the following command Command Description privilege bgp level lt 0 15 gt Uses the specific comma
10. Command Mode Description area lt 0 4294967295 gt nssa translator role Router Configures NSSA with one option candidate never always The following example shows how to configure NAAS with more than 2 options area 0 4294967295 nssa no summary no redistribution e area lt 0 4294967295 gt nssa translator role candidate never always default information originate metric type 1 2 no redistribution To delete configured NSSA use the following command Command Description no area 0 4294967295 nssa no area 0 4294967295 nssa default information originate no area 0 4294967295 nssa default information originate metric lt 0 16777214 gt no area 0 4294967295 nssa default information originate metric type 1 2 no area lt 0 4294967295 gt nssa no redistribution Deletes configured NSSA no area lt 0 4294967295 gt nssa no summary no area lt 0 4294967295 gt nssa translator role candidate never always A50010 Y3 C150 2 7619 345 UMN CLI 346 10 2 6 5 10 2 6 6 User Manual SURPASS hiD 6615 S223 S323 R1 5 Area Range In case of OSPF belongs to several Areas Area routing information can be shown in one routing path Like as above various routing information of Area can be combined and summarized to transmit to outside To summarize and combine the routing information use the following command Command
11. A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 8 4 Virtual Router Redundancy Protocol VRRP Virtual router redundancy protocol VRRP is configuring Virtual router VRRP Group consisted of VRRP routers to prevent network failure caused by one dedicated router You can configure maximum 255 VRRP routers in VRRP group of hiD 6615 S323 First of all decide which router plays a roll as Master Virtual Router The other routers will be Backup Virtual Routers After you give priority to these backup routers the router serves for Master Virtual Router when there are some problems in Master Virtual router When you configure VRRP configure all routers in VRRP with unified Group Id and assign uni fied Associated IP to them After that decide Master Virtual Router and Backup Virtual Router A router which has the highest priority is supposed to be Master and Backup Vir tual Routers also get orders depending on priority Routing functionalities such as RIP OSPF BGP VRRP and PIM SM are only available for hiD 6615 S323 Unavailable for hiD 6615 S223 Internet Virtual Router Associate IP 10 0 0 5 24 m Router 1 Backup Router 2 Backup Router 3 IP 1 0 0 1 24 IP 10 0 0 2 24 IP 10 0 0 3 24 Fig 8 28 VRRP Operation In case routers have same priorities then a router which has lower IP address gets the precedence Fig 8 28 shows an example of configuring three routers which hav
12. Copyright C Siemens AG 2005 2006 Issued by the Communications Group Hofmannstra e 51 D 81359 M nchen Technical modifications possible Technical specifications and features are binding only insofar as they are specifically and expressly agreed upon in a written contract A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 Reason for Update Summary System software upgrade added Details Chapter Section Reason for Update 11 System software upgrade added Issue History Date of Issue Reason for Update 07 2006 Initial release 08 2006 System software upgrade added A50010 Y3 C150 2 7619 3 UMN CLI User Manual SURPASS hiD 6615 S223 S323 R1 5 This document consists of a total 381 pages All pages are issue 2 Contents 1 Introcction osi ease E oA ah Anka RR RR RM ERE 20 1 1 Audience ies dtp ttti adiectis endet eden 20 1 2 Document Structure siii a aaa aa nennen oa dake a nennen 20 1 3 Document Convention ed ccce tret Ici batte aa aen 21 1 4 Document NotatlOn 5 he Dre ia eene ei t bata a A Ea er Ruta 21 1 5 CE Declaration of Conformity seen enne 21 1 6 GPL LGPL Warranty and Liability Exclusion seeeene 22 2 Syse OVET MT 23 2 1 System Features eee nde v thee tee v tide ev eain ade e cade d ei 24 3 Command Line Interface CLI sss eene 27 3 1 Command Mode tret booed ebat tod ied tla M Dre pires
13. Enable Shows the connection history of SSH clients who are show ssh history Global connected to SSH server up to now A50010 Y3 C150 2 7619 61 UMN CLI 4 4 1 5 4 4 2 4 4 2 1 4 4 2 2 4 4 2 3 62 User Manual SURPASS hiD 6615 S223 S323 R1 5 Assigning Specific Authentication Key After enabling ssh server each client will upload generated key The ssh server can as sign specific key among the uploaded keys from several clients To verify Authentication Key use the following command Command Mode Description ssh key verify FILENAME Global Verifys generated ssh key If the ssh server verify the key for specific client other clients must download the key file from ssh server to login SSH Client The hiD 6615 S223 S323 can be used as SSH client with the following procedure e Login to SSH Server File Copy e Configuring Authentication Key Login to SSH Server To login to SSH server after configuring the hiD 6615 8223 8323 as SSH client use the following command Command Description Logins to SSH server ssh login DESTINATION Enabl DESTINATION IP address of SSH server or hostname nable PUBLIC KEY and account PUBLIC KEY Specify public key File Copy To copy a file from to SSH server use the following command Command Mode Description copy scp sftp config Enable download upload CONFIG Downloads or uploads a file to through SSH se
14. IGMP Version 1 Provides basic Query Response mechanism that allows the multicast router to deter mine which multicast groups are active an other processes that enable hosts to join and leave a multicast group IGMP Version 2 Extends IGMP features as IGMP leave process group specific queries and explicit maximum query response time It added support for low leave latency that is a reduction in the time it takes for a multicast router to learn that there are no longer any members of a particular group present on an attached network IGMP Version 3 Version 3 of IGMP adds support for source filtering that is the ability for a system to report interest in receiving packets only from specific source addresses or from all but specific source addresses sent to a particular multicast address That infor mation may be used by multicast routing protocols to avoid delivering multicast pack ets from specific sources to networks where there are no interested receivers A50010 Y3 C150 2 7619 283 UMN CLI 284 9 2 1 2 9 2 1 3 9 2 1 4 9 2 2 9 2 2 1 User Manual SURPASS hiD 6615 S223 S323 R1 5 Removing IGMP Entry To clear IGMP interface entries use the following command Command Description clear ip igmp interface NTER FACE Clears IGMP interface entries on an interface Enable Deletes IGMP group cache entries all IGMP group A B C D IGMP group address clear ip igmp group A
15. A50010 Y3 C150 2 7619 289 UMN CLI 9 2 5 1 290 User Manual SURPASS hiD 6615 S223 8323 R1 5 Multicast Packet hiX 5430 Multicast Router 2 Transmit the Multicast packet to C the port that send join massage r2 iem ii m Multicast Join request 1 Request the Multicast Packet us Multicast Packet S Fig 9 4 IP Multicasting IGMP Snooping is a function that finds port which sends Join message to join in specific multicast group to receive multicast packet or Leave message to get out of the multicast group because it does not need packets Only when the switch is connected to multicast router IGMP Snooping can be enabled IGMP v2 Snooping Fast Leave If the Multicast client sends the leave massage to leave out Multicast group Multicast router sends IGMP Query massage to the client again and when the client does not re spond delete the client from the Multicast group In IGMP v2 even after Host sent Leave Message it receives Multicast Traffic until send ing Specific Query In Snooping Fast Leave Enable mode it sends no more Multicast Traffic immediately by deleting from Membership Table when receive Leave Message without sending Specific Query Command Description ip igmp snooping immediate Configures the fast leave on the system leave Global ip igmp snooping vlan VLANS g Configures the fast leave on a VLAN interface immediate leave
16. Command Description vr priority 1 254 Configures Priority of Virtual Router no vr priority Deletes configured Priority of Virtual Router Priority of Virtual Backup Router can be configured from 1 to 254 To set VRRP timers or delete the configuration use the following command Command Description Sets VRRP timers 1 10 advertisement time in the unit of second vr timers advertisement 1 10 no vr timers advertisement Clears a configured VRRP time A50010 Y3 C150 2 7619 229 UMN CLI 230 User Manual SURPASS hiD 6615 S223 8323 R1 5 The following is an example of configuring Master Router and Backup Router by compar ing their Priorities Virtual Routers Layer 3 SWITCH 1 101 and Layer 3 SWITCH 2 102 Then regardless of IP addresses one that has higher Priority Layer 3 SWITCH 2 becomes Master Router Layer 3 SWITCH1 IP Address 10 0 0 1 24 gt SWTICH1 config s router vrrp default 1 SWITCH1 config router ft associate 10 0 0 5 SWITCH1 config router ft vr priority 101 SWITCH1 config router exit SWITCH1 config show vrrp default virtual router 1 state 00 00N5E 00 01 01 advertisement interval 1 sec virtual mac address preemption enabled priority 101 master down interval 3 624 sec 1 associate address 10 0 0 5 SWITCH 2 with higher priority Layer 3 SWITCH 2 IP Address 10 0 0 2 24 gt f is configured as Maste
17. Command Mode Description show running config hostname Global Shows the host name The following is an example of changing hostname to hiD6615 SWITCH config hostname hiD6615 hiD6615 config 6 1 2 Time and Date To set system time and date use the following command Command Mode Description clock DATETIME Enable Sets system time and date show clock Global Shows system time and date A50010 Y3 C150 2 7619 83 UMN CLI 84 6 1 3 6 1 4 User Manual SURPASS hiD 6615 S223 S323 R1 5 The following is an example of setting system time and date as 10 20pm July 4th 2005 SWITCH clock 06 Mar 2006 10 20 Mon 6 Mar 2006 10 20 00 GMT 0000 SWITCH Time Zone The hiD 6615 S223 S323 provides three kinds of time zone GMT UCT and UTC The time zone of the switch is predefined as GMT Greenwich Mean Time Also you can set the time zone where the network element belongs To set the time zone use the following command Refer to the below table Command Mode Description time zone TIMEZONE Global Sets the time zone Enable show time zone Shows the world time zone map Global Tab 6 1 shows the world time zone Time Zone Country City Time Zone Country City Time Zone Country City GMT 12 Eniwetok GMT 3 Rio De Janeiro GMT 6 Rangoon GMT 11 Samoa GMT 2 Maryland GMT 7 Singapore GMT 10 Hawaii Honolulu GMT 1 Azores GMT 8 Hong Kong GMT 9 Alaska GMT 0 London Lisbon
18. SWITCH bridge SWITCH bridge SWITCH bridge SWITCH bridge SWITCH bridge SWITCH bridge SWITCH bridge SWITCH bridge SWITCH bridge SWITCH bridge SWITCH bridge SWITCH bridge SWITCH bridge SWITCH bridge vlan vlan vlan PEL S laus isto pM ZN User Manual SURPASS hiD 6615 8223 8323 R1 5 create br2 create br3 create br4 vlan del default 3 8 vlan add br2 3 4 untagged vlan add br3 5 6 untagged vlan add br4 7 8 untagged vlan add br2 24 untagged vlan add br3 24 untagged vlan add br4 24 untagged add br5 1 42 untagged vlan create br5 vlan vlan fid 1 5 5 show vlan u untagged port t tagged port default br2 br3 br4 br5 SWITCH bridge 8 2 Link Aggregation uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu Link Aggregation Control Protocol LACP complying with IEEE 802 3ad bundles several physical ports together to one logical port so that user can get enlarged bandwidth 192 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 8 2 1 8 2 1 1 Bandwidth with 1 port i Enlarged bandwidth with many ports bic A logical port that can be made by aggregating a number of the ports Fig 8 7 Link Aggregation The hiD 6615 S223 S323 supports two kinds of link aggregation as port trunk and LACP There s a little difference in these two ways In case of port trucking it is quite
19. The following command can be used to show a certain rule by its name all rules of a cer tain type or all rules at once sorted by rule type Command Mode Description show rule admin Shows all admin access rules sorted by type Enable show rule all Global Shows all rules and admin access rules sorted by type oba show rule statistics Shows rule statistics show rule profile Admin rule Shows a current configuration of a rule 154 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 7 7 NetBIOS Filtering NetBIOS Network Basic Input Output System is a program that allows applications on different computers to communicate within a local area network LAN NetBIOS is used in Ethernet included as part of NetBIOS Extended User Interface NetBEUI Resource and information in the same network can be shared with this protocol But the more computers are used recently the more strong security is required To secure individual customer s information and prevent information leakages in the LAN environ men the hiD 6615 S223 S323 provides NetBIOS filtering function LAN environment for Internet Service pw p Information Shared D mm Needs to prevent sharing information between customers Fig 7 4 NetBIOS Filtering Without NetBIOS filtering customer s data may be opened to each other even though the data should be kept To keep customer s information
20. UMN CLI SURPASS hiD 6615 S223 S323 R1 5 7 12 7 12 1 7 12 2 MAC Filtering It is possible to forward frame to MAC address of destination Without specific perform ance degradation maximum 4 096 MAC addresses can be registered Default Policy of MAC Filtering The basic policy of filtering based on system is set to allow all packets for each port However the basic policy can be changed for user s requests After configuring basic policy of filtering for all packets use the following command on Bridge mode to show the configuration Command Description mac filter default policy deny Configures basic policy of MAC Filtering in specified permit PORTS port By default basic filtering policy provided by system is configured to permit all packets in each port Sample Configuration This is an example of blocking all packets in port 1 3 and port 7 SWTICH bridge mac filter default policy deny 5 10 SWTICH bridge mac filter default policy permit 2 SWTICH bridge show mac filter default policy PORT POLICY PORT POLICY eo eS ae FERE S ER RUM 1 PERMIT 2 PERMIT 3 PERMIT L 4 PERMIT 75 DENY 6 DENT 7 DENY 8 DENY 3 DENY 10 DENY 11 PERMIT 12 PERMIT 13 PERMIT 14 PERMIT 15 PERMIT 16 PERMIT 17 PERMIT 18 PERMIT 19 PERMIT 20 PERMIT 21 PERMIT 22 PERMIT 23 PERMIT 24 PERMIT 25 PERMIT 26 PERMIT 27 PERMIT 28 PERMIT SWITCH bridge Adding Policy of MAC Filter You can
21. no distribute list ACCESS LIST in out INTERFACE no distribute list prefix PREFIX LIST in out INTERFACE Removes the application of a specific access list or Router prefix list to incoming or outgoing RIP route updates on interface in order to block the route Disabling the transmission to Interface To prevent other routers on a local network from learning about routes dynamically you can keep routing update messages from being sent through a router interface This fea ture applies to all IP based routing protocols except for BGP Disable the routing information to transmit on this interface of router use the following command Command Description Disables the transmission of multicast RIP messages passive interface INTERFACE on the interface Router INTERFACE interface name Re enables the transmission of RIP multicast mes no passive interface INTERFACE sages on the specified interface Offset List An offset list is the mechanism for increasing incoming and outgoing metrics to routes learned via RIP You can limit the offset list with an access list A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 To add the value of routing metrics use the following command Command Description Add an offset to incoming or outgoing metrics to routes learned via RIP ACCESS LIST access list name 0 16 type number INTERFACE interface name of
22. show syslog local volatile volatile removes a syslog message after restart non volatile NUMBER Enable non volatile reserves a syslog message Global NUMBER shows the last N syslog messages show syslog local volatile Shows the syslog messages from the latest one non volatile reverse clear syslog local volatile non Enable Removes a received syslog message volatile Global Displaying Syslog Configuration To display a configuration of the syslog use the following command Command Mode Description show syslog eat nable i 2 Shows a configuration of the syslog show syslog volatile non Global g yslog volatile information A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 7 6 7 6 1 A Rule and QoS The hiD 6615 S223 S323 provides rule and QoS feature for traffic management The rule classifies incoming traffic and then processes the traffic according to user defined poli cies You can use the physical port 802 1p priority CoS VLAN ID DSCP and so on to classify incoming packets You can configure the policy in order to change some data fields within a packet or to re lay packets to a mirror monitor by a Rule function QoS Quality of Service is one of useful functions to provide the more convenient service of network traffic for users It is very serviceable to prevent overloading and delaying or failing of sending tra
23. A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 223 S323 R1 5 9 2 2 2 9 2 2 3 IGMP cache but the switch is not a member Therefore it can support fast switching To configure IGMP static Join use the following command Command Description ip igmp static group A B C D vlan VLAN port PORT reporter A B C D Configures IGMP static join setting A B C D group address no ip igmp static group A B C D vlan VLAN no ip igmp static group A B C D Disables the IGMP static join configuration vian VLAN port PORT reporter A B C D Global Maximum Number of Groups Hosts on a subnet serviced by a particular interface have the access to join certain multi cast groups These multicast groups can be controlled by the ip igmp access group command To control the multicast groups on an interface use the following command Command Description 20 Sets an IGMP access group ip igmp access group lt 1 99 gt WORD Interface 1 99 access list number WORD IP named standard access list no ip igmp access group Disables groups on interfaces IGMP Query Configuration Multicast routers send host membership query messages host query messages to dis cover which multicast groups have members on the attached networks of the router Hosts respond with IGMP report messages indicating that they wish to receive multicast packets for specific groups indicating that the
24. Command Description Enables port security on the port port security PORTS PORT selects port number A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 Step 2 Set the maximum number of secure MAC address for the port Command Description Sets a maximum number of secure MAC address for port security PORTS maximum the port 1 163842 1 16384 Maximum number of addresses default 1 Step 3 Set the violation mode and the action to be taken Command Description port security PORTS violation I Selects a violation mode shutdown protect restrict When configuring port security note that the following information about port security vio lation modes e protect drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value restrict drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value and causes the Security Violation counter to increment e shutdown puts the interface into the error disabled state immediately and sends an SNMP trap notification Step 4 Enter a secure MAC address for the port Command Description Sets a secure MAC address for the port port security PORTS mac PORTS select the port number address MACADDR vlan NAME MACADDR enter the MAC address NAME vlan name To
25. cold start is shown when SNMP agent is turned off and restarts again link up down is shown when network of port specified by user is disconnected or when the network is connected again memory threshold is shown when memory usage exceeds the threshold specified by user Also when memory usage falls below the threshold trap message will be shown to notify it e cpu threshold is shown when CPU utilization exceeds the threshold specified by user Also when CPU load falls below the threshold trap message will be shown to notify it port threshold is shown when the port traffic exceeds the threshold configured by user Also when port traffic falls below the threshold trap message will be shown e temperature threshold is shown when the system temperature exceeds the thresh old configured by user Also when system temperature falls below the threshold trap message will be shown e dhcp lease is shown when there is no more IP address can be assigned in subnet of DHCP server Even if only one subnet does not have IP address to assign when there are several subnets this trap message will be seen fan power module is shown when there is any status change of fan power and module To enable SNMP trap use the following command Command Description Configures the system to send SNMP trap when SNMP snmp trap auth fail MOV authentication is fail Configures the system to send SNMP trap when SNMP snmp trap cold st
26. mul ticast neighbors NEIGHBOR IP show ip bgp neighbors NEIGHBOR IP advertised routes Enable show ip bgp ipv4 unicast mul ticast neighbors NEIGHBOR IP advertised routes Global show ip bgp neighbors NEIGHBOR IP received prefix filter show ip bgp ipv4 unicast mul ticast neighbors NEIGHBOR IP received prefix filter A50010 Y3 C150 2 7619 Shows general information on BGP neighbor connec tions of all neighboring routers Shows information of a specified neighbor router by its IP address NEIGHBOR IP neighbor router s IP address The advertised routes option displays all the routes the router has advertised to the neighbor Displays all received routes from neighbor router both accepted and rejected 331 UMN CLI User Manual SURPASS hiD 6615 S223 8323 R1 5 Command Description show ip bgp neighbors NEIGHBOR IP received routes The received routes option displays all received routes both accepted and rejected from the specified show ip bgp ipv4 unicast mul ticast neighbors NEIGHBOR IP received routes Enable neighbor To implement this feature BGP soft recon figuration is set show ip bgp neighbors Global NEIGHBOR IP routes The routes option displays the available routes only show ip bgp ipv4 unicast mul ticast neighbors NEIGHBOR IP routes that are received and accepted 332 A50010 Y3 C150 2 7619 User Man
27. rising event Associate the rising threshold with an existing RMON event rising threshold Define the rising threshold sample interval Specify the sampling interval for RMON alarm sample type Define the sampling type sample variable Define the MIB Object for sample variable show Show running system information startup type Define startup alarm type default rising write Write running configuration to memory or terminal SWITCH config rmonalarm 1 Subject of RMON Alarm User needs to configure RMON alarm and identify subject using many kinds of data from alarm To identify subject of alarm use the following command Command Description Identifies subject using related data enter the name owner NAME max 32 characters A50010 Y3 C150 2 7619 129 UMN CLI 130 7 4 2 2 7 4 2 3 7 4 2 4 User Manual SURPASS hiD 6615 S223 S323 R1 5 Object of Sample Inquiry User needs object value used for sample inquiry to provide RMON Alarm The following is rule of object for sample inquiry To assign object used for sample inquiry use the follow ing command Command Description sample variable M B OBJECT Assigns MIB object used for sample inquiry Absolute Comparison and Delta Comparison It is possible to select the way to compare MIB object used for sample inquiry in case of configuring RMON Alarm Absolute comparison directly compares object selected as sample with the threshold For instance when
28. sample range 100 1 1 1 100 1 1 100 lease time default 5000 SWITCH config dhcp sample lease time max 10000 To specify a DNS server to inform DHCP clients use the following command Command Mode Description dns server A B C D1 A B C D2 A B C D6 no dns server A B C D1 A B C D2 A B C D6 Specifies a DNS server Up to 8 DNS servers are pos sible A B C D DNS server IP address DHCP Pool Deletes a specified DNS server no dns server all Deletes all the specified DNS servers The following is an example of specifying a DNS server SWITCH config service dhcp SWITCH config ip SWITCH config dhcp SWITCH config dhcp SWITCH config dhcp SWITCH SWITCH SWITCH SWITCH config dhcp config dhcp config dhcp config dhcp dhcp pool sample sample sample sample sample sample sample sample network 100 1 1 0 24 default router 100 1 1 254 range 100 1 1 1 100 1 1 100 lease time default 5000 lease time max 10000 dns server 200 1 1 1 200 1 1 2 200 1 1 3 If you want to specify a DNS server for all the DHCP pools use the dns server command For more information see Section 6 1 9 Manual Binding To manually assign a static IP address to a DHCP client who has a specified MAC ad dress use the following command Command Description fixed address A B C D MAC ADDRESS no
29. show oam remote variable lt 0 Global 255 0 255 PORTS Shows remote OAM variable Bridge show oam remote variable spe cific 0 255 0 255 0 4 Shows remote OAM specific variable PORTS A50010 Y3 C150 2 7619 121 UMN CLI User Manual SURPASS hiD 6615 S223 S323 R1 5 The following is to configure to enable OAM loopback function through 25 port of the switch and operate once SWITCH bridge oam local admin enable 25 SWITCH bridge oam remote loopback enable 25 SWITCH bridge show oam local 25 LOCAL PORT 25 item value admin ENABLE mode ACTIVE mux action FORWARD par action DISCARD variable UNSUPPORT link event UNSUPPORT loopback SUPPORT disable uni direction UNSUPPORT disable SWITCH bridge show oam remote 25 REMOTE PORT 25 item value mode ACTIVE MAC address 00 d0 cb 27 00 94 variable UNSUPPORT link event UNSUPPORT loopback SUPPORT enable uni direction UNSUPPORT SWITCH bridge oam remote loopback start 25 PORT 25 The remote DTE loopback is success SWITCH bridge 122 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 7 3 7 3 1 7 3 2 7 3 3 Link Layer Discovery Protocol LLDP Link Layer Discovery Protocol LLDP is the function of transmitting data for network management for the switches connected in LAN according to IEEE 802 1ab standard LLDP Operation The hiD 6615 8223 8323 supporting LLDP transmits
30. shutdown Interface Disables an interface on Interface Configuration mode A50010 Y3 C150 2 7619 57 UMN CLI User Manual SURPASS hiD 6615 S223 S323 R1 5 4 3 8 Assigning IP Address to Network Interface After enabling interface you need to assign IP address To assign IP address to specified network interface use the following command Command Description ip address P ADDRESS M Assigns IP address to an interface Interface Assigns secondary IP address to an ip address P ADDRESS M secondary MOS interface To disable the assigned IP address use the following command no ip address P ADDRESS M Removes assigned IP address to an interface no ip address P ADDRESS M Interface Removes assigned secondary IP address to an inter secondary face To display an assigned IP address use the following command Command Mode Description Interface Shows an assigned IP address of the interface 4 3 4 Static Route and Default Gateway It is possible to configure the static route Static route is a route which user configures manually Packets are transmitted to the destination through static route Static route in cludes destination address neighbor router to receive packet the number of routes that packets have to go through To configure static route use the following command Command Description ip route A B C D SUBNET MASK Configures static route GATEWAY null lt 1 255
31. 3509 IBM type ABR RFC 3509 IETF Draft type and RFC 2328 type To configure ABR type of OSPF use the following command Command Description Selects an ABR type cisco cisco type ABR RFC 3509 default ibm IBM type ABR RFC 3509 Router shortcut IETF draft type standard RFC 2328 type ospf abr type cisco ibm shortcut standard no ospf abr type cisco ibm Deletes a configured ABR type shortcut standard 10 2 3 Compatibility Support OSPF protocol in the hiD 6615 S323 uses RFC 2328 which is finding shorten path How ever Compatibility configuration enables the switch to be compatible with a variety of RFCs that deal with OSPF Perform the following task to support many different features within the OSPF protocol Use the following command to configure compatibility with RFC 1583 Command Mode Description compatible rfc1583 Supports compatibility with RFC 1583 Router no compatible rfc1583 Disables configured compatibility 10 2 4 OSPF Interface OSPF configuration can be changed Users are not required to alter all of these parame ters but some interface parameters must be consistent across all routers in an attached network A50010 Y3 C150 2 7619 335 UMN CLI 336 10 2 4 1 10 2 4 2 User Manual SURPASS hiD 6615 S223 S323 R1 5 Authentication Type Authentication encodes communications among the routers This function is for security of inform
32. 8 1 2 Displaying VLAN To display a configuration of VLAN use the following command Command Mode Description Enable show vlan VLANS Global Bridge Shows the configuration for specific VLAN enter VLAN ID Protocol Based VLAN User can use a VLAN mapping that associates a set of processes within stations to a VLAN rather than the stations themselves Consider a network comprising devices sup porting multiple protocol suites Each device may have an IP protocol stack an AppleTalk protocol stack an IPX protocol stack and so on If we configure VLAN aware switches such that they can associate a frame with a VLAN based on a combination of the station s MAC source address and the protocol stack in use we can create separate VLANs for each set of protocol specific applications To configure protocol based VLAN follow these steps 1 Configure VLAN groups for the protocols you want to use 2 Create a protocol group for each of the protocols you want to assign to a VLAN 3 Then map the protocol for each interface to the appropriate VLAN Command Description Configures protocol based VLAN vlan pvid PORTS ethertype PORTS input a port number ETHERTYPE lt 1 4094 gt ETHERTYPE 0x800 1 4094 Vian ID no vlan pvid PORTS ethertype Removes protocol based VLAN ETHERTYPE Because Protocol Based VLAN and normal VLAN run at the same time Protocol Based VLAN operates only matched situation compa
33. Double Tagging Operation enne 185 Double Tagging Configuration esseeen mmn 185 TPID Gonflgu r ation acetate aio hti btt tb cadi Lanes ad 186 Layer 2 Isolation oie READ HERR 186 Port Isolation 2 5 ote dlere Ati t eiae Ath hae aM 187 Shared VLAN SF ied pti me et pte MH BR T 187 VLAN Translation dodo dete etd er e dr eee 189 Sample Configuration erret rtt reet t tete Ere ER eR Rn nia 189 Eink Aggregation t er i ted nel denas 192 Portalr nkes oi oe ete mime ta dee aucem te ore nes 193 Configuring Port Trunk sssssesseeee nene 193 Disabling Port Trunk ori air naen LARERE ASARTA EEES 194 Displaying Port Trunk Configuration eeeen 194 Link Aggregation Control Protocol LACP seeee 194 Configuring LAG Piss 32 iti et et etti nba betetten deli es 195 Packet ROU i ic e rr t tog b redet ea Dos La nter exits 195 Operating Mode of Member Port sssssssseeee eee 196 Identifying Member Ports within LACP sssee enm 197 BPDU Transmission Rate onicas iera a eee emen 197 Key value of Member Port ener 197 Priority of Member Port ssssssesssseee ene i AA EES 198 Priority Of Switch m 198 Displaying LACP Configuration sseee nmm 199 Spanning Tree Protocol STP ssssee eene 200 STP Operatlon ree e eee been aH orte abate tr ede dante tt urbe ree 201 RSTP Opera
34. IP traffic is filtered based on its source IP address Only IP traffic with a source IP address that matches the IP source binding entry is permitted An IP source address filter is changed when a new IP source entry binding is created or deleted on the port which will be recalculated and reapplied in the hardware to reflect the IP source bind ing change By default if the IP filter is enabled without any IP source binding on the port a default policy that denies all IP traffic is applied to the port Similarly when the IP filter is disabled any IP source filter policy will be removed from the interface Source IP and MAC Address Filter IP traffic is filtered based on its source IP address as well as its MAC address only IP traffic with source IP and MAC addresses matching the IP source binding entry are permitted When IP source guard is enabled in IP and MAC filtering mode the DHCP snooping option 82 must be enabled to ensure that the DHCP protocol works properly Without option 82 data the switch cannot locate the client host port to forward the DHCP server reply Instead the DHCP server reply is dropped and the client cannot obtain an IP address Enabling IP Source Guard After configuring DHCP snooping configure the IP source guard using the provided com mand When IP source guard is enabled with this option IP traffic is filtered based on the source IP address The switch forwards IP traffic when the source IP address matches an
35. UMN CLI To display a configured LACP use the following command Command Description show lacp aggregator show lacp aggregator AGGRE GATIONS show lacp port show lacp port PORTS show lacp statistics Enable Global Bridge Shows the information of aggregated port Shows the information of selected aggregated port Shows the information of member port Shows the information of appropriated member port Shows aggregator statistics To clear LACP statistics information use the following command Command Mode Description clear lacp statistics Enable Global Bridge Clears the information of statistics A50010 Y3 C 150 2 7619 199 UMN CLI 200 8 3 User Manual SURPASS hiD 6615 S223 8323 R1 5 Spanning Tree Protocol STP LAN which is composed of double path like token ring has the advantage that it is pos sible to access in case of disconnection with one path However there is another problem named Loop when you always use the double path Switch A Fig 8 8 Example of Loop Loop is when there are more than one path between switches SWITCH A B PC A sends packet through broadcast or multicast and then the packet keeps rotating It causes superfluous data transmission and network fault STP Spanning Tree Protocol is the function to prevent Loop in LAN with more than two paths and to utilize the double path efficiently It spe
36. default Router Configures a default cost of Area cost lt 1 16777215 gt To delete a configured default cost of Area use the following command Command Mode Description area lt 0 4294967295 gt default cost lt 1 16777215 gt Router Deletes a configured default cost of Area This command is only for ABR which is delivering summary default route to stub or NSSA Blocking the Transmission of Routing Information Between Area ABR transmits routing information between Areas In case of not to transmit router infor mation to other area the hiD 6615 S323 can configure it as a blocking First of all use the access list or prefix list command to assign LIST NAME And use the following command to block the routing information on LIST NAME This configuration only available in case of OSPF router is ABR To block routing information on LIST NAME use the following command Command Description area lt 0 4294967295 gt filter list access L ST NAME in out area lt 0 4294967295 gt filter list prefix L ST NAME in out Router Blocks routing information on LIST NAME To delete configured blocking information use the following command Command Description no area lt 0 4294967295 gt filter list access L ST NAME in out no area lt 0 4294967295 gt filter list prefix L ST NAME in out Router Deletes configured blocking information This command is only availa
37. entry in the DHCP snooping binding database or a binding in the IP source binding table A50010 Y3 C150 2 7619 261 UMN CLI User Manual SURPASS hiD 6615 S223 S323 R1 5 f To enable IP source guard DHCP snooping needs to be enabled To enable IP source guard with a source IP address filtering on a port use the following command Command Description 1 Enables IP source guard with a source IP address ip dhcp verify source PORTS ud Global filtering on a port no ip dhcp verify source PORTS Disables IP source guard To enable IP source guard with a source IP address and MAC address filtering on a port use the following command Command Description ip dhcp verify source port Enables IP source guard with a source IP address and security PORTS MAC address filtering on a port Global no ip dhcp verify source port Disables IP source guard security PORTS You cannot configure IP source guard with the ip dhcp verify source and ip dhcp verify source port security commands together 8 8 8 2 Static IP Source Binding The IP source binding table has bindings that are learned by DHCP snooping or manually specified with the ip dhcp verify source binding command The switch uses the IP source binding table only when IP source guard is enabled To specify a static IP source binding entry use the following command Command Description Specifies a static IP source binding entry
38. ip dhcp verify source binding 1 4094 VLAN ID lt 1 4094 gt PORT A B C D MAC PORT port number ADDR Global A B C D IP address MAC ADDR MAC address no ip dhcp verify source binding Deletes a specified static IP source binding A B C D all 8 8 8 8 Displaying IP Source Guard Configuration To display IP source binding table use the following command Command Mode Description show ip dhcp verify source Enable binding Global Shows IP source binding entries 262 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 8 8 9 8 8 9 1 8 8 9 2 DHCP Filtering DHCP Packet Filtering For the hiD 6615 S223 S323 it is possible to block the specific client with MAC address If the blocked MAC address by administrator requests IP address the server does not assign IP This function is to strength the security of DHCP server The following is the function of blocking to assign IP address on a port Command Mode Description ip dhep filter port PORTS Configures a port in order not to assign IP Global no ip dhcp filter port PORTS Disables DHCP packet filtering The following is to designate MAC address which IP address is not assigned Command Description Blocks a MAC address in case of requesting IP ad ip dhcp filter address MAC ADDR dress Global MAC ADDR MAC address no ip dhcp filter address MAC ADDR Disables DHCP MA
39. port recovered from Link Failure 2 Send RM Link Up message 1 Block RM Node of secondary port Normal Node 2 Send RM Link RM Node Up message Fig 8 38 Ring Recovery 8 9 2 Loss of Test Packet LOTP ERP recognizes the Link Failure using Loss of Test Packet LOTP RM Node regularly sends RM Test Packet message If the message is not retransmitted to RM Node through Ethernet Ring it means that Loop doesn t occur Therefore RM Node unblocks Secon dary port The condition that RM Test Packet from RM Node doesn t return is LOTP state On the other hand if RM Test Packet is retransmitted to RM Note through Ethernet Ring Loop may occur In this condition RM Node blocks Secondary port 8 9 3 Configuring ERP 8 9 3 1 ERP Domain To realize ERP you should fist configure domain for ERP To configure the domain use the following command Command Description Creates ERP domain erp domain DOMAIN ID DOMAIN ID control VLAN ID of domain lt 1 4094 gt no erp domain all DOMAIN ID Deletes ERP domain To specify a description for configured domain use the following command Command Description erp description DOMAIN ID DESCRIPTION Specifies a description of domain A50010 Y3 C150 2 7619 267 UMN CLI User Manual SURPASS hiD 6615 8223 8323 R1 5 8 9 3 2 RM Node To configure RM Node use the following command Command Description erp rmnode DOMAIN ID Configures RM
40. the switch reports the neighbors that RIP system is being restarting It keeps previous route information until the restarting is com plete in timer To restart RIP system only use the following command Command Description rip restart grace period Restarts RIP system and set the period lt 1 65535 gt no rip restart grace period lt 1 65535 gt Removes a configured period 10 3 15 UDP Buffer Size of RIP RIP protocol exchanges the routing information between routers using UDP packets The hiD 6615 S323 can be configured theses UDP packets buffer size use the following A50010 Y3 C150 2 7619 371 UMN CLI 372 10 3 16 command Command User Manual SURPASS hiD 6615 S223 S323 R1 5 Description recv buffer size lt 8196 2147483647 gt no recv buffer size lt 8196 2147483647 gt Router Monitoring and Managing RIP Sets the UDP Buffer size value for using RIP 8196 2147483647 UDP buffer size value Restore the default value of UDP buffer size You can display specific router information such as the contents of IP routing tables and databases Information provided can be used to determine resource utilization and solve network problems You can also discover the routing path your router s packets are taking through the network To display RIP information use the following command Command Description show ip rip show ip route rip sh
41. use the following command Command Description Jf x e e 1 Enables authentication for RIP v2 packets and to spec ip rip authentication key chain ify the set of keys that can be used on an interface NAME NAME name of key chain Specifies the authentication mode interface text sends a simple text password to neighbors If a mE et neighbor does not have the same password request ip rip authentication mode text and updates from this system are rejected md5 md5 sends an MD5 hash to neighbors Neighbors must share the MD5 key to decrypt the message and encrypt the response Command Description Configures RIP authentication string which will be us ip rip authentication string nen ing on interface without Key chain The string must be nterface STRING shorter than 16 characters STRING RIP authentication string To disable RIP authentication use the following command Command Description no ip rip authentication key Disables authentication keys that can be used on an chain NAME interface no ip rip authentication mode Interface Disables specified authentication mode text md5 no ip rip authentication string Removes RIP authentication string which will be using STRING on interface without Key chain 10 3 14 Restarting RIP Occasionally you should restart RIP system only when the switch is still operating while you manage and configure RIP At this time
42. 0 0 00 of total sample Total 0 0 00 of the pool 0 00 of total Available 0 0 00 of the pool 0 00 of total Abandon 0 0 00 of the pool 0 00 of total Bound 0 0 00 of the pool 0 00 of total Offered 0 0 00 of the pool 0 00 of total Fixed 0 0 00 of the pool 0 00 of total SWITCH config 246 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 8 8 2 8 8 2 1 8 8 2 2 8 8 2 3 DHCP Address Allocation with Option 82 The DHCP server provided by the hiD 6615 S223 S323 can assign dynamic IP addresses based on DHCP option 82 information sent by the DHCP relay agent The information sent via DHCP option 82 will be used to identify which port the DHCP_REQUEST came in on The feature introduces a new DHCP class capability which is a method to group DHCP clients based on some shared characteristics other than the subnet in which the clients reside The DHCP class can be configured with op tion 82 information and a range of IP addresses DHCP Class Capability To enable the DHCP server to use a DHCP class to assign IP addresses use the follow ing command Command Description Enables the DHCP server to use a DHCP class to ip dhcp use class Global assign IP addresses no ip dhcp use class Disables the DHCP server to use a DHCP class DHCP Class Creation To create a DHCP class use the following command Command Description Creates a DHCP class and opens DHCP Clas
43. 0 15 gt COMMAND all no privilege enable level lt 0 15 gt COMMAND all no privilege interface level lt 0 15 gt COMMAND all no privilege ospf level lt 0 15 gt COMMAND all no privilege pim level lt 0 15 gt COMMAND all no privilege rip level lt 0 15 gt COMMAND all no privilege rmon alarm level lt 0 15 gt COMMAND all no privilege rmon event level lt 0 15 gt COMMAND all no privilege rmon history level lt 0 15 gt COMMAND all no privilege route map level lt 0 15 gt COMMAND all no privilege rule level 0 15 COMMAND all no privilege view level 0 15 COMMAND all no privilege vrrp level 0 15 COMMAND all A50010 Y3 C150 2 7619 Global Deletes all configured security levels Delete a configured security level on each mode 45 UMN CLI User Manual SURPASS hiD 6615 S223 S323 R1 5 To display a configured security level use the following command Command Description show privilege Shows a configured security level show privilege now Shows a security level of current mode The following is an example of creating the system account fest0 having a security level 10 and test having a security level 1 without password SWITCH config user add test0 level 0 level0user Changing password for test0 Enter the new password minimum of 5 maximum of 8 characters P
44. 1 1 1 as the facility code 0 SWITCH config syslog output err remote 10 1 1 1 SWITCH config syslog local code 0 SWITCH config show syslog System logger on running info local volatile info local non volatile err remote 10 1 1 1 local_code 0 SWITCH config 7 5 3 Syslog Bind Address You can specify IP address to attach to the syslog message for its identity To specify IP address for syslog identity use the following command Command Mode Description syslog bind address A B C D TN Specifies IP address for a syslog message identity oba no syslog bind address Deletes a specified binding IP address A50010 Y3 C150 2 7619 137 UMN CLI 7 5 4 7 5 5 7 5 6 7 5 7 138 User Manual SURPASS hiD 6615 S223 S323 R1 5 Debug Message for Remote Terminal To display a syslog debug message to a remote terminal use the following command Command Description terminal monitor Enables a terminal monitor function no terminal monitor Disables a terminal monitor function Terminal monitor is not possible to be operational in local console Disabling Syslog To disable the syslog manually use the following command Command Mode Description no syslog Global Disables the syslog Displaying Syslog Message To display a received syslog message in the system memory use the following command Command Mode Description Shows a received syslog message
45. 126 character 7 4 8 8 Subject of RMON Event You need to configure event and identify subject using various data from event To identify subject of RMON event use the following command Command Description Identifies subject of event You can use maximum 126 owner NAME characters and this subject should be same with the subject of RMON alarm 7 4 3 4 Event Type When RMON event happened you need to configure event type to arrange where to send event To configure event type use the following command Command Description i Configures event type as log type Event of log type is e lo re sent to the place where the log file is made Configures event type as trap type Event of trap type type tra YP P is sent to SNMP administrator and PC type log and trap Configures event type as both log type and trap type type none Configures none event type 7 4 3 5 Activating RMON Event After finishing all configurations you should activate RMON event To activate RMON event use the following command A50010 Y3 C 150 2 7619 133 UMN CLI User Manual SURPASS hiD 6615 8223 8323 R1 5 Command Mode Description active RMON Activates RMON event 7 4 3 6 Deleting Configuration of RMON Event Before changing the configuration of RMON event you should delete RMON event of the number and configure it again To delete RMON event use the following command Command Mode Descrip
46. 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 To display a configured SNMP community use the following command Command Description show snmp community Shows a created SNMP community The following is an example of creating 2 SNMP communities SWITCH config snmp community ro public SWITCH config snmp community rw private SWITCH config show snmp community Community List Type Community Source OID ro public rw private SWITCH config 7 1 2 Information of SNMP Agent You can specify basic information of SNMP agent as administrator location and address that confirm its own identity To set basic information of SNMP agent use the following command Command Description snmp contact NAME Sets a name of administrator snmp location LOCATION Sets a location of SNMP agent snmp agent address P ADDRESS Sets an IP address of SNMP agent no snmp contact Deletes specified basic information for no snmp location h it each item no snmp agent address P ADDRESS The following is an example of specifying basic information of SNMP agent SWITCH config snmp contact Brad SWITCH config snmp location Germany SWITCH config To display basic information of SNMP agent use the following command Command Mode Description show snmp contact Shows a name of administrator Enable show snmp location Global Shows a location of SNMP agent o
47. 298 Enabling MVR teste ord pd team de deb d eben ee 299 MVR Group Address cad etos aget tee deba Teen ande deat 299 MVR IP Address iiio teo e d erede e ee odd as 299 Send and Receive Port ibt ine imt ieee 300 Displaying MVR Configuration eene 300 IGMP Filtering and Throttling mH 300 Creating IGMP Profile inre teet treten ev tente ein v ted ud 301 Policy ot IGMP Profile 5 intel eee denm eai dede 301 Group Range of IGMP Profile nmm emen 301 Applying IGMP Profile to the Filter Port ssm 302 Max Number of IGMP Join Group ssssssseeeeeneeennnnn 302 Displaying IGMP Snooping Table sseee mm 303 PIM SM Protocol Independent Multicast Sparse Mode 303 PIM Common Configuration sesseeeneenm emen 304 PIM SM and Passive Mode noinine eee eene nenne 305 DR Priority 1 2 irr treten ee lee d eet e des 305 Filters of Neighbor in PIM ssssseeenn mme 306 PIM Hello Query irren etre ete ee d hdd tede ti dt 306 PIM D DUG ER 307 BSR and BP 455 suben elf ee RN ERE DM 307 Bootstrap Router BSR anii ede erem epe depuis 307 RPE Information ss eniti etum iie iet ridus 308 Static RP for Certain Group acre Meta retia ed exi aae Maite bad 308 Enabling Transmission of Candidate RP Message sess 309 KAT Keep Alive Time of RP emm emen 310 Ignoring RP Priority s t tar
48. 3 and ICMP DEST UNREACH means ICMP value is 3 Therefore ICMP DEST UNREACH is chosen the message of limiting the transmission time Default is 0x1818 If 1818 as hexadecimal number is changed as binary number it is 1100000011000 By calculating from 0 digit 3 digit 4 digit 11 digit 12 digit is 1 and it is STATUS ON Therefore the message that corresponds to 3 4 11 and 12 is chosen as the message limiting the transmission rate Tab 7 3 shows the result of mask calculation of default value Type Status ICMP ECHOREPLY 0 OFF ICMP_DEST_UNREACH 3 ON ICMP SOURCE QUENCH 4 ON ICMP REDIRECT 5 ICMP ECHO 8 ICMP TIME EXCEEDED 11 ICMP PARAMETERPROB 12 ICMP TIMESTAMP 13 ICMP TIMESTAMPREPLY 14 ICMP INFO REQUEST 15 ICMP INFO REPLY 16 ICMP ADDRESS 17 ICMP ADDRESSREPLY 18 Tab 7 3 Mask Calculation of Default Value A50010 Y3 C150 2 7619 171 UMN CLI 7 14 3 172 User Manual SURPASS hiD 6615 S223 S323 R1 5 To configure the limited ICMP transmission time use the following command Command Mode Description ip icmp interval rate limit N Global Configures a limited ICMP transmission time oba TERVAL INTERVAL 0 2000000000 unit 10 ms The default ICMP interval is 1 second 100 ms To return to default ICMP configuration use the following command Command Mode Description ip icmp interval default Global
49. 5 Routing Protocol Interval Routers on OSPF network exchange various packets about that packet transmission time interval can be configured in several ways The following lists are sort of time interval which can be configured by user Hello Interval OSPF router sends Hello packet to notify existence of itself Hello interval is that packet transmission interval Retransmit Interval When router transmits LSA it is waiting for approval information come from receiver In this time if there is no answer from receiver for configured time the router trans mits LSA again Retransmit interval is configuration of the time interval between transmission and retransmission Dead Interval If there is no hello packet for the configured time The router perceives other router is stopped working Dead interval is configuration of the time interval which perceives other router is stopped operating Transmit Delay When a router transmits LSA the traffic can be delayed by status of communications 338 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 Transmit delay is considering of the configuration for LSA transmission time m The interval explained as above must be consistent across all routers in an attached net work To configure a Hello interval use the following command Command Description ip ospf hello interval lt 1 65535 gt Configures a Hello interval in the unit of second ip
50. A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 223 S323 R1 5 9 2 5 2 To disable IGMP snooping fast leave use the following command Command Description no ip igmp snooping immediate PR P Deletes the fast leave leave Global no ip igmp snooping vlan VLAN Deletes the fast leave on a VLAN interface ID immediate leave To display IGMP snooping Immediate Leave configuration use the following command Command Mode Description Enable show ip igmp snooping vlan Global Shows that the IGMP snooping Immediate leave is oba VLANS enabled Bridge IGMP v2 Snooping Querier You can use the hiD 6615 8223 8323 as IGMP querier without multicast router because IGMP query daemon has been installed in the hiD 6615 8223 8323 Legacy equipments used IGMP Querier of PIM but not developed Querier for IGMP Snooping Because of this to operate Querier on IGMP Snooping IP Address was mandatory and Specific Query was operated by IGMP Querier The hiD 6615 8223 8323 implemented IGMP Snooping Querier and it operates differently with IGMP Query IGMP Snooping Querier can send General Query from Snooping Switch and it should be distinguished with Specific Query IGMP Snooping Querier also uses Source IP Address 0 0 0 0 if there is no IP Address on Switch Enabling IGMP Snooping Querier To enable the IGMP Snooping querier use the following command Command Description ip igmp snoopin
51. C D route IP address cast multicast out out clears outgoing advertised routes unicast multicast address family modifier clear ip bgp A B C D soft in Updates the route information only while the session is out possible of BGP neighboring router with specified IP address Apply the route either incoming or outgoing clear ip bgp A B C D ipv4 uni cast multicast soft in out routes A B C D route IP address Session Reset of External Peer You can reset the session of BGP router connected to external AS To reset a BGP con nection for all external peers use the following command Command Mode Description clear ip bgp external Global Resets the session of all external AS peers A50010 Y3 C150 2 7619 329 UMN CLI 330 i 10 1 5 5 User Manual SURPASS hiD 6615 S223 8323 R1 5 See Section 10 1 5 1 when you configure the detail parameters To reset the sessions of BGP router connected to external AS and initialize the details of route configurations use the following command Command Description clear ip bgp external in prefix Resets the session of BGP router connected to exter filter nal AS in clears incoming advertised routes clear ip bgp external ipv4 uni prefix filter pushes out prefix list ORF and does in cast multicast in prefix filter bound soft reconfiguration external clears all external peers clear ip bgp external o
52. CPU threshold 1 10 file number no debug packet log Release the debug configuration Basically user can save current configuration with write memory command However the dump file is not saved Displaying the usage of the packet routing table The packet routing based on host uses L3 table as it s memory It searches the informa tion of destination addess in L3 table to get the Nexthop information and transmits pack ets through Rewriting process If it does not find the information of destination in L3 table it refers to CPU routing table and records Nexthop information in L3 table and then transmits the packets through Re writing process hiD 6615 provides 4k of L3 table The packet routing based on network complements the ineffectual process of recording with packet unit hiD 6615 uses LPT table as it s memory and it provides 16k of LPM table To show the usage of L3 table LPM table or interface used in packet routing use the fol lowing command Command Mode Description Show the usage of L3 table or LPM table or inter show ip tables summary Enable face A50010 Y3 C150 2 7619 177 UMN CLI 178 8 1 User Manual SURPASS hiD 6615 S223 8323 R1 5 System Main Functions VLAN The first step in setting up your bridging network is to define VLAN on your switch VLAN is a bridged network that is logically segmented by customer or function Each VLAN con tains group of ports called VLAN
53. Deletes a specified rule action To specify a rule action no match for the packets not matching configured classifying patterns use the following command Command Description no match deny no match redirect PORT Denies a packet no match mirror Redirects to specified egress port PORT uplink port number e g 25 28 no match dscp lt 0 63 gt Sends a copy to mirror monitoring port no match cos lt 0 7 gt Changes DSCP field enter DSCP value no match cos lt 0 7 gt overwrite Changes 802 1p class of service enter CoS value 0 7 CoS value no match cos same as tos over write Overwrites 802 1p CoS field in the packet 0 7 CoS value no match ip prec lt 0 7 gt Overwrites 802 1p CoS field in the packet same as IP ToS precedence bits no match ip prec same as cos Changes IP ToS precedence bits in the packet 0 7 ToS precedence value no match copy to cpu Changes IP ToS precedence bits in the packet same as 802 1p CoS value Copies to CPU A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 7 6 2 5 7 6 2 6 To delete a specified rule action no match use the following command Command Description no no match deny no no match redirect no no match mirror no no match dscp Deletes a specified rule action no no match cos no no match ip prec
54. Description area lt 0 4294967295 gt range A B C D M area lt 0 4294967295 gt range A B C D M advertise not advertise Configures to use summarized information for assigned path Use advertise option to transmit summarized routing information with using summarized information And use the not advertise option to block the transmission of summarized routing information to outside To release the configuration use the following command Command Description no area 0 4294967295 range A B C D M no area 0 4294967295 range Router A B C D M advertise not advertise Releases the configuration to use summarized informa tion for assigned path Shortcut Area Backbone Area is the default Area among the Areas of OSPF All traffic should pass the Backbone Area and OSPF network must be planned for that but there is some efficiency way which is not to pass the Backbone Area That is Shortcut and it must be configured for efficient traffic in every ABR type see Section 10 2 2 To configure the shortcut option use the following command Command Description area lt 0 4294967295 gt shortcut Configures the shortcut option default disable enable To releases the configured shortcut option use the following command Command Mode Description no area 0 4294967295 short cut default disable enable Router Releases the configured shortcut option
55. Enable show mac BRIDGE PORTS Global Bridge Shows MAC table BRIDGE bridge name The following is an example of displaying MAC table recorded in default SWITCH config show mac 1 port mac addr permission in use eth0 00 0b 54 98 92 da OK 16 62 etho 00 14 c2 d9 8a b5 OK 56 62 eth0 00 01 02 50 d6 b9 OK 72 62 eth01 00 0d 9d 8c 00 ee OK 72 62 eth01 00 15 00 39 4d 2e OK 92 62 eth01 00 0e e8 8b 24 ae OK 115 48 eth01 00 14 c2 d9 4c 0 OK 115 48 eth01 00 0b 5d 53 4d 96 OK 124 62 eth01 00 13 20 4b 05 af OK 132 62 eth01 00 0e e8 0 53 63 OK 152 62 skipped SWITCH config A50010 Y3 C150 2 7619 99 UMN CLI User Manual SURPASS hiD 6615 S223 S323 R1 5 6 3 6 Configuring Ageing time SURPASS hiD 6615 records MAC Table to prevent Broadcast packets from transmitting And unnecessary MAC address that does not response during specified time is deleted from the MAC table automatically The specified time is called Ageing time To specify the Ageing time use the following command Command Description mac aging time lt 10 Specifies the Ageing time 21474830 gt Default 300sec 6 3 7 Running Time of System To display running time of the system use the following command Command Mode Description Enable show uptime Shows running time of the system Global The following is an example of displaying running time of the system SWITCH show uptime 10 41am up 15 days 10 55 0 users load avera
56. Fiter 5o oett tette ren Pe en eset 163 Default Policy of MAC Filtering e mm 163 Adding Policy of MAC Eilter tet ceteri der P as 163 Deleting MAC Filter Policy sse 164 Listing of MAC Filter Policy ssseen mmm 164 Displaying MAC Filter Policy emm mmm 164 Address Resolution Protocol ARP eene 165 ARP Table 5 n olbnaiiteatelanitnnie eben tinte der EET ud 165 Registering ARFP Table icti eite bote eL ets e ook Bates Peu heh 166 Displaying ARP Table eir e AR d he etd 166 ARP AliaS ctn yum teat ottiene tendientes 167 ARP InspectlOFisz 3 1i rer Rd rere d tet pepe Eee Ee eet Ra eed 167 Gratuitous ARP arerin nidi edocet e dde ee e sioe ae duce 169 PIOXVEARP ia teet ette ee ttu tes er Potete tee TH du RH A 169 ICMP Message Gontrol eirca e e ea died its 169 Blocking Echo Reply Message ssesssee eene 170 Interval for Transmit ICMP Message ssem me 170 Transmitting ICMP Redirect Message sseee eee 172 The policy of Unreached messagges sssssseee eee 173 IP TGP Flag Gonttol 5 iine e pr ee ERR ated 173 RST Gonfliguration 3 2 n nitro E E iad techies iets 173 SYN GOnfQuratiOn e 174 Packet D rmp 4n Sui el eae is 174 Verifying Packet DUMP contd ee el eee egt 174 Packet Dump by Protocol sese emen enne 175 Packet Dump with Option
57. GMT 9 Seoul Tokyo GMT 8 LA Seattle GMT 1 Berlin Rome GMT 10 Sydney GMT 7 Denver GMT 2 Cairo Athens GMT 11 Okhotsk GMT 6 Chicago Dallas GMT 3 Moscow GMT 12 Wellington GMT 5 New York Miami GMT 4 Teheran GMT 4 George Town GMT 5 New Delhi Tab 6 1 World Time Zone Network Time Protocol The Network Time Protocol NTP provides a mechanism to synchronize time on com puters across an internet The specification for NTP is defined in RFC 1119 To enable disable the NTP function use the following command Command Description ntp SERVER SERVERZ Enables the NTP function with specified NTP server SERVERS SERVER server IP address ntp start Operates the NTP function with specified NTP server no ntp Disables the NTP function A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 To display a configured NTP use the following command Command Mode Description Enable show ntp Shows a configured NTP function Global The following is an example of configuring 203 255 112 96 as NTP server running it and showing it SWITCH config ntp 203 255 112 96 SWITCH config ntp start SWITCH config show ntp ntp started ntp server 203 255 112 96 SWITCH config The following is an example of releasing NTP and showing it SWITCH config no ntp SWITCH config show ntp ntp stoped SWITCH config NTP
58. MST region the switch is going to belong to by configuring MST configuration ID Configuration ID contains region name revision VLAN map To set configuration ID use the following command Command Description Designate the name for the region stp mst config id name NAME name set the MST region name NAME enter name to give the MST region Configure the range of VLAN that is going to be group ing as a region stp mst config id map lt 1 64 gt si d VLAN RANGE 1 64 select an instance ID number VLAN RANGE enter a number of the VLANs to be mapped to the specified instance z n TEA Configure the switches in the same MST boundary as stp mst config id revision lt 0 65535 gt same number 0 65535 set the MST configuration revision number In case of configuring STP and RSTP you don t need to configure configuration ID If it is configured error message is displayed To delete configuration ID use the following command Command Description no stp mst config id Delete the entire configured configuration ID up Deletes the name of region enter the MST region no stp mst config id name name Deletes entire VLAN map or part of it select the in no stp mst config id map 1 64 VLAN RANGE stance ID number and the number of the VLANs to remove from the specified instance no stp mst config id revision Deletes the configured revision number
59. Network Time Protocol The hiD 6615 8223 8323 sends and receives the messages constantly with NTP server in order to adjust the recent time NTP bind address help NTP server classify the user s swith To assign IP address that transmitting the message with NTP server use the following command Command Description Assigns IP address which receiving the message from ntp bind address A B C D server during transmitting the messages with NTP Global server no ntp bind address Deletes the binding IP address Simple Network Time Protocol SNTP NTP Network Time Protocol and SNTP Simple Network Time Protocol are the same TCP IP protocol in that they use the same UDP time packet from the Ethernet Time Server message to compute accurate time The basic difference in the two protocols is the algorithms being used by the client in the client server relationship The NTP algorithm is much more complicated than the SNTP algorithm NTP normally uses multiple time servers to verify the time and then controls the rate of adjustment or slew rate of the PC which provides a very high degree of accuracy The algorithm deter mines if the values are accurate by identifying time server that doesn t agree with other time servers It then speeds up or slows down the PC s drift rate so that the PC s time is A50010 Y3 C150 2 7619 85 UMN CLI 86 User Manual SURPASS hiD 6615 S223 S323 R1 5 always correct and the
60. OSPF routers in specific Area can configure authentication for security of routing informa tion Encoding uses password based on text or MD5 To set password on interface as signed Area use the ip ospf authentication key and ip ospf message digest key commands in interface mode see Section 10 2 4 1 for more information To configure authentication information for encoding use the following command Command Description area 0 4294967295 authenti Configures authentication information which is based cation on text encoding in the Area area 0 4294967295 authenti Configures authentication information which is based cation message digest on MD5 encoding in the Area To delete configured authentication information for encoding use the following command Command Mode Description no area lt 0 4294967295 gt authen tication Router Deletes configured authentication information A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 223 S323 R1 5 10 2 6 2 10 2 6 3 A Default Cost of Area The default cost of Area is configured only in ABR ABR function is for delivering the summary default route to stub area or NSSA in that cases the default cost of area must be required However ABR which does not have stub area or NSSA can not use the fol lowing command To configure a default cost of Area use the following command Command Mode Description area lt 0 4294967295 gt
61. PILLE V 92 OO MPR x PC DHCP Client Fig 8 31 DHCP Service Structure A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 The hiD 6615 223 S323 flexibly provides the functions as the DHCP server or DHCP re lay agent according to your DHCP configuration This chapter contains the following sections e DHCP Server e DHCP Address Allocation with Option 82 DHCP Lease Database e DHCP Relay Agent e DHCP Option 82 e DHCP Client DHCP Snooping e P Source Guard DHCP Filtering e Debugging DHCP 8 8 1 DHCP Server This section describes the following DHCP server related features and configurations e DHCP Pool Creation e DHCP Subnet e Range of IP Address e Default Gateway e IP Lease Time e DNS Server e Manual Binding e Domain Name e DHCP Server Option Static Mapping Recognition of DHCP Client e IP Address Validation e Authorized ARP Prohibition of 1 N IP Address Assignment e gnoring BOOTP Request e DHCP Packet Statistics Displaying DHCP Pool Configuration To activate deactivate the DHCP function in the system use the following command Command Mode Description service dhcp Activates the DHCP function in the system Global no service dhcp Deactivates the DHCP function in the system Before configuring DHCP server or relay you n
62. Path cost Transmit Rate Path cost 20 000 000 2 000 000 200 000 20 000 2 000 Tab 8 3 RSTP Path cost When the route decided by path cost gets overloading you would better take another route Considering these situations it is possible to configure path cost of root port so that user can configure route manually To configure path cost use the following command Command Description Sets the path cost to configure route MSTID RANGE select instance number 0 64 PORTS select the port number 1 200000000 enter the path cost value stp mst path cost MSTID RANGE PORTS lt 1 200000000 gt no stp mst path cost Deletes the configured path cost enter the instance MSTID RANGE PORTS number and the port number 8 3 5 4 Port priority When all conditions of two switches are same the last standard to decide route is port priority It is also possible to configure port priority so that user can configure route manu ally In order to configure port priority use the following command Command Description stp mst port priority Configures port priority MSTID RANGE PORTS lt 0 240 gt no stp mst port priority MSTID RANGE PORTS Disables port priority configuration A50010 Y3 C 150 2 7619 213 UMN CLI 214 8 3 5 5 User Manual SURPASS hiD 6615 S223 S323 R1 5 MST Region If MSTP is established in the hiD 6615 S223 S323 decide which
63. RIP update The hiD 6615 S323 supports RIP version 1 and 2 Routing functionalities such as RIP OSPF BGP and PIM SM are only available for hiD 6615 323 Unavailable for hiD 6615 S223 Enabling RIP To use RIP protocol you should enable RIP Step 1 To open Router Configuration mode use the following command on Global Configuration mode Command Description Opens Router Configuration mode and operates RIP router ri P routing protocol Global g Restores all configurations involved in RIP to the de no router rip fault A50010 Y3 C150 2 7619 361 UMN CLI 362 10 3 2 User Manual SURPASS hiD 6615 S223 8323 R1 5 Step 2 Configure the network to operate as RIP Command Description Establishes the network to operate as RIP A B C D M IP prefix e g 35 0 0 0 8 Router INTERFACE interface name network A B C D M INTER FACE no network A B C D M INTER Removes a specified network to operate as RIP FACE The command network enables RIP interfaces between certain numbers of a special network address For example if the network for 10 0 0 0 24 is RIP enabled this would result in all the addresses from 10 0 0 0 to 10 0 0 255 being enabled for RIP By the way it s not possible to exchange the RIP routing information if it hasn t been es tablished RIP network using network command even though interface belongs to RIP network RIP packets with RIP routing i
64. Spanning Tree Protocol ssseee 200 Fig 9 10 S EEE d OE E E sr teet tte ey te da bet Oe ea tuta gea 201 Fig 8 11 Designated Switch eerte er E ean da ee o aee ene ign 202 Fig 8 12 BortPriornty ito beet et t eod tede 203 FIG 82130 BorbState ioter toga E Eee ded 204 Fig 8 14 Alternate Port and Backup port ssssssssseeReeH 205 Fig 8 15 Example of Receiving Low BPDU sssssee emen 206 Fig 8 16 Convergence of 802 1d Network ssessseeee eene 207 Fig 8 17 Network Convergence of 802 1w 1 sss 207 Fig 8 18 Network Convergence of 802 1w 2 208 Fig 8 19 Network Convergece of 802 1w 3 208 Fig 8 20 Compatibility with 802 1d 1 209 Fig 8 21 Compatibility with 802 1d 2 sse 209 Fig 8 22 CST and IST of MSTP 1 sssssseee enne 210 Fig 8 23 CST and IST of MSTP 2 sss eem ener 211 Fig 8 24 Example of PVSTP ii aane ar ee eeepc eie aded renard 217 E1g9 25 Root Guard rtt roges aite boi er d 219 Fig 8 26 Example of Layer 2 Network Design in RSTP Environment 225 Fig 8 27 Example of Layer 2 Network Design in MSTP Environment 226 Fig 8 28 VRRP Operation 5 edi edet e ere e bre RR 227 Figs8 29 VRRP racktacsnt aderunt een ee ie Ae 232 Fig 8 30 Rate Limit and Flood Guard sss eene 236 Fig 8 31 DHCP Service Structure ssss
65. Statistics acta Lee lee inta e i d acne 245 Displaying DHCP Pool Configuration seen 246 DHCP Address Allocation with Option 82 sss 247 DHGP Glass Capabllity u cette oet rete t teet teta eee eec bt rte tex 247 DHCP Glass Creation ere etre nene 247 Relay Agent Information Pattern 247 Associating DHCP Class easa ier AR eene emen 248 Range of IP Address for DHCP Class sssseeee emen 248 DHCP Lease Database ooir entree tette seti Reese n tea eR RE n aue 249 DHCP Database Agent ee ete er tee e HL t n etn 249 Displaying DHCP Lease Status ssssssseee eene 249 Deleting DHCP Lease Database sssesssee eee 250 DHGP Relay Ag ent ote tt a eae 250 Packet Forwarding Address sse 251 Smart Relay Agent Forwarding sese 251 DACP Option 02 te eene missus 252 Enabling DHCP Option 82 eit tent e La cis 253 Option 82 SUD ODIOM a a aaar e aa aaa eene ener nnn 253 Option 82 Reforwarding Policy ocer o R 254 Option 62 Trust Policy 2 di ete m o nt e RR ROTER 254 Simplified DHCP Option 82 ssssssssseeee eee 255 DH GP CHOI ex date E T PEE T Rate oe edule sage nett ag teh eee ages 256 Enabling DHCP Client cenare cente tace dd hae ae dne 256 DHGP Glient ID 2 E eene dete ine hu eer 256 DHGP Class ID iier Lote tt Ee et eld 256 HOSEN ER 256 IP Lease TIm
66. To specify a trusted remote ID use the following command Command Description trust remote id hex HEXSTRING trust remote id ip A B C D Option 82 Specifies a trusted remote ID trust remote id text STRING To delete a specified trusted remote ID use the following command Command Description no trust remote id hex HEXSTRING no trust remote id ip A B C D Option 82 Deletes a specified trusted remote ID no trust remote id text STRING Trusted Physical Port To specify a trusted physical port use the following command Command Description Specifies a trusted physical port trust port PORTS normal normal DHCP packet option82 all option82 DHCP option 82 packet Option 82 si DHCP option 82 packet no trust port all PORTS nor Deletes a specified trusted port mal option82 all 8 8 5 5 Simplified DHCP Option 82 In case of a DHCP option 82 environment when forwarding DHCP messages to a DHCP server a DHCP relay agent normally adds a relay agent information option to the DHCP messages and replaces a gateway address in the DHCP messages with a relay agent address On the other hand in case of a simplified DHCP option 82 environment a DHCP relay agent adds a relay agent information option to the DHCP messages without replacement of a gateway address field in the DHCP messages This allows an enhanced security and efficient IP assignment in the Layer 2
67. Unlimited 5 Unlimited 6 Unlimited 7 Unlimited 8 Unlimited 9 Unlimited 10 Unlimited 11 Unlimited 12 Unlimited 13 Unlimited 14 Unlimited 15 Unlimited 16 Unlimited Omitted SWITCH bridge Bandwidth Routing protocol uses bandwidth information to measure routing distance value To con figure bandwidth of interface use the following command Command Mode Description Configures bandwidth of interface enter the value of bandwidth bandwidth BANDWIDTH Interface The bandwidth can be from 1 to 10 000 000 Kbits This bandwidth is for routing informa tion implement and it does not concern physical bandwidth To delete a configured bandwidth use the following command Command Mode Description Deletes configured bandwidth of interface enter the value no bandwidth BANDWIDTH Interface The following is an example of configuration to bandwidth as 1000 SWITCH config if bandwidth 1000 SWITCH config if show running config interface 1 i interface default bandwidth 1m ip address 10 27 41 181 24 SWITCH config if A50010 Y3 C150 2 7619 237 UMN CLI 238 8 8 User Manual SURPASS hiD 6615 S223 8323 R1 5 Dynamic Host Configuration Protocol DHCP Dynamic host configuration protocol DHCP is a TCP IP standard for simplifying the ad ministrative management of IP address configuration by automating address configura tion for network clients The DHCP standard provides
68. VLANs ee Outer Network A 2 SWITCH bridge show vlan u untagged port t tagged port 1 2 3 4 Name VID FID 123456789012345678901234567890123456789012 default Tl 1 u uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu br2 al 2 cU E E iur ee E N A E nity aie brg 3l e OR E L ST WS EM commis UEM br4 4 4 EP DCUM HR jb PEU MK ELE IER pS Sil 5 no Vkcoccecdeces e E E cre ee SWITCH bridge Fig 8 4 In Case Packets Going Outside in Layer 2 environment As above configuration with untagged packet if an untagged packet comes into port 1 it is added with tag 1 for PVID 1 And the uplink port 24 is also included in the default VLAN it can transmit to port 24 However a problem is possible to occur for coming down untagged packets to uplink ports If an untagged packet comes to uplink ports from outer network the system does not know which PIVD it has and where should it forward A50010 Y3 C150 2 7619 187 UMN CLI User Manual SURPASS hiD 6615 S223 8323 R1 5 Untagged packets comes from the uplink ports The _ packets should be forwarded to br3 but the system cannot know which PVID added to the packet default lt Fig 8 5 In Case External Packets Enter under Layer 2 environment 1 To transmit the untagged packet from uplink port to subscriber a new VLAN should be created including all subscriber ports and uplink ports This makes the uplink ports to rec ognize all other ports FID h
69. a port number port enable disable PORTS Bridge Default enable The following is an example of disabling the Ethernet port 1 to 3 SWITCH config bridge SWITCH bridge show port 1 5 NO TYPE PVID STATUS MODE FLOWCTRL INSTALLED ADMIN OPER 1 Ethernet 1 Up Down Auto Half 0 off N 2 Ethernet 1 Up Down Auto Half 0 Off N 3 Ethernet Up Down Auto Half 0 Off N 4 Ethernet 1 Up Down Auto Half 0 off N 5 Ethernet 1 Up Down Auto Half 0 off N SWITCH bridge port disable 1 3 SWITCH bridge show port 1 5 NO TYPE PVID STATUS MODE FLOWCTRL INSTALLED ADMIN OPER 1 Ethernet 1 Down Down Auto Half 0 Off N 2 Ethernet 1 Down Down Auto Half 0 Off N 3 Ethernet 1 Down Down Auto Half 0 Off N 4 Ethernet 1 Up Down Auto Half 0 Ort N 5 Ethernet 1 Up Down Auto Half 0 Off N SWITCH bridge 74 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 5 2 2 5 2 3 Auto negotiation Auto negotiation is a mechanism that takes control of the cable when a connection is es tablished to a network device Auto negotiation detects the various modes that exist in the network device on the other end of the wire and advertises it own abilities to automatically configure the highest performance mode of interoperation As a standard technology this allows simple automatic connection of devices that support a variety of modes from a va riety of manufacturers To enable disable the auto neg
70. a router does not ad vertise a priority value in its hello messages the router is regarded as having the highest priority and will be elected as the DR If there are multiple routers with this priority status then the router with the highest IP address configured on an interface will be elected as A50010 Y3 C150 2 7619 305 UMN CLI User Manual SURPASS hiD 6615 8223 8323 R1 5 the DR 9 3 1 3 Filters of Neighbor in PIM Enable filtering of neighbors on the interface When configuring a neighbor filter PIM SM will either not establish adjacency with the neighbor or terminate adjacency with the ex isting neighbors if denied by filtering access list To configure the filtering of neighbor in PIM use the following command Command Description R Configures the filtering of neighbor in PIM ip pim neighbor filter lt 1 99 gt 1 99 simple access list ACCESS LIST Interface ACESS LIST IP named standard access list no ip pim neighbor filter lt 1 99 gt Disables the filtering configuration ACCESS LIST 9 3 1 4 PIM Hello Query To configure a query hold time use the following command Command Description ip pim query holdtime Configures the query hold time 1 65535 Interface 1 65535 hello message hold time unit second no ip pim query holdtime Disables the query hold time configuration When configuring query hold time if the configured value is less than the cu
71. access rule use the following command Command Mode Description Admin rule Applies an admin access rule to the system 1 The switch performs a detailed plausibility check and rejects the rule if the configuration is incomplete contains bad or unsupported values or conflicts to other rules In this case the switch informs about the reason and the operator may correct the values 2 The switch may reject a rule with the message Already exist rule allthough the name will not be listed by command show rule Unfortunately the entered name in this case interferes with the name of an internally managed rule Remedy Select another name for the rule e g add a prefix 3 All previously entered values remain valid after successful or unsuccessful A50010 Y3 C 150 2 7619 153 UMN CLI User Manual SURPASS hiD 6615 S223 S323 R1 5 execution of command apply That is if several rules being different only in one value should be created then only the one changed value needs to be entered again 7 6 4 6 Modifying and Deleting Rule To modify a rule use the following command Command Description rule NAME modify admin Modifies an admin access rule enter a rule name To delete a rule use the following command Command Description Deletes an admin access rule enter a rule name op no rule admin tionally no rule all Deletes all rules and admin access rules 7 6 4 7 Displaying Rule
72. assigned by a DHCP server in a forwarded DHCP_ACK message with the circuit to which it was forwarded The circuit access device may prevent forwarding of IP packets with source IP addresses other than those it has associated with the receiving circuit This prevents simple IP spoofing attacks on the cen tral LAN and IP spoofing of other hosts MAC Address Spoofing By associating a MAC address with a remote ID a DHCP server can prevent offering an IP address to an attacker spoofing the same MAC address on a different remote ID A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 8 8 5 1 8 8 5 2 Client Identifier Spoofing By using the agent supplied remote ID option the untrusted and as yet unstandardized client identifier field need not be used by the DHCP server Fig 8 33 shows how the DHCP relay agent with the DHCP option 82 operates VF DHCP Server dh 2 DHCP Request Option 82 I 3 DHCP Response Option 82 DHCP Relay Agent 4 NIA 1 DHCP Request 4 DHCP Response DHCP Client Fig 8 33 DHCP Option 82 Operation Enabling DHCP Option 82 To enable disable the DHCP option 82 use the following command Command Mode Description ip dhcp option82 Enables the system to add the DHCP option 82 field Global no ip dhcp option82 Disables the system to add the DHCP option 82 field Option 82 Sub Option The
73. authenticator again requests identification After getting respond about identification request to approve access to RADIUS server and be au thenticated by checking access through user s information The following figure explains the process of 802 1x authentication EAPOL EAP over LAN EAP over RADIUS RADIUS J Server Suppliant Authenticator Authentication Server EAPOL Start EAP Request Identity EAP Response Identity RADIUS Access Request EAP Request RADIUS Access Challenge EAP Response RADIUS Access Request EAP Success RADIUS Access Accept Fig 4 1 Process of 802 1x Authentication To enable 802 1x authentication on port of the hiD 6615 S223 S323 you should be able to perform the following tasks A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 4 5 1 4 5 1 1 4 5 1 2 802 1x Authentication Enabling 802 1x To configure 802 1x the user should enable 802 1x daemon first In order to enable 802 1x daemon use the following command Command Mode Description dot1x system auth control Enables 802 1x daemon Global no dot1x system auth control Disables 802 1x daemon Configuring RADIUS Server As RADIUS server is registered in authenticator authenticator also can be registered in RADIUS server Here authenticator and RADIUS server need extra data authenticating each other be sides they register each
74. communication The following is ERP operation when Link Failure occurs 3 Nodes detecting Link Failure 3 Nodes detecting Link Failure Transmit Link Down message Transmit Link Down message Normal Node Normal Node 2 Link Failure Normal Node RM Node 1 Secondary port of RM node is blocking in Normal state Fig 8 35 Ethernet Ring Protocol Operation in Failure State A50010 Y3 C150 2 7619 265 UMN CLI User Manual SURPASS hiD 6615 S223 8323 R1 5 Normal Node Normal Node 2 Send Link Down Message Normal Node RM Node 2 Send Link 1 Secondary port of RM node is Down Message changed as unblocking state Fig 8 36 Ring Protection When a Link Failure is recovered a temporary loop may occur To rectify this condition ERP sends a link up message to the RM The RM will logically block the protected VLANs on its secondary port and generate a RM link up packet to make sure that all transit nodes are properly reconfigured This completes fault restoration and the ring is back in normal state 2 Nodes detecting Link Failure 2 Nodes detecting Link Failure send Link Down message send Link Down message Normal Node Normal Node 1 Link Failure recover blocks the port recovered from Link Failure Normal Node RM Node Fig 8 37 Link Failure Recovery 266 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 Normal Node Normal Node
75. con Router nected static ospf bgp route map WORD formation in another router s RIP table no redistribute kernel con nected static ospf bgp met ric 0 16 route map WORD As the needs of the case demand you may also conditionally restrict the routing informa tion between the two networks using route map command To permit or deny the specific information open the Route map Configuration mode using the following command in Global Configuration mode Command Description Creates the route map route map TAG deny permit lt 1 65535 gt TAG route map tag 1 65535 sequence number One or more match and set commands typically follow route map command If there are no match commands then everything matches If there are no set commands nothing is done Therefore you need at least one match or set command Use the following command on Route map Configuration mode to limit the routing infor mation for transmitting to other routers RIP table A50010 Y3 C150 2 7619 365 UMN CLI User Manual SURPASS hiD 6615 8223 8323 R1 5 Command Description Transmits the information to specified interface only INTERFACE interface name match interface INTERFACE Transmits the information matched with access list match ip address lt 1 199 gt 1 199 IP access list number lt 1300 2699 gt NAME 1300 2699 IP access list number expanded range NAME IP access list name
76. delete a specified remote and circuit ID use the following command Command Mode Description no system remote id Deletes a specified remote and circuit Option 82 no system circuit id PORTS ID 8 8 5 8 Option 82 Reforwarding Policy A DHCP relay agent may receive a DHCP packet from a DHCP server or another DHCP relay agent that already contains relay information You can specify a DHCP option 82 re forwarding policy to be suitable for the network To specify a DHCP option 82 reforwarding policy use the following command Command Description policy replace keep Specifies a DHCP option 82 reforwarding policy replace replaces an existing DHCP option 82 informa tion with a new one keep keeps an existing DHCP option 82 information default normal DHCP packet option82 DHCP option 82 packet none no DHCP packet default policy drop normal option82 Option 82 none 8 8 5 4 Option 82 Trust Policy Default Trust Policy To specify the default trust policy for DHCP packets use the following command Command Mode Description trust default deny permit Option 82 Specifies the default trust policy for a DHCP packet 254 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 i If you specify the default trust policy as deny the DHCP packet that carries the informa tion you specifies below will be permitted and vice versa Trusted Remote ID
77. disable the configuration of port secure use the following command Command Description no port security PORTS Disables port security on the port Deletes a secure MAC address for the port PORTS enter the port number MACADDR enter the MAC address no port security PORTS mac address MACADDR vlan NAME no port security PORTS maxi Returns to the default number of secure MAC address mum default 1 no port security PORTS viola Returns to the violation mode to the default shutdown tion mode A50010 Y3 C 150 2 7619 159 UMN CLI User Manual SURPASS hiD 6615 S223 S323 R1 5 To display the configuration of port security use the following command Command Description show port security PORTS Shows port security on the port This is an example of configuring port security on port 7 SWITCH config bridge SWITCH bridge port security 7 SWITCH bridge port security 7 maximum 10000 SWITCH bridge port security 7 violation protect SWITCH bridge port security 7 mac address 00 02 a5 74 9b 17 vlan 1 SWITCH bridge show port security 7 port security violation aging type static maximum current d enaa piget Ok Gio ae a MrT eee ee Lo 7100202285 74 98 17 statio A ee SWITCH bridge no port security 7 maximum SWITCH bridge no port security 7 violation SWITCH bridge show port security 7 port security violation aging
78. entry registration only for untrusted interfaces because the DHCP snooping binding table only contains the information for DHCP messages from un trusted interfaces Source MAC Address Verification The hiD 6615 8223 8323 can verify that the source MAC address in a DHCP packet that is received on untrusted ports matches the client hardware address in the packet To enable the source MAC address verification use the following command Command Description A P Enables the source MAC address veri ip dhcp snooping verify mac address festi ication Global Disables the source MAC address veri no ip dhcp snooping verify mac address fication A50010 Y3 C150 2 7619 259 UMN CLI 260 8 8 7 6 User Manual SURPASS hiD 6615 S223 S323 R1 5 DHCP Snooping Database Agent When DHCP snooping is enabled the system uses the DHCP snooping binding database to store information about untrusted interfaces Each database entry binding has an IP address associated MAC address lease time interface to which the binding applies and VLAN to which the interface belongs To maintain the binding when reload the system you must use DHCP snooping database agent If the agent is not used the DHCP snooping binding will be lost when the switch is rebooted The mechanism for the database agent saves the binding in a file at a remote location Upon reloading the switch reads the file to build the database for the binding The
79. fixed address A B C D Assigns a static IP address to a DHCP client A B C D static IP address DHCP Pool MAC ADDRESS MAC address Deletes a specified static IP assignment A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 8 8 1 8 Domain Name To set a domain name use the following command Command Mode Description domain name DOMAIN Sets a domain name DHCP Pool no domain name Deletes a specified domain name 8 8 1 9 DHCP Server Option If a DHCP server option is specified the DHCP server will respond only to DHCP mes sages that carry the same option information To specify a DHCP server option use the following command Command Description Specifies a DHCP option 1 254 DHCP option code DHCP Pool 1 8 instance number of the option code option lt 1 254 gt lt 1 8 gt ip A B C D hex HEXSTRING text STRIN G ip hex text DHCP option information no option lt 1 254 gt lt 1 8 gt Deletes a specified DHCP option The already defined DHCP option codes or the DHCP option codes only for the DHCP N client cannot be specified with this command e g option 82 8 8 1 10 Static Mapping The hiD 6615 S223 S323 provides a static mapping function that enables to assign a static IP address without manually specifying static IP assignment by using a DHCP lease database in the DHCP database agent To perform a static mappin
80. for specified time To specify a timeout value use the following command Command Mode Description s j Specifies a timeout value login radius timeout lt 1 100 gt Global 1 100 waiting time for the response default 3 A50010 Y3 C150 2 7619 51 UMN CLI 4 2 4 4 4 2 5 4 2 5 1 4 2 5 2 4 2 5 3 52 User Manual SURPASS hiD 6615 S223 S323 R1 5 Frequency of Retransmit If there is no response from RADIUS server the hiD 6615 S223 S323 is supposed to re transmit an authentication request To set the frequency of retransmitting an authentica tion request use the following command Command Mode Description g Sets the frequency of retransmit login radius retransmit lt 1 10 gt Global 1 10 Enters the times of retry default 3 TACACS Server TACACS Server for System Authentication To add delete the TACACS server for system authentication use the following command Command Description Adds the TACACS server with its information login tacacs server A B C D KEY A B C D IP address Global KEY authentication key value Deletes an added TACACS server no login tacacs server A B C D A B C D IP address You can add up to 5 TACACS servers After adding the TACACS server you should register interface of TACACS server con nected to user s switch Use the following command Command Description login tacacs interface NAME Registers interface of TACACS
81. from that group If the filtering action permits access to the multicast group the IGMP report from the port is forwarded for normal processing IGMP filtering controls only group specific query and membership reports including join and leave reports It does not control general IGMP queries IGMP filtering has no rela tionship with the function that directs the forwarding of IP multicast traffic Creating IGMP Profile You can create or modify the IGMP profile to be used for filtering IGMP join requests from a port The system prompt will be changed to SWITCH config igmp profile N from SWITCH config Command Mode Description ip igmp profile lt 1 2147483647 gt Global Configures IGMP profile To delete the created IGMP profile use the no ip igmp profile lt 1 2147483647 gt com mand on global mode To display the IGMP profile use the following command Command Mode Description Enable show ip igmp profile lt 1 2147483647 gt Global Shows IGMP profile Bridge Policy of IGMP Profile Configure the action to permit or deny access to the IP multicast address using the follow ing command Command Mode Description IGMP permit deny Profil Configures the action of IGMP profile rofile Group Range of IGMP Profile Configure the group range of IGMP Profile using the following command Command Description Configures a group range range A B C D A B C D IGMP A B C D low IP multicast
82. function in the system use the following command Command Mode Description service dhcp Activates the DHCP function in the system Global no service dhcp Deactivates the DHCP function in the system A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 i 8 8 4 1 8 8 4 2 Before configuring DHCP server or relay you need to use the service dhcp command first to activate the DHCP function in the system Packet Forwarding Address A DHCP client sends DHCP_DISCOVER message to a DHCP server DHCP_DISCOVER message is broadcasted within the network to which it is attached If the client is on a network that does not have any DHCP server the broadcast is not forwarded because the switch is configured to not forward broadcast traffic To solve this problem you can configure the interface that is receiving the broadcasts to forward certain classes of broadcast to a helper address To specify a packet forwarding address use the following command Command Description Specifies a packet forwarding address More than one ip dhcp helper address A B C D address is possible Interface A B C D DHCP server address no ip dhcp helper address Deletes a specified packet forwarding address A B C D all If a packet forwarding address is specified on an interface the hiD 6615 S223 S323 will enable a DHCP relay agent You can also specify an organization
83. functionalities such as RIP OSPF BGP and PIM SM are only available for hiD 6615 S323 Unavailable for hiD 6615 S223 Enabling OSPF To use OSPF routing protocol it must be activated as other routing protocols After activa tion configures network address and ID which is operated by OSPF The following command shows steps of activating OSPF A50010 Y3 C150 2 7619 333 UMN CLI 334 User Manual SURPASS hiD 6615 S223 S323 R1 5 Step1 Open Router Configuration mode from Global Configuration mode Command Mode Description router ospf lt 1 65535 gt Opens Router Configuration mode with enabling OSPF Global no router ospf lt 1 65535 gt Disables OSPF routing protocol In case that more than 2 OSPF processes are operated a process number should be as signed Normally there is one OSPF which is operating in one router If OSPF routing protocol is disabled all related configuration will be lost Step2 Configure a network ID of OSPF Network ID decides IP v4 address of this network Command Mode Description router id A B C D Assigns a router ID with enabling OSPF Router no router id A B C D Deletes a configured router ID In case if using router id command to apply new router ID on OSPF process OSPF process must be restarted to apply Use the clear ip ospf process command to restart OSPF process If there is changing router ID while OSPF process is operating c
84. gt A B C D destination IP prefix ip route A B C D M SUBNET MASK null lt 1 GATEWAY Ip gateway address 255 src P ADDRESS 1 255 Distance value Global no ip route A B C D SUBNET MASK GATEWAY null lt 1 255 gt Deletes configured static route no ip route P ADDRESS M SUBNET MASK null lt 1 255 gt To configure default gateway use the following command on Global Configuration mode Command Description Configures default gateway ip route default GATEWAY null lt 1 255 gt Global GATEWAY Ip gateway address no ip route default GATEWAY null lt 1 255 gt Deletes default gateway 58 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 4 3 5 4 3 6 The following is an example of configuring static route to reach three destinations which are not directly connected SWITCH config ip route 100 1 1 0 24 10 1 1 2 SWITCH config ip route 200 1 1 0 24 20 1 1 2 SWITCH config ip route 172 16 1 0 24 30 1 1 2 To display configured static route use the following command Command Description show ip route ABCD A B C D M bgp connected ia i Shows configured routing information isis kernel ospf rip static Enable summary static Global X Shows configured routing information with IP routing show ip route database static table database Displaying Forwarding Info
85. ia in Shows the debugging information of OSPF routing stall spf To display the debugging information use the following command Command Mode Description Enable show debugging ospf Global Shows the debugging information of OSPF oba Limiting Number of Database The hiD 6615 S323 can limit the Number of Database to process in OSPF For example if a router connected with many of routers it carries overload to process the database Therefore Limiting the Number of Database reduces the overload on system To configure the limiting Number of Database use the following command Command Description max concurrent dd 1 655352 Configures the limiting Number of Database To delete the configuration use the following command Command Mode Description no max concurrent dd 1 655355 Router Deletes the configuration A50010 Y3 C150 2 7619 359 UMN CLI 360 10 2 18 4 Maximum Process of LSA User Manual SURPASS hiD 6615 S223 8323 R1 5 The hiD 6615 S323 can configures maximum number of LSA to process LSA is classified as internal route LSA and external route LSA maximum number of LSA can configure on each class And also If process of LSA is over the configured number you can configure it to stop the process or send the caution message When the outer route of LSA is overflowed the as signed value you can configure it to restart OSPF after the waiting time If the waiting
86. inspection statistics clear cpu statistics PORTS clear ip bgp clear ip bgp in clear ip bgp in prefix filter clear ip bgp ipv4 unicast multicast in clear ip bgp ipv4 unicast multicast in prefix filter clear ip bgp ipv4 unicast multicast out clear ip bgp ipv4 unicast multicast soft clear ip bgp ipv4 unicast multicast soft in clear ip bgp ipv4 unicast multicast soft out c c c c e lear ip bgp vpnv4 unicast in clear ip bgp vpnv4 unicast out More Omitted It is not possible to input clear ip bgp ipv4 unicast in You should input like clear ip bgp ipv4 unicast multicast in The commands starting with the same character are applied by inputting only the starting commands For example if you input show all the commands starting with show are applied 44 A50010 Y3 C150 2 7619 User Manual SURPASS hiD 6615 S223 S323 R1 5 To delete a configured security level use the following command Command Description UMN CLI no privilege no privilege bgp level lt 0 15 gt COMMAND all no privilege bridge level lt 0 15 gt COMMAND all no privilege configure level lt 0 15 gt COMMAND all no privilege dhcp option82 level lt 0 15 gt COMMAND all no privilege dhcp pool level lt 0 15 gt COMMAND all no privilege dhcp class level lt 0 15 gt COMMAND all no privilege dhcp pool class level lt
87. interval lt 1 3600 gt A50010 Y3 C150 2 7619 127 UMN CLI 128 i 7 4 1 5 7 4 1 6 7 4 1 7 User Manual SURPASS hiD 6615 S223 S323 R1 5 1 sec is the minimum time which can be selected But the minimum sampling interval currently is 30 sec i e all intervals will be round up to a multiple of 30 seconds Activating RMON History To activate RMON history use the following command Command Mode Description active RMON Activates RMON history Before activating RMON history check if your configuration is correct After RMON history is activated you cannot change its configuration If you need to change configuration you need to delete the RMON history and configure it again Deleting Configuration of RMON History When you need to change a configuration of RMON history you should delete an existing RMON history To delete RMON history use the following command Command Description r Deletes RMON history of specified number enter the no rmon history lt 1 65535 gt value for deleting Displaying RMON History To display RMON history use the following command Command Description show running config rmon Shows a configured RMON history history Always the last values will be displayed but no more than the number of the granted buckets The following is an example of displaying RMON history SWITCH config rmonhistory 5 show running config r
88. ip Assigns IP address shutdown Deactivates interface mtu Sets MTU value to interface Tab 3 8 Main Commands of Interface Configuration Mode 3 1 9 RMON Configuration Mode To open RMON Alarm Configuration mode enter rmon alarm lt 1 65534 gt To open RMON Event Configuration mode input rmon event lt 1 65534 gt And to open RMON History Configuration mode enter rmon history lt 1 65534 gt Tab 3 9 shows a couple of important main commands of RMON Configuration mode Command Description active Enables each RMON configuration community Configures password for trap message transmission right description Describes the RMON event falling event Configures to generate RMON alarm when object is less than config ured threshold falling threshold Defines the falling threshold owner Shows the subject which configures each RMON and uses related information rising event Configures to generate RMON alarm when object is more than config ured threshold requested buckets Tab 3 9 A50010 Y3 C150 2 7619 Defines a bucket count for the interval Main Commands of RMON Configuration Mode 33 UMN CLI 3 1 10 3 1 11 34 User Manual SURPASS hiD 6615 S223 S323 R1 5 Router Configuration Mode To open Router Configuration mode use the following command The system prompt is changed from SWITCH config to SWITCH config router Co
89. is possible to specify how long the device waits for a client to send back a response identity packet after the device has sent a request identity packet If the client does not send back a response identity packet during this time the device re transmits the request identity packet To configure the number of seconds that the switch waits for a response to a re quest identity packet use the following command Command Description Sets reattempt interval for requesting request identity dotix timeout tx period lt 1 packet 65535 PORTS Global 1 65535 retransmit interval default 30 no dotix timeout tx period Disables the interval for requesting identity PORTS A50010 Y3 C150 2 7619 67 UMN CLI 68 4 5 1 7 4 5 1 8 4 5 2 4 5 2 1 User Manual SURPASS hiD 6615 S223 S323 R1 5 Configuring Number of Request to RADIUS Server After 802 1x authentication configured as explained above and the user tries to connect with the port the process of authentication is progressed among user s PC and the equipment as authenticator and RADIUS server It is possible to configure how many times the device which will be authenticator requests for authentication to RADIUS server To configure times of authentication request in the hiD 6615 S223 S323 please use the command in Global Configuration mode Command Mode Description F Configure times of authentication request to RADIUS dotix radius s
90. is shown as below de fault values CoS Queue Mapping Reduced Queue Mapping os Description 802 1p Priority 8 Queues 4 Queues Lowest Best Effort IP be Background bg Spare spare Excellent Effort ee Controlled Load cl Video video Voice voice Highest Network Control ctrl Tab 7 1 Default 802 1p Priory to queue Map A50010 Y3 C 150 2 7619 149 UMN CLI User Manual SURPASS hiD 6615 S223 S323 R1 5 To define an 802 1p priory to queue map for 8 queues use the following command Command Description Priority to queue number mapping priority value 0 7 according to 802 1p 0 lowest best effort be 1 background bg spare spare qos map lt 0 7 gt lt 0 3 gt excellent effort ee controlled load cl video video voice voice network control ctrl Queue value 0 3 queue number 7 6 3 4 Queue Parameter To configure a queue parameter use the following command Command Description Sets a ingress back pressure qos ibp PORTS lt 1 8191 gt PORTS port numbers Sets a maximum packet size per queue for egress port PORTS port numbers 0 3 queue number qos pktlimit PORTS lt 0 3 gt lt 4 2047 gt Sets a maximum segment per queue for egress port PORTS port numbers 0 3 queue number qos seglimit PORTS lt 0 3 gt lt 1 8191 gt no gos ibp PORTS no gos pktlimit PORTS lt 0 3 gt Re
91. it is possible to transmit BPDU although packet cannot be transmitted between switch A and root ROOT 1 New link created Switch A ART 2 Negotiate between Switch A and ROOT Traffic Blocking Switch C Switch B N Fig 8 17 Network Convergence of 802 1w 1 Switch D A50010 Y3 C150 2 7619 207 UMN CLI User Manual SURPASS hiD 6615 S223 8323 R1 5 SWITCH A negotiates with root through BPDU To make link between SWITCH A and root port state of non edge designated port of SWITCH is changed to blocking Although SWITCH A is connected to root loop will not be created because SWITCH A is blocked to SWITCH Band C In this state BPDU form root is transmitted to SWITCH B and C through SWITCH A To configure forwarding state of SWITCH A SWITCH A negotiates with SWITCH B and SWITCH C ROOT 3 Forwarding Switch A gum _ 3 Negotiate between Switch A and Switch B Traffic Blocking Switch B Fig 8 18 Network Convergence of 802 1w 2 Switch D SWITCH B has only edge designated port Edge designated does not cause loop so it is defined in 802 1w to be changed to forwarding state Therefore SWITCH B does not need to block specific port to forwarding state of SWITCH A However since SWITCH C has a port connected to SWITCH D you should make blocking state of the port ROOT SwitchA NI PAR 4 Forwarding state 4 Forwarding stat Switch B IN 4 Block to make Forwa
92. kern local1 local2 local3 local4 local5 local6 local7 Ipr mail news sys log user uucp emerg alert crit err warning notice info remote P ADDRESS Generates a user defined syslog mes sage with a priority and forwards it to the console Generates a user defined syslog mes sage with a priority in the system mem ory volatile deletes a syslog message after restart non volatile reserves a syslog mes sage Generates a user defined syslog mes sage with a priority and forwards it to a remote host To disable a user defined syslog output level use the following command Command Description no syslog output priority auth authpriv cron daemon kern local local2 local3 local4 local5 local6 local7 Ipr mail news sys log user uucp emerg alert crit err warning notice info console no syslog output priority auth authpriv cron daemon kern local local2 local3 local4 local5 local6 local7 Ipr mail news sys log user uucp emerg alert crit err warning notice info local volatile non volatile no syslog output priority auth authpriv cron daemon kern local1 local2 local3 local4 local5 local6 local7 Ipr mail news sys log user uucp emerg alert crit err warning notice info remote P ADDRESS Global Deletes a spec
93. mfdb conf Displaying MAC Filter Policy To show a configuration about MAC filter policy use the following command Command Mode Description show mac filter default policy Enable Global Bridge Shows MAC filter policy show mac filter A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 7 13 7 13 1 Sample Configuration The latest policy is recorded as number 1 The following is an example of permitting MAC address 00 02 a5 74 9b 17 and 00 01 a7 70 01 d2 and showing table of filter policy SWITCH bridge mac filter add 00 02 a5 74 9b 17 permit SWITCH bridge f mac filter add 00 01 a7 70 01 d2 permit SWITCH bridge show mac filter 1 00 01 a7 70 01 d2 PERMIT 2 003 02 a5 74 9Dp317 PERMIT SWITCH bridge The following is an example of displaying one configuration SWITCH bridge show mac filter 1 1 002 OL rar 20201 s d2 PERMIT SWITCH bridge Address Resolution Protocol ARP Device connected to IP network has two addresses LAN address and network address LAN address is sometimes called as data link because it is used in Layer 2 level but more commonly the address is known as MAC address Ethernet Switch needs 48 bit MAC address to transmit packets In this case the process of finding proper MAC ad dress from IP address is called as address resolution On the other hand the progress of finding proper IP address from MAC address is called as rever
94. multicast routers in the automatic way is called Bootstrap message and the router which sends this Bootstrap message is called BSR Bootstrap Router All PIM routers existing on multicast network can be BSR Routers which want to be BSP are named candidate BSR and one router which has the highest A50010 Y3 C150 2 7619 307 UMN CLI 308 9 3 4 9 3 4 1 User Manual SURPASS hiD 6615 8223 8323 R1 5 priority becomes BSR among them If there are routers which have same priority then one router which has the highest IP address becomes BSR It is possible to configure the following messages which are included in candidate BSR message Since it is possible to assign several IP addresses in hiD 6615 S323 the switch may have several IP addresses assigned User can select one IP address among several IP ad dresses to be used in switch as candidate BSR When there are same priorities to compare candidate BSR IP address is compared through Hash User can configure Hash mask to apply Hash If you decide BSR among candidate BSRs priority in Bootstrap message is compared to decide it The highest priority of candidate BSR becomes BSR In order to configure prior ity of Bootstrap message use the following command To configure candidate BSR use the following command Command Description Gives the switch the candidate BSR status ip pim bsr candidate Global INTERFACE interface name oba INTERFACE lt 0 32 gt lt 0 2
95. of no maximum PORTS count PORTS the number of port 302 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 223 S323 R1 5 9 2 9 9 3 Displaying IGMP Snooping Table To display an IGMP snooping table use the following command Command Description show ip igmp snooping groups P ADDRESS show ip igmp snooping groups Enable Global Shows a configuration port PORT cpu show ip igmp snooping groups vlan VLANS Bridge show ip igmp snooping groups mac based PIM SM Protocol Independent Multicast Sparse Mode IGMP is the protocol to help multicast communication between switch and host but PIM is the protocol for multicast communication between router and router There are two kinds of PIM PIM DM Protocol Independent Multicast Dense Mode and PIM SM Pro tocol Independent Multicast Sparse Mode the hiD 6615 S323 supports PIM SM only Protocol of dense mode can send information about data packet and member to interface which is not connected to multicast source or receiver and multicast router saves con nection state to all the nodes In this case when most hosts are belonged to multicast group and there is enough bandwidth to support flow of controlling message between constituent members these overheads are acceptable but the other cases are inefficient Contrary to dense mode PIM SM receives multicast packet only when request comes from specific host in multicast gro
96. only you should use in parameter Meanwhile if prefix filter is configured with in option ORF Outbound Route Filtering and incoming route can be reset ipv4 option makes BGP peers have narrowed down to IP address family peers By using soft option you can configure the switch to update route information only when the session is still connected A50010 Y3 C150 2 7619 327 UMN CLI 328 10 1 5 2 User Manual SURPASS hiD 6615 S223 8323 R1 5 To reset the sessions of all peers and initialize the details of route configurations use the following command Command Description clear ip bgp in prefix filter Resets the session of specific group under condition in clears incoming advertised routes prefix filter pushes out prefix list ORF and does in clear ip bgp ipv4 unicast bound soft reconfiguration muticastin jprefix hiter the conditional option peer group name or AS num ber or IP address clear ip bgp out Resets the session of specific group under condition the conditional option peer group name or AS num clear ip bgp ipv4 unicast ber or IP address multicast out out clears outgoing advertised routes unicast multicast address family modifier clear ip bgp soft in out Updates the route information only while the session is possible for specific group under condition Apply the clear ip bgp ipv4 unicast route either incomin
97. queue Map sss He 149 Tab 7 2 ICMP Message Type oid edd deep eere pince canes 170 Tab 7 3 Mask Calculation of Default Value ssseee n 171 Tab 7 4 Options for Packet Dump sssssssseeeeeeee eene 176 Tab 8 1 Advantages and Disadvantages of Tagged VLAN ossessi 183 Tab 8 2 STP Pathi CoSst unico iet etu eite tette ten sacha fadadts a falten 213 Tab 8 3 RSTP Path GOS nette etenim etie eia ie 213 A50010 Y3 C150 2 7619 19 UMN CLI 20 1 1 1 2 User Manual SURPASS hiD 6615 S223 S323 R1 5 Introduction Audience This manual is intended for SURPASS hiD 6615 8223 8323 single board Fast Ethernet switch operators and maintenance personnel for providers of Ethernet services This manual assumes that you are familiar with the following e Ethernet networking technology and standards Internet topologies and protocols e Usage and functions of graphical user interfaces Document Structure Tab 1 1 briefly describes the structure of this document Chapter Description 1 Introduction Introduces the overall information of the document Introduces the hiD 6615 S223 S323 system It also lists the features 2 System Overview of the system 3 Command Line Interface CLI Describes how to use the Command Line Interface CLI 4 System Connection and IP Address Describes how to manage the system account and IP address 5 Port Configuration Describes how
98. relay information remote id all tion that contains only a remote ID Deletes all specified option 82 informa no relay information all tion 8 8 2 4 Associating DHCP Class To associate a DHCP class with a current DHCP pool use the following command Command Description Associates a DHCP class with a DHCP pool and opens class CLASS DHCP Pool Class Configuration mode DHCP Pool CLASS DHCP class name Releases an associated DHCP class from a current no class CLASS DHCP i pool 8 8 2 5 Range of IP Address for DHCP Class To specify a range of IP addresses for a DHCP class use the following command Command Description Specifies a range of IP addresses address range A B C D A B C D DHCP Pool A B C D start end IP address no address range A B C D Class A B C D Deletes a specified range of IP addresses A range of IP addresses specified with the address range command is valid only for a current DHCP pool Even if you associate the DHCP class with another DHCP pool the specified range of IP addresses will not be applicable 248 A50010 Y3 C150 2 7619 User Manual UMN SURPASS hiD 6615 S223 S323 R1 5 8 8 3 8 8 3 1 8 8 3 2 DHCP Lease Database DHCP Database Agent CLI The hiD 6615 8223 8323 provides a feature that allows to a DHCP server automatically saves a DHCP lease database on a DHCP database agent The DHCP da
99. server connected to A B C D Global user s switch no login tacacs interface Clears TACACS server interface TACACS Server Priority To specify the priority of a registered TACACS server use the following command Command Mode Description Specifies the priority of RADIUS server Global A B C D TACACS server address 1 5 the priority of TACACS server login tacacs server move A B C D 1 5 Timeout of Authentication Request After the authentication request the hiD 6615 S223 S323 waits for the response from the TACACS server for specified time A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 To specify a timeout value use the following command Command Description h 2 Specifies a timeout value login tacacs timeout 1 100 ihe 1 100 waiting time for the response default 3 4 2 5 4 Additional TACACS Configuration The hiD 6615 S223 S323 provides several additional options to configure the system au thentication via TACACS server TCP Port for the Authentication To specify TCP port for the system authentication use the following command Command Description login tacacs socket port Specifies TCP port for the authentication lt 1 65535 gt Global 1 65535 TCP port no login tacacs socket port Deleted the configured TCP port for the authentication Authentication Type To select the authentication type for TACACS use the following comman
100. source destination IP address with mask any any source destination IP address tcp TCP 0 65535 TCP source destination port number any any TCP source destination port TCP FLAG TCP flag e g S SYN F FIN any any TCP flag A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 7 6 4 4 7 6 4 5 Rule Action To specify a rule action match for the packets matching configured classifying patterns use the following command Command Mode Description match deny Denies a packet Admin rule match permit Permits a packet To delete a specified rule action match use the following command Command Mode Description no match deny Admin rule Deletes a specified rule action no match permit To specify a rule action no match for the packets not matching configured classifying patterns use the following command Mode Command Description no match deny Denies a packet Admin rule no match permit Permits a packet To delete a specified rule action no match use the following command Command Mode Description no no match deny Admin rule Deletes a specified rule action no no match permit Applying Rule After configuring rule using the above commands apply it to the system with the following command If you do not apply a rule to the system all specified rules will be lost To save and apply an admin
101. successful ping test if reply returns within the con Timeout in seconds 2 figured time interval Default is 2 seconds Extended commands n Shows the additional commands Default is no Tab 6 2 Options for Ping The following is an example of ping test 5 times to verify network status with IP address 172 16 1 254 SWITCH ping Protocol ip ip Target IP address 172 16 1 254 Repeat count 5 5 Datagram size 100 100 Timeout in seconds 2 2 Extended commands n n PING 172 16 1 254 172 16 1 254 100 128 bytes of data Warning time of day goes back 394us taking countermeasures 108 bytes from 172 16 1 254 icmp seq 1 ttl 255 time 0 058 ms 108 bytes from 172 1 254 icmp seq 2 ttl1 255 time 0 400 ms 108 bytes from 172 1 254 icmp seq 3 ttl1 255 time 0 403 ms 108 bytes from 172 1 254 icmp seq 4 ttl1 255 time 1 63 ms 108 bytes from 172 1 254 icmp seq 5 ttl1 255 time 0 414 ms aoe 1 72 16 1 254 ping statistics oO O DD DW 1 1 il 1 5 packets transmitted 5 received 0 packet loss time 8008ms rtt min avg max mdev 0 058 0 581 1 632 0 542 ms SWITCH When multiple IP addresses are assigned to the switch sometimes you need to verify the connection status between the specific IP address and network status In this case use the same process as ping test and then input the followings after ex tended commands It is possible to verify the connection between specific IP address a
102. suppression of all routing protocol updates Graceful restart thus allows a router to ex change path information with the neighboring router To configure graceful restart specifically for BGP use the following command Command Description bgp graceful restart Sets to use graceful restart in BGP protocol no bgp graceful restart Disables the restart time value setting Therefore 2 options of the time can be used to speed up routing convergence by its peer in case that BGP doesn t come back after a restart A50010 Y3 C150 2 7619 323 UMN CLI User Manual SURPASS hiD 6615 S223 8323 R1 5 Restart Time It s the waiting time for the restarting of Neighboring router s BGP process Restart time allows BGP process time to restart and implement the internal connection The session However if it s not working properly it is considered as the router stops op erating Stalepath Time After BGP process of Neighboring router is restarted it holds the time until BGP up dates the path information In case that the information of BGP routes is not updated until the stalepath time the switch discards this BGP routes information To set restart time or stalepath time on Graceful Restarting algorithm use the following command Command Description Sets the restart time of Graceful Restart configuration bgp graceful restart restart time lt 1 3600 gt in the unit of second 1 3600 restart time default 1
103. time is 0 OSPF keep the process before the administrator reboots the system To assign the maximum number of LSA to process in OSPF use the following command Command Mode Description overflow database lt 1 4294967294 gt hard soft Router overflow database external lt 0 2147483647 gt lt 0 65535 gt Assigns the number of LSA for internal route Assigns the number of LSA for external route When there is an overflow hard configuration will stop the process and soft configura tion will send a caution message To release the configuration use the following command Command Description no overflow database no overflow database external lt 0 2147483647 gt Router no overflow database external lt 0 2147483647 gt lt 0 65535 gt Releases the configuration for OSPF internal route Releases the configuration for OSPF external route A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 223 S323 R1 5 10 3 10 3 1 Routing Information Protocol RIP Routing Information Protocol RIP as it is more commonly used than any other Routing Protocols for use in small homogeneous networks It is a classical distance vector rout ing protocol with using hop count RIP is formally defined in documents in Request For Comments RFC 1058 and Internet Standard STD 56 As IP based networks became both more numerous and greater in size it became ap
104. to configure the Ethernet ports Describes how to configure the system environment and manage 6 System Environment ment functions 7 Network Management Describes how to configure the network management functions 8 System Main Functions Describes how to configure the system main functions 9 IP Multicast Describes how to configure the IP multicast packets 10 IP Routing Protocol Describes how to configure IP routing protocol TP Lists all abbreviations and acronyms which appear in this docu 12 Abbreviations i ment Tab 1 1 Overview of Chapters A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 1 3 Gi A 1 4 1 5 Document Convention This guide uses the following conventions to convey instructions and information Information This information symbol provides useful information when using commands to configure and means reader take note Notes contain helpful suggestions or references Warning This warning symbol means danger You are in a situation that could cause bodily injury or broke the equipment Before you work on any equipment be aware of the hazards in volved with electrical circuitry and be familiar with standard practices for preventing acci dents by making quick guide based on this guide Document Notation The following table shows commands used in guide book Please be aware of each command to use them correctly Notation De
105. tor port A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 223 S323 R1 5 Mirrored Ports 1 2 3 Monitor Port Monitoring Fig 5 2 Port Mirroring To configure port mirroring designate mirrored ports and monitor port Then enable port mirroring function Monitor port should be connected to the watch program installed PC You can designate only one monitor port but many mirrored ports for one switch Step 1 Activate the port mirroring using the following command Command Mode Description mirror enable Bridge Activates port mirroring Step 2 Designate the monitor port use the following command Command Mode Description mirror monitor PORTS cpu Bridge Designates the monitor port Step 3 Designate the mirrored ports use the following command Command Mode Description Designates the mirrored ports mirror add PORTS ingress egress Bridge ingress ingress traffic egress egress traffic A50010 Y3 C150 2 7619 81 UMN CLI User Manual SURPASS hiD 6615 S223 S323 R1 5 Step 4 To delete and modify the configuration use the following command Command Description mirror disable Deactivate monitoring mirror del PORTS ingress Delete a port from the mirrored ports egress Step 5 To disable monitoring function use the following command Command Description no mirror monitor Disable port mirroring function The fol
106. transmitting ARP reply Command Description Configures a gratuitous ARP arp patrol T ME COUNT TIME TIME transmit interval Global COUNT transmit count no arp patrol Disables a gratuitous ARP The following is an example of configuring the transmission interval as 10 sec and trans mission times as 4 and showing it SWITCH config arp patrol 10 4 SWITCH config show running config Building configuration Current configuration hostname SWITCH Omitted arp patrol 10 4 no snmp SWITCH config Proxy ARP To configure Proxy ARP you need to enter Interface configuration mode and use the fol lowing command Command Mode Description ip proxy arp Sets proxy ARP at specified Interface Interface no ip proxy arp Removes the configured proxy ARP from the interface ICMP Message Control ICMP stands for Internet Control Message Protocol When it is impossible to transmit data or configure route for data ICMP sends error message about it to host The first 4 bytes of all ICMP messages are same but the other parts are different ac cording to type field value and code field value There are fifteen values of field to distinguish each different ICMP message and code field value helps to distinguish each type in detail The following table shows explanation for fifteen values of ICMP message type A50010 Y3 C 150 2 7619 169 UMN CLI 170 7 14 1 7 14 2 Use
107. type static maximum current E enabled shutdown absolute E 1 0 port vlan secure mac addr status in use SWITCH bridge 7 10 2 Port Security Aging Port security aging is to set the aging time for all secure addresses on a port Use this feature to remove and add PCs on a secure port without manually deleting the existing secure MAC addresses while still limiting the number of secure addresses on a port Command Description port security PORTS aging A tati Enables aging for configured secure addresses static port security PORTS aging time Configures aging time in minutes for the port All the lt 1 1440 gt secure addresses age out exactly after the time port security PORTS aging type absolute inactivity Configures aging type absolute all the secure addresses on this port age out exactly after the time min utes specified lapses and are removed from the secure address list inactivity the secure addresses on this port age out only if there is no data traffic from the secure source addresses for the specified time period 160 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 To disable the configuration of port secure aging use the following command Command Description no port security PORTS aging Disables aging for only statistically configured secure static addresses no port security PORTS aging Disables port secure aging for all secure ad
108. uius 27 3 1 1 Privileged EXEC View Mode ssssseee emm emm eene 29 3 1 2 Privileged EXEC Enable Mode sse eene 29 3 1 3 Global Configuration Modessa RER eene 29 3 1 4 Bridge Configuration Mode sse emen 30 3 1 5 Rule Configuration ModE aiarra nera EE EE eene nnns 31 3 1 6 DHCP Configuration Mode sss eene nemen 32 3 1 7 DHCP Option 82 Configuration Mode see 32 3 1 8 Interface Configuration Mode sese emm ems 33 3 1 9 RMON Configuration Mode sese emen 33 3 1 10 Router Configuration Mode ssssseeeenm enne nee 34 3 1 11 VRRP Configuration Mode sse nennen 34 3 1 12 Route Map Configuration Mode ssseeeenn emen 35 3 2 Useful TIDS in ea it ett i Meet be tai Lo tbobete A et aaan dnte nu 36 3 2 1 Listing Available Commands sse emen 36 3 2 2 Calling Command History orse aE AE ener 37 3 2 3 Using Abbreviation itp PRI ela ipit iind 38 3 2 4 Using Command of Privileged EXEC Enable Mode sees 38 3 2 5 Exit Current Command Mode sss eene emen 39 4 System Connection and IP Address sssssee eee 40 4 1 System Connection s ease teet eade pe ede edoceri eau 40 4 1 1 System LOGIN es seein tne ee eee mtu ee ee teste etus 40 4 1 2 Password for Privileged EXEC Mode seem enne 41 4 1 3 Chang
109. upgraded using FTP This will allow network or sys tem administrators to remotely upgrade the system with the familiar interface To upgrade the system software using FTP perform the following step by step instruction Step 1 Connect to the hiD 6615 S223 323 with your FTP client software To login the system you can use the system user ID and password Note that you must use the command line based interface FTP client software when up grading the hiD 6615 S223 323 If you use the graphic based interface FTP client soft ware the system cannot recognize the upgraded software Step 2 Set the file transfer mode to the binary mode using the following command Command Description Sets the file transfer mode to the binary mode Step 3 Enable to print out the hash marks as transferring a file using the following command Command Description Prints out the hash marks as transferring a file Step 3 Uploads the new system software using the following command Command Description Uploads the system software put FILENAME os1 os2 FILENAME system software file name os1 os2 the area where the system software is stored A50010 Y3 C150 2 7619 377 UMN CLI User Manual SURPASS hiD 6615 8223 8323 R1 5 Step 4 Exit the FTP client using the following command Command Description Exits the FTP client To reflect the downloaded system software the system must restart using the reload comman
110. zerit r eene nens 124 Displaying LLDP Configuration seseen mme 125 Remote Monitoring RMON ssssseene enne nnns 126 RMON HIStory is 1 51am enitn dn Galen Adenine tan 126 Source Port of Statistical Data 127 Subject of RMONCHiStOry ient iba hebt teh Ra n heb bd EE 127 Number of Sample Data ssssssssssssssssseee eene 127 Interval of Sample Inquiry sssssssssseeeeneemeeen ns 127 Activating RMON History aoran aeranta nemen ennemis 128 Deleting Configuration of RMON History sse 128 Displaying RMON History isi imersita ataare iiaae mnes 128 RMON Fa M 129 Subject of RMON Alarm ne Ret A CH ER ELE Pee HERE ED Ee ts 129 Object of Sample Inquiry eerie ae EAA mem 130 Absolute Comparison and Delta Comparison sssssssssssss 130 Upper Bound of Threshold sssssssssssseeeneeeeenn nnn 130 Lower Bound of Threshold sss enne 131 Configuring Standard of the First Alarm 131 Interval of Sample Inquiry ssssssssssseeeenemeeeen nns 131 Activating RMON Alale arien aaa aaa eene nennen nnns 132 Deleting Configuration of RMON Alarm seeeee emm 132 Displaying RMON Alai nenien aaa a ei 132 RMON B2 mE 132 Event Community aras naa aaa aE ener nenne 132 Event Description sssssssssssssssssesee eene EErEE EAEEren nnna nanne EEEn 133 Subject of RMON Evante er pne
111. 0 2 24 gt SWTICH2 config router vrrp default 1 In case of same priorities SWITCH 1 with lower IP ad dress is configured as Master config router associate 10 0 0 5 SWITCH2 config router exit SWITCH2 SWITCH2 config show vrrp default virtual router 1 state virtual mac address 00 00 5E 00 01 01 advertisement interval 1 sec preemption enabled priority 100 master down interval 3 620 sec 1 associate address 10 0 0 5 8 4 1 4 VRRP Track Function When the link connected to Master Router of VRRP is off as below if link of Master Router is not recognized the users on the interface are not able to communicate because the interface is not able to access to Master Router In the condition that Link to VRRP s master router is down as the figure shown below or the link of Master Router cannot be recognized the communication would be impossible For the hiD 6615 323 you can configure Master Router to be changed by giving lower Priority to Master Router when the link of Mater Router is disconnected This function is VRRP Track A50010 Y3 C150 2 7619 231 UMN CLI 232 8 4 1 5 User Manual SURPASS hiD 6615 S223 8323 R1 5 Internet Virtual Router Associate IP 10 0 0 5 24 Backup Router 1 IP 10 0 0 2 24 Backup Router 2 IP 10 0 0 1 24 1 Link Down L eae aga a ER h 2 If the interface doesn t recognize to be Link down it is supposed t
112. 10 2 4 5 10 2 4 6 10 2 4 7 10 2 4 8 10 2 5 10 2 6 10 2 6 1 10 2 6 2 10 2 6 3 10 2 6 4 10 2 6 5 10 2 6 6 10 2 6 7 10 2 6 8 10 2 7 10 2 8 10 2 9 10 2 10 10 2 11 A50010 Y3 C150 2 7619 UMN CLI Basic Configuration interi aeta a arii e E tain e b de eive 318 Configuration Type of BGP ssssssssssssssessee eene eene nens 318 Enabling BGP Routing sssssssesee eee emm emen 318 Disabling BGP ROUUNG ce iei eee etch e ee eoo ttes betae 319 Advanced Cong ato Marren an AE EEA eene 319 Summary o Path itta etin chien ahd ath aac 320 Automatic Summarization of Path essem 320 Multi Exit Discriminator MED ssseem mem 321 Choosing Best Path iciatis rare tuor ete ene et eo eine et 321 Graceful Restart erret e ee oe ann ev eruca d 323 IP Address Eamily 5 deine f E etre es 324 BGP Neighbor eee e eue bci ene n ee lena 325 Default Route ii rnana eee aee ERR Te Ec teta eet ees 325 Peer Group ce eee i aden eae b et te nies 325 Foute Map uitae Geel ete entlastet 326 Force Sh tdoWn ine iiim tiim nitens 326 BGP Session Reset aired cible eic t e raaa iva irte nad heated 327 Session Reset of All Peers ssssssssssssssssssseeneneee nennen 327 Session Reset of Peers within Particular AS sssssssssssss 328 Session Reset of Specific Route sssssssssssssssseeeeeee 329 Session Reset of External Peer
113. 10 Y3 C150 2 7619 27 UMN CLI User Manual SURPASS hiD 6615 S223 S323 R1 5 Fig 3 1 shows hiD 6615 S323 software mode structure briefly User Log In Nc zy 1 Privilege EXEC View Mode NC DHCP Privilege EXEC Enable und Configuration Mode DHCP Option 82 Configuration Mode Global Configuration Mode NC Interface Configuration Mode Rule Configuration Mode FN Bridge Mode E RMON Configuration Mode PIM Configuration Mode Router Configuration Mode VRRP Configuration Mode Route Map Configuration Mode Fig 3 1 Software mode structure 28 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 3 1 1 Privileged EXEC View Mode When you log in to the switch the CLI will start with Privileged EXEC View mode that is a read only mode In this mode you can see a system configuration and information with several commands Tab 3 1 shows main command of Privileged EXEC View mode Command Description enable Opens Privileged EXEC Enable mode exit Logs out the switch show Shows a system configuration and information Tab 3 1 Main Commands of Privileged EXEC View Mode Privileged EXEC Enable Mode To configure the switch you need to open Privileged EXEC Enable mode with the enable command then the system prompt will changes from SWITCH gt to SWITCH Comm
114. 100 gt lt 1 100 gt figured value during the user defined time TIME 50 100 average of CPU load per 1 minute 1 100 average of interrupt load TIME minute Configure to reboot the system automatically in case auto reset memory lt 1 120 gt lt 1 memory low occurs as the configured value 10 gt 1 120 time of memory low 1 10 count of memory low The default is 5 no auto reset cpu memory Disables auto system rebooting To show auto system rebooting configuration use the following command Command Mode Description Global show auto reset cpu memory Biid Shows a configuration of auto rebooting function ridge The following is an example of configuring auto restarting function in case CPU load or Interrupt load maintains over 7096 during 60 seconds and viewing the configuration SWITCH config SWITCH bridge auto reset cpu 70 70 1 SWITCH bridge show auto reset cpu auto reset on cpu load 70 interrupt load 70 continuation time 1 SWITCH bridge System Authentication For the enhanced system security the hiD 6615 S223 S323 provides two authentication methods to access the switch using Remote Authentication Dial In User Service RA DIUS and Terminal Access Controller Access Control System Plus TACACS A50010 Y3 C150 2 7619 49 UMN CLI User Manual SURPASS hiD 6615 S223 S323 R1 5 4 2 1 Authentication Method To set the system authentication method use the follo
115. 20 Sets the stalepath time of Graceful Restart configura bgp graceful restart stalepath time lt 1 3600 gt tion in the unit of second 1 3600 stalepath time default 30 If you don t use Graceful Restart feature or want to return the default value for restart time or stalepath time use the following command Command Description no bgp graceful restart restart time lt 1 3600 gt Restores the default value for restart time Router no bgp graceful restart sta J Restores the default value for stalepath time lepath time lt 1 3600 gt 10 1 3 IP Address Family The hiD 6615 S323 recently supports both unicast and multicast as address family Use the following command in choosing either unicast or multicast to enter the Address Family Configuration mode allowing configuration of address family specific parameters Use the following command in order to enable address family routing process which open you in Address Family Configuration mode Command Mode Description address family ipv4 multicast Bani Opens the Address Family Configuration mode to con outer unicast figure sessions for IP v4 prefixes 3 Address exit address family EX Exits to Router Configuration mode amily 324 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 223 S323 R1 5 10 1 4 10 1 4 1 10 1 4 2 BGP Neighbor To assign IP address or peer grou
116. 23 R1 5 QinQ QinQ or Double Tagging is one way for tunneling between networks Customer A Customer A VLAN 200 VLAN 641 PVID 641 VLAN 200 Fan T T T TT Trunk Port Trunk Port SY A Tunnel Port Zz l VLAN 201 T Tagged Customer B VLAN 201 Customer B U Untagged Fig 8 2 Example of QinQ Configuration If QinQ is configured on the hiD 6615 8223 8323 it transmits packets adding another Tag to original Tag Customer A group and customer B group can guarantee security because telecommunication is done between each VLANs at Double Tagging part Double tagging is implemented with another VLAN tag in Ethernet frame header Source Preamble Destination 802 1Q VLAN Tag Type Length TPID 8100 Priority Canonical 12 bit identifier VLAN Ethernet Frame Preamble Destination Source VLAN Tag 802 1Q VLAN Tag Type Length LLC Data FCS TPID 8100 9100 12 bit identifier Canonical 12 bit identifier TPID 8100 Priority Canonical Priority Ethernet Frame using 802 1Q Tunneling Fig 8 3 QinQ Frame Port which connected with Service Provider is Uplink port internal and which connected with customer is Access port external Tunnel Port By tunnel port we mean a LAN port that is configured to offer 802 1Q tunneling support A tunnel port is always connected to the end customer and the input traffic to a tunnel p
117. 3 3 ARP Alias Although clients are joined in same client switch it may be impossible to communicate between clients for their private security When you need to make them communicate each other the hiD 6615 S223 S323 supports ARP alias which responses ARP request from client net through concentrating switch To register address of client net range in ARP alias use the See command arp alias A B C DA B C D Global a INENE IP address range and MAC address in ARP oba MACADDR alias to make user s equipment response ARP request Unless you input MAC address MAC address of user s equipment will be used for ARP response To delete registered IP address range of ARP alias use the following command Command Mode Description no arp alias START IP ADDRESS Global Deletes a registered IP address range of ARP alias END IP ADDRESS To display ARP alias use the following command Command Mode Description Enable show arp alias Shows a registered ARP alias Global ARP Inspection ARP provides IP communication by mapping an IP address to a MAC address But a ma licious user can attack ARP caches of systems by intercepting traffic intended for other hosts on the subnet For example Host B generates a broadcast message for all hosts within the broadcast domain to obtain the MAC address associated with the IP address of Host A If Host C responses with an IP address of Host A or B and a MAC address of Host C Host
118. 3 also provides debug command for Layer 3 routing protocols BGP OSPF RIP and PIM If you want to debug about them refer to the each configura tion chapter A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 7 16 1 1 Packet Dump by Protocol You can see packets about BOOTPS DHCP ARP and ICMP using the following com mand Command Description debug packet interface NTER FACE port PORTS protocol bootps dhcp arp icmp src ip A B C D dest ip A B C D debug packet interface NTER FACE port PORTS host src ip A B C D dest ip A B C D sre Shows host packet dump port 1 655355 dest port lt 1 65535 Shows packet dump by protocol Enable debug packet interface NTER FACE port PORTS multicast Shows multicast packet dump src ip A B C D dest ip A B C D debug packet interface NTER FACE port PORTS src ip A B C D dest ip A B C D Show packet dump by source IP address or destination debug packet interface NTER IP address FACE port PORTS dest ip A B C D 7 16 1 2 Packet Dump with Option You can verify packets with TCP dump options using the following command Command Mode Description debug packet OPTION Enable Shows packet dump using options A50010 Y3 C 150 2 7619 175 UMN CLI User Manual SURPASS hiD 6615 S223 S323 R1 5 Tab 7 4 shows the options for packet dump Description Change Networ
119. 323 as a client con nects to FTP server use the following command Command Description Binds a source IP address for connecting to FTP Global server no ftp bind address Deletes FTP bind address ftp bind address A B C D Please be careful that the FTP bind address is also applied to TFTP servers bind address Configuration Management You can verify if the system configurations are correct and save them in the system This section contains the following functions e Displaying System Configuration Saving System Configuration e Auto Saving e System Configuration File Restoring Default Configuration Displaying System Configuration To display a current running configuration of the system use the following command Command Description show running config Shows a configuration of the system show running config admin rule arp bridge dns full hostname instance interface INTERFACE login pm qos Shows a configuration of the system with the specific rmon alarm rmon event rmon option history router bgp pim rip ospf vrrp rule snmp syslog time out time zone time out show running config router Shows only the configuration that corresponds to each bgp ospf pim rip vrrp option A50010 Y3 C150 2 7619 91 UMN CLI 92 6 2 2 6 2 3 6 2 4 User Manual SURPASS hiD 6615 S223 S323 R1 5 The following is an e
120. 50010 Y3 C 150 2 7619 249 UMN CLI 250 8 8 3 3 8 8 4 User Manual SURPASS hiD 6615 S223 8323 R1 5 Deleting DHCP Lease Database To delete a DHCP lease database use the following command Command Description clear ip dhcp leasedb A B C D M Deletes a DHCP lease database a specified subnet clear ip dhcp leasedb pool Enable Deletes a DHCP lease database of a specified DHCP POOL Global pool clear ip dhcp leasedb all Deletes the entire DHCP lease database DHCP Relay Agent A DHCP relay agent is any host that forwards DHCP packets between clients and servers The DHCP relay agents are used to forward DHCP requests and replies between clients and servers when they are not on the same physical subnet The DHCP relay agent for warding is distinct from the normal forwarding of an IP router where IP datagrams are switched between networks somewhat transparently By contrast DHCP relay agents receive DHCP messages and then generate a new DHCP message to send out on another interface The DHCP relay agent sets the gate way address and if configured adds the DHCP option 82 information in the packet and forwards it to the DHCP server The reply from the server is forwarded back to the client after removing the DHCP option 82 information DHCP Server Relay Agent 1 VIF Relay Agent 2 Subnet 1 Subnet 2 PC DHCP Client Fig 8 32 Example of DHCP Relay Agent To activate deactivate the DHCP
121. 5352 Router type neighbor A B C D poll interval 1 655352 neighbor A B C D poll interval lt 1 65535 gt prior ity 0 255 A50010 Y3 C150 2 7619 341 UMN CLI 342 10 2 6 10 2 6 1 User Manual SURPASS hiD 6615 S223 8323 R1 5 To delete a configured router communicated by non broadcast type use the following command Command Mode Description no neighbor A B C D cost lt 1 65535 gt no neighbor A B C D priority lt 0 255 gt no neighbor A B C D priority poll interval 1 Deletes a configured neighbor router of 655352 Router NBMA type no neighbor A B C D poll interval lt 1 65535 gt no neighbor A B C D poll interval priority O 2552 OSPF Area Router configuration on OSPF network includes Area configuration with each interface network Area has various and special features It needs to be configured pertinently to make effective management on whole of OSPF network OSPF network defines several router types to manage the Area ABR Area Border Router is one of the router types to transmit information between Areas ASBR Autonomous System Border Router is using OSPF on oneside and using other routing protocol except for OSPF on other interface or Area ASBR exchanges area in formation between different routing protocols Area types are various The most principle Area types are Stub Area and NSSA Not So Stubby Area Area Authentication
122. 55 gt 0 32 hash mask length for RP selection 0 255 priority for candidate bootstrap switch To disable assigned IP address in candidate BSR use the following command Command Mode Description no ip pim bsr candidate Global Disables the configuration of BSR candidate You can clear all RP sets learned through the PIM Bootstrap Router BSR using the fol lowing command Command Mode Description clear ip pim sparse mode bsr rp Global Clears all RP sets set RP Information After deciding BSR on multicast network candidate RP routers send RP message to BSR Candidate RP message includes priority IP address and multicast group Then BSR adds the received candidate RP information to Bootstrap message and transmit to an other PIM router Through this Bootstrap message RP of multicast group is decided All routers belonged in multicast network can become candidate RP and routers which gen erally consist candidate BSR are supposed to consist candidate RP It is possible to con figure the following information which is included in candidate RP message Static RP for Certain Group You can configure several IP addresses on the hiD 6615 S323 Therefore you need to A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 223 S323 R1 5 9 3 4 2 decide which IP address to be used as candidate RP This command is used to statically configure the RP address for multicast groups To conf
123. 57 100 10 108 bytes from 172 16 1 4 108 bytes from 172 16 1 254 icmp seq 2 tt1 255 time 11 9 ms 108 bytes from 172 16 1 254 icmp seq 3 tt1 255 time 21 9 1 9 1 d 0 128 bytes of data 254 icmp seq 1 ttl 255 time 30 4 ms 108 bytes from 172 16 108 bytes from 172 16 eeo172 16 1 254 ping statistics 254 icmp seq 4 ttl 255 time 11 254 icmp seq 5 ttl 255 time 30 5 packets transmitted 5 received 0 packet loss time 8050ms rtt min avg max mdev 11 972 21 301 30 411 8 200 ms SWITCH 96 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 6 3 2 IP ICMP Source Routing If you implement PING test to verify the status of network connection icmp request ar rives at the final destination as the closest route according to the routing theory 2 ie PING test to C Fig 6 1 Ping Test for Network Status In the above figure if you perform ping test from PC to C it goes through the route of AB C This is the general case But the hiD 6615 S223 S323 can enable to per form ping test from PC as the route of A gt E D C Reply Request Fig 6 2 IP Source Routing A50010 Y3 C150 2 7619 97 UMN CLI 98 6 3 3 User Manual SURPASS hiD 6615 S223 S323 R1 5 To perform ping test as the route which the manager designated use the following steps Step 1 Enable IP source routing function from the equipment connected to PC which the PING test is going to be performed To e
124. 6 5 2 4 5 2 5 User Manual SURPASS hiD 6615 8223 8323 R1 5 SWITCH bridge show port 1 NO TYPE PVID STATUS MODE FLOWCTRL INSTALLED ADMIN OPER 1 Ethernet di Up Up PERE Gaol Off Y SWITCH bridge port speed 1 10 SWITCH bridge show port 1 NO TYPE PVID STATUS MODE FLOWCTRL INSTALLED ADMIN OPER 1 Ethernet 1 Up Up Force maldio Off Y SWITCH bridge Duplex Mode Only unidirectional communication is practicable on half duplex mode and bidirectional communication is practicable on full duplex mode By transmitting packet for two ways Ethernet bandwidth is enlarged two times 10Mbps to 20Mbps 100Mbps to 200Mbps To set duplex mode use the following command Command Description Sets full or half duplex mode of specified port enter the port duplex PORTS full half port number The following is an example of configuring duplex mode of port 1 as half mode and show ing it SWITCH bridge show port 1 NO TYPE PVID STATUS MODE FLOWCTRL INSTALLED ADMIN OPER 1 Ethernet 1 Up Up Force fru L00 Off Y SWITCH bridge port duplex 1 half SWITCH bridge show port 1 NO TYPE PVID STATUS MODE FLOWCTRL INSTALLED ADMIN OPER 1 Ethernet 1 Up Down Forcel Hal M100 Off Y SWITCH bridge Flow Control Ethernet ports on the switches use flow control to restrain the transmission of packets to the port for a period time Typically if the receive buffer becomes full the port transmits
125. 615 8223 8323 R1 5 To display a list of valid or invalid blocked IP addresses use the following command Command Mode Description show ip dhcp authorized arp Enable Shows a list of valid IP addresses Global Bridge Shows a list of invalid discarded IP addresses valid show ip dhcp authorized arp invalid To delete a list of invalid blocked IP addresses use the following command Command Mode Description Enable Global Deletes a list of invalid discarded IP addresses clear ip dhcp authorized arp invalid Bridge 8 8 1 14 Prohibition of 1 N IP Address Assignment The DHCP server may assign plural IP addresses to a single DHCP client in case of plu ral DHCP requests from the DHCP client which has the same hardware address Some network devices may need plural IP addresses but most DHCP clients like personal computers need only a single IP address In this case you can configure the hiD 6615 223 S323 to prohibit assigning plural IP addresses to a single DHCP client To prohibit assigning plural IP addresses to a DHCP client use the following command Command Mode Description ip dhcp check client hardware m Ax Prohibits assigning plural IP addresses address Global no ip dhcp check client ae Permits assigning plural IP addresses hardware address 8 8 1 15 Ignoring BOOTP Request To allow a DHCP server to ignore received bootstrap protocol BOOTP r
126. 7 6 3 3 7 6 3 4 7 6 3 5 7 6 4 7 6 4 1 7 6 4 2 7 6 4 3 7 6 4 4 7 6 4 5 7 6 4 6 7 6 4 7 7 7 7 8 7 9 7 9 1 7 10 7 10 1 7 10 2 7 11 7 12 7 12 1 7 12 2 7 12 3 7 12 4 7 12 5 7 13 7 13 1 7 13 1 1 7 13 1 2 7 13 2 7 13 3 7 13 4 7 13 5 7 14 7 14 1 7 14 2 7 14 3 7 14 4 7 15 7 15 1 7 15 2 7 16 7 16 1 7 16 1 1 7 16 1 2 7 16 2 7 17 A50010 Y3 C150 2 7619 Scheduling Algorithm 1i iiti tare edicere tier eiii 147 Qos Weight ain acd ein Hee t ib e eee died 149 802 1p Priory to queue Mapping sm 149 Queue Pafamelter ee op eiae emet bred esie 150 Displaying QOS e ar E Rede ead T e PRAE dn 150 Admin Access Rule x inner eno R 150 Rule Creations iioi iti lids pio fa antes sie bt AT 151 Rule Prony 2 iei en vasis biqetiebdisi lei tet ebat 151 Packet Classification sssssssseeee emen 152 Rule Action iiit ett tede d t o ted tet es 153 Applying Rule 3 teer t EE ME RE ER ined 153 Modifying and Deleting Rule sssesseee emen 154 Displaying Rule ote t e Fette e Re s e E eques 154 NetBIOS Filtering oia ate ete ante eet led 155 Martian Eltering ite Redeem A 156 Max HOSE aiite ie it ete tens fem lt edi ten fel iem tente a adits 156 Max Ne w FHosls toi tette etes echec ee eot tu it eee 157 Port Security iiti E 158 Port Security on Port npe E ee eee 158 Port Security AGING 29 c e nte ven teas RUP mons NETR 160 DUO s EE 161 MAC
127. 9 311 UMN CLI 9 3 5 5 9 3 6 312 User Manual SURPASS hiD 6615 8223 8323 R1 5 sage in response It is normally the loopback interface address but can also be other physical addresses This address must be advertised by unicast routing protocols on the DR Command Description Configures the source address of register message ip pim register source A B C D A B C D IP address to be used as source INTERFACE Global INTERFACE interface address to be used as source no ip pim register source Disables the registration suppression time By default the IP address of the outgoing interface of the DR leading to the RP is used as the IP source address of a register message Reachability for PIM Register Process To enable the RP reachability verification for PIM Register processing at the DR use the following command Command Description ip pim register rp reachability Enables the RP reachability verification function no ip pim register rp reach Global Disables the RP reachability verification function ability default This command is disabled by default SPT Switchover This command is used to enable and configure the bandwidth of the switchover from RPT to SPT for the certain group If a source sends at a rate greater than or equal to traffic rate the kbps value a PIM join message is triggered toward the source to construct a Source tree Specifying a group list acce
128. 94 9 2 5 4 9 2 5 5 User Manual SURPASS hiD 6615 S223 S323 R1 5 IGMP v2 Snooping Report Method When IGMP report suppression is enabled the switch forwards only one IGMP report per multicast router query When report suppression is disabled all IGMP reports are for warded to the multicast routers Command Description ip igmp snooping report Configures the IGMP report suppression on the sys suppression tem Global ip igmp snooping vlan VLANS Configures the IGMP report suppression on a VLAN report suppression interface IGMP report suppression is supported only when the multicast query has IGMP v1 and IGMP v2 reports This feature is not supported when the query includes IGMP v3 reports To disable IGMP snooping report suppression use the following command Command Description no ip igmp snooping report Deletes the IGMP report suppression on the system suppression Global no ip igmp snooping vlan Deletes the IGMP report suppression on a VLAN inter VLANS report suppression face To display the IGMP Report Suppression configuration use the following command Command Mode Description Enable show ip igmp snooping vlan Global Shows that the IGMP report suppression is enabled VLAN sl Bridge Mrouter Port Configuring Mrouter Port per VLAN You can designate to which port the multicast router is connected If you designate mul ticast router is con
129. 96 User Manual SURPASS hiD 6615 S223 S323 R1 5 e dstip Destination IP address dstmac Destination MAC address Ssrcdstip Runs by reference to both Source IP address and Destination IP address e Srcdstmac Source MAC address and Destination MAC address Srcip Source IP address srcmac Source MAC address For the hiD 6615 S223 S323 srcdstmac source MAC address and destination MAC ad dress is basically used to decide packet route After configuring aggregator you should configure packets transmitting aggregator port The following is the command of configuring packets transmitting aggregator port Command Description lacp aggregator distmode AG GREGETIONS srcmac dstmac srcdstmac srcip dstip srcdstip Defines packets transmitted by way of aggregator Bridge which is a logical aggregated port AGGREGATIONS select the aggregator ID 0 132 To disable configuring packets use the following command Command Description no lacp aggregator Deletes destination MAC address select the aggrega AGGREGETIONS tor ID Operating Mode of Member Port After configuring member port configure the mode of member port There are two kinds of mode Active mode and Passive mode in member port The port of Passive mode starts LACP when there s Active mode on the port of opposite switch The priority of Active mode is higher that that of Passive mode so that the port of Passive mode follows the p
130. A and Host B can use Host C s MAC address as the destination MAC ad dress for traffic intended for Host A and Host B ARP Inspection is a security feature that validates ARP packets in a network It intercepts and discards ARP packets with invalid IP MAC address binding To enable and disable ARP Inspection on the hiX 5430 system use the following com mand Command Description ip arp inspection vlan VLAN Enables ARP inspection function on a VLAN Global no ip arp inspection vlan VLAN Disables ARP inspection function on a VLAN A50010 Y3 C150 2 7619 167 UMN CLI User Manual SURPASS hiD 6615 S223 S323 R1 5 You can configure the switch to perform additional checks on the destination MAC ad dress the sender and target IP address and the source MAC address Command Description Inspects specific check on incoming ARP packets src mac checks the source MAC address Packets with different MAC addresses are classified as invalid ip arp inspection validate src are dropped mac dst mac ip dst mac checks the destination MAC address Packets with different MAC addresses are classified as invalid are dropped ip checks the unexpected IP address Applies ARP ACL to the VLAN NAME ARP ACL name It is created with the arp ac cess list NAME command ip arp inspection filter NAME vlan VLAN ip arp inspection trust port Configures a connection between switches as trusted PORTS PORTS trus
131. A50010 Y3 C150 2 7619 User Manual SURPASS hiD 6615 S223 S323 R1 5 8 9 3 2 8 9 3 3 8 9 3 4 8 9 3 5 8 9 3 6 8 9 3 7 8 9 3 8 8 9 3 9 8 9 3 10 8 10 8 10 1 8 10 2 8 10 3 8 10 4 8 10 5 8 10 6 8 11 8 12 8 13 8 14 9 1 9 1 1 9 1 2 9 1 3 9 1 4 9 1 5 9 1 6 9 1 7 9 2 9 2 1 9 2 1 1 9 2 1 2 9 2 1 3 9 2 1 4 9 2 2 9 2 2 1 9 2 2 2 9 2 2 3 9 2 2 4 9 2 2 5 9 2 3 9 2 4 9 2 4 1 9 2 4 2 9 2 5 9 2 5 1 9 2 5 2 9 2 5 3 9 2 5 4 A50010 Y3 C150 2 7619 UMN CLI RM Node dee Ret eec e Et de a auta anteget 268 Port of ERP doma rannin its oii a eee eee deua 268 Protected VEAN 5i ini perte iot dittetebtee tet dete ied ete ee belle ede nn 268 Protected Actlvation iet idit ec te ed Tees eet ictis ett Picea ees 268 Manual Switch to Secondary ssssssssssee eene 269 Walit to Restore TIfrie tecla enimse uem 269 Learning Disable Times x i idiot ete ied ER RR RUD e OS 269 Test Packet Interval iie rhe d a t bb He bus 269 Displaying ERP Configuration ssseee 270 SLACKING iuo eiat edat Led eod ru ede ail EE 270 SWITCH Group neni tont aee p det eem TOUR et ed HE Read 271 Designating Master and Slave Switch ssssseee 271 Disabling Stacking oen p t het eee Re s eus 272 Displaying Stacking Status esses emen 272 Accessing to Slave Switch from Master Switch sss 272 Sample Configuration 2 eicit itii ee i etd
132. A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 223 S323 R1 5 10 2 6 7 10 2 6 8 Stub Area Stub Area is that ABR is connected to Backbone Area If it is assigned as Stub Area ABR will notify the default path to Stub Area and other routing protocol information will not transmit to Stub Area To create Stub Area use the following command Command Description area lt 0 4294967295 gt stub no summary Creates a Stub Area If no summary option adds to Stub Area other Area OSPF routing information also can not come to Stub Area However it only goes to default route from ABR router That is To tally Stubby Area To delete a created Stub Area use the following command Command Description no area lt 0 4294967295 gt stub Deletes a created Stub Area no summary Virtual Link In OSPF all areas must be connected to a backbone area If there is a break in backbone continuity or the backbone is purposefully portioned you can establish a virtual link The virtual link must be configured in both routers OSPF network regards virtual link routers as Point to point router Therefore the Hello interval Retransmit interval Transmit delay must be consistent across all routers in an at tached network User can configure Authentication for security Authentication key for password and time period for Hello interval Retransmit interval Transmit delay and Dead interval to operate vir
133. ADDRESS NAME auth port 0 65535 key KEY dotix radius server host P Configures IP address of RADIUS server and key ADDRESS NAME key KEY value no dotix radius server host P Deletes a registered RADIUS server ADDRESS NAME You can designate up to 5 RADIUS servers as authenticator The key is authentication information between the authenticator and RADIUS server The authenticator and RADIUS server must have a same key value and you can use alpha betic characters and numbers for the key value The space or special character is not al lowed You can configure the priority for the radius server that have configured by user Command Mode Description dotix radius server move P Configures the priority of radius server ADDRESS NAME priority PRI Global IP ADDRESS Ip address of radius server ORITY NAME host name Configuring Authentication Mode You can change the authentication mode from the port based to the MAC based To change the authentication mode use the following command Command Description dotix auth mode mac base PORTS Sets the authentication mode to the MAC based Global no dotix auth mode mac base PORTS Restores the authentication mode to the port based Before setting the authentication mode to the MAC based you need to set a MAC filtering policy to deny them for all the Ethernet ports To configure a MAC filtering policy see Sec ti
134. AE FE FE E FE FE FE AE FE FE FE FE AE FE AE FE FE FE FE AE HEE AE FE AE FE FE FE FE FE ERE AE FE AE FE FE E FE AE FE AE FE FE FE TE AE FE E FE FE EEE FE HE FE E HE E H HEHE HE E FE FE AE FE AE FE FE FE FE FE FE AE FE FE E FE AE FE AE FE EH FE FE E FE AE FE AE FE FE FE FE FE FE AE FE FE AE FE AE FE FE E FE AE TE AE FE FE FE TE AE FE AE FE FE ER E FE E FE ER H H HEHE HHH E FE FE AE FE AE FE FE FE FE FE FE AE FE FE FE FE AE FE FE FE FE FE FE AE FE FE E FE FE FE AE FE FE FE FE AE FE AE FE EH FE FE E FE FE FE AE FE FE FE FE AE FE AE FE FE EEE FE HE EE H H Omitted FE AE AE aE FE FE AE AE AE FE aE FE AE AE E FE aE AE AE E FE FE AE AE a FE AE FE FE FE FE AE FE FE FE FE AE AE FE FE FE AE AE FE FE FE AE AE FE FE FE AE AE FE TE FE AE AE FE FE AE AE GE FE FE AE AE AE FE FE AE AE E FE FE AEE FE FE AE aE FE FE FE AE AE aE aE FE AE AE E FE aE AE AE FE FE FE AE AE FE FE FE AE FE FE FE FE AE AE FE FE FE AE AE FE FE FE AE AE aE FE AE AE FE FE FE AE AE FE TE FE AE AE FE FE FE AE aa AE AE FE FE FE AE AE E FE FE EE FE AE AE aE FE FE AE AE AE aE aE FE AE AE E FE aE AE AE FE FE FE AE AE FE FE FE AE FE FE FE FE AE FE FE FE FE AE AE FE FE FE AE AE FE FE FE AE FE FE a AE AE FE TE FE AE AE FE FE AE aaa AE AE FE FE AE AE E FE FE AEE FE AE AE aE FE FE AE AE AE aE aE FE AE AE FE FE aE AE aE FE FE AE AE FE FE FE AE AE FE FE FE AE AE FE FE FE AE AE FE FE FE AE AE FE FE FE AE AE FE FE FE AE AE FE FE FE AE E FE FE AE AE E FE FE FE AE AE FE FE AE AE E FE FE AEE A50010 Y3 C150 2 7619 373 UMN
135. ASS hiD 6615 223 S323 R1 5 10 1 5 3 10 1 5 4 Command Description clear ip bgp lt 1 65535 gt soft in Updates the route information only while the session is out possible of BGP neighboring routers which are config clear ip bgp lt 1 65535 gt ipv4 Global ured a particular AC number Apply the route either unicast multicast soft in incoming or outgoing routes out 1 65535 AS number Session Reset of Specific Route To reset the sessions of BGP neighboring router with specified IP address use the follow ing command Command Mode Description clear ip bgp ROUTE IP amp lapsl Resets the sessions of BGP neighboring router with oba ADDRESS specified IP address See Section 10 1 5 1 when you configure the detail parameters To reset the sessions of BGP neighboring router with specified IP address and initialize the details of route configurations use the following command Command Description clear ip bgp A B C D in prefix Resets the session of BGP neighboring router con filter tained specified IP address in clears incoming advertised routes clear ip bgp A B C D ipv4 uni prefix filter pushes out prefix list ORF and does in cast multicast in prefix filter bound soft reconfiguration A B C D route IP address clear ip bgp A B C D out Resets the session of BGP neighboring router with specified IP address Global clear ip bgp A B C D ipv4 uni A B
136. AppleTalk Phase and Phase II in TCP IP Storm may occur In addition when information of routing protocol regularly transmitted from router incor rectly recognized by system which does not support the protocol Broadcast Storm may be occurred Broadcast Storm Control is operated by system counts how many Broadcast packets are there for a second and if there are packets over configured limit they are discarded The hiD 6615 S223 S323 provides not only broadcast storm but also control of multicast and DLF Destination Lookup Fail storm In order to use control of multicast and DLF storm use the following commands Then all configurations of Broadcast storm control will be equally applied to all VLANs To enable multicast storm control and DLF storm control use the following command Command Description Enables broadcast multicast or DLF storm control storm control broadcast mul respectively in a port with a user defined rate Rate ticast dif RATE PORTS value is from 1 to 262142 for FE and from 1 to 2097150 for GE By default DLF storm control is enabled and multicast storm control is disabled To disable multicast storm control and DLF storm control use the following commands A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 223 S323 R1 5 8 12 Command Description no storm control broadcast Disables broadcast multicast or DLF storm control multicast dif PORTS respect
137. B C D INTERFACE IGMP Debug To enable debugging of all IGMP or a specific feature of IGMP use the following com mand Command Mode Description Enables debugging of IGMP all debug all IGMP decode debug IGMP decoding debug igmp all decode en encode debug IGMP encoding code events fsm tib Enable events debug IGMP events fsm debug IGMP Finite State Machine FSM tib debug IGMP Tree Information Base TIB no debug igmp all decode encode events fsm tib Disables the IGMP debugging configuration IGMP Robustness Value To change the Querier Robustness Variable value on an interface use the following command Command Description ip igmp robustness variable lt 2 Configures the querier robustness variable value on an 7 Interface interface no ip igmp robustness variable Returns to the default value default 2 IGMP Version 2 IGMP v2 consists of three message type query membership report and leave report This chapter describes how to configure these IGMP v2 features IGMP Static Join Setting If there is no group member on a network segment and you want to transmit multicast packet to that network segment you can configure to pull multicast traffic down to a net work segment using the ip igmp static group command With this command the switch does not accept the packets but forwards them The outgoing interface appears in the
138. Basically if Membership Report about First Specific Query does not come after 1 second send second Specific Query If there is no response also it deleted from Membership Table Last member interval is the value to regulate gap between first Specific Query and second Specific Query By limiting Inter val value IGMP v2 function and fast Leave can be implemented To send IGMP Query message and configure the respond time use the following com mand Command Description ip igmp snooping last member Configures the time of registering in multicast group query interval lt 100 10000 gt after sending Join message on the system unit ms ip igmp snooping vlan VLANS Global TEM Configures the time of registering in multicast group last member query interval after sending Join message on a VLAN interface lt 100 10000 gt If you configure ip igmp snooping fast leave it is meaningless to register time as multi cast group To release the waiting time for respond after sending IGMP Query message use the fol lowing command Command Description no ip igmp snooping last Returns to the default time of registering Join message member query interval in multicast group after sending it no ip igmp snooping vlan Global Returns to the default time of registering Join message VLANS last member query 2 f J after sending it on a VLAN interface interval A50010 Y3 C150 2 7619 293 UMN CLI 2
139. C filtering DHCP Server Packet Filtering Dynamic host configuration protocol DHCP makes DHCP server assign IP address to DHCP clients automatically and manage the IP address Most ISP operators provide the service as such a way At this time if a DHCP client connects with the equipment that can be the other DHCP server such as Internet access gateway router communication failure might be occurred DHCP filtering helps to operate DHCP service by blocking DHCP request which enters through subscriber s port and goes out into uplink port or the other subscriber s port and DHCP reply which enters to the subscriber s port In the Fig 8 34 server A has the IP area from 192 168 10 1 to 192 168 10 10 Suppose a user connects with client 3 that can be DHCP server to A in order to share IP address from 10 1 1 1 to 10 1 1 10 Here if client 1 and client 2 are not blocked from client 3 of DHCP server client 1 and cli ent 2 will request and receive IP from client 3 so that communication blockage will be oc curred Therefore the filtering function should be configured between client 1 and client 3 client 2 and client 3 in order to make client 1 and client 2 receive IP without difficulty from DHCP server A A50010 Y3 C150 2 7619 263 UMN CLI User Manual SURPASS hiD 6615 S223 S323 R1 5 DHCP Server A 192 168 10 1 192 1 68 10 10 IP assigned Client 3 The device that can be a Request from client 1 2 is DHCP serve
140. C150 2 7619 User Manual SURPASS hiD 6615 223 S323 R1 5 10 1 6 Command UMN CLI Description clear ip bgp peer group GROUP out clear ip bgp peer group GROUP ipv4 unicast multicast out clear ip bgp peer group GROUP soft in out Global clear ip bgp peer group GROUP ipv4 unicast multicast soft in out Displaying and Managing BGP Resets the session for all members of specified peer group GROUP peer group name out clears outgoing advertised routes unicast multicast address family modifier Resets the route information only while the session is possible for all members of specified peer group Apply the route either incoming or outgoing routes GROUP peer group name BGP network information or configurations provided can be used to determine resource utilization and enable BGP troubleshooting functions to solve network problems Command To see the configurations involved in BGP routing protocol use the following command Description show ip bgp summary show ip bgp ipv4 unicast multicast summary To show detailed information mand Command Shows the summarized network status of BGP neighboring routers on BGP neighbor router s session use the following com Description show ip bgp neighbors show ip bgp ipv4 unicast mul ticast neighbors show ip bgp neighbors NEIGHBOR IP show ip bgp ipv4 unicast
141. C150 2 7619 339 UMN CLI 340 10 2 4 6 10 2 4 7 User Manual SURPASS hiD 6615 S223 S323 R1 5 OSPF Maximum Transmission Unit MTU Router verifies MTU when DD Database Description is exchanging among the routers on OSPF networks Basically OSPF network can not be organized if there are different sizes of MTUs between routers Therefore MTU value must be consistent Generally MTU value is 1500 bytes on Ethernet interface To configure MTU on OSPF interface use the following command Command Mode Description ip ospf mtu lt 576 65535 gt Configures an MTU on OSPF interface Interface no ip ospf mtu Deletes a configured MTU on OSPF interface Configuration as above makes MTU consistently on same OSPF network actual MTU value on interface itself will not be changed On the other hands if there are two routers which have different MTU it can be partici pated with OSPF network through the configuration that skips the verification of MTU value when there is DD exchanging To configure the switch to skip the MTU verification in DD process use the following command Command Mode Description ip ospf mtu ignore Configures the switch to skip the MTU verification in Interface ip ospf A B C D mtu ignore DD process To configure the switch not to skip the MTU verification in DD process use the following command Command Mode Description no ip ospf mtu ignore Configures the switch not
142. CLI User Manual SURPASS hiD 6615 8223 8323 R1 5 FE AEE FE E FE AE FE FE E FE AE FE AE FE FE EEE EEE EEE AE FE FE FE FE EH EEE ERE FE FE FE EE EH EH FE FE AE FE FE FE EE FE FE FE FE FE FE EHE BRE FE AEE FE E FE AE FE HE E FE FE FE AE FE FE E FE FE FE FE ERE FE FE FE FE AE FE E FE FE FE FE E FE FE FE FE ERE FE FE FE FE E FE FE FE FE FE FE E BEE FE FE FE FE FE FE AE E FE FE FE AE FE EHE E H H H FE AEE HE E FE AE FE FE FE FE FE FE AE E FE FE FE FE FE FE ERE FE FE FE FE E FE FE FE AE FE FE FE FE FE FE AE ERE FE FE FE FE AE TE E FE AE FE HE FE E H E EH 13661792 bytes download OK SWITCH show flash Flash Information Bytes Area total used free OS1 default running 16777216 13661822 3115394 3 18 1009 OS2 16777216 13661428 3115788 3 12 1008 CONFIG 4194304 663552 3530752 Total 37748736 27986802 9761934 SWITCH reload Do you want to save the system configuration y n y Do you want to reload the system y n y Broadcast message from admin ttyp0 Fri Aug 18 15 15 41 2006 0000 The system is going down for reboot NOW 11 2 Boot Mode Upgrade In case that you cannot upgrade the system software with the general upgrade procedure you can upgrade it with the boot mode upgrade procedure Before the boot mode up grade please keep in mind the following restrictions Aterminal must be connected to the system via the console interface To open the N boot mode you should press S key when the boot logo is shown up e The boot mode u
143. D 6615 S223 S323 R1 5 3 2 2 Command Description show list Shows available commands of the current mode E Shows available commands of the current mode with show cli tree structure The following is an example of displaying list of available commands of Privileged EXEC Enable mode SWITCH show list clear arp clear arp IFNAME clear ip bgp clear ip bgp in clear ip bgp in prefix filter clear ip bgp ipv4 unicast multicast in clear ip bgp ipv4 unicast multicast in prefix filter clear ip bgp ipv4 unicast multicast out clear ip bgp ipv4 unicast multicast soft clear ip bgp ipv4 unicast multicast soft in clear ip bgp ipv4 unicast multicast soft out TS MOLe Press the lt ENTER gt key to skip to the next list In case of the hiD 6615 S223 S323 installed command shell you can find out commands starting with specific alphabet Input the first letter and question mark without space The following is an example of finding out the commands starting s in Privileged EXEC En able mode of hiD 6615 8223 8323 SWITCH s show Show running system information ssh Configure secure shell SWITCH s Also it is possible to view variables you should input following after commands After in putting the command you need make one space and input question mark The following is an example of viewing variables after the command write Please note that you must make
144. DHCP option 82 enables a DHCP relay agent to include information about itself when forwarding client originated DHCP packets to a DHCP server The DHCP server can use this information to implement security and IP address assignment policies There are 2 sub options for the DHCP option 82 information as follows e Remote ID This sub option may be added by DHCP relay agents which terminate switched or permanent circuits and have mechanisms to identify the remote host of the circuit Note that the remote ID must be globally unique Circuit ID This sub option may be added by DHCP relay agents which terminate switched or permanent circuits It encodes an agent local identifier of the circuit from which a DHCP client to server packet was received It is intended for use by DHCP relay agents in forwarding DHCP responses back to the proper circuit A50010 Y3 C150 2 7619 253 UMN CLI User Manual SURPASS hiD 6615 S223 S323 R1 5 To specify a remote ID use the following command Command Description system remote id hex HEXSTRING Specifies a remote ID system remote id ip A B C D Option 82 default system MAC address system remote id text STRING To specify a circuit ID use the following command Command Description system circuit id PORTS hex HEXSTRING Specifies a circuit ID system circuit id PORTS index 0 655357 Option 82 system circuit id PORTS text STRING default port number To
145. DIUS SONE netiis et D petiit EB Ee Dette PER 51 RADIUS Server for System Authentication ssssseeeene 51 RADIUS Server PrIOritys ien ena e HERO EEEE 51 Timeout of Authentication Request sssssssssssssseeeenees 51 Frequency of Rettansmut sesrosrer narra ia E AAA nennen 52 TAGAGS SON G iret S oe eed destained 52 TACACS Server for System Authentication ssessseeesee 52 TACAGS Server Priority iioii eee et ee dede e di dd d s 52 Timeout of Authentication Request sssssssssssssesseeeeenes 52 Additional TACACS Configuration eesssee eene 53 ACCOUNTING MOGe ies re t e eee Pe aan aa 54 Displaying System Authentication sssseee ee 54 Sample Configuration de eee ee DOR dere Ee OE EC Ee 55 Assigning IP Address etui n niuis n E eb Rte 56 Enabling Interface uot ee ea bte e te te m ebat beu c ER d CC R A 57 Disabling Interface 3 piene Denies 57 Assigning IP Address to Network Interface seeeeeene 58 Static Route and Default Gateway ssssessseeeeme 58 Displaying Forwarding Information Base FIB Table seessssss 59 Forwarding Information Base FIB Retain eeeeee 59 Displaying Interface ente eee er a e ee cee 60 Sample Configuration ener enne 60 SSH Secure Shell eacus d cide ie e ud 61 SIE E 61 Enabling SSH Server ssssssssss
146. DRESS destination MAC address any any source destination MAC address ignore Classifies an IP address A B C D source destination IP address A B C D M source destination IP address with mask any any source destination IP address 0 255 IP protocol number 141 UMN CLI 142 Command User Manual SURPASS hiD 6615 S223 S323 R1 5 Description ip A B C D A B C D M any A B C D A B C D M any icmp ip A B C D A B C D M any A B C D A B C D M any icmp lt 0 255 gt any lt 0 255 gt any Classifies an IP protocol ICMP A B C D source destination IP address A B C D M source destination IP address with mask any any source destination IP address icmp ICMP ip A B C D A B C D M any A B C D A B C D M any tcp udp Classifies an IP protocol ICMP A B C D source destination IP address A B C D M source destination IP address with mask any any source destination IP address icmp ICMP 0 255 ICMP message type number 0 255 ICMP message code number ip A B C D A B C D M any A B C D A B C D M any tcp udp lt 0 65535 gt any lt 0 65535 gt any ip A B C D A B C D M any A B C D A B C D M any tcp lt 0 65535 gt any 0 655355 any TCP FLAG any Command Classifies an IP protocol TCP UDP A B C D source destination IP address A B C D M source destination IP address with mask any
147. Description snmp access GROUP v1 v2c Grants an SNMP group to access a specific SNMP READ VIEW WRITE VIEW NO view record TIFY VIEW GROUP group name snmp access GROUP v3 no Global Grants an SNMP version 3 group to access a specific auth auth priv READ VIEW SNMP view record WRITE VIEW NOTIFY VIEW GROUP group name no snmp access GROUP i SNMP view record A50010 Y3 C150 2 7619 Deletes a granted SNMP group to access a specific 107 UMN CLI 108 7 1 7 7 1 8 User Manual SURPASS hiD 6615 S223 S323 R1 5 To display a granted an SNMP group to access a specific SNMP view record use the fol lowing command Command Description Shows a granted an SNMP group to access a specific show snmp access SNMP view record The following is an example of permission to accessing an SNMP view record SWITCH config SWITCH config snmp access regroup vl test none none SWITCH config show snmp access Access List GroupName SecModel SecLevel ReadView WriteView NotifyView rogroup vil noauth TEST none none SWITCH config SNMP Version 3 User In SNMP version 3 you can register an SNMP agent as user If you register SNMP ver sion 3 user you should configure it with the authentication key To create delete SNMP version 3 user use the following command Command Description Creates SNMP version 3 user snmp user USER md5 sha USER enters user name AUTH K
148. Description snmp alarm severity erp domain lotp critical major minor warning intermediate snmp alarm severity erp domain multi rm critical major minor warning intermedi ate Sends alarm notification with the sever ity when no test packet has been re ceived within 3 test packet intervals in ERP mechanism Sends alarm notification with the sever ity when a Multiple RM node is created A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 Command Description snmp alarm severity erp domain reach fail Sends alarm notification with the sever critical major minor warning intermedi ity when there is disconnection between ate ERP domains Sends alarm notification with the sever Global ity when no test packet has been re snmp alarm severity erp domain ulotp critical ceived within 3 test packet intervals in major minor warning intermediate one ERP port while test packets are received in the other port with ERP state To delete a configured severity of alarm for ERP status use the following command Command Description no snmp alarm severity erp domain lotp no snmp alarm severity erp domain multi rm Aandi Deletes a configured severity of alarm oba no snmp alarm severity erp domain reach fail for ERP status no snmp alarm severity erp domain ulotp 7 1 9 7 STP Guard Alarm Severity To configure a sev
149. Disables the summarization function of routes no aggregate address A B C D M summary only as set Automatic Summarization of Path Automatic summarization is new feature to expend the route information up to the class of specified IP address on interface connected directly to BGP router For example A class is fundamentally had 8 as the subnet mask in case IP address assigned 100 1 1 1 in A class It can generate route information of 100 0 0 0 8 To enable disable automatic summarization of the route use the following command Command Description auto summary Enables automatic network summarization of a route no auto summary Disables automatic network summarization of a route Please note that use this feature when you use the basic classes in network A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 223 S323 R1 5 10 1 2 3 10 1 2 4 Multi Exit Discriminator MED During the best path selection process the switch compares weight local preference and as path in turn among the similar parameters of BGP routers Then the MED is consid ered when selecting the best path among many alternative paths The hiD 6615 S323 MED comparison is configured only among all paths from the autonomous system You can configure the comparison of MEDs among all BGP routers within autonomous system In addition MED is used when comparing of routes from the neighboring routers
150. E Deletes all multicast routes statistics clear ip mroute statistics entries Enable Global Deletes specific multicast routes statis clear ip mroute statistics GROUP ADDR SRC Bridge tics entries IP ADDRESS GROUP ADDR group IP address SRC IP ADDRESS source IP address Clearing MFC and Tree Information Base which are produced by PIM SM To clear all Multicast Forwarding Cache MFC and TIB entries in the PIM SM protocol level use the following command Command Description clear ip mroute pim sparse Lame d Deletes all MFC and TIB entries in the PIM SM mode clear ip mroute GROUP ADDR Deletes specific MFC and TIB entries in the PIM SM SRC IP ADDRESS pim sparse GROUP ADDR group IP address mode SRC IP ADDRESS source IP address A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 9 1 4 Displaying MRIB Information To display MRIB information use the following commands Command Description show ip mroute dense sparse count summary show ip mroute GROUP ADDR SRC IP ADDRESS dense sparse count summary show ip mroute GROUP ADDR SRC IP ADDRESS GROUP ADDR SRC IP ADDRESS dense sparse count summary Enable Displays multicast routes entries Global GROUP ADDR group IP address Bridge SRC IP ADDRESS source IP address show ip mroute GROUP ADDRIM dense sparse count summary To display the con
151. E FE FE FE AE FE FE E FE AE FE AE FE FE FE FE HE FE HEHE HEHE H E FEE FE AE E FE AE FE AE FE FE FE FE AE FE FE E FE AE FE AE FE FE FE FE AE FE FE FE FE FE FE AE FE FE FE FE AE FE FE E FE FE FE AE FE FE EEE FE FE FE FE AE EE FE FE FE FE E FE HEHE E H H E FEE AE AE E FE AE FE AE FE FE AE TE AE FE FE E FE FE FE AE FE FE FE FE AE FE FE FE FE AE FE AE FE FE FE FE AE FE AE E FE FE FE AE FE FE AE FE AE FE FE E ERE AE FE FE FE FE E FE HEHE E HE T Ted done Bytes transferred 13661822 d0767e hex Update flash Are you sure y n y Erasing Ox01D00000 Ox01D1FFFF Programming 0x01D00000 Ox01D1FFFF Verifying Ox01D00000 Ox01D1FFFF Boot gt flashinfo Flash Information Bytes Area OS size Default OS Standby OS OS Version osl 13661806 3 18 1009 os2 13661412 3 12 1008 Boot A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 223 S323 R1 5 11 3 Step 4 Reboot the system with the new system software using the following command Command Description boot os1 0s2 Reboots the system with specified system software reboot os1 os os1 os2 the area where the system software is stored If the new system software is a current standby OS just exit the boot mode then the in terrupted system boot will be continued again with the new system software To exit the boot mode use the following command Command Description Exits the boot mode FTP Upgrade The system software of the hi can be
152. ECURITY no snmp group GROUP v1 v2c v3 SECURITY Global Creates SNMP group enter the group name GROUP group name SECURITY security name Deletes SNMP group enter the group name GROUP group name show snmp group Enable Global Shows a created SNMP group A50010 Y3 C150 2 7619 User Manual SURPASS hiD 6615 S223 S323 R1 5 7 1 5 7 1 6 SNMP View Record UMN CLI You can create an SNMP view record to limit access to MIB objects with object identity OID by an SNMP manager To configure an SNMP view record use the following command Command Description Creates an SNMP view record VIEW view record name snmp view VIEW included included includes sub tree excluded O D MASK excluded excludes sub tree Global OID OID number MASK Mask value e g ff ff ff Deletes a created SNMP view record ho ship view WEW IORI VIEW view record name To display a created SNMP view record use the following command Command Mode Description Enable show snmp view Global Shows a created SNMP view record oba The following is an example of creating an SNMP view record SWITCH config f snmp view TEST included 410 SWITCH config show snmp view View list view TEST included 410 SWITCH config Permission to Access SNMP View Record To grant an SNMP group to access a specific SNMP view record use the following com mand Command
153. EY des PRIVATE KEY Global AUTH KEY Authentication passphrase min length 8 PRIVATE KEY Privacy passphrase min length 8 no snmp user USER Deletes a registered SNMP version 3 user To display SNMP version 3 user use the following command Command Description show snmp user Displays SNMP version 3 user SNMP Trap SNMP trap is an alert message that SNMP agent notifies SNMP manager about certain problems If you configure SNMP trap switch transmits pertinent information to network management program In this case trap message receivers are called trap host A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 7 1 8 1 i 7 1 8 2 i SNMP Trap Host To set an SNMP trap host use the following command Command Description snmp trap host IP ADDRESS COMMUNITY Specifies IP address of an SNMP trap host snmp trap2 host IP ADDRESS COMMUNITY Global snmp inform trap host Specifies IP address of SNMP information trap host IP ADDRESS COMMUNITY You need to configure an SNMP trap host with the snmp trap2 host command if you manage the switch via the ACI E To delete a specified SNMP trap host use the following command Command Description no snmp trap host P ADDRESS Deletes a specified SNMP trap host no snmp trap2 host P ADDRESS Global no snmp inform trap host P ADDRESS Deletes a specified information tr
154. FE AE FE EEE EEE FE FE FE FE AE FE FE FE FE FE FE AE FE FE FE FE AE FE FE E FE FE FE FE FE FE FE FE FE FE AE FE EEE AE FE FE FE HEE AE FE TE FE FE E E E E REEF FE EHE FE HE FE AE FE FE E FE FE FE AE FE FE FE FE EEE E FE FE FE AE FE FE FE FE FE FE AE FE FE FE FE FE FE FE AE FE FE FE AE FE FE FE FE AE FE FE FE EEE AE FE FE FE HEE HE FE FE HE FE E E E E E EHE Omitted FE EFE FE E FE AE FE FE E FE AE FE AE FE FE FE FE FE FE AE E FE FE FE AE FE FE E FE FE FE AE EEE FE FE AE ERE FE FE FE FE E FE FE FE FE FE FE FE FE EEE FE FE HE FE AE FE FE FE FE HE FE E FE E HE E E E PERRET AE FE FE FE FE AE HEE EEE EEE FE FE EH FE FE FE FE FE FE FE FE FE FE FE EEE FE FE FE FE FE FE FE E FE FE FE AE FE FE FE FE ERE FE FE FE FE AE FE FE FE TE FE RHE E EE E HERE AE FE FE E FE AE FE AE FE FE FE FE FE FE FE E FE FE FE FE FE FE E FE FE FE FE FE FE E EEE E FE FE FE FE FE FE E FE FE FE FE FE FE FE FE AE FE FE FE FE FE FE E FE E FE TE HE FE E E E E E E H E FE E FE FE FE FE AE FE FE E FE AE HEE EEE EEE FE FE FE FE AE FE FE E FE FE FE AE FE FE FE FE EEE ERE FE FE FE AE E FE FE FE AE FE EEE EEE FE FE FE FE AE FE FE HE RHE E E E ERE HERE AE FE FE E FE AE FE AE FE FE FE FE EEE FE FE FE FE AE FE FE FE FE FE FE FE FE FE E FE FE FE FE FE FE EH FE FE E FE FE FE AE FE FE FE FE EEE FE FE FE FE E FE E FE TE HE RHE E E E E H E FE EFE FE E FE AE FE FE FE FE HEE FE FE FE EEE ERE FE AE FE HE FE FE FE FE HE HE E E E E EH 226 Transfer complete ftp 13661428 bytes sent in 223 26Seconds 61 19Kbytes sec ftp gt
155. Global Shows a configuration for trunk Bridge Link Aggregation Control Protocol LACP Link Aggregation Control Protocol LACP is the function of using wider bandwidth by ag gregating more than two ports as a logical port as previously stated port trunk function If the integrated port by configuring from port trunk is in other VLAN which is different from VLAN where existing member port is originally belong to it should be moved to VLAN where the existing member port is belong to However the integrated port configured by LACP is automatically added to appropriate VLAN The LACP aggregator from LACP could support up to 14 so that it is possible to input ag gregator number from 0 to 13 and group ID of port trunk and aggregator number of LACP cannot be configured repeatedly The following explains how to configure LACP A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 8 2 2 1 8 2 2 2 e Configuring LACP e Packet Route e Operating Mode of Member Port Priority of Switch e Identifying Member Ports within LACP e BPDU Transmission Rate e Key value of Member Port Priority Displaying LACP Configuration Configuring LACP Step 1 Activate LACP function using the following command Command Description Enables LACP of designated Aggregator number AGGREGATIONS select aggregator ID that should be enabled for LACP valid value from 0 to 13 lacp aggregator AGGREGATIONS
156. Global routing table To display the information of virtual link use the following command Command Mode Description Enable show ip ospf virtual links bisbal Shows the information of virtual link oba A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 223 S323 R1 5 10 2 18 2 10 2 18 3 Displaying Debugging Information The hiD 6615 S323 uses debug command to find the reason of problem Use the follow ing command Command Description debug ospf all Shows all the debugging information Shows information about OSPF operation such as debug ospf events abr asbr OSPF neighbor router transmitted information decid Isa nssa os router vlink ing destination router calculating the shortest route and so on debug ospf ifsm events status TuS iti Shows the debugging information of OSPF interface imers debug ospf Isa flooding gen Shows information transmitted by OSPF and calculat erate refresh ing the shortest route Enable debug ospf nfsm events status Shows the debugging information of OSPF Neighbor timers router debug ospf nsm events status Shows the debugging information between OSPF timers process and NSM Network Services Module debug ospf packet hello dd Is ack Is request Is update Shows the debugging information of each packet all send recv detail debug ospf route ase
157. H config opt82 Command Mode Description Opens DHCP Option 82 Configuration mode for DHCP ip dhcp option82 Global i option 82 configuration On DHCP Option 82 Configuration mode configure a range of IP address used in DHCP server and designate the group in subnet and configure default gateway of the subnet Tab 3 7 is the main commands of DHCP Option 82 Configuration mode of hiD 6615 S223 8323 Command Description policy Configures a rule for option 82 packet remote id Configures a remote ID system remote id Configures the remote ID of the system system circuit id Configures the circuit ID of the system Tab 3 7 X Main Commands of DHCP Option 82 Configuration Mode A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 3 1 8 Interface Configuration Mode To open nterface Configuration mode enter the command interface NTERFACE on Global Configuration mode and then the prompt is changed from SWITCH config to SWITCH config if Command Mode Description interface INTERFACE Global Opens Interface Configuration mode Interface Configuration mode is to assign IP address in Ethernet interface and to activate or deactivate interface Tab 3 8 shows a couple of main commands of Interface Configuration mode Command Description bandwidth Configures bandwidth used to make routing information description Makes description of interface
158. ICMP TCP and UDP but it can truncate protocol information of Name server or NFS packets If sample size is long the system should take more time to s SNAPLEN inspect and packets can be dropped for small buffer size On the contrary if the sample size is small information can be leaked as the amount Therefore user should adjust the size as header size of protocol Display the selected packets by conditional expression as the intended type rpc Remote Procedure Call rtp Real time Transport Protocol rtcp Real time Transport Control Protocal vat Visual Audio Tool wb distributed White Board EXPRESSION Conditional expression Tab 7 4 Options for Packet Dump 176 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 7 16 2 7 17 Debug Packet Dump The hiD 6615 8223 8323 provides network debugging function to prevent system over head for unknown packet inflow Monitoring process checks CPU load per 5 seconds If there is more traffic than threshold user can capture packets using TCP Dump and save it to file User can download the dump file with the name of file number dump after FP connection to the system Verify the dumped packet contents with a packet analyze promgram To debug packet dump use the following command Command Description Debug with according to the conditions debug packet log COUNT COUNT packet counting VALUE TIME 1 10 Enable VALUE
159. MBER the system for a second To delete configured max new hosts use the following command Command Description Deletes the number of MAC address that can be no max new hosts PORTS learned on the port Deletes the number of MAC address that can be no max new hosts system learned on the system To display configured max new hosts use the following command Command Mode Description Enable show max new hosts Global Shows the configured Max new hosts Bridge If MAC that already counted disappears before passing 1 second and starts learning again it is not counted In case the same MAC is detected on the other port also it is not counted again For example if MAC that was learned on port 1 is detected on port 2 it is supposed that MAC moved to the port 2 So it is deleted from the port 1 and learned on the port 2 but it is not counted Port Security You can use the port security feature to restrict input to an interface by limiting and identi fying MAC addresses of the PCs that are allowed to access the port When you assign secure MAC addresses to a secure port the port does not forward packets with source addresses outside the group of defined addresses If you limit the number of secure MAC addresses to one and assign a single secure MAC address the PC attached to that port is assured the full bandwidth of the port Port Security on Port Step 1 Enable port security on the port
160. MMAND all in the level A50010 Y3 C150 2 7619 43 UMN CLI Command User Manual SURPASS hiD 6615 S223 8323 R1 5 Description privilege rmon alarm level lt 0 15 gt COMMAND all privilege rmon event level lt 0 15 gt COMMAND all privilege rmon history level lt 0 15 gt COMMAND all Uses the specific command of RMON Configuratio mode in the level privilege route map level lt 0 15 gt COMMAND all Uses the specific command of RMON Configuratio mode in the level privilege rule level 0 15 COMMAND all Uses the specific command of Route map Configura tion mode in the level privilege view level lt 0 15 gt COMMAND all Uses the specific command of Rule Configuration mode in the level privilege vrrp level lt 0 15 gt COMMAND all Uses the specific command of User EXEC mode in the level Uses the specific command of VRRP Configuratio mode in the level The commands that are used in low level can be also used in the higher level For exam ple the command in level 0 can be used in from level 0 to level 14 The commands should be input same as the displayed commands by show list There fore it is not possible to input the commands in the bracket separately SWITCHf show list clear arp inspection mapping counter lear ip bgp out lear ip bgp soft lear ip bgp soft in lear ip bgp soft out clear arp
161. MN CLI 296 User Manual SURPASS hiD 6615 S223 S323 R1 5 To flood multicast traffic when TCN packet is received use the following command Command Description ye Designates the port where multicast router is con ip igmp snooping tcn flood nected to on the system Global ip igmp snooping tcn vlan Designates the port where multicast router is con VLANS flood nected to on a VLAN interface With the ip igmp snooping tcn flood query count command you can enable multicast flooding on a switch for a short period of time following a topology change by configuring an IGMP query threshold Command Mode Description ip igmp snooping tcn flood Global Configures IGMP snooping TCN flood query count oba query count 1 10 1 10 number of IGMP queries To configure the interval of incoming IGMP General Query use the following command Command Description ip igmp snooping tcn flood Configures IGMP snooping TCN flood query Interval query interval lt 1 1800 gt 1 1800 Seconds With the ip igmp snooping tcn query solicit command you can direct a non spanning tree root switch to issue the same query solicitation Command Mode Description RE Configures the switch to send a query solicitation when ip igmp snooping tcn query n Global a TCN is detected on the system solicit address A B C D address query solicitation source IP address To stop the switch from sending a query solicitat
162. MP snooping querier interval on a VLAN interface The Timeout Value of IGMP v2 Snooping Querier s General Query Use this following command to configure the max response time in which the reply for the IGMP snooping query being sent should be received Command ip igmp snooping querier max response time lt 1 25 gt ip igmp snooping vlan VLANS querier max response time lt 1 25 gt Description Configures the IGMP snooping max response time interval on the system 1 25 The maximum response time in seconds Enables the IGMP snooping max response time on a VLAN interface VLANS VLAN ID To disable the max response time use the following command Command Description no ip igmp snooping querier max response time no ip igmp snooping vlan VLANS querier max response time Global Disables the IGMP snooping max response time inter val Disables the IGMP snooping max response time on a VLAN interface A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 223 S323 R1 5 9 2 5 3 To display IGMP query parameter use the following command Command Description show ip igmp snooping vlan g Verifies that the IGMP snooping querier is enabled VLANS querier detail IGMP v2 Snooping Last Member Interval When receive Leave Message from host in IGMP v2 Querier sends Specific Query and check whether there is Multicast Group Member
163. Manual SURPASS hiD 6615 S223 8323 R1 5 RADIUS and TACACS hiD 6615 S223 S323 supports client authentication protocol that is RADIUS Remote Au thentication Dial In User Service and TACACS Terminal Access Controller Access Con trol System Plus Not only user IP and password registered in switch but also authentica tion through RADIUS server and TACACS server are required to access Therefore se curity of system and network management is strengthened A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 3 3 1 Command Line Interface CLI This chapter describes how to use the Command Line Interface CLI which is used to configure the hiD 6615 S223 S323 system Command Mode e Useful Tips Command Mode You can configure and manage the hiD 6615 8223 89323 by console terminal that is in stalled on user s PC For this use the CLI based interface commands Connect RJ45 to DB9 console cable to the hiD 6615 8223 8323 This chapter explains how CLI command mode is organized before installing CLI command mode is consisted as follow Privileged EXEC View Mode Privileged EXEC Enable Mode e Global Configuration Mode Bridge Configuration Mode e Rule Configuration Mode DHCP Configuration Mode e DHCP Option 82 Configuration Mode e Interface Configuration Mode e RMON Configuration Mode e Router Configuration Mode e VRRP Configuration Mode e Route Map Configuration Mode A500
164. R ADMIN OPER i Ethernet 1 Up Down Force Full 0 OLf Oft x 2 Ethernet 1 Up Down Force Full 0 Off Off Y KE Ethernet d Up Down Auto Full 0 Off Off Y 4 Ethernet 1 Up Down Auto Full 0 Off Off Y S Ethernet i Up Down Auto Full 0 Off Off Y 6 Ethernet 1 Up Down Auto Full 0 Off Off Y T3 Ethernet i Up Down Auto Full 0 Off Off Y 8 Ethernet T Up Down Auto Full 0 Off Off Y 95 Ethernet di Up Down Auto Full 0 Off Off Yy 10 Ethernet 1 Up Down Auto Full 0 Off Off Y 11 Ethernet 1 Up Down Auto Full 0 Off Off Y T2 Ethernet 1 Up Down Auto Full 0 Off Off Y SWITCH Initializing Port Statistics To clear all recorded statistics of port and initiate use the following command It is possi ble to initiate statistics of port and select specific port Command Mode Function clear port statistics PORT all Global Initializes port statistics It is possible to select several oba ports Port Mirroring Port mirroring is the function of monitoring a designated port Here one port to monitor is called monitor port and a port to be monitored is called mirrored port Traffic transmitted from mirrored port is sent to monitor port so that user can monitor network traffic The following is a network structure to analyze the traffic by port mirroring It analyzes traf fic on the switch and network status by configuring Mirrored port and Monitor port con necting the computer that the watch program is installed to the port configured as Moni
165. R1 5 1 2 a 4 Name VID FID 123456789012345678901234567890123456789012 default 1 1 j u uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu br2 2 MEM rrr br3 3 CMM CTI T br4 4 M TCI SWITCH bridge Sample Configuration 2 Deleting Port based VLAN The following is deleting vlan id 3 among configured VLAN SWITCH bridge vlan del 3 3 SWITCH bridge exit SWITCH config interface 3 SWITCH interface shutdown SWITCH interface exit SWITCH config bridge SWITCH bridge no vlan 3 SWITCH bridge show vlan u untagged port t tagged port Name VID FID 123456789012345678901234567890123456789012 default 1 1 u u uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu br2 2 INE crc br4 4 4 assa x sso XR ROR ROS cease a cae eee ea eae ee AUR SWITCH bridge Sample Configuration 3 Configuring Protocol based VLAN The following is an example of configuring protocol based VLAN on the port 2 and port 4 k 0x800 packet among 0x300 packet among the packets enterin the packets entering p 9 to Port 4 to Port 2 SWITCH bridge vlan pvid 2 ethertype 0x800 5 SWITCH bridge vlan pvid 4 ethertype 0x900 6 SWITCH bridge show vlan protocol 190 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S8223 8323 R1 5 0x0800 Bi MPs See SSeS Soe che Suacleveunen s su busclscenensne sn spsubpentoensosuens 0x0900 TL c SWITCH bridge With above configuration the packets fro
166. RI Re GRE Rie Eee ete 133 Event Typeinuiatioieg idee ebd Eidem iiid ettmieteg edd 133 Activating RMON Event tcn Pater t e Hio re ur et ta 133 Deleting Configuration of RMON Event essem 134 Displaying RMON Event eeaeee aE dr EEE PAEA TE mene 134 SySIOGg PE A T ei mte ort cali terere 135 Syslog Output Level aises rriei pee erc eg cede cie eet ed ee re 135 FaGIlity COUE P 137 Syslog Bind Address itin eret eere ee pev Het e pae 137 Debug Message for Remote Terminal seeeeee 138 Disabling Syslog 1 ctor Ree e te ute E ie e ve d da 138 Displaying Syslog Message sssssseeeeeene emen 138 Displaying Syslog Configuration een 138 Rue and QOS 5 rinde a eade ep deinde in 139 How to Operate Rule and QOS sssssssssseseeseeeeen enn 139 Rule erere o icu PR 140 Rule GreatiOnm e e eere e RI E 140 Rule Priority cancel eal Lead d e re Rd hl eda ae 140 Packet Classifications iter a pe i HRS 141 R l ACtOR cio e eL esee Doe ede eL e roe e d rte e b od edd 143 Applying RUG icici wa a trt roh e re ed eae ee A ag 145 Modifying and Deleting Rule sse ene 145 DisplayinGaRUlewxis iot men ERU 146 OS sit hte tte mt tdt mend nitum ean metit it bte i ELLEN 146 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 7 6 3 1 7 6 3 2
167. Rebooting When installing or maintaining the system some tasks require rebooting the system by various reasons Then you can reboot the system with a selected system OS To restart the system manually use the following command Command Mode Description reload os1 os2 Enable Restarts the system If you reboot the system without saving new configuration new configuration will be de leted So you have to save the configuration before rebooting Not to make that mistake hiD 6615 8223 8323 is supported to print the following message to ask if user really wants to reboot and save configuration If you want to continue to reboot press y key if you want to save new configuration press n key SWITCH reload Do you want to save the system configuration y n A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 4 1 8 2 4 2 Auto System Rebooting The hiD 6615 S223 S323 reboots the system according to user s configuration There are two basises for system rebooting These are CPU and memory CPU is rebooted in case CPU Load or Interrupt Load continues for the configured time Memory is automatically rebooted in case memory low occurs as the configured times To enable auto system rebooting function use the following command Command Description Configure to reboot the system automatically in case an average of CPU or interrupt load exceeds the con auto reset cpu lt 50
168. Returns to default configuration To display ICMP interval configuration use the following command Command Mode Description Enable show ip icmp interval Global Shows ICMP interval configuration oba Transmitting ICMP Redirect Message User can configure to transmit ICMP Redirect Message Transmitting ICMP Redirect Message is one of the ways preventing DoS Denial of Service and this can make the switch provide the constant service to the hosts SURPASS hiD 6615 transmits more op timized route to the host than the present route between the host connected to the switch and the specific destination To activate the function transmitting ICMP Redirect Message use the following command Command Description R Activates the function transmitting ICMP Redirect ip redirects Message Global Deactivates the function transmitting ICMP Redi no ip redirecs rect Message A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 The following is an example for configuring ICMP Redirect Message and checking the configuration SWITCH config show running config omitted interface 1 ip address 222 121 68 247 24 f 1 SWITCH config ip redirects SWITCH config show running config omitted interface 1 ip address 222 121 68 247 24 i SWITCH config 7 14 4 The policy of unreached messages When the packets can t reach Destination host or the network
169. S hiD 6615 S223 8323 R1 5 Summary of Path Aggregation combines the characteristics of several different routes and advertises a sin gle route In the example of 2 routes information of 172 16 0 0 24 and 172 16 1 0 24 the as set parameter creates an aggregate entry advertising the path for a single route of 172 16 0 0 23 consisting of all elements contained in all paths being summarized Use this feature to reduce the size of path information by listing the AS number only once even if it was included in multiple paths that were aggregated And it s useful when ag gregation of information results in incomplete path information Using the summary only parameter transmits the IP prefix only suppressing the more specific routes to all neighbors Using the as set parameter transmits a single AS path in formation only one of AS numbers of each path To summarize route s information for the transmission use the following command Command Description aggregate address A B C D M Summarizes the information of routes and transmits it as set summary only to the other routers Router A B C D M network address summary only transmits IP prefix only aggregate address A B C D M summary eny Ss set as set transmits one AS path information To delete the route s information of specific network address use the following command Command Description no aggregate address A B C D M as set summary only Router
170. SIEMENS User Manual SURPASS hiD 6615 S223 S323 R1 5 UMN CLI A50010 Y3 C150 2 7619 UMN CLI A User Manual SURPASS hiD 6615 8223 8323 R1 5 Important Notice on Product Safety Elevated voltages are inevitably present at specific points in this electrical equipment Some of the parts may also have elevated operating temperatures Non observance of these conditions and the safety instructions can result in personal injury or in property damage Therefore only trained and qualified personnel may install and maintain the system The system complies with the standard EN 60950 1 IEC 60950 1 All equipment connected has to comply with the applicable safety standards The same text in German Wichtiger Hinweis zur Produktsicherheit In elektrischen Anlagen stehen zwangsl ufig bestimmte Teile der Ger te unter Spannung Einige Teile k nnen auch eine hohe Betriebstemperatur aufweisen Eine Nichtbeachtung dieser Situation und der Warnungshinweise kann zu K rperverletzungen und Sachsch den f hren Deshalb wird vorausgesetzt dass nur geschultes und qualifiziertes Personal die Anlagen installiert und wartet Das System entspricht den Anforderungen der EN 60950 1 IEC 60950 1 Angeschlossene Ger te m ssen die zutreffenden Sicherheitsbestimmungen erf llen Trademarks All designations used in this document can be trademarks the use of which by third parties for their own purposes could violate the rights of their owners
171. SNMP assumes every device is IP ac cessible This requires provisioning IP on every device and instituting an IP overlay net work even if the ultimate end user service is an Ethernet service This is impractical in a carrier environment For these reasons carriers look for management capabilities at every layer of the network The Ethernet layer has not traditionally offered inherent management capabilities so the IEEE 802 3ah Ethernet in the First Mile EFM task force added the Operations Admini stration and Maintenance OAM capabilities to Ethernet like interfaces These manage ment capabilities were introduced to provide some basic OAM function on Ethernet media EFM OAM is complementary not competitive with SNMP management in that it provides some basic management functions at Layer 2 rather than using Layer 3 and above as required by SNMP over an IP infrastructure OAM provides single hop functionality in that it works only between two directly connected Ethernet stations SNMP can be used to manage the OAM interactions of one Ethernet station with another OAM Loopback For OAM loopback function both the switch and the host should support OAM function OAM loopback function enables Loopback function from the user s device to the host which connected to the user s device and operates it To enable disable local OAM function use the following command Command Description oam local admin enable PORTS Enables local OAM oa
172. SWITCH bridge lldp adminstatus 10 tx only SWITCH bridge lldp msg txinterval 50 SWITCH bridge lldp msg txhold 8 SWITCH bridge show lldp config 10 GLOBL MsgTxInterval 50 MsgTxHold 8 gt txTTL 400 ReInitDelay 2 TxDelay 2 PORTS active adminStat optTLVs 10 enable Tx only 0xe SysName SysDesc SysCap SWITCH bridge A50010 Y3 C150 2 7619 125 UMN CLI 126 7 4 7 4 1 User Manual SURPASS hiD 6615 8223 8323 R1 5 Remote Monitoring RMON Remote Monitoring RMON is a function to monitor communication status of devices connected to Ethernet at remote place While SNMP can give information only about the device mounted SNMP agent RMON gives information about overall segments including devices Thus user can manage network more effectively For instance in case of SNMP it is possible to be informed traffic about certain ports but through RMON you can monitor traffics occurred in overall network traffics of each host connected to segment and cur rent status of traffic between hosts Since RMON processes quite lots of data its processor share is very high Therefore administrator should take intensive care to prevent performance degradation and not to overload network transmission caused by RMON There are nine defined RMON MIB groups in RFC 1757 Statistics History Alarm Host Host Top N Matrix Filter Packet Capture and Event The system supports two MIB groups of them most basic ones Sta ti
173. SWITCH config login SWITCH config login SWITCH config login SWITCH config AUTHEN Local login Remote login Accounting mode HOST maximum_login_counts RADIUS lt Radius Servers amp Key gt TO0 I l 1I Radius Retries 5 Radius Timeout 10 Radius Interface radius host host radius both password vertex vertex local radius enable remote radius enable local radius primary remote host primary radius server add radius retransmit 5 radius timeout 10 show login 8 default TACACS lt Tacacs Servers amp Key gt Tacacs Timeout 3 Tacacs Socket Port 49 Tacacs Interface default Tacacs PPP Id 1 Tacacs Authen Type ASCII Tacacs SWITCH config Priority Level A50010 Y3 C150 2 7619 MIN 8 characters letters and numbers 10071 Displayed according to priority 55 UMN CLI User Manual SURPASS hiD 6615 S223 S323 R1 5 Sample Configuration 2 Configuration TACACS server The following is an example of configuring authorization method as TACACS SWITCH config user add user testl Changing password for user Enter the new password minimum of 5 maximum of 8 characters Please use a combination of upper and lower case letters and numbers Enter new password vertex Re enter new password vertex Password changed SWITCH config login local tacacs enable SWITCH config login remote tacacs enable SWITCH config login l
174. TP Multiple Spanning Tree Protocol It constitutes the network with VLAN subdividing existing LAN domain logically and configure the route by VLAN or VLAN group instead of existing rout ing protocol A50010 Y3 C150 2 7619 209 UMN CLI 210 User Manual SURPASS hiD 6615 S223 8323 R1 5 Operation Here explains how STP MSTP differently operates on the LAN Suppose to configure 100 of VLAN from Switch A to B C In case of STP there s only a STP on all of VLAN and it does not provide multiple instances While existing STP is a protocol to prevent Loop in a LAN domain establishes STP per VLAN in order to realize routing suitable to VLAN environment It does not need to calculate all STP for several VLAN so that traffic overload could be reduced By reducing unnecessary overload and providing multiple transmission route for data forwarding it realizes load balancing and provides many VLAN through Instances MSTP In MSTP VLAN is classified to groups with same Configuration ID Configuration ID is composed of Revision name Region name and VLAN Instance mapping Therefore to have same configuration ID all of these tree conditions should be the same VLAN classi fied with same configuration ID is called MST region In a region there s only a STP so that it is possible to reduce the number of STP comparing to PVSTP There s no limitation for region in a network environment but it is possible to generate Instances up to 64 Therefore in
175. There are two ways to decide RP as central of PIM SM on multicast network One is that network administrator manually decides RP and the other way is that RP is automatically decided by exchanging information between multicast routers installed on network The information transmitted between multicast routers in the automatic way is called Bootstrap message and the router which sends this Bootstrap message is called BSR Bootstrap Router All PIM routers existing on multicast network can be BSR Routers that want to be BSP are named as candidate BSR and one router which has the highest priority becomes BSR among them If there are routers which have same priority then one router which has the highest IP address becomes BSR Bootstrap message in cludes priority to decide BSR hash mark to be used in Hash and RP information After deciding BSR routers which support RP transmit candidate RP message to BSR Can didate RP message includes priority IP address and multicast group Then BSR adds candidate RP message to Bootstrap message and transmits it to another PIM router Through this transmitted Bootstrap message RP of multicast group is decided User s equipment belonged in PIM SM network can be candidate BSR and BSR is de cided among them Candidate BSR transmits Bootstrap message to decide BSR You can configure priority to decide BSR among Bootstrap messages and Hash mask Bootstrap Router BSR The information transmitted between
176. To configure a default gateway use the following command Command Description gateway A B C D Configures a default gateway gateway Shows a currently configured default gateway To display a configured IP address subnet mask and gateway use the following com mand Command Description Shows a currently configured IP address subnet mask and gateway The configured IP address subnet mask and gateway on the MGMT interface are limited N to the boot mode only The following is an example of configuring an IP address subnet mask and gateway on the MGMT interface in the boot mode Boot ip 10 27 41 83 Boot netmask 255 255 255 0 Boot gateway 10 27 41 254 Boot show IP 10 27 41 83 GATEWAY 10 27 41 254 NETMASK 255 255 255 0 MAC 00 d0 cb 00 0d 83 MAC1 EIDIffLTfIIfitfibf Boot A50010 Y3 C150 2 7619 375 UMN CLI 376 User Manual SURPASS hiD 6615 S223 8323 R1 5 Step 3 Download the new system software via TFTP using the following command Command Description Downloads the system software load os1 os2 A B C D FILE os1 os2 the area where the system software is stored NAME A B C D TFTP server address FILENAME system software file name To verify the system software in the system use the following command Command Description flashinfo Shows the system software in the system To upgrade the system software in the boot mode TFTP ser
177. User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 7 4 2 5 7 4 2 6 7 4 2 7 Lower Bound of Threshold If you need to occur alarm when object used for sample inquiry is less than lower bound of threshold you should configure lower bound of threshold To configure lower bound of threshold use the following command Command Mode Description falling threshold NUMBER RMON Configures lower bound of threshold After configuring lower bound of threshold configure to generate RMON event when ob ject is less than configured threshold Use the following command Command Description Configures to generate RMON alarm when object is falling event lt 1 65535 gt less than configured threshold Configuring Standard of the First Alarm It is possible for users to configure the standard the first time alarm is occurred The user can select the first point when object is more than threshold or the first point when object is less than threshold or the first point when object is more than threshold or less than threshold To configure the first RMON alarm to occur when object is less than lower bound of threshold first use the following command Command Description ore falli Configures the first RMON Alarm to occur when object startup type fallin po s is less than lower bound of threshold first To configure the first alarm to occur when object is firstly more than upper bound of threshold use the follo
178. WITCH bridge port description 1 test1 SWITCH bridge show port description 1 NO TYPE STATE LINK DESCRIPTION ADM OPR 1 Unknown Up Down OHDX testl SWITCH bridge A50010 Y3 C150 2 7619 77 UMN CLI User Manual SURPASS hiD 6615 S223 S323 R1 5 5 2 7 Traffic Statistics 5 2 7 1 The Packets Statistics To display traffic statistic of each port or interface with MIB or RMON MIB data defined use the following commands Command Description show port statistics avg pkt Shows traffic statistics of average packet for a specified PORTS Ethernet port show port statistics avg pps E Shows traffic statistics of average packet type for a nable PORTS specified Ethernet port Global show port statistics interface Bridge Shows interface MIB counters of a specified Ethernet PORTS port show port statistics rmon Shows RMON MIB counters of a specified Ethernet PORTS port The following is an example of displaying traffic average of port 1 SWITCH bridge show port statistics avg pkt 1 Slot Port TX Rx Time pkts s bits s pkts s bits s port 1 5 sec 1 608 120 61 848 1 min 3 3 242 122 62 240 10 min 0 440 39 20 272 SWITCH bridge The following is an example of displaying RMON statistic counters of port 1 SWITCH bridge show port statistics rmon 1 Portl EtherStatsDropEvents 0 Et
179. a pause packet that tells remote ports to delay sending more packets for a specified period time In addition the Ethernet ports can receive and act upon pause packets from other devices A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 To configure flow control of the Ethernet port use the following command Command Description port flow control PORTS on Configures flow control for a specified port enter the off port number default off The following is an example of configuring flow control to port 25 SWITCH bridge show port 25 NO TYPE PVID STATUS MODE FLOWCTRL INSTALLED ADMIN OPER 25 Ethernet 1 Up Down Auto Half 0 Off Y SWITCH bridge port flow control 25 on SWITCH bridge show port 25 NO TYPE PVID STATUS MODE FLOWCTRL INSTALLED ADMIN OPER 25 Ethernet 1 Up Down Auto Half 0 Y SWITCH bridge 5 2 6 Port Description To specify a description of an Ethernet port use the following command Command Description port description PORTS Specifies a description of an Ethernet port DESCRIPTION no port description PORTS Deletes description of specified port To view description of port use the following command Command Mode Description Enable Global show port description PORTS Brid Shows description of one port or more ridge Interface The following is an example of making description of port 1 and viewing it S
180. a domain name dns search DOMAIN no dns search DOMAIN Removes a domain name It is possible to delete DNS server and domain name at the same time with the below command A50010 Y3 C150 2 7619 87 UMN CLI 88 6 1 10 6 1 11 6 1 12 6 1 12 1 User Manual SURPASS hiD 6615 S223 S323 R1 5 Command Mode Description Global Deletes DNS server and domain name Fan Operation In hiD 6615 223 S323 it is possible to control fan operation To control fan operation use the following command Command Mode Description fan operation on off Global Configures fan operation It is possible to configure to start and stop fan operation according to the system tempera ture To configure this refer the Section 6 1 12 3 Disabling Daemon Operation You can disable the daemon operation unnecessarily occupying CPU To disable certain daemon operation use the following command Command Mode Description halt P D Enable Disables the daemon operation You can display PID of daemon with the show process command SWITCH show process USER PID CPU SMEM VSZ RSS TTY STAT START TIME COMMAND admin 1 0 0 0 5 1448 592 S 15 56 0 03 init 3 admin ZI4 9 049 0 0 S 15 56 0 00 keventd admin 370 0 0 0 0 0 SN 15 56 0 00 ksoftirqd_CPUO admin 4 0 0 0 0 0 0 S 15 56 0 00 kswapd More System Threshold You can configure the switch with various kinds of the system thre
181. ability opaque Router Enables Opaque LSA management Default Route You can configure ASBR Autonomous System Boundary Router to transmit default route to OSPF network Autonomous System Boundary router transmits route created ex ternally to OSPF network However it does not create system default route To have autonomous System Boundary router create system default route use the follow ing command Command Mode Description default information originate Router Configures the default route The following items are detail options for the Default Route configuration metric Configures Metric value of the default route qmetric type metric type is for type of finding the path metric type 1 uses internal path cost with external path cost as a cost metric type 2 always uses external cost value only always Transmits the default route to outside e no summary Restricts to exchange routing information between OSPF area in NSSA A50010 Y3 C150 2 7619 351 UMN CLI 352 10 2 11 User Manual SURPASS hiD 6615 S223 8323 R1 5 route map Transmits specific routing information to assigned route which has MAP NAME The detail options for default route configuration are classified in 4 as above and those configurations can be selected more than 2 options without order The following is explaining options of command metric lt 0 16777214 gt metric type 1 27 always route map MAP NAME To co
182. add the policy to block or to allow some packets of specific address after config uring the basic policy of MAC Filtering To add this policy use the following commands on Bridge Configuration mode A50010 Y3 C150 2 7619 163 UMN CLI 7 12 3 7 12 4 7 12 5 164 User Manual SURPASS hiD 6615 S223 S323 R1 5 Command Description mac filter add MACADDR Allows or blocks packet which brings configured mac deny permit address to specified port Variable MAC ADDRESS is composed of twelve digits number in Hexa decimal It is pos sible to check it by using the show mac command 00 d0 cb 06 01 32 is an example of MAC address Deleting MAC Filter Policy To delete MAC filtering policy use the following command Command Description mac filter del SOURCE MACADDR Deletes filtering policy for specified MAC address lt 1 4094 gt To delete MAC filtering function use the following command Command Mode Description no mac filter Bridge Deletes all MAC filtering functions Listing of MAC Filter Policy If you need to make many MAC filtering policies at a time it is hard to input command one by one In this case it is more convenient to save MAC filtering policies at Jetc mfdb conf and display the list of MAC filtering policy To view the list of MAC filtering policy at etc mfdb conf use the following command Command Description mac filter list Shows the list of MAC filtering policy at etc
183. address Profile A B C D high IP multicast address no range A B C D A B C D Deletes a configured group range A50010 Y3 C150 2 7619 301 UMN CLI User Manual SURPASS hiD 6615 8223 8323 R1 5 9 2 8 4 Applying IGMP Profile to the Filter Port To apply the configured IGMP Profile to the filter port use the following command Command Description Configures IGMP profile PORTS port number 1 2147483647 number of configured IGMP profile ip igmp filter port PORTS profile lt 1 2147483647 gt To cancel the applying of the profile use the following command Command Mode Description Disables an applied IGMP profile no ip igmp filter port PORTS Global PORTS port number To display the IGMP filter configuration use the following command Command Description show ip igmp filter port PORTS Shows a configuration 9 2 8 5 Max Number of IGMP Join Group You can configure the maximum number of IGMP groups that a Layer 2 interface can join To configure the maximum number of IGMP groups per port use the following command Command Description Configures the maximum number of IGMP groups ip igmp max groups port PORTS GINA PORTS port number oba count lt 0 2147483647 gt 0 2147483647 maximum number of IGMP groups that the port can join To return to the default setting use the following command Command Description no ip igmp max groups port Returns to the default
184. aggregatable individual aggregatable To clear aggregated to LACP of configured member port use the following command Command Description Deletes the configured member port in LACP select no lacp port aggregation PORTS the member port 8 2 2 5 BPDU Transmission Rate Member port transmits BPDU with its information For the hiD 6615 8223 8323 it is pos sible to configure the BPDU transmission rate use the following command Command Description Configures BPDU transmission rate lacp port timeout PORTS short PORTS select the port number long short fast rate once every 1 sec long slow rate 30 sec default To clear BPDU transmission rate use the following command clear means long timeout Command Description f Deletes BPDU transmission rate of configured member no lacp port timeout PORTS port select the port number 8 2 2 6 Key value of Member Port Member port of LACP has key value All member ports in one aggregator have same key values To make an aggregator consisted of specified member ports configure different key value with key value of another port Command Description Configures key value of member port PORTS select the port number 1 15 select the port key value default 1 lacp port admin key PORTS lt 1 15 gt A50010 Y3 C150 2 7619 197 UMN CLI 8 2 2 7 8 2 2 8 198 User Manual SURPASS hiD 6615 S223 S323 R1 5 To delete key
185. alidation method You can also set a validation value of how many responses and how long waiting time out for the responses from an IP address for a requested ping or ARP when a DHCP server validates an IP address To set a validation value of how many responses from an IP address for a requested ping or ARP use the following command Command Mode Description ip dhcp arp ping packet lt 0 Global Sets a validation value of how many responses oba 20 gt 0 20 response value default 2 To set a validation value of timeout for the responses from an IP address for a requested ping or ARP use the following command Command Mode Description d A i Sets a validation value of timeout for the responses in ip dhcp arp ping timeout lt 100 5000 gt Global the unit of millisecond 100 5000 timeout value default 500 Authorized ARP The authorized ARP is to limit the leasing of IP addresses to authorized users This func tion strengthens security by blocking ARP responses from unauthorized users at the DHCP server To disacrd an ARP response from unauthorized user use the following command Command Description ip dhcp authorized arp lt 120 Discards an ARP response from unauthorized user 2147483637 gt Global 120 2147483637 starting time multiples of 30 no ip dhcp authorized arp Disables the authorized ARP function A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6
186. ally unique identifier OUI when configuring a packet forwarding address The OUI is a 24 bit number assigned to a company or organization for use in various network hardware products which is a first 24 bits of a MAC address If an OUI is specified a DHCP relay agent will forward DHCP_DISCOVER message to a specific DHCP server according to a specified OUI To specify a packet forwarding address with an OUI use the following command Command Description Specifies a packet forwarding address with an OUI More than one address is possible XX XX XX OUI first 24 bits of a MAC address in the Interface form of hexadecimal A B C D DHCP server address ip dhcp oui XX2OCXX helper address A B C D no ip dhcp oui XX2O0CXX helper address A B C D Deletes a specified packet forwarding address Smart Relay Agent Forwarding Normally a DHCP relay agent forwards DHCP_DISCOVER message to a DHCP server only with a primary IP address on an interface even if there is more than one IP address on the interface If the smart relay agent forwarding is enabled a DHCP relay agent will retry sending DHCP DISCOVER message with a secondary IP address in case of no response from the DHCP server A50010 Y3 C150 2 7619 251 UMN CLI 252 8 8 5 User Manual SURPASS hiD 6615 S223 S323 R1 5 To enable the smart relay agent forwarding use the following command Command Mode Description ip dhcp smart relay Enables a s
187. also time configuration commands in Privileged EXEC Enable mode and accessing commands to Global Configuration mode Limiting Number of User For hiD 6615 S223 S323 you can limit the number of user accessing the switch through both console port and telnet In case of using the system authentication with RADIUS or TACACS the configured number includes the number of user accessing the switch via the authentication server To set the number of user accessing the switch use the following command Command Description Sets the number of user accessing the switch login connect lt 1 8 gt Default 8 Telnet Access To connect to the host through telnet at remote place use the following command Command Description Connects to a remote host DESTINATION IP address or host name telnet DESTINATION TCP PORT In case of telnet connection you should wait for OK message when you save a system configuration Otherwise all changes will be deleted when the telnet session is discon nected SWITCH write memory OK SWITCH The system administrator can disconnect users connected from remote place To discon nect a user connected through telnet use the following command Command Mode Description disconnect 77Y NUMBER Enable Disconnects a user connected through telnet The following is an example of disconnecting a user connected from a remote place SWITCH where admin at from console for 4 days 22
188. ame no neighbor NEIGHBOR IP peer Removes BGP neighbor from the specified Peer group NAME Group Route Map You can apply the specific route map on neighboring router that the exchange route in formation between routers or blocking the IP address range is configured on route map To make BGP Neighbor router exchange the routing information using Route map use the following command Command Description Applies a route map to incoming or outgoing routes on g neighboring router or peer group and exchange the neighbor NEIGHBOR IP GROUP route map NAME in out route information NEIGHBOR IP neighbor IP address GROUP peer group name NAME route map name no neighbor NEIGHBOR IP GROUP route map NAME in Removes the connection with configured route map out Force Shutdown The hiD 6615 S323 supports the feature to force to shutdown any active session for the specified BGP router or peer group and to delete the routing data between them It shut downs all connections and deletes the received path information from neighboring router or peer group A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 223 S323 R1 5 10 1 5 10 1 5 1 To disable the exchange information with a specified router or peer group use the follow ing command Command Description Shutdowns any active session for the specified router neighbor NE GHBOR IP or peer group and de
189. an also specify several subnets in a single DHCP pool Range of IP Address To specify a range of IP addresses that will be assigned to DHCP clients use the follow ing command Command Description Specifies a range of IP addresses range A B C D A B C D DHCP Pool A B C D start end IP address no range A B C D A B C D Deletes a specified range of IP addresses A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 The following is an example for specifying the range of IP addresses SWITCH config service dhcp SWITCH config ip dhcp pool sample SWITCH config dhcp sample network 100 1 1 0 24 SWITCH config dhcp sample default router 100 1 1 254 SWITCH config dhcp sample range 100 1 1 1 100 1 1 100 SWITCH config dhcp sample n You can also specify several inconsecutive ranges of IP addresses in a single DHCP pool e g 100 1 1 1 to 100 1 1 62 and 100 1 1 129 to 100 1 1 190 When specifying a range of IP address the start IP address must be prior to the end IP address 8 8 1 4 Default Gateway To specify a default gateway of the DHCP pool use the following command Command Description default router A B C D1 Specifies a default gateway of the DHCP pool A B C D2 A B C D8 A B C D default gateway IP address no default router A B C D1 DHCP Pool Deletes a specified default gateway A B C D2 A B C D8 no default route
190. and Description enable Opens Privileged EXEC Enable mode You can set a password to Privileged EXEC Enable mode to enhance security Once set ting a password you should enter a configured password when you open Privileged EXEC Enable mode Tab 3 2 shows main commands of Privileged EXEC Enable mode Command Description clock Inputs time and date in system configure terminal Opens Configuration mode telnet Connects to another device through telnet terminal length Configures the number of lines to be displayed in screen traceroute Traces transmission path of packet where Finds users accessed to system through telnet Tab 3 2 X Main Commands of Privileged EXEC Enable Mode Global Configuration Mode In Global Configuration mode you can configure general functions of the system You can also open another configuration mode from this mode To open Global Configuration mode enter the configure terminal command and then the system prompt will be changed from SWITCH to SWITCH config Command Mode Description Opens Global Configuration mode from Privileged EXEC Enable mode configure terminal Enable A50010 Y3 C150 2 7619 29 UMN CLI 30 3 1 4 User Manual SURPASS hiD 6615 S223 S323 R1 5 Tab 3 3 shows a couple of important main commands of Global Configuration mode Command Description access list Configures policy to limit routing
191. and prevent sharing information in the above case NetBIOS filtering is necessary Command Description netbios filter PORTS Configures NetBIOS filtering to a specified port To disable NetBIOS filtering according to user s request use the following command Command Mode Description no netbios filter PORTS Bridge Disables NetBIOS filtering from a specified port To display a configuration of NetBIOS filtering use the following command Command Mode Description Global show netbios filter Brid Shows a configuration of NetBIOS filtering ridge A50010 Y3 C150 2 7619 155 UMN CLI 156 7 8 User Manual SURPASS hiD 6615 S223 S323 R1 5 The following is an example of configuring NetBIOS filtering in port 1 5 and showing it SWITCH bridge netbios filter 1 5 SWITCH bridge show netbios filter o enable disable SWITCH bridge Martian Filtering It is possible to block packets which trying to bring different source IP out from same network If packet brings different IP address not its source IP address then it is impos sible to know it makes a trouble Therefore you would better prevent this kind of packet outgoing from your network This function is named as Martian filter To block packets which try to bring different source IP out from same network use the fol lowing command Command Mode Description Blocks packets which bring different source IP address ip mar
192. anual SURPASS hiD 6615 S223 S323 R1 5 4 3 7 Displaying Interface To display interface status and configuration use the following command Command Mode Description Enable show interface NTERFACE Global Interface Shows interface status and configuration INTERFACE interface name show ip interface NTERFACE Enable Shows brief information of interface brief Global INTERFACE interface name 4 3 8 Sample Configuration Sample Configuration 1 The followings are examples of enabling interface 1 in two ways D On Configuration Mode SWITCH configure terminal SWITCH config interface noshutdown 1 SWITCH config 2 On Interface Configuration Mode SWITCH configure terminal SWITCH config interface 1 SWITCH config if no shutdown SWITCH config if Sample Configuration 2 The following is an example of assigning IP address 192 168 1 10 to 1 SWITCH config if ip address 192 168 1 10 16 SWITCH config if show ip IP Address Scope Status 192 168 1 10 16 global SWITCH config if Sample Configuration 3 The following is an example of configuring default gateway SWITCH configure terminal SWITCH config ip route default 192 168 1 254 SWITCH config 60 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 4 4 SSH Secure Shell Network security is getting more important according to using network has been general ized between use
193. any source destination IP address tcp TCP udp UDP Classifies an IP protocol TCP UDP A B C D source destination IP address A B C D M source destination IP address with mask any any source destination IP address tcp TCP udp UDP 0 65535 TCP UDP source destination port number any any TCP UDP source destination port Classifies an IP protocol TCP A B C D source destination IP address A B C D M source destination IP address with mask any any source destination IP address tcp TCP 0 65535 TCP source destination port number any any TCP source destination port TCP FLAG TCP flag e g S SYN F FIN any any TCP flag To delete a specified packet classifying pattern use the following command Description no vlan no cos no tos no length no ethtype no mac no ip Deletes a specified packet classifying pattern for each option A50010 Y3 C150 2 7619 User Manual SURPASS hiD 6615 S223 S323 R1 5 7 6 2 4 Rule Action UMN CLI To specify a rule action match for the packets matching configured classifying patterns use the following command Command Description match deny match permit Denies a packet match redirect PORT Permits a packet match mirror Redirects to specified egress port PORT uplink port number match dscp lt 0 63 gt Sends a copy to mirror monitoring port match co
194. ap host You can set maximum 16 SNMP trap hosts with inputting one by one The following is an example of setting an SNMP trap host SWITCH config snmp trap host 10 1 1 3 SWITCH config snmp trap host 20 1 1 5 SWITCH config snmp trap host 30 1 1 2 SWITCH config SNMP Trap Mode To select an SNMP trap mode use the following command Command Mode Description snmp trap mode alarm report Global Selects SNMP trap mode according to user s network oba event environment alarm report or event e event trap mode is set by default It means that Dasan trap OID will be used upon sending the trap if the trap mode is event alarm report trap mode will be used form SLE MIB OID which is Siemens private OID In order to manage hiD 6615 8223 8323 using ACI E the trap mode must be set as alarm report Otherwise ACI E would not recognize any traps set from the hiD 6615 9223 8323 A50010 Y3 C150 2 7619 109 UMN CLI User Manual SURPASS hiD 6615 S223 S323 R1 5 7 1 8 3 Enabling SNMP Trap The system provides various kind of SNMP trap but it may inefficiently work if all these trap messages are sent very frequently Therefore you can select each SNMP trap sent to an SNMP trap host The system is configured to send all the SNMP traps as default authentication failure is shown to inform wrong community is input when user trying to access to SNMP inputs wrong community
195. ap link up PORTS NODE no snmp trap link down PORTS NODE no snmp trap cpu threshold no snmp trap port threshold no snmp trap temp threshold no snmp trap dhcp lease no snmp trap fan no snmp trap power no snmp trap module A50010 Y3 C150 2 7619 Global Disables each SNMP trap When you use the no snmp command all configurations concerning SNMP will be deleted 111 UMN CLI 112 7 1 8 5 7 1 9 7 1 9 1 User Manual SURPASS hiD 6615 8223 8323 R1 5 Displaying SNMP Trap To display a configuration of SNMP trap use the following command Command Description show snmp trap Shows a configuration of SNMP trap The following is an example of configuring IP address 10 1 1 1 as trap host 20 1 1 1 as trap2 host and 30 1 1 1 as inform trap host SWITCH config snmp trap host 10 1 1 1 SWITCH config snmp trap2 host 20 1 1 1 SWITCH config snmp inform trap host 30 1 1 1 SWITCH config show snmp trap Trap Host List Host Community inform trap host 30 1 1 1 trap2 host 20scL t T trap host T0 d el fd Trap List Trap type Status auth fail enable cold start enable cpu threshold enable port threshold enable dhcp lease enable power enable module enable fan enable temp threshold enable SWITCH config SNMP Alarm The hiD 6615 S223 S323 provides an alarm notification function The alarm will be sent to a SNMP trap host whenever a specific e
196. ards BPDU However SWITCH C recognizes root existing so it transmits BPDU including information of root to Bridge B Thus SWITCH B configures a port connected to SWITCH C as new root port Switch A saene T UE Switch C BPDU including Root information Fig 8 15 Example of Receiving Low BPDU Rapid Network Convergence A new link is connected between SWITCH A and root Root and SWITCH A is not directly connected but indirectly through SWITCH D After SWITCH A is newly connected to root packet cannot be transmitted between the ports because state of two switches becomes listening and no loop is created In this state if root transmits BPDU to SWITCH A SWITCH A transmits new BPDU to SWITCH A and SWITCH C switch C transmits new BPDU to SWITCH D SWITCH D which received BPDU from SWITCH C makes port connected to SWITCH C Blocking state to prevent loop after new link A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 ROOT 1 New link created KR p Switch A adi E be em any m Switch B i N 7 3 Block to prevent loop gt BPDU Flow 2 n BPDU at listening state Switch C Switch D Fig 8 16 Convergence of 802 1d Network This is very an epochal way of preventing a loop The matter is that communication is disconnected during two times of BPDU Forward delay till a port connected to switch D and SWITCH C is blocked Then right after the connection
197. arge number of BGP sessions may become a scaling issue In principle all members of BGP routers within a single AS must connect to other neighboring routers The preferred way to con figure a large number of BGP neighbors is to configure a few groups consisting of multi ple neighbors per group Supporting fewer BGP groups generally scales better than sup porting a large number of BGP groups This becomes more evident in the case of dozens of BGP neighboring groups when compared with a few BGP groups with multiple peers in each group If the routers belong to same group they can be applied by same configura tion This group is called as Peer Group After peer relationships have been established the BGP peers exchange update mes sage to advertise network reachability information You can arrange BGP routers into groups of peers A50010 Y3 C150 2 7619 325 UMN CLI 326 10 1 4 3 10 1 4 4 User Manual SURPASS hiD 6615 S223 S323 R1 5 To create a BGP Peer Group use the following command Command Description Create a BGP peer group neighbor NAME peer group Router NAME peer group name no neighbor NAME peer group Delete the BGP peer group created before To specify neighbor to the created peer group use the following command Command Description Includes BGP neighbor to specified peer group using neighbor NE GHBOR IP peer IP address group NAME NEIGHBOR IP neighbor IP address NAME peer group n
198. art agent restarts snmp trap link up PORTS Configures the system to send SNMP trap when a port NODE is connected to network snmp trap link down PORTS Global Configures the system to send SNMP trap when a port oba NODE is disconnected from network Configures the system to send SNMP trap when CPU snmp trap cpu threshold load exceeds or falls below the threshold Configures the system to send SNMP trap when the snmp trap port threshold port traffic exceeds or falls below the threshold Configures the system to send SNMP trap when sys snmp trap temp threshold tem temperature exceeds or falls below the threshold Command Mode Description 110 A50010 Y3 C150 2 7619 User Manual SURPASS hiD 6615 S223 S323 R1 5 7 1 8 4 N snmp trap dhcp lease snmp trap fan snmp trap power snmp trap module Disabling SNMP Trap Global UMN CLI Configures the system to send SNMP trap when no more IP address that can be assigned in the subnet of DHCP server is left Configures the system to send SNMP trap when the fan begins to operate or stops Configures the system to send SNMP trap when any problem occurs in power Configures the system to send SNMP trap when there is any problem in module To disable SNMP trap use the following command Command Description no snmp trap auth fail no snmp trap cold start no snmp tr
199. ary nssa Enable external opaque link opaque area opaque Shows the OSPF database Global as adv router A B C D show ip ospf database asbr summary exter nal network router summary nssa external opaque link opaque area opaque as A B C D show ip ospf database asbr summary exter nal network router summary nssa external opaque link opaque area opaque as A B C D self originate show ip ospf database asbr summary exter nal network router summary nssa external opaque link opaque area opaque as A B C D adv router A B C D A50010 Y3 C150 2 7619 357 UMN CLI 358 User Manual SURPASS hiD 6615 S223 S323 R1 5 To display the interface information of OSPF use the following command Command Description Shows the interface information of show ip ospf interface NTERFACE OSPF To display the information of neighbor route use the following command Command Description show ip ospf neighbor show ip ospf neighbor A B C D detail z Enable Shows the information of neighbor show ip ospf neighbor interface A B C D Global router show ip ospf neighbor detail all show ip ospf neighbor all To display the routing information which is registered in routing table use the following command Command Mode Description g Enable Shows the routing information which is registered in show ip ospf route
200. ast group The hiD 6615 S223 S323 provides IGMP V2 IGMP snooping and PIM SM for host membership management and multicast routing SNMP Simple Network Management Protocol SNMP is to manage Network Elements using TCP IP protocol The hiD 6615 8223 8323 supports SNMP version 1 2 3 and Remote Monitoring RMON Network operator can use MIB also to monitor and manage the hiD 6615 8223 8323 IP Routing The hiD 6615 S323 is Layer 3 switch which has routing table and IP address as router Therefore it supports static routing RIP v1 v2 OSPF v2 and BGP v4 for unicast routing A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 DHCP The hiD 6615 8223 8323 supports DHCP Dynamic Host Control Protocol Server that automatically assigns IP address to clients accessed to network That means it has IP address pool and operator can effectively utilize limited IP source by leasing temporary IP address In layer 3 network DHCP request packet can be sent to DHCP server via DHCP relay and Option 82 function Spanning Tree Protocol STP To prevent loop and preserve backup route in layer 2 network the hiD 6615 8223 8323 supports STP 802 1D Between STP enabled switches a root bridge is automatically selected and the network remains in tree topology But the recovery time in STP is very slow about 30 seconds RSTP Rapid Spanning Tree Protocol is also provided IEEE 802 1W defines the recovery time as 2 seconds If
201. ate RP no ip pim rp candidate Deletes the setting of candidate RP of specific inter INTERFACE Global face no ip pim rp candidate INTERFACE group list lt 1 99 gt A50010 Y3 C150 2 7619 309 UMN CLI 9 3 4 3 9 3 4 4 9 3 5 9 3 5 1 9 3 5 2 310 User Manual SURPASS hiD 6615 S223 S323 R1 5 KAT Keep Alive Time of RP You can configure KAT for S G states at RP to monitor PIM Register packets overriding the generic KAT timer value Command Mode Description Configures Keep Alive Time ip pim rp register kat lt 1 65535 gt i we Global 1 65535 time no ip pim rp register kat Disables a KAT configuration Ignoring RP Priority To ignore the RP SET priority value and use only the hashing mechanism for RP selec tion use the following command It is used to inter operate with older Cisco IOS versions Command Mode Description ip pim ignore rp set priority Ignores the PR SET priority value Global no ip pim ignore rp set priority Deletes the priority ignoring configuration PIM SM Registration Rate Limit of Register Message You can configure the rate of register packets sent by the designated router DR in units of packets per second Enabling this command will limit the load on the DR and RP at the expense of dropping those register messages that exceed the set limit Receivers may experience data packet loss within the first second in which regi
202. ation in OSPF router To configure authentication of OSPF router for security use the following command Command Description ip ospf authentication mes Enables authentication on OSPF interface sage digest null message digest MD5 encoding Interface ip ospf A B C D authentication null no encoding message digest null A B C D IP address for authentication If there is no choice of authentication type the code communication will be based on text To delete comfigured authentication use the following command Command Description no ip ospf authentication mes sage digest null Interface Deletes configured authentication no ip ospf A B C D authentica tion message digest null Authentication Key If authentication enables on OSPF router interface the password is needed for authenti cation The authentication key works as a password The authentication key must be con sistent across all routers in an attached network There are two ways of authentication by user selection one is type based on text and another is MD5 type The authentication key must be consistent across all routers in an attached network To configure an authentication key which is based on text encoding use the following command Command Description ip ospf authentication key KEY ip ospf authentication key KEY first second active ip ospf A B C D authentication Configures the aut
203. ation using the following command A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 4 5 2 2 4 5 2 3 4 5 2 4 Command Mode Description dotix reauth enable PORTS Enables 802 1x re authentication Global no dotix reauth enable PORTS Disables 802 1x re authentication Configuring the Interval of Re Authentication RAIDIUS server contains the database about the user who has access right The data base is real time upgraded so it is possible for user to lose the access right by updated database even though he is once authenticated In this case even though the user is ac cessible to network he should be authenticated once again so that the changed database is applied to Besides because of various reasons for managing RADIUS server and 802 1x authentication port the user is supposed to be re authenticated every regular time The administrator of hiD 6615 8223 8323 can configure a term of re authentication To configure a term of re authentication use the following command Command Description dot1x timeout reauth period 1 Sets the period between re authentication attempts 4294967295 PORTS Global no dotix timeout reauth period Deletes the period between re authentication attempts PORTS Configuring the Interval of Requesting Re authentication When the authenticator sends Request Identity packet for re authentication and no re sponse is receive
204. ba show snmp agent address Shows an IP address of SNMP agent A50010 Y3 C 150 2 7619 105 UMN CLI 106 7 1 3 7 1 4 SNMP Com2sec User Manual SURPASS hiD 6615 S223 S323 R1 5 SNMP v2 authorizes the host to access the agent according to the identity of the host and community name The command com2sec specifies the mapping from the identity of the host and community name to security name To configure an SNMP security name use the following command Command Description snmp com2sec SECURITY IP ADDRESS IP ADDRESS M COMMUNITY no snmp com2sec SECURITY Global Specifies the mapping from the identity of the host and community name to security name enter security and community name SECURITY security name COMMUNITY community name Deletes a specified security name enter the security name SECURITY security name show snmp com2sec Enable Global Shows a specified security name The following is an example of configuring SNMP com2sec SWITCH config snmp com2sec TEST 10 1 1 1 PUBLIC SWITCH config show snmp com2sec Com2Sec List SecName Source Community com2sec TEST 10 1 1 1 PUBLIC SWITCH config SNMP Group You can create an SNMP group that can access SNMP agent and its community that be longs to a group To create an SNMP group use the following command Command Description snmp group GROUP v1 v2c v3 S
205. ble commands input question mark lt gt When you input the question mark lt gt in each command mode you can see available commands used in this mode and variables following after the commands The following is the available commands on Privileged EXEC Enable mode of the hiD 6615 8223 8323 SWITCH Exec commands clear Reset functions clock Manually set the system clock configure Enter configuration mode copy Copy from one file to another debug Debugging functions see also undebug disconnect Disconnect user connection enable Turn on privileged mode command erase Erase saved configuration exit End current mode and down to previous mode halt Halt process help Description of the interactive help system no Negate a command or set its defaults ping Send echo messages quote Execute external command rcommand Management stacking node release Release the acquired address of the interface reload Reload the system renew Re acquire an address for the interface restore Restore configurations show Show running system information ssh Configure secure shell tech support Technical Supporting Function for Diagnosis System ommitted SWITCH Question mark will not be seen in the screen and you do not need to press ENTER key to display commands list If you need to find out the list of available commands of the current mode in detail use the following command A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hi
206. ble for ABR A50010 Y3 C150 2 7619 343 UMN CLI 344 10 2 6 4 User Manual SURPASS hiD 6615 S223 8323 R1 5 Not So Stubby Area NSSA NSSA Not So Stubby Area is stub Area which can transmit the routing information to Area by ASBR On the other hand Stub Area cannot transmit the routing information to area To configure NSSA use the following command Command Mode Description area lt 0 4294967295 gt nssa Router Configures NSSA The following options are configurable for NSSA default information originate This option is configuration for allowing default path of Type 7 in NSSA It means routing path without routing information will use the interface which is allowed in de fault type 7 path metric is for metric value metric type is for type of finding the path metric type 1 uses internal path cost with external path cost as a cost metric type 2 always uses external cost value only no redistribution This option is configuration in NSSA for restriction to retransmit the routing informa tion which is from outside no summary This option is for restriction to exchange routing information between OSPF areas e translator role NSSA LSA Link State Advertisement has three types according to the way of process type always changes all NSSA LSA into Type 5 LSA candidate changes NSSA LSA into Type 5 LSA when it is translator never does not change NSSA LSA NSSA uses ASBR when it transmits Stub Area or othe
207. bye 221 Goodbye C gt A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 223 S323 R1 5 12 Abbreviations ACL Access Control List ARP Address Resolution Protocol BGP Border Gateway Protocol CBS Committed Burst Size CE Communaut Europ enne CIDR Classless Inter Domain Routing CIR Committed Information Rate CLI Command Line Interface CoS Class of Service CPE Customer Premises Equipment CRC Cyclic Redundancy Check Code DA Destination Address DHCP Dynamic Host Configuration Protocol DSCP Differentiated Service Code Point EGP Exterior Gateway Protocol EMC Electro Magnetic Compatibility EN Europ ische Norm European Standard ERP Ethernet Ring Protection FDB Filtering Data Base FE Fast Ethernet FTP File Transfer Protocol GB Gigabyte GE Gigabit Ethernet hiD Access Products in SURPASS Product Family HW Hardware c Inter Integrated Circuit interface ID Identifier IEC International Electro technical Commission IEEE 802 Standards for Local and Metropolitan Area Networks IEEE 802 1 Glossary Network Management MAC Bridges and Internetworking IEEE Institute of Electrical and Electronic Engineers A50010 Y3 C150 2 7619 379 UMN CLI 380 IETF IGMP IRL ISP ITU ITU T L2 LACP LAN LCT LLC LLDP LOF LOL LOS LPR MAC NE OAM Os OSPF PC PPP QoS RFC RIP RSTP RTC SA SFP SNMP User Manual SURPASS hiD 6615 S223 8323 R1 5 Internet Engineering Task Force Int
208. c Alarm Severity iet D aee tre er ed 114 ADVA Alarm Severity eee e eene d te e ded ees 115 ERP Alariri Severilty 2 ion ete etre eet exe dde ex de Re eR Re ERR RR 116 STP Guard Alarm Severity ssssssssesee eene memes 117 Displaying SNMP Configuration seem 117 Disabling SNMP iiit nte reta t pitt tab dete D ableiten 118 Operation Administration and Maintenance OAM seen 119 OAM Loopback 4 0 enisi eL ee ERROR ARRAS 119 Local OAM Mode ei dee ee inden ee T ee as 120 OAM Unlditectiori oia eR bat diete 120 Remote OAM eire ebd em eee ete ee el a e b o edo 120 Displaying OAM Configuration ssse emm 121 Link Layer Discovery Protocol LLDP ssseeR 123 ELDP Obperatlon x e ett niter evi as 123 ELDP Operation Type eoe eee eani ec ei e eee alee d 123 7 UMN CLI 7 3 3 7 3 4 7 3 5 7 3 6 7 4 7 4 1 7 4 1 1 7 4 1 2 7 4 1 3 7 4 1 4 7 4 1 5 7 4 1 6 7 4 1 7 7 4 2 7 4 2 1 7 4 2 2 7 4 2 3 7 4 2 4 7 4 2 5 7 4 2 6 7 4 2 7 7 4 2 8 7 4 2 9 7 4 2 10 7 4 3 7 4 3 1 7 4 3 2 7 4 3 3 7 4 3 4 7 4 3 5 7 4 3 6 7 4 3 7 7 5 7 5 1 7 5 2 7 5 3 7 5 4 7 5 5 7 5 6 7 5 7 7 6 7 6 1 7 6 2 7 6 2 1 7 6 2 2 7 6 2 3 7 6 2 4 7 6 2 5 7 6 2 6 7 6 2 7 7 6 3 User Manual SURPASS hiD 6615 8223 8323 R1 5 Basic TLV uei del etd el en ttt e ee eel 123 EEDP MeSSage ie ete ia ier eed a e eps 124 Interval and Delay TIME
209. candidate RP message To prevent this case user can block candidate RP message of another router by making only candidate RP in multicast group communicate In order to block candidate RP mes sage from routers which are not members perform the below tasks Step 1 Configure filtering out multicast sources Command Description Configures multicast source filtering function 100 199 IP extended access list 2000 2699 IP extended access list expanded range ACCESS LIST IP named Standard Access List ip pim accept register list lt 100 199 gt lt 2000 2699 gt ACCESS LIST Step 2 Allow or deny only the transmitted packets by routers that exchange candidate RP mes sage Command Description Configures multicast source filtering function 100 199 IP extended access list 2000 2699 IP extended access list expanded range A B C D address to match access list lt 100 199 gt lt 2000 2699 gt deny permit ip Global A B C D any To delete the above configuration use the following command Command Description no ip pim accept register Releases blocked packet Source Address of Register Message To configure the source IP address of Register packets sent by DR overriding the default source IP address use ip pim register source command The configured address must be a reachable address to be used by the RP to send corresponding Register Stop mes A50010 Y3 C150 2 761
210. cast or multicast addressing No communication is possible at the Data Link layer be tween stations connected to ports that are members of different VLANs Communication among devices in separate VLANs can be accomplished at higher layers of the architec ture for example by using a Network layer router with connections to two or more VLANs Multicast traffic or traffic destined for an unknown unicast address arriving on any port will be flooded only to those ports that are part of the same VLAN This provides the de sired traffic isolation and bandwidth preservation The use of port based VLANs effec tively partitions a single switch into multiple sub switches one for each VLAN ENVIA VLAN 2 Fig 8 1 Port based VLAN The IEEE 802 1q based ports on the switches support simultaneous tagged and untagged traffic An 802 1q port is assigned a default port VLAN ID PVID and all untagged traffic is assumed to belong to the port default PVID Thus the ports participat ing in the VLANs accept packets bearing VLAN tags and transmit them to the port VLAN ID The below functions are explained e Creating VLAN e Specifying PVID e Assigning Port to VLAN Deleting VLAN Displaying VLAN A50010 Y3 C150 2 7619 179 UMN CLI 8 1 1 1 8 1 1 2 8 1 1 3 8 1 1 4 180 User Manual SURPASS hiD 6615 S223 S323 R1 5 Creating VLAN To configure VLAN on user s network use the following command Command Descript
211. cified nterface domain name dns option Forcing Release or Renewal of DHCP Lease The hiD 6615 8223 8323 supports two independent operation immediate release a DHCP lease for a DHCP client and force DHCP renewal of a lease for a DHCP client To force a release or renewal of a DHCP release for a DHCP client use the following command Command Mode Description release dhcp NTERFACE Forces a release of a DHCP lease Enable renew dhcp NTERFACE Forces a renewal of a DHCP lease Displaying DHCP Client Configuration To display a DHCP client configuration use the following command Command Mode Description Enable show ip dhcp client INTERFACE Global Shows a configuration of DHCP client Interface A50010 Y3 C150 2 7619 257 UMN CLI 8 8 7 8 8 7 1 8 8 7 2 258 User Manual SURPASS hiD 6615 S223 S323 R1 5 DHCP Snooping For enhanced security the hiD 6615 S223 S323 provides the DHCP snooping feature The DHCP snooping filters untrusted DHCP messages and maintains a DHCP snooping binding table An untrusted message is a message received from outside the network and an untrusted interface is an interface configured to receive DHCP messages from outside the network The DHCP snooping basically permits all the trusted messages received from within the network and filters untrusted messages In case of untrusted messages all the binding entries are recorded in a DHCP snooping binding tabl
212. cify in IEEE 802 1d If STP is config ured there is no Loop since it chooses more effective path of them and closes the other path In other words when SWITCH C in the below figure sends packet to SWITCH B path 1 is chosen and path 2 is blocked Switch B Switch D Switch C Fig 8 9 Principle of Spanning Tree Protocol A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 8 3 1 Meanwhile RSTP Rapid Spanning Tree Protocol defined in IEEE 802 1w innovate re duces the time of network convergence on STP Spanning Tree Protocol It is easy and fast to configure new protocol Also 802 1w includes 802 1d inside so it can provide compatibility with 802 1d For more detail description of STP and RSTP refer to the following e STP Operation e RSTP Operation e MSTP Operation Configuring STP RSTP MSTP PVSTP PVRSTP Mode Required e Configuring STP RSTP MSTP Configuring PVSTP PVRSTP e Root Guard e Restarting Protocol Migration Bridge Protocol Data Unit Configuration Sample Configuration STP Operation The 802 1d STP defines port state as blocking listening learning and forwarding When STP is configured in LAN with double path switches exchange their information including bridge ID It is named as BPDU Bridge Protocol Data Unit Switches decide port state based on the exchanged BPDU and automatically decide optimized path to communicate with the root switch Root Switch T
213. command Command Description Configures the number of hop for BPDU set the num stp mst max hops 1 40 ber of possible hops in the region no stp mst max hops Deletes the number of hop for BPDU in MSTP BPDU Filter BPDU filtering allows you to avoid transmitting on the ports that are connected to an end system If the BPDU Filter feature is enabled on the port then incoming BPDUs will be fil tered and BPDUs will not be sent out of the port To set the BPDU filter on the port use the following command Command Description Forbids all STP BPDUs to go out the specific port and not to recognize incoming STP BPDUs the specific stp bpdu filter enable disable PORTS port By default it is disabled The BPDU filter enabled port acts as if STP is disabled on the port This feature can be used for the ports that are usually connected to an end system or the port that you don t want to receive and send unwanted BPDU packets Be cautious about using this feature on STP enabled uplink or trunk port If the port is removed from VLAN membership correspond BPDU filter will be automatically deleted BPDU Guard BPDU guard has been designed to allow network designers to enforce the STP domain borders and keep the active topology predictable The devices behind the ports with STP enabled are not allowed to influence the STP topology This is achieved by disabling the port upon receipt of BPDU This feat
214. cpl Ae melle interval eb 1 65535 interval value default 10 65535 gt Interface no ip ospf hello interval Sets a Hello interval to the default value no ip ospf A B C D hello interval To configure a retransmit interval use the following command Command Description ip ospf retransmit interval 1 65535 gt Configures a retransmit interval in the unit of second ip ospf A B C D retransmit 1 65535 interval value default 5 interval lt 1 65535 gt Interface no ip ospf retransmit interval no ip ospf A B C D retransmit Sets a retransmit interval to the default value interval To configure a dead interval use the following command Command Description ip ospf dead interval lt 1 65535 gt Configures a dead interval in the unit of second ip ospfA B C D dead interval lt 1 1 65535 interval value default 40 65535 gt Interface no ip ospf dead interval Sets a dead interval to the default value no ip ospf A B C D dead interval To configure a transmit delay use the following command Command Description ip ospf transmit delay lt 1 65535 gt Configures a transmit delay in the unit of second ip ospf A B C D transmit delay 1 65535 interval value default 1 lt 1 65535 gt Interface no ip ospf transmit delay no ip ospf A B C D transmit Sets a transmit delay to the default value delay A50010 Y3
215. ctive Activate the history data source Set data source port do To run exec commands in config mode exit End current mode and down to previous mode help Description of the interactive help system interval Define the time interval for the history owner Assign the owner who define and is using the history resources requested buckets Define the bucket count for the interval show Show running system information SWITCH config rmonhistory 5 f 7 4 1 1 Source Port of Statistical Data To specify a source port of statistical data use the following command Command Mode Description Specifies a data object ID NAME enters a data object ID ex ifindex n1 port1 data source NAME RMON 7 4 1 2 Subject of RMON History To identify subject using RMON history use the following command Command Description Identifies subject using related data enter the name owner NAME max 32 characters 7 4 4 3 Number of Sample Data To configure the number of sample data of RMON history use the following command Command Description Defines a bucket count for the interval enter the num requested buckets lt 1 65535 gt ber of buckets 1 65535 bucket number default 50 7 4 4 4 Interval of Sample Inquiry To configure the interval of sample inquiry in terms of second use the following command Command Description Defines the time interval for the history in seconds enter the value default 1800
216. d Command Description Selects the authentication type for TACACS login tacacs auth type ascii ascii plain text pap chap pap password authentication protocol chap challenge handshake authentication protocol no login tacacs auth type Deletes a specified authentication type Priority Level You can define a priority level of user According to the defined priority level the user has different authorization to access the DSLAM This priority must define in the TACACS server in the same way To define the priority level of user use the following command Command Description login tacacs priority level min Defines the priority level of user refer the below infor user max root Global mation for the order of priority no login tacacs priority level Deletes a defined priority level The order of priority is root max gt user gt min A50010 Y3 C150 2 7619 53 UMN CLI 4 2 6 4 2 7 54 User Manual SURPASS hiD 6615 S223 S323 R1 5 Accounting Mode The hiD 6615 S223 S323 provides the accounting function of AAA Authentication Au thorization and Accounting Accounting is the process of measuring the resources a user has consumed Typically accounting measures the amount of system time a user has used or the amount of data a user has sent and received To set an accounting mode use the following command Command Description Sets an accounti
217. d For more information see Section 4 1 8 1 The following is an example of upgrading the system software of the hiD 6615 8223 323 using the FTP provided by Microsoft Windows XP in the remote place Microsoft Windows XP Version 5 1 2600 C Copyright 1985 2001 Microsoft Corp GTNS ftp 10 27 4217 91 Connected to 10 27 41 91 220 FTP Server 1 2 4 FTPD 10 27 41 91 none 331 Password required for admin User admin Password 230 User root logged in ftp bin 200 Type set to I ftp hash ash mark printing On ftp 2048 bytes hash mark H ftp put V5212G 3 18 x osl 2 378 00 PORT command successful 150 Opening BINARY mode data connection for osl FE EFE FE E FE AE FE AE E FE FE THE EEE EEE FE FE FE FE EEE HE FE FE FE FE FE FE EEE EH ERE FE FE AE FE FE FE ERE EEE HEE HH HHA RHE REESE HERE AE FE HE E FE FE FE AE FE FE FE FE AE FE FE FE FE FE FE AE FE FE FE FE FE FE AE E FE FE FE AE FE FE E FE FE FE FE FE FE FE TE FE FE AE FE EEE AE FE FE FE HE HE FE TE HE FE E E E E E RE HE FE EFE FE E FE AE FE FE E FE FE FE AE FE EEE AE FE FE ERE FE AE FE FE E FE FE FE AE FE FE FE FE EEE FE FE FE FE FE FE FE FE FE FE FE AE FE EEE ERE FE FE E HE FE FE RHE E E EHE HERE AE FE FE E FE HE FE FE FE FE FE FE E FE FE FE AE FE FE FE FE FE FE AE E FE FE FE FE FE FE AE FE FE FE FE FE FE FE FE FE FE AE HE FE HE FE AE FE FE FE FE E FE HE FE HH E E E E EEE E FE EHE FE E FE AE FE FE E FE AE
218. d Description no erp test packet interval DO Configures ERP test packet interval as default value MAIN ID Displaying ERP Configuration To display a configuration for ERP use the following command Command Mode Description Enable show erp all DOMAIN ID Global Shows the information of ERP Bridge Stacking It is possible to manage several switches with one IP address by using stacking If there s a limitation for using IP addresses and there are too many switches which you must man age you can manage a number of switches with a IP address using this stacking function Switch stacking technology available in the industry today provides two main benefits to customers The first benefit is the ability to manage a group of switches using a single IP address The second benefit is the ability to interconnect two or more switches to create a distributed fabric which behaves in the network as a unified system The hiD 6615 223 S323 provides the stacking technology s benefits for the customer It is possible to configure stacking function for switches from 2 to 16 The following is an example of the network where stacking is configured nemet y Switch Switch A Master Switch Switch Switch Switch B Slave Switch Switch C Slave Switch Fig 8 39 Example of Stacking A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 A switch which is supposed to manage the
219. d from the suppliant for the number of seconds the authenticator re transmits the request to the suppliant In hiD 6615 S223 8323 you can set the number of seconds that the authenticator should wait for a response to request identity packet from the suppliant before retransmitting the request To set a period that the authenticator waits for a response use the following command Command Description Sets reattempt interval for requesting request identity dotix timeout quiet period 1 packet 65535 PORTS 1 65535 reattempt interval seconds Global PORTS enters port number no dot1x timeout quiet period PORTS Disables the interval for requesting identity 802 1x Re authentication In 4 5 2 2 Configuring the Interval of Re Authentication it is described even though the user is accessible to network he should be authenticated so that the changed database is applied to Besides because of various reasons managing RADIUS server and 802 1x authentica tion port the user is supposed to be re authenticated every regular time To implement re authentication immediately regardless of configured time interval user A50010 Y3 C150 2 7619 69 UMN CLI 70 4 5 3 4 5 4 4 5 5 4 5 6 User Manual SURPASS hiD 6615 S223 S323 R1 5 the following command Command Mode Description g Implement re authentication regardless of the config dot1x reauthenticate PORTS Global ured time interval Initia
220. d into discarding Same as STP root port and designated port are de cided by port state But a port in blocking state is divided into alternate port and backup port Alternate port means a port blocking BPDUs of priority of high numerical value from other switches and backup port means a port blocking BPDUs of priority of high numeri cal value from another port of same equipment Switch A Switch D Fig 8 14 Alternate Port and Backup port The difference of between alternate port and backup port is that alternate port can alter nate path of packet when there is a problem between Root switch and SWITCH C but Backup port cannot provide stable connection in that case A50010 Y3 C150 2 7619 205 UMN CLI 206 User Manual SURPASS hiD 6615 S223 8323 R1 5 BPDU Policy 802 1d forwards BPDU following Hello time installed in root switch and the other switch except root switch its own BPDU only when receiving BPDU from root switch However in 802 1w not only root switch but also all the other switches forward BPDU following Hello time BPDU is more frequently changed than the interval root switch exchanges but with 802 1w it becomes faster to be master of the situation of changing network By the way when low BPDU is received from root switch or designated switch it is im mediately accepted For example suppose that root switch is disconnected to SWITCH B Then SWITCH B is considered to be root because of the disconnection and forw
221. d to begin Privileged EXEC En Global able mode passwd enable PASSWORD passwd enable 8 PASSWORD Configures an encrypted password password enable does not support encryption at default value Therefore it shows the string or password as it is when you use the show running config command In this case the user s password shown to everyone and has insecure environment To encrypt the password which will be shown at running config you should use the ser vice password encryption command And to represent the string password is en crypted input 8 before the encrypted string When you use the password enable command with 8 and the string you will make into Privileged EXEC Enable mode with the encrypted string Therefore to log in the system you should do it with the encrypted string as password that you configured after 8 In short according to using the 8 option or not the next string is encrypted or not The following is an example of configure the password in Privileged EXEC Enable mode as testpassword SWITCHf configure terminal SWITCH config passwd enable testpassword SWITCH config The following is an example of accessing after configuring the password SWITCH login admin Password SWITCH gt enable Password SWITCH To delete the configured password use the following command Command Mode Description no passwd enable Global Deletes the password The created passwo
222. distin guished service with a simple way However if the packets having higher priority enter the packets having lower priority are not processed The processing order in Strict Priority Queuing in case of entering packets having the Queue numbers as below Lowest priority highest priority PB Output Scheduler Fig 7 3 Strict Priority Queuing 148 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 To select a packet scheduling mode use the following command Command Description Selects a packet scheduling mode for a ports qos scheduling mode sp wrr sp strict priority queuing Global wrr weighted round robin Selects a scheduling mode for handling CPU packets qos cpu scheduling mode sp Sp strict priority queuing The default scheduling mode is WRR And it is possible to assign a different scheduling mode to each port 7 6 3 2 Qos Weight To set a weight for WRR scheduling mode only use the following command Command Description Sets a weight for each port and queue PORTS port numbers qos weight PORTS 0 3 1 0 7 queue number 15 unlimited 1 15 weight value default 1 unlimited strict priority queuing 7 6 3 3 802 1p Priory to queue Mapping For the hiD 6615 S223 S323 it is possible to configure how packets having a certain 802 1p priority will be stored into which queue Default mapping
223. do PE aero dd P HE da pus 310 PIM SM Registration ssesssseeeene eene enne 310 Rate Limit of Register Message ssssesse eem emen 310 Registeration Suppression Time ssssssssesseeeeee 310 Filters for Register Message from RP ssee eee 311 Source Address of Register Message ssseseeee eene 311 Reachability for PIM Register Process se een 312 SPT SwitchoV6et tne eee Men Aet UU MR ARE 312 PIM Join Prune Interoperability em 313 Cisco Router Interoperability ese m 313 Checksum of Full PIM Register Message sssen 313 Candidate RP Message with Cisco BSR ssseeeeen 314 Excluding GenlD Option sssssseeeneennenenemnennns 314 PIM SSM GrOUp sx de bre EE Ede peru SERPENT 315 PIM SnOOpiNG DER ed Sn E ATEENA 315 Displaying PIM SM Configuration eeseeeenn nm 316 I Routing Protocol redi eod tre Uu ede deas 317 Border Gateway Protocol BGP sssssseeee e 317 A50010 Y3 C150 2 7619 User Manual SURPASS hiD 6615 S223 S323 R1 5 10 1 1 10 1 1 1 10 1 1 2 10 1 1 3 10 1 2 10 1 2 1 10 1 2 2 10 1 2 3 10 1 2 4 10 1 2 5 10 1 3 10 1 4 10 1 4 1 10 1 4 2 10 1 4 3 10 1 4 4 10 1 5 10 1 5 1 10 1 5 2 10 1 5 3 10 1 5 4 10 1 5 5 10 1 6 10 2 10 2 1 10 2 2 10 2 3 10 2 4 10 2 4 1 10 2 4 2 10 2 4 3 10 2 4 4
224. dp ip A B C D A B C D M any A B C D A B C D M any tcp udp lt 1 65535 gt any lt 1 65535 gt any ip A B C D A B C D M any A B C D A B C D M any tcp lt 0 65535 gt any 0 655355 any TCP FLAG any Admin rule Classifies an IP address A B C D source destination IP address A B C D M source destination IP address with mask any any source destination IP address 0 255 IP protocol number Classifies an IP protocol ICMP A B C D source destination IP address A B C D M source destination IP address with mask any any source destination IP address icmp ICMP Classifies an IP protocol ICMP A B C D source destination IP address A B C D M source destination IP address with mask any any source destination IP address icmp ICMP 0 255 ICMP message type number 0 255 ICMP message code number Classifies an IP protocol TCP UDP A B C D source destination IP address A B C D M source destination IP address with mask any any source destination IP address tcp TCP udp UDP Classifies an IP protocol TCP UDP A B C D source destination IP address A B C D M source destination IP address with mask any any source destination IP address tcp TCP udp UDP 0 65535 TCP UDP source destination port number any any TCP UDP source destination port Classifies an IP protocol TCP A B C D source destination IP address A B C D M
225. dress to routers to a virtual router or delete a configured as sociate IP address use the following command Command Description associate A B C D Assigns an associated IP address to a virtual router Deletes an assigned associated IP address from a no associate A B C D virtual router A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 8 4 1 2 8 4 1 3 Access to Associated IP Address If you configure the function of accessing Associated IP address you can access to As sociated IP address by the commands such as ping To configure the function of accessing Associated IP address use the following command Command Description Configures the function of accessing associated IP vip access enable disable address Master Router and Backup Router The hiD 6615 8323 can be configured as Master Router and Backup Router by compar ing Priority and IP address of devices in Virtual Router First of all it compares Priority A device which has higher Priority is to be higher precedence And when devices have same Priority then it compares IP address A device which has lower IP address is to be higher precedence If a problem occurs on Master Router and there are more than two routers one of them is selected as new Master Router according to their precedence To configure Priority of Virtual Router or delete the configuration use the following com mands
226. dresses on time a port no port security PORTS aging Returns to the default condition absolute type To display the configuration of port security use the following command Command Mode Description Enable show port security PORTS Global Shows port security on the port Bridge 7 11 MAC Table A dynamic MAC address is automatically registered in the MAC table and it is removed if there is no access to from the network element corresponding to the MAC address during the specified MAC aging time On the other hand a static MAC address is manually reg istered by user This will not removed regardless of the MAC aging time before removing it manually To manage MAC table in the switch use the following command Command Description Specifies a static MAC address in the MAC table NAME enter the bridge name PORT enter the port number MACADDR enter the MAC address mac NAME PORT MACADDR Specifies MAC aging time 10 21474830 aging time default 300 mac aging time lt 10 21474830 gt A50010 Y3 C150 2 7619 161 UMN CLI 162 User Manual SURPASS hiD 6615 S223 S323 R1 5 To remove registered dynamic MAC addresses from the MAC table use the following command Command Description clear mac clear mac NAME clear mac NAME PORT clear mac NAME PORT MACADDR Clears dynamic MAC addresses Clears dynamic MAC addresses Clears
227. dynamic MAC addresses NAME enter the bridge name PORT enter the port number Clears dynamic MAC addresses NAME enter the bridge name PORT enter the port number MACADDR enter the MAC address To remove static MAC addresses manually registered by user from the MAC table use the following command Command Mode Description no mac Deletes static MAC addresses no mac NAME Deletes static MAC addresses enter the bridge name Deletes static MAC addresses no mac NAME PORT NAME enter the bridge name Bridge PORT enter the port number no mac NAME PORT MACADDR Deletes a specified static MAC address NAME enter the bridge name PORT enter the port number MACADDR enter the MAC address To display a MAC table in the switch use the following command Command Mode Description show mac NAME PORT Enable Global Bridge Shows switch MAC address selection by port number subscriber port only NAME enter the bridge name PORT select the port number There are more than a thousand of MAC addresses in MAC table And it is difficult to find information you need at one sight So the system shows certain amount of addresses displaying more on standby status Press any key to search more After you find the in formation you can go back to the system prompt without displaying the other table by pressing lt q gt A50010 Y3 C150 2 7619 User Manual
228. e 276 A50010 Y3 C150 2 7619 User Manual SURPASS hiD 6615 223 S323 R1 5 The following is an example of configuration to mtu size as 100 A50010 Y3 C150 2 7619 SWITCH config if mtu 100 SWITCH config if show running config interface 1 interface default mtu 100 bandwidth 1m ip address 10 27 41 181 24 SWITCH config if UMN CLI 277 UMN CLI 278 User Manual SURPASS hiD 6615 S223 8323 R1 5 IP Multicast Traditional IP network provided unicast transmission a host to send packets to a single host or broadcast transmission But multicast provides group transmission a host to send packets to a group of all hosts In the multicast environment multicast packets are deliv ered to a group by duplicating multicast packets Multicasting is divided into Layer 3 multicast routing and Layer 2 IGMP snooping The hiD 6615 S323 supports PIM SM SSM of multicast routing and V1 V2 and V3 of IGMP snooping Fig 9 1 shows the example of IGMP snooping configuration network In Layer 2 network the hiD 6615 S223 S323 is configured only for IGMP Snooping Layer 2 Network Layer 3 Network IGMP Join Leave message ca Fig 9 1 IGMP Snooping Configuration Network If the hiD 6615 S323 is installed within Layer 3 network PIM SM should be configured Below the hiD 6615 S223 S323 there is a switch that performs IGMP snooping function for subscribers Layer 2 Network Layer 3 Network IGMP J
229. e e rr rr ERR Heri p ERES 257 Requesting Options irt tcs ede exo Me pee deeded de Ye ede te 257 Forcing Release or Renewal of DHCP Lease sse 257 Displaying DHCP Client Configuration sen 257 DHGP Snoopihg s s ette Pn Ma 258 Enabling DHCP Snooping ssese enne 258 DHCP Trist State J ineat terree E ae e ps 258 DHCP Rate Lirnit 2er Loictpe iere ted ed deed eed tede dU te dns 259 DHGP Lease Limite siete oer Po eerte errare Pane e ne sie 259 Source MAC Address Verification sse 259 DHCP Snooping Database Agent ssssssse eene 260 Displaying DHCP Snooping Configuration seeeeene 261 IP Source GUI 3 tertio ertet o gr bust idein 261 Enabling IP Source Guard seems 261 StaticAP Source Binding ente PR e Re toe rr i e end 262 Displaying IP Source Guard Configuration 262 DEGP Filtering s rib ct ntt t Ut net e Lent tad rig 263 DHCP Packet Filtering 5 Gata ai aa teta RH 263 DHCP Server Packet Filtering ssee enne 263 Debugging DACP sensei oet an eer ge E RE edet 264 Ethernet Ring Protection ERP ssseeeenn menn 265 ERP Operation tenete pete teat ene tete ERR GREY euo URP EXTR ue ERE 265 Loss ot Test Packet EOTP iade t ge tus 267 Gonfiguring B RP timete na Mien Rie ee ed 267 ERP DOMA 2 ch ie dete i te e Ee iru t tubo e Ed 267
230. e This table contains a hardware address IP address lease time VLAN ID interface etc It also gives you a way to differentiate between untrusted interfaces connected to the end user and trusted interfaces connected to the DHCP server or another switch Enabling DHCP Snooping To enable the DHCP snooping on the system use the following command Command Mode Description ip dhcp snooping Enables the DHCP snooping on the system Global no ip dhcp snooping Disables the DHCP snooping on the system default Upon entering the ip dhcp snooping command the DHCP_OFFER and DHCP_ACK messages from all the ports will be discarded before specifying a trusted port To enable the DHCP snooping on a VLAN use the following command O a j a NN ip dhcp snooping vlan VLANS Enables the DHCP snooping on a specified VLAN no ip dhcp snooping vlan Global Disables the DHCP snooping on a specified VLAN VLANS You must enable DHCP snooping on the system before enabling DHCP snooping on a VLAN DHCP Trust State To define a state of a port as trusted or untrusted use the following command Command Description ip dhcp snooping trust PORTS Defines a state of a specified port as trusted no ip dhcp snooping trust Global PORTS Defines a state of a specified port as untrusted Note that the DHCP snooping only sees the DHCP_OFFER and DHCP_ACK messages which are received from untrusted interfac
231. e IP ad dresses 10 0 0 1 24 10 0 0 2 24 and 10 0 0 3 24 for each one as Virtual router by Asso ciated IP 10 0 0 5 24 If these three routers have same Priority a router which has the smallest IP address 10 0 0 1 24 is decided to be Master Router Also switches and PCs connected to the Virtual Router are to have IP address of Virtual Router 10 0 0 5 24 as default gateway A50010 Y3 C150 2 7619 227 UMN CLI 8 4 1 8 4 1 1 228 User Manual SURPASS hiD 6615 S223 S323 R1 5 Configuring VRRP To configure the hiD 6615 S323 as device in Virtual Router use the following command on Global Configuration mode Then you can configure VRRP by opening VRRP Configu ration mode Command Mode Description router vrrp INTERFACE GROUP Global Configures Virtual Router VRRP Group oba ID GROUP ID 1 255 To display a configuration of VRRP use the following command Command Description show vrrp Shows current configuration of VRRP Shows current configuration of specified interface show vrrp NTERFACE VRRP To delete the VRRP configuration use the following command Command Mode Description Configures Virtual Router VRRP Group no router vrrp 1 255 Global 1 255 group ID Associated IP Address After configuring a virtual router you need to assign an associated IP address to the vir tual router Assign unified IP address to routers in one group To assign an associate IP ad
232. e changed from SWITCH config to SWITCH bridge Command Mode Description Global Opens Bridge Configuration mode A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 Tab 3 4 shows a couple of main commands of Bridge Configuration mode Command Description auto reset Configures the system for automatic rebooting dhcp server filter Configures packet filtering of DHCP server erp Configures ERP function lacp Configures LACP function lldp Configures LLDP function mac Manages MAC address mac flood guard Configures mac flood guard mirror Configures mirroring function oam Configures EFM OAM protocol port Sets port configuration stp Configures Spanning Tree Protocol trunk Configures trunk function vlan Configures VLAN function Tab 3 4 Main Commands of Bridge Configuration Mode 3 1 5 Rule Configuration Mode You can open Rule Configuration mode using the command rule NAME create on Global Configuration mode If you open Hule Configuration mode the system prompt is changed from SWITCH config to SWITCH config rule name Command Mode Description rule NAME create Global Opens Rule Configuration mode On the Rule Configuration mode it is possible to configure the condition and operational method for the packets to which the rule function is applied Tab 3 5 shows a couple of important main commands of Rule Con
233. e configure metrics To set metrics for redistributed routes use the following command Command Description Configures the equal metric of all routes transmitted by default metric 1 16 routing protocol enter the value 1 16 default metric value Removes the equal metric of all routes transmitted by no default metric lt 1 16 gt routing protocol The metric of all protocol can be configured from 0 to 4294967295 It can be configured from 1 to 16 for RIP 366 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 223 S323 R1 5 10 3 7 10 3 8 10 3 9 Administrative Distance Administrative distance is a measure of the trustworthiness of the source of the routing in formation In large scaled network Administrative distance is the feature that routers use in order to select the best path when there are two or more different routes to the same destination from two different routing protocols Administrative distance defines the reliability of a routing protocol Each routing protocol is prioritized in order of most to least reliable be lievable with the help of an administrative distance value Remember that administrative distance has only local significance and is not advertised in routing updates Most routing protocols have metric structures and algorithms that are not compatible with other protocols In a network with multiple routing protocols the ex change of rou
234. e eerta 101 RUNNING Process rm inet ert ha et etas 101 Displaying System lImage ssssseseeeeeem emm een 102 Displaying Installed OS araa i aaiae RR a EERE ARARE 102 baroga cc E 102 Switch Status cit a tia iene deine n n totae deter 103 LECH SUP DOM site TS 103 Network Management sssssseseeeneeenen nennen nennen enne 104 Simple Network Management Protocol SNMP see 104 SNMP Community sis 3 dite ediotiot ten EE e De UO PD i Ottoman 104 Information of SNMP AJM i enanar a emen 105 SNMP COMZIOU araras te ndr uti dte esa eet tad de A ese deae 106 SNMP GrOUp i eee b pte de a aodio e otv eu eve e Lev erp be v ete 106 SNMP View Recods e E ee Ree EI eret ied 107 Permission to Access SNMP View Record sss 107 SNME VersiGti 3 USGF 2iceenietue desees tc sesto a Rape ee ted ee o evened 108 SNMP Trap rette a ii eta ln get ee ee TURA 108 SNMP Trap Hosts tide eie tet eet tata n ette c dos 109 SNMEP TrapMOde ie ter d etr CERERI ARIETE 109 Enabling SNMP Trap iiit tob AEA eet etes ieiunio 110 Disabling SNMP Trap eeaeee Eaa EAN AE nennen eene nennen 111 Displaying SNMP Trap iiiter Rem eR eode de Rep 112 SNMP AA iiti E e mie bettimiei om nate sti ied e iun 112 Enabling Alarm Notification ssse eme 112 Detault Alarm Severity cmt ettet exer 113 Alarm Severity Criterion icis see cenis ee etae eden than n dn nane nae 113 Generi
235. e following e Enabling Interface e Disabling Interface e Assigning IP Address to Network Interface Static Route and Default Gateway e Displaying Forwarding Information Base FIB Table e Forwarding Information Base FIB Retain Displaying Interface e Sample Configuration Enabling Interface To assign an IP address to an interface you need to enable the interface first If the inter face is not enabled you cannot access it from a remote place even though an IP address has been assigned To display if interface is enabled use the command show running config Interface Configuration Mode To open Interface Configuration mode of the interface you are about to enable interface use the following command Command Mode Description interface INTERFACE Global Opens Interface Configuration mode of the interface To enable the interface use the following command Command Mode Description no shutdown Interface Enables the interface on Interface Configuration mode The following is an example of enabling interface on Interface Configuration mode SWITCH configure terminal SWITCH config interface 1 SWITCH config if no shutdown SWITCH config if Disabling Interface To disable the interface use the following commands on nterface Configuration mode Before disabling interface on Interface Configuration mode you should open the mode and then use the follow command Command Mode Description
236. e one way or two way streams of data traffic between pairs of applications or voice and video In WFQ packets are sorted in weighted order of arrival of the last bit to determine trans mission order Using order of arrival of last bit emulates the behavior of Time Division Multiplexing TDM hence fair From one point of view the effect of this is that WFQ classifies sessions as high or low bandwidth Low bandwidth traffic gets priority with high bandwidth traffic sharing what s left over If the traffic is bursting ahead of the rate at which the interface can transmit new high bandwidth traffic gets discarded after the configured or default congestive messages threshold has been reached However low bandwidth conversations which include con trol message conversations continue to enquire data A50010 Y3 C150 2 7619 147 UMN CLI User Manual SURPASS hiD 6615 S223 8323 R1 5 Weighted Fair Queuing WFQ Sorvice According to Packet Finish Time Cee 1 508 bh hs Packet Scheduler NC Queue 2 25 bw Order of Packet Transmission d i gt prs ve Ese RN Packet B i Queue 3 25 bw BERS VU Fi Packet C Lo Fig 7 2 Weighted Fair Queuing Strict Priority Queuing SP SPQ processes first more important data than the others Since all data are processed by their priority data with high priority can be processed fast but data without low priority might be delayed and piled up This method has a strong point of providing the
237. e v1 router present timeout period 400 seconds the interface version goes back to its default value 2 To configure the version of the IGMP reports sent out of a port use the following com mand Command Description v g Configures the version of IGMP report on the system ip igmp snooping version lt 1 3 gt 1 3 IGMP report version Global ip igmp snooping vlan VLANS Configures the version of IGMP report on a VLAN inter version 1 3 face To return to the default version of IGMP report use the no parameter command Join Host Management Explicit host tracking is supported only with IGMP v3 hosts With explicit host tracking enabled the switch is in its proxy reporting mode In proxy reporting mode the switch forwards the first report only for a source multicast group pair to the router and suppresses all other reports for the same pair With IGMP v3 proxy re porting the switch does proxy reporting for unsolicited reports and reports that are re ceived in the general query interval By enabling explicit tracking the router might not be able to track all the hosts that are behind a VLAN interface With proxy reporting disabled the switch works in transparent mode and updates the IGMP snooping database as it receives reports then forwards this information to the up stream router The router can then explicitly track all reporting hosts To enable explicit host tracking on a VLAN use the follo
238. e value no terminal length Restores a default line displaying A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 6 1 8 6 1 9 Login Banner It is possible to set system login and log out banner Administrator can leave a message to other users with this banner To set system login and log out banner use the following command Command Description banner Sets a banner before login the system banner login Global Sets a banner when successfully log in the system banner login fail Sets a banner when failing to login the system To restore a default banner use the following command Command Description no banner no banner login Restores a default banner no banner login fail To display a current login banner use the following command Command Mode Description Enable Global show banner Shows a current login banner DNS Server To set a DNS server use the following command Mode Command Description dns server A B C D Sets a DNS server Global no dns server A B C D Removes a DNS server Enable Global show dns Shows a DNS server If a specific domain name is registered instead of IP address user can do telnet FTP TFTP and ping command to the hosts on the domain with domain name To configure DNS domain name use the following command Command Description Searches
239. ear ip dhcp snooping binding PORT A B C D all Releases configured binding on DHCP snooping table A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 i 8 8 7 7 8 8 8 8 8 8 1 The DHCP snooping database agent should be TFTP server Displaying DHCP Snooping Configuration To display DHCP snooping table use the following command Command Mode Description show ip dhcp snooping Enable Shows a DHCP snooping configuration show ip dhcp snooping binding Global Shows DHCP snooping binding entries IP Source Guard IP source guard is similar to DHCP snooping This function is used on DHCP snooping untrusted Layer 2 port Basically except for DHCP packets that are allowed by DHCP snooping process all IP traffic comes into a port is blocked If an authorized IP address from the DHCP server is assigned to a DHCP client or if a static IP source binding is con figured the IP source guard restricts the IP traffic of client to those source IP addresses configured in the binding any IP traffic with a source IP address other than that in the IP source binding will be filtered out This filtering limits a host s ability to attack the network by claiming a neighbor host s IP address IP source guard supports the Layer 2 port only including both access and trunk For each untrusted Layer 2 port there are two levels of IP traffic security filtering e Source IP Address Filter
240. ections against both unwanted eavesdropping and spurious transmissions As depicted in Figure a properly implemented port based VLAN allows free communication among the members of a given VLAN but does not forward traffic among switch ports associated with members of different VLANs That is a VLAN configuration restricts traffic flow to a proper subnet comprising exactly those links connecting members of the VLAN Users can eavesdrop only on the multicast and unknown unicast traffic within their own VLAN presumably the configured VLAN comprises a set of logically related users User Mobility By defining a VLAN based on the addresses of the member stations we can define a workgroup independent of the physical location of its members Unicast and multicast traffic including server advertisements will propagate to all members of the VLAN so that they can communicate freely among themselves A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 8 1 1 Port Based VLAN The simplest implicit mapping rule is known as port based VLAN A frame is assigned to a VLAN based solely on the switch port on which the frame arrives In the example de picted in Figure frames arriving on ports 1 through 4 are assigned to VLAN 1 frame from ports 5 through 8 are assigned to VLAN 2 and frames from ports 9 through 12 are as signed to VLAN 3 Stations within a given VLAN can freely communicate among themselves using either uni
241. ee eene eene enne 91 Displaying System Configuration sssesee en 91 Saving System Configuration sse 92 AULO SAVING 2 eet exem er rot t comet ee d ex dote eee 92 System Configuration File ssssssee eene enne 92 Restoring Default Configuration sse emm 93 System Management nnne enne 94 Network Connection lease edere icit deed te tr dn a etta a ene LU eno eani 94 A50010 Y3 C150 2 7619 User Manual SURPASS hiD 6615 S223 S323 R1 5 6 3 2 6 3 3 6 3 4 6 3 5 6 3 6 6 3 7 6 3 8 6 3 9 6 3 10 6 3 11 6 3 12 6 3 13 6 3 14 6 3 15 6 3 16 6 3 17 7 1 7 1 1 7 1 2 7 1 3 7 1 4 7 1 5 7 1 6 7 1 7 7 1 8 7 1 8 1 7 1 8 2 7 1 8 3 7 1 8 4 7 1 8 5 7 1 9 7 1 9 1 7 1 9 2 7 1 9 3 7 1 9 4 7 1 9 5 7 1 9 6 7 1 9 7 7 1 10 7 1 11 7 2 7 2 1 7 2 2 7 2 3 7 2 4 7 2 5 7 3 7 3 1 7 3 2 A50010 Y3 C150 2 7619 UMN CLI IP ICMP Source Routing insense pe dae e n aud Lui 97 Tracing Packet Route 1 1 dh o Leod Lo de od pus 98 Displaying User Connecting to System ssssssee 99 lier EE A EE 99 Configuring Ageing time sorreran EAER EEEE emm nnns 100 Running Time of System eco ase en eed 100 System Information odit RUBRI RED RET Ri D ip rete 100 System Memory Information ssessseeeee eme eene 101 CPU packet limit siete note rr de et ete aao ott e prt dete eet 101 Average of CPU Load et t d P d et
242. eed to use the service dhcp command first to activate the DHCP function in the system A50010 Y3 C150 2 7619 239 UMN CLI 8 8 1 1 8 8 1 2 8 8 1 3 240 User Manual SURPASS hiD 6615 S223 S323 R1 5 DHCP Pool Creation The DHCP pool is a group of IP addresses that will be assigned to DHCP clients by DHCP server You can create various DHCP pools that can be configured with a different network default gateway and range of IP addresses This allows the network administra tors to effectively handle multiple DHCP environments To create a DHCP pool use the following command Command Description Creates a DHCP pool and opens DHCP Pool Configu ip dhcp pool POOL ration mode no ip dhcp pool POOL Deletes a created DHCP pool The following is an example of creating the DHCP pool as sample SWITCH config service dhcp SWITCH config ip dhcp pool sample SWITCH config dhcp sample DHCP Subnet To specify a subnet of the DHCP pool use the following command Command Description Specifies a subnet of the DHCP pool network A B C D M DHCP Pool A B C D M network address no network A B C D M Deletes a specified subnet The following is an example of specifying the subnet as 100 1 1 0 24 SWITCH config service dhcp SWITCH config ip dhcp pool sample SWITCH config dhcp sample network 100 1 1 0 24 SWITCH config dhcp sample You c
243. efault 10 timers spf SPF DELAY SPF HOLD To release the configuration use the following command Command Mode Description no timers spf Router Release the configuration External Routes to OSPF Network If other routing protocol redistribute into OSPF network these routes become OSPF ex ternal routes Other routing protocols are RIP and BGP And static route connected route kernel route are also external route Those routing information can distribute into OSPF network There are 4 kinds of additional configuration about external routes to OSPF network metric is configures Metric value of the default route metric type is for type of finding the path metric type 1 uses internal path cost with external path cost as a cost metric type 2 always uses external cost value route map is transmission of specific routing in formation to assigned route which has MAP NAME and tag is using the assign tag num ber on the specific MAP NAME Those 4 kinds of additional configuration can be selected more than 2 options without or der and it applies to consistent across all external routes in an attached network The following is explaining 4 options of command e metric lt 0 16777214 gt e qmetric type lt 1 2 gt e route map MAP NAME e tag lt 0 4294967295 gt To configure the external route transmission use the following command Command Description redistribute bgp connected kernel rip static metr
244. eie setae Repeat nm eet 218 Root GUAE iiie misti miii ndm etu mite a ied 219 Restarting Protocol Migration eiiieaen aeae eem 219 Bridge Protocol Data Unit Configuration eee 220 Hello Tire irte te deett i ete a ee ee 220 Forward Delay nin estin te etes 221 Max Ages ned edet ie eatin det eee PP Lee hae 221 BPDU EOop iet eene duni ue etes eps 222 BPBDU Filter te Lane ated aet n edt 222 BPDU Guard eaedem uen 222 Self Loop Detection ssssssssssssseesseeeenene nennen nter 223 Displaying BPDU Configuration sseem 224 Sample Configuration enne nnns 225 Virtual Router Redundancy Protocol VRRP sse 227 Gonfig ririg VRISP siii iiti e I eS E ERE BRI RTT 228 Associated IP Address oe ed ae ede do d ed ee 228 Access to Associated IP Address ssssssssseee eee 229 Master Router and Backup Router sss 229 VRRP TrackcEURnCctlom iter ege sean ERE OE MI Ode e ees 231 Authentication Password ssssssseeeeeeene ener 232 ice 233 VRRP Statistics E EEEE ETT E A E 234 SEATa o 25 EA HORE E T E ims 234 Configuring Rate irit 1 2 iioi tiir etii e tii O de tomi tias 235 Sample Configura scapin a eene o eoe rte bet ie I e oii hori bed ales 235 Flood Gt ard eheu AER 236 Configuring Flood Guard sse enne 236 Satriple Gornflguratlor itte e RE eer i er Has 237 feo 237 Dynamic Host C
245. elps this packet forwarding FDB is MAC Address Table that recorded in CPU FDB table is made of FID FDB Identification Because the same FID is managed in the same MAC table it can recognize how to process packet forwarding If the FID is not same the system cannot know the information from MAC table and floods the packets ie Outer Network EN A 2 E in SWITCH bridge f show vlan u untagged port t tagged port 1 2 3 4 Name VID FID 123456789012345678901234567890123456789012 default 1 6 u uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu br 2 6 e EEE E E T EE E E E E EEE E E o ES br3 3 6 Tm dixo RR OR URL Ses 6 Bee T br4 4 6 PIS diid eco 9 SW See BS 4 per5 5il 9 Ll rette MC br6 6 6 uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu default br2 lt gt br3 SWITCH bridge Fig 8 6 In Case External Packets Enter under Layer 2 environment 2 In conclusion to use the hiD 6615 S223 8323 as Layer 2 switch user should add the up link port to all VLANs and create new VLAN including all ports If the communication be tween each VLAN is needed FID should be same To configure FID use the following command Command Description Configures FID vlan fid VLANS FID VLANS enters VLAN name FID enters FID value 188 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 8 1 10 8 1 11 VLAN Translation VLAN Translation is simply an action
246. environment with a relay agent information option To enable disable the simplified DHCP option 82 use the following command Command Mode Description ip dhcp simplified opt82 Enables the simplified DHCP option 82 Interface no ip dhcp simplified option82 Disables the simplified DHCP option 82 A50010 Y3 C150 2 7619 255 UMN CLI 8 8 6 DHCP Client User Manual SURPASS hiD 6615 S223 S323 R1 5 An interface of the hiD 6615 S223 S323 can be configured as a DHCP client which can obtain an IP address from a DHCP server The configurable DHCP client functionality al lows a DHCP client to use a user specified client ID class ID or suggested lease time when requesting an IP address from a DHCP server Once configured as a DHCP client the hiD 6615 8223 8323 cannot be configured as a DHCP server or relay agent 8 8 6 1 Enabling DHCP Client To configure an interface as a DHCP client use the following command Command Mode Description ip address dhcp no ip address dhcp Interface Enables a DHCP client on an interface Disables a DHCP client 8 8 6 2 DHCP Client ID To specify a client ID use the following command Command Description ip dhcp client client id hex HEXSTRING ip dhcp client client id text STRING no ip dhcp client client id Specifies a client ID Interface 8 8 6 3 DHCP Class ID Deletes a specified client ID To specify a cla
247. equest packets use the following command Command Mode Description ip dhcp bootp ignore Ignores BOOTP request packets Global no ip dhcp bootp ignore Permits BOOTP request packets 8 8 1 16 DHCP Packet Statistics To display DHCP packet statistics of the DHCP server use the following command Command Mode Description show ip dhcp server statistics Enable Shows DHCP packet statistics Global Bridge clear ip dhcp statistics Deletes collected DHCP packet statistics A50010 Y3 C 150 2 7619 245 UMN CLI User Manual SURPASS hiD 6615 S223 S323 R1 5 The following is an example of displaying DHCP packet statistics SWITCH config show ip dhcp server statistics DHCP DISCOVER 0 DHCP REQUEST 0 DHCP DECLINE 0 DHCP RELEASE 0 DHCP INFORM 0 Message Sent Error 0 0 DHCP OFFER 0 DHCP ACK 0 DHCP NAK 0 SWITCH config 8 8 1 17 Displaying DHCP Pool Configuration To display a DHCP pool configuration use the following command ee RN show ip dhcp pool POOL Enable Shows a DHCP pool configuration show ip dhcp pool summary Global Shows a summary of a DHCP pool configuration POOL Bridge POOL pool name The following is an example of displaying a DHCP pool configuration SWITCH config show ip dhcp pool summary Total 1 Pools Total 0 0 00 of total Available 0 0 00 of total Abandon 0 0 00 of total Bound 0 0 00 of total Offered 0 0 00 of total Fixed
248. erity of alarm for STP guard status use the following command Command Description snmp alarm severity stp bpdu PM ST Sends alarm notification with the severity when there is guard critical major minor stp bpdu guard problem warning intermediate snmp alarm severity stp root ft na g Sends alarm notification with the severity when there is guard critical major minor stp root guard problem warning intermediate To delete a configured severity of alarm for STP guard status use the following command Command Description no snmp alarm severity stp bpdu guard Global Deletes a configured severity of alarm for STP guard oba no snmp alarm severity stp status root guard 7 1 10 Displaying SNMP Configuration To display all configurations of SNMP use the following command Command Mode Description Enable show snmp Global Shows all configurations of SNMP oba A50010 Y3 C150 2 7619 117 UMN CLI User Manual SURPASS hiD 6615 S223 S323 R1 5 To display a configured severity of alarm use the following commands Command Description show snmp alarm severity Shows a configured severity of alarm To deletes a recorded alarm in the system use the following command Command Mode Description Enable snmp clear alarm history Global Deletes a recorded alarm in the system oba The following is an example of showing the transm
249. ernet Group Management Protocol Internet Protocol Input Rate Limiter Internet Service Provider International Telecommunication Union International Telecommunication Union Telecommunications standardization sector Layer 2 Link Aggregation Control Protocol Local Area Network Local Craft Terminal Logical Link Control Link Layer Discover Protocol Loss of Frame Loss of Link Loss of Signal Loss of Power Medium Access Control Network Element Operation Administration and Maintenance Operating System Open Shortest Path First Personal Computer Point to Point Protocol Quality of Service Request for Comments Routing Information Protocol Rapid Spanning Tree Protocol Real Time Clock Source Address Small Form Factor Pluggable Simple Network Management Protocol A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 223 S323 R1 5 STP SW TCP TDM TFTP TMN TOS UDP UMN VID VLAN VoD VPI VPN A50010 Y3 C150 2 7619 Spanning Tree Protocol Software Transmission Control Protocol Time Division Multiplexing Trivial FTP Telecommunication Management Network Type of Service User Datagram Protocol User Manual VLAN ID Virtual Local Area Network Video on Demand Virtual Path Identifier Virtual Private Network 381
250. ers 2 The order in which the following configuration commands will be entered is arbitrary 3 The configuration of a rule being configured can be changed as often as wanted inclusive rule type until the command apply will be entered 4 Use the command show rule profile to display the configuration entered up to now Rule Priority If rules that are more than two match the same packet then the rule having a higher prior ity will be processed first To set a priority for an admin access rule use the following command Command Mode Description priority low medium high Sets a priority for a rule Admin rule highest Defaul low A50010 Y3 C150 2 7619 151 UMN CLI User Manual SURPASS hiD 6615 S223 S323 R1 5 7 6 4 3 Packet Classification After configuring a packet classification for a rule then configure how to process the packets To specify a packet classifying pattern use the following command When specifying a source and destination IP address as a packet classifying pattern the destination IP address must be after the source IP address 152 Command Description ip A B C D A B C D M any A B C D A B C D M any 0 255 ip A B C D A B C D M any A B C D A B C D M any icmp ip A B C D A B C D M any A B C D A B C D M any icmp lt 0 255 gt any lt 0 255 gt any ip A B C D A B C D M any A B C D A B C D M any tcp u
251. erver retries 1 10 Global server 1 10 retry number Configuring Interval of Request to RADIUS Server For the hiD 6615 S223 S323 it is possible to set the time for the retransmission of pack ets to check RADIUS server If there s a response from other packets the switch waits for a response from RADIUS server during the configured time before resending the request To set the interval of request to RADIUS server use the following command Command Mode Description dotix radius server timeout lt 1 Global Configures the interval of request to RADIUS server oba 120 1 120 1 120 seconds Default value 1 You should consider the distance from the server for configuring the interval of requesting the authentication to RADIUS server If you configure the interval too short the authenti cation couldn t be realized If it happens you d better to reconfigure the interval longer 802 1x Re Authentication In hiD 6615 8223 8323 it is possible to update the authentication status on the port peri odically To enable re authentication on the port you should perform the below procedure Step 1 Enable 802 1x re authentication Step 2 Configure the interval of re authentication Step 3 Configuring the interval of requesting re authentication in case of re authentication fails Step 4 Executing 802 1x re authenticating regardless of the interval Enabling 802 1x Re Authentication To enable 802 1x re authentic
252. es A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 8 8 7 3 8 8 7 4 8 8 7 5 DHCP Rate Limit To set the number of DHCP packet per second pps that an interface can receive use the following command Command Mode Description ip dhcp snooping limit rate PORTS lt 1 255 gt Sets a rate limit for DHCP packets unit pps lt 1 Global no ip dhcp snooping limit rate PORTS Deletes a rate limit for DHCP packets Normally the DHCP rate limit is specified to untrusted interfaces and 15 pps is recom mended for a proper value However if you want to set a rate limit for trusted interfaces keep in mind that trusted interfaces aggregate all DHCP traffic in the switch and you will need to adjust the rate limit to a higher value DHCP Lease Limit The number of entry registration in DHCP snooping binding table can be limited If there are too many DHCP clients on an interface and they request IP address at the same time it may cause IP pool exhaustion To set the number of entry registration in DHCP snooping binding table use the following command Command Description mS Enables a DHCP lease limit on a specified untrusted ip dhcp snooping limit lease ort PORTS lt 1 2147483637 gt i Global 1 2147483637 the number of entry registration no ip dhcp snooping limit lease PORTS Deletes a DHCP lease limit You can limit the number of
253. es remote OAM To configure the mode of remote OAM use the following command Command Description oam remote oam mode 1 2 active passive PORTS Configures the mode of remote OAM A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 To display the information of peer host using OAM function use the following command Command Description oam remote alarm optical 1 3 0 65535 PORTS oam remote alarm temperature 0 255 PORTS oam remote alarm voltage min max lt 0 65535 gt PORTS oam remote electrical mode full half PORTS oam remote general autonego lt 1 4 gt enable disable PORTS oam remote general forwarding lt 3 4 gt enable disable PORTS Shows the information of peer host using OAM func oam remote general speed lt 1 4 gt lt 0 4294967295 gt PORTS tion oam remote general user lt 1 4 gt STRING PORTS oam remote system interface unforced forceA forceB PORTS oam remote system interval lt 0 255 gt PORTS oam remote system mode master slave PORTS oam remote system reset PORTS 7 2 5 Displaying OAM Configuration To display OAM configuration use the following command Command Description show oam Shows OAM configuration show oam local PORTS Shows local OAM configuration show oam remote PORTS Enable Shows remote OAM configuration
254. et the frequency of probing UDP packets The TTL field is reduced by one on every hop Set the time to trace Maximum time to live 30 hop transmission The number of maximum hops Default is 30 sec onds Selects general UDP port to be used for probing Port The default is Port Number 33434 33434 The command of traceroute depends on the port range of des tination host up to base nhops 1 through the base Tab 6 4 Options for Tracing Packet Route A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 The following is an example of tracing packet route sent to 10 2 2 20 SWITCHf traceroute 10 2 2 20 traceroute to 10 2 2 20 10 2 2 20 30 hops max 38 byte packets 1 10 2 2 20 10 2 2 20 0 598 ms 0 418 ms 0 301 ms SWITCH 6 3 4 Displaying User Connecting to System To display current users connecting to the system from a remote place or via console in terface use the following command Command Mode Description Shows current users connecting to the system from a Enable remote place or via console interface The following is an example of displaying if there is any accessing user from remote place SWITCH where admin at ttypO0 from 10 20 1 32 2196 for 30 minutes 35 56 seconds admin at ttySO from console for 28 minutes 10 90 seconds SWITCH 6 3 5 MAC Table To display MAC table recorded in specific port use the following command Command Mode Description
255. exchange of in bgp bestpath med missing as formation between confederation peers worst confed To ignore MED values of paths on the exchange of information between confederation peers use the following command Command Description no bgp bestpath med confed missing as worst EE Ignores MEDs of paths on the exchange of their infor outer no bgp bestpath med missing mation between confederation peers as worst confed If there are several equal paths one of them has no MED value Because this path is considered as zero without MED value it will be chosen the best path But the path would be the worst one if it has no MED value after missing as worst is set After missing as worst parameter is configured in the system the path will be recog nized as the worst path without MED value Graceful Restart Graceful restart allows a router undergoing a restart to inform its adjacent neighbors and peers of its condition The restarting router requests a grace period from the neighbor or peer which can then cooperate with the restarting router With a graceful restart the re starting router can still forward traffic during the restart period and convergence in the network is not disrupted The restart is not visible to the rest of the network and the re starting router is not removed from the network topology The main benefits of graceful restart are uninterrupted packet forwarding and temporary
256. f hiD 6615 S223 S323 having Fast Ethernet switch and Layer 3 switching function which supports both Ethernet switching and IP routing are follow Routing functionalities such as RIP OSPF BGP and PIM SM are only available for hiD 6615 8323 Unavailable for hiD 6615 S223 VLAN Virtual Local Area Network VLAN is made by dividing one network into several logical networks Packet can not be transmitted and received between different VLANs There fore it can prevent unnecessary packets accumulating and strengthen security The hiD 6615 8223 8323 recognizes 802 1q tagged frame and supports maximum 4096 VLANs and Port based Protocol based MAC based VLANs Quality of Service QoS For the hiD 6615 S223 S323 QoS based forwarding sorts traffic into a number of classes and marks the packets accordingly Thus different quality of service is providing to each class which the packets belong to The QoS capabilities enable network managers to protect mission critical applications and support differentiated level of bandwidth for man aging traffic congestion The hiD 6615 8223 8323 support ingress and egress shaping rate limiting and different scheduling type such as SP Strict Priority WRR Weighted Round Robin and WFQ Weighted Fair Queuing Multicasting Because broadcasting in a LAN is restricted if possible multicasting could be used in stead of broadcasting by forwarding multicast packets only to the member hosts who joined multic
257. ffic by giving priority to traffic By the way you need to be careful for other traffics not to be failed by the traffic config ured as priority by user QoS can give a priority to a specific traffic by basically offering the priority to the traffic or limiting the others When processing data data are usually supposed to be processed in time order like first in first out This way not processing specific data first might lose all data in case of overloading traf fics However in case of overloading traffics QoS can apply processing order to traffic by reorganizing priorities according to its importance By favor of QoS you can predict net work performance in advance and manage bandwidth more effectively How to Operate Rule and QoS For the hiD 6615 S223 S323 rules operate as follows e Rule Creation To classify the packets according to the specific basis configure the policies about them first The basis used to classify the packets is 802 1p priority CoS VLAN ID DSCP and port number Additionally a unique name needs to be assigned to each rule Rule Priority Assigns a priority to a rule precedence to other rules e Packet Classification Configures the policy to adjust how and what is to be classified within transmitted packets e Rule Match Configures the policy classifying the action s to be performed if the configured rule classification fits transmitted packet s mirror transmits the classified traffic t
258. figuration mode Command Description apply Configures rule configuration and applies it to the switch mac Configures a packet condition by MAC address match Configures an operational condition which meets the packet condition port Configures a packet condition by port number priority Configures the priority for rule vlan Configures VLAN Tab 3 5 Main Commands of Rule Configuration Mode A50010 Y3 C150 2 7619 31 UMN CLI 32 User Manual SURPASS hiD 6615 S223 S323 R1 5 DHCP Configuration Mode To open DHCP Configuration mode use the command ip dhcp pool POOL on Global Configuration mode as follow Then the prompt is changed from SWITCH config to SWITCH config dhcp POOL Command Mode Description ip dhcp pool POOL Global Opens DHCP Configuration mode to configure DHCP DHCP Configuration mode is to configure range of IP address used in DHCP server group in subnet and default gateway of subnet Command Description default router Configures a default gateway of subnet dns server Configures DNS server range Configures a range of IP address used in DHCP server subnet Configures a subnet Tab 3 6 Main Commands of DHCP Configuration Mode DHCP Option 82 Configuration Mode To open DHCP Option 82 Configuration mode use the command ip dhcp option82 on Global Configuration mode as follow Then the prompt is changed from SWITCH config to SWITC
259. following steps explain how QoS can be configured Scheduling Algorithm Qos Weight e 802 1p Priory to queue Mapping Queue Parameter Displaying QoS A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 7 6 3 1 Scheduling Algorithm To process incoming packets by the queue scheduler the hiD 6615 S223 S323 provides the scheduling algorithm as Strict Priority Queuing SP Weighted Round Robin WRR and Weighted Fair Queuing WFQ Weighted Round Robin WRR WRR processes packets as much as weight Processing the packets that have higher priority is the same way as strict priority queuing However it passes to next stage after processing as configured weight so that it is possible to configure for packet process not to be partial to the packets having higher priority However there is a limitation of provid ing differentiated service from those existing service The process in WRR when packets having the Queue numbers Lowest priority gt highest priority 7 7 lt des FN So VLE SS Weighted Round Robin Scheduler lt ANeight D s 3 3 BR 5 5 55 EE Fig 7 1 Weighted Round Robin Weighted Fair Queuing WFQ Weighted fair queuing WFQ provides automatically sorts among individual traffic streams without requiring that you first define access lists It can manag
260. for the use of DHCP servers as a way to manage dynamic allocation of IP addresses and other related configuration details to DHCP enabled clients on the network Every device on a TCP IP network must have a unique IP address in order to access the network and its resources The IP address together with its related subnet mask identi fies both the host computer and the subnet to which it is attached When you move a computer to a different subnet the IP address must be changed DHCP allows you to dy namically assign an IP address to a client from a DHCP server IP address database on the local network The DHCP provides the following benefits Saving Cost Numerous users can access the IP network with a small amount of IP resources in the environment that most users do not have to access the IP network at the same time all day long This allows the network administrators to save the cost and IP resources Efficient IP Management By deploying DHCP in a network this entire process is automated and centrally managed The DHCP server maintains a pool of IP addresses and leases an address to any DHCP enabled client when it logs on to the network Because the IP addresses are dynamic leased rather than static permanently assigned addresses no longer in use are auto matically returned to the pool for reallocation IP Packet Broadcast DHCP Server or Relay Agent DHCP Packet PEEREREHIRS I WV CO TaT o Cia O Subnet
261. fset list ACCESS LIST in out lt 0 16 gt INTERFACE Command Mode Description no offset list ACCESS LIST in out lt 0 16 gt INTERFACE Router Removes an offset list 10 3 10 Maximum Number of RIP Routes You can set the maximum number of RIP routes for using on RIP protocol To set the maximum number of routes use the following command Command Description Sets the maximum number of routes of RIP maximum prefix lt 1 65535 gt 1 1 65535 maximum number of RIP routes 100 1 100 percentage of maximum routes to generate a Router warning default 75 no maximum prefix lt 1 65535 gt Removes the maximum number of routes of RIP which 1 100 are set before 10 3 11 RIP Network Timer Routing protocols use several timers that determine such variables as the frequency of routing updates the length of time before a route becomes invalid and other parameters You can adjust these timers to tune routing protocol performance to better your internet needs The default settings for the timers are as follows Update The routing information is updated once every 30 seconds This is the fundamental timing parameter of the routing protocol Every update timer seconds the RIP proc ess is supposed to send the routing table to all neighboring RIP routers Timeout The default is 180 seconds It s the interval of time in seconds after which a route is declared invalid However this informat
262. g intermediate The order of alarm severity is critical gt major gt minor gt warning gt intermediate The alarm severity option is valid only in ACI E A50010 Y3 C150 2 7619 113 UMN CLI 114 7 1 9 4 Generic Alarm Severity User Manual SURPASS hiD 6615 S223 S323 R1 5 To configure generic alarm severity use the following command Command Description snmp alarm severity fan fail critical major minor warning intermediate snmp alarm severity cold start critical major minor warning intermediate Configures the priority of fan fail alarm snmp alarm severity broadcast over critical major minor warning intermediate Configures the priority of cold start alarm snmp alarm severity cpu load over critical major minor warning intermediate Configures the priority of broadcast over alarm snmp alarm severity dhcp lease critical ma jor minor warning intermediate Configures the priority of cpu load over alarm snmp alarm severity dhcp illegal critical major minor warning intermediate Configures the priority of DHCP lease alarm snmp alarm severity fan remove critical major minor warning intermediate Configures the priority of DHCP illegal alarm snmp alarm severity ipconflict critical major minor warning intermediate snmp alarm severity memory over critical major min
263. g use the following command Command Description Performs a static mapping origin file A B C D FILE A B C D DHCP database agent address DHCP Fed FILE file name of DHCP lease database no origin file Cancels a static mapping For more information of the file naming of a DHCP lease database see Section 8 8 3 1 8 8 1 11 Recognition of DHCP Client Normally a DHCP server recognizes DHCP clients with a client ID However some DHCP clients may not have their own client ID In this case you can select the recogni tion method as a hardware address instead of a client ID A50010 Y3 C 150 2 7619 243 UMN CLI 8 8 1 12 8 8 1 13 244 User Manual SURPASS hiD 6615 S223 S323 R1 5 To select a recognition method of DHCP clients use the following command Command Mode Description ip dhcp database key client id Global Selects a recognition method of DHCP clients hardware address IP Address Validation Before assigning an IP address to a DHCP client a DHCP server will validate if the IP address is used by another DHCP client with a ping or ARP If the IP address does not re spond to a requested ping or ARP the DHCP server will realize that the IP address is not used then will assign the IP address to the DHCP client To select an IP address validation method use the following command Command Mode Description ip dhcp validate arp ping Global Selects an IP address v
264. g a means to decrease the size of the routing tables BGP version 4 also supports aggregation of routes including the aggregation of AS paths An Autonomous System AS is a set of routers that are under a single technical admini stration and normally use a single interior gateway protocol and a common set of metrics to propagate routing information within the set of routers To other ASs an AS appears to have a single coherent interior routing plan and presents a consistent picture of what destinations are reachable through it The two most important consequences are the need for interior routing protocols to reach one hop beyond the AS boundary and for BGP sessions to be fully meshed within an AS Since the next hop contains the IP address of a router interface in the next autonomous system and this IP address is used to perform routing the interior routing protocol must be able to route to this address This means that interior routing tables must include en tries one hop beyond the AS boundary When a BGP routing update is received from a neighboring AS it must be relayed directly to all other BGP speakers in the AS Do not expect to relay BGP paths from one router through another to a third all within the same AS A50010 Y3 C150 2 7619 317 UMN CLI 318 10 1 1 10 1 1 1 10 1 1 2 User Manual SURPASS hiD 6615 S223 8323 R1 5 Basic Configuration Configuration Type of BGP When configuring BGP you can select BGP config
265. g or outgoing routes multicast soft in out the conditional option peer group name or AS num ber or IP address Session Reset of Peers within Particular AS To reset the session with all neighbor router which are connected to a particular AC use the following command Command Mode Description g Resets the session with all members of neighbor clear ip bgp lt 1 65535 gt Global i routers which are configured a particular AC number See Section 10 1 5 1 when you configure the detail parameters To reset the sessions of BGP neighboring routers which are belong to specific AS number and initialize the details of route configurations use the following command Command Description clear ip bgp 1 65535 in prefix Resets the session of BGP neighboring routers which filter are configured a particular AC number in clears incoming advertised routes clear ip bgp lt 1 65535 gt ipv4 unicast multicast in prefix filter prefix filter pushes out prefix list ORF and does in bound soft reconfiguration Global 1 65535 AS number clear ip bgp lt 1 65535 gt out Resets the session of BGP neighboring routers which are configured a particular AC number clear ip bgp lt 1 65535 gt ipv4 1 65535 AS number unicast multicast out out clears outgoing advertised routes unicast multicast address family modifier A50010 Y3 C150 2 7619 User Manual UMN CLI SURP
266. g querier ad Enables the IGMP snooping querier on the system dress A B C D A B C D Source address for IGMP v2 snooping querier Global Enables the IGMP snooping querier on a VLAN inter face VLANS VLAN ID ip igmp snooping vlan VLANS querier address A B C D To disable IGMP querier use the following command Command Description no ip igmp snooping querier Disables the IGMP snooping querier address Global no ip igmp snooping vlan VLAN Disables the IGMP snooping querier on a VLAN inter NAME querier address face A50010 Y3 C150 2 7619 291 UMN CLI 292 User Manual SURPASS hiD 6615 S223 S323 R1 5 The Query Interval of IGMP v2 Snooping Querier To configure a query interval of the querier use the following command Command Description ip igmp snooping querier query interval lt 1 1800 gt ip igmp snooping vlan VLANS querier query interval lt 1 1800 gt Global Configures the IGMP snooping querier query interval on the system 1 1800 IGMP snooping querier query interval in sec onds Enables the IGMP snooping querier on a VLAN inter face VLANS VLAN ID To disable the query interval of the querier use the following command Command Description no ip igmp snooping querier query interval no ip igmp snooping vlan VLANS querier query interval Global Disables the IGMP snooping querier interval Disables the IG
267. g tasks A50010 Y3 C150 2 7619 363 UMN CLI 10 3 4 10 3 5 364 User Manual SURPASS hiD 6615 S223 S323 R1 5 Command Mode Description ip rip receive version 1 Receives RIP v1 type packet only from the interface ip rip receive version 2 Receives RIP v2 type packet only from the interface Interface ar Receives both RIP v1 and RIP v2 type packets from ip rip receive version 1 2 the interface To delete the configuration that receives RIP version packet from the interface use the following command Command Description s Deletes the configuration of RIP v1 type packet for no ip rip receive version 1 i helping them be received from the interface baal Deletes the configuration of RIP v2 type packet for no ip rip receive version 2 gt Interface helping them to be received from interface Deletes the configuration of both RIP v1 and RIP v2 no ip rip receive version 1 2 type packets for helping them to be received from the interface Creating available Static Route only for RIP This feature is provided only by Siemens route command creates static route available only for RIP If you are not familiar with RIP protocol you would better use redistribute static command Command Description Creates suitable static route within RIP environment route A B C D M only Router A B C D M IP prefix Deletes this static route established by ro
268. g to be enabled Step 2 Configure the same PVID with the VLAN of peer network on the designated qinq port Command Description Configures a qinq port vlan pvid PORTS lt 1 4094 gt PORTS selects port number qinq to be enabled lt 1 4094 gt VLAN ID To disable double tagging use the following command Command Description vlan dotiq tunnel disable Configures a qinq port PORTS PORTS a port qinq to be disabled When you configure Double tagging on the hiD 6615 8223 8323 consider the below at tention list A50010 Y3 C150 2 7619 185 UMN CLI 186 8 1 8 3 User Manual SURPASS hiD 6615 S223 S323 R1 5 DT and HTLS cannot be configured at the same time If switch should operate as DT HTSL has to be disabled TPID value of all ports on switch is same Access Port should be configured as Untagged and Uplink port as Tagged ignore all tag information of port which comes from untagged port Access Port e Port with DT function should be able to configure Jumbo function also TPID Configuration TPID Tag Protocol Identifier is a kind of Tag protocol and it indicates the currently used tag information User can change the TPID By default the port which is configured as 802 1q 0x8100 cannot work as VLAN member Use the following command to set TPID on a QinQ port Command Mode Description vlan dotiq tunnel tpid TPID Bridge Configures TPID Layer 2 Isolation Private VLAN i
269. ge 0 05 0 07 0 01 SWITCH 6 3 8 System Information To display the system information use the following command Command Mode Description Enable show system Shows the system information Global The following is an example of displaying the system information of hiD 6615 8223 8323 SWITCH config show system SysInfo System Information Model Name SURPASS hiD6615 323 Main Memory Size 128 MB Flash Memory Size 8 MB INTEL 28F640J3 32 MB INTEL 28F256J3 S W Compatibility 3 7 H W Revision DS T3 07F A2 NOS Version lt 3406 B L Version 4 69 H W Address 00 d0 cb 27 01 66 PLD Version 0x10 Serial Number N A SWITCH config 100 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 6 3 9 System Memory Information To display a system memory status use the following command Command Mode Description show memory Ens Shows system memory information nable Global lib nsm ospf pim rip option show memory bgp dhcp imi Shows system memory information with a specific 6 3 10 CPU packet limit To limit the packets of CPU use the following command Command Mode Description cpu packet limit 500 6000 Global It is possible to display the packet limit of CPU using the following command Command Mode Description View show cpu packet limit Enable Global 6 3 11 Average of CPU Load It is possible to display a
270. ger between 0 and 255 In general the higher the value is the lower the trust rating is An administrative distance of 255 means the routing information source cannot be trusted at all and should be ignored OSPF uses three different administrative distances intra area inter area and external Routes learned through other domain are external routes to another area in OSPF do main are inter area and routes inside an area are intra area The default distance for each type of route is 110 In order to change any of the OSPF distance values use the following commands The following is explaining 3 options of command external 1 255 e inter area 1 255 e jntra area 1 255 To configure the distance with 1 option use the following command Command Description distance ospf external 1 255 Configures the distance of OSPF route default 110 distance ospf inter area 1 255 Router distance ospf intra area 1 255 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 The following example shows how to configure the distance with more than 2 options distance ospf external lt 1 255 gt inter area lt 1 255 gt distance ospf inter area lt 1 255 gt intra area 1 255 To make it as a default use the following command Command Description no distance ospf Restores it as the default 10 2 44 Host Route OSPF regards routing information of specific
271. gns priority to virtual router Configures advertisement time which means the interval that master vr timers router distributes its information to another virtual router Tab 3 11 Main Commands of VRRP Configuration Mode A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 3 1 12 Route Map Configuration Mode To open Route map Configuration mode use the following command The prompt is changed from SWITCH config to SWITCH config route map Command Mode Description route map NAME permit deny Global Opens Route map Configuration mode lt 1 65535 gt On Route map Configuration mode you can configure the place where information is from and sent in routing table Tab 3 12 shows a couple of important main commands of Route map Configuration mode Command Description Transmits routing information to specified place Configures router address and distance Tab 3 12 Main Commands of Route map Configuration Mode A50010 Y3 C150 2 7619 35 UMN CLI 36 3 2 3 2 1 User Manual SURPASS hiD 6615 8223 8323 R1 5 Useful Tips This section provides useful functions for user s convenience while using CLI commands They are as follow Listing Available Commands Calling Command History e Using Abbreviation Using Command of Privileged EXEC Enable Mode Exit Current Command Mode Listing Available Commands To list availa
272. h cost 100 100 gt Path 1 Path 2 Switch D PATH 1 50 100 150 PATH 2 100 100 200 PATH 1 PATH 2 PATH 1 selected Fig 8 11 Designated Switch In case of the above picture showing SWITCH C sends packet path cost of PATH 1 is 150 and path cost of PATH 2 is total 200 100 100 path cost of SWITCH C to B path cost of SWITCH B to C Therefore lower path cost PATH 1 is chosen In this case port connected to Root switch is named Root port In the above picture port of SWITCH C connected to SWITCH A as Root switch is Root port There can be only one Root port on equipment The standard to decide designated switch is total root path cost which is added with path cost to root Switch with lower path cost is selected to be designated switch When root path costs are same bridge ID is compared A50010 Y3 C150 2 7619 UMN CLI SURPASS hiD 6615 S223 S323 R1 5 Designated Port and Root Port A Root Port is the port in the active topology that provides connectivity from the Desig nated Switch toward the root A Designated Port is a port in the active topology used to forward traffic away from the root onto the link for which this switch is the Designated Switch That is except root port in each switch selected port to communicate is desig nated port Port Priority Meanwhile when path costs of two paths are same port priority is compared As the be low picture suppose that two switches are connected Since
273. h interface to find the shortest route Cost is used for packet routing and routers are using the Cost to communicate To configure an interface cost for OSPF use the following command Command Mode Description ip ospf cost lt 1 65535 gt ip ospf A B C D cost lt 1 65535 gt Interface Configures an interface cost for OSPF A50010 Y3 C150 2 7619 337 UMN CLI User Manual SURPASS hiD 6615 S223 8323 R1 5 To delete a configured interface cost for OSPF use the following command Command Mode Description no ip ospf cost Interface Deletes a configured an interface cost for OSPF no ip ospf A B C D cost 10 2 4 4 Blocking Transmission of Route Information Database OSPF routing communicates through the LAS Each routing information is saved internal router as a datebase but user can configure the specific interface to block the transmis sion of routing information saved in database to other router To block the transmission of routing information to other router use the following com mand Command Description ip ospf database filter all out ip ospf A B C D database filter Interface all out Blocks the transmission of routing information to other router To release a blocked interface use the following command Command Description no ip ospf database filter no ip ospf A B C D database Interface Releases a blocked interface filter 10 2 4
274. he most important information to decide the root switch is bridge ID Bridge ID is com posed of 2 bytes priority and 6 bytes MAC address The root switch is decided with the lowest bridge ID Switch A Priority 8 ROOT P Switch C itch B oe Priority 10 Priority 9 y DP RP Root Port DP Designated Port Switch D Fig 8 10 Root Switch A50010 Y3 C150 2 7619 201 UMN CLI 202 User Manual SURPASS hiD 6615 S223 8323 R1 5 After configuring STP these switches exchange their information The priority of SWITCH A is 8 the priority of SWITCH B is 9 and the priority of SWITCH C is 10 In this case SWITCH A is automatically configured as a root switch Designated Switch After deciding a root switch while SWITCH A transmits packets to SWITCH C SWITCH A compares exchanged BPDU to decide the path The most important information to decide path is the path cost Path cost depends on transmission rate of LAN interface and path with lower path cost is selected The standard to decide designated switch is total root path cost which is added with path cost to root Path cost depends on transmit rate of switch LAN interface and switch with lower path cost is selected to be designated switch Switch A Priority 8 Root Switch gerne ey cee eal Path cost 100 Path cost Designated a6 2 Switch COD Switch B Switch e Priority 9 Priority 10 v Path cost gt Pat
275. he warranties provided by the au thors of the Open Source Software contained in this product please consult the GPL and LGPL You have no warranty claims against Siemens when a defect in the product is or could have been caused by changes made by you in any part of the software or its configura tion In addition you have no warranty claims against Siemens when the Open Source Software infringes the intellectual property rights of a third party Siemens provides no technical support for either the software or the Open Source Soft ware contained therein if either has been changed A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S8223 8323 R1 5 2 System Overview SURPASS hiD 6615 L3 switch is typical Layer 3 switch intended to construct large scale network which provides aggregated function of upgraded LAN network consisted of typi cal Ethernet switch Layer 3 switch can connect to PC web server LAN equip ment backbone equipment or another switch through various interfaces SURPASS hiD 6615 L3 switch supports routing based on VLAN IP multicasting and pro vides Layer 3 switching service such as IP packet filtering or DHCP The Fig 2 1 shows network construction with using hiD 6615 S223 S323 Internet hiD 6615 CE hiD 6615 d Fig 2 1 Network Structure with hiD 6615 S223 S323 A50010 Y3 C150 2 7619 23 UMN CLI 24 2 1 User Manual SURPASS hiD 6615 S223 8323 R1 5 System Features Main features o
276. hentication which is based on text key KEY Interface encoding ip ospf A B C D authentication KEY maximum 16 alphanumeric characters key LINE ip ospf A B C D authentication key KEY first second active A50010 Y3 C150 2 7619 User Manual SURPASS hiD 6615 223 S323 R1 5 10 2 4 3 UMN CLI To configure an authentication key which is based on MD5 encoding use the following command Command Description ip ospf message digest key lt 1 255 md5 KEY active ip ospf message digest key 1 255 md5 active ip ospf A B C D message digest key 1 255 md5 active ip ospf A B C D message digest key 1 255 md5 LINE active ip ospf A B C D message digest key 1 255 md5 KEY active Interface Configures the authentication which is based on md5 KEY maximum 16 alphanumeric characters To delete a configured authentication key use the following command Command Mode Description no ip ospf authentication key KEY no ip ospf authentication key KEY first second no ip ospf A B C D authentica tion key KEY no ip ospf A B C D authentica tion key KEY first second no ip ospf message digest key 1 255 no ip ospf A B C D message digest key 1 255 Interface Deletes a configured authentication key Interface Cost OSPF protocol assigns suitable cost according to the bandwidth on the eac
277. her priority than that of B is sent B cannot be CST root For the hiD 6615 8223 8323 the commands configuring MSTP are also used to config ure STP and RSTP 8 3 4 Configuring STP RSTP MSTP PVSTP PVRSTP Mode Required First of all you need to configure force version to decide the mode before STP is config ured To decide force version of the switch use the following command Command Mode Description stp force version stp rstp Bridge Configures Force version in the bridge mstp pvstp pvrstp To delete STP configuration from the switch use the following command Command Description no stp force version Removes force version configuration A50010 Y3 C 150 2 7619 211 UMN CLI 212 8 3 5 8 3 5 1 8 3 5 2 8 3 5 3 User Manual SURPASS hiD 6615 S223 S323 R1 5 Configuring STP RSTP MSTP To configure STP and RSTP use the following steps Step 1 Decide STP mode using the stp force version stp rstp command Step 2 Activate MST daemon using the stp mst enable command Step 3 Configure detail options if specific commands are required Activating STP RSTP MSTP To enable disable STP RSTP and MSTP in the force version use the following command Command Mode Description stp mst enable disable Bridge Enables disables STP RSTP or MSTP function Even though STP function does not operated loop event does not occur in a switch which belongs to the non dual path LAN envi
278. herStatsOctets 5 669 264 EtherStatsPkts 71 811 EtherStatsBroadcastPkts 36 368 EtherStatsMulticastPkts 32 916 EtherStatsCRCAlignErrors 0 EtherStatsUndersizePkts 0 EtherStatsOversizePkts 0 EtherStatsFragments 0 EtherStatsJabbers 0 EtherStatsCollisions 0 EtherStatsPkts64Octets 165 438 EtherStatsPkts65tol270ctets 12 949 EtherStatsPkts128to255Octets 1 662 EtherStatsPkts256to5110ctets oly Ltt EtherStatsPkts512to1023Octets 12 EtherStatsPkts1024tol15180ctets 64 SWITCH bridge 78 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 Otherwise to clear all recorded statistics of port and initiate use the following command Command Description clear port statistics PORTS all Clears all recorded port statistics 5 2 7 2 The CPU statistics To display CPU statistics of Ethernet port use the following command Command Mode Description show cpu statistics avg pkt Shows cpu traffic statistics of average packet for a PORTS Enable specified Ethernet port Global show cpu statistics total Bridge Shows cpu traffic statistics of Interface group for a PORTS specified Ethernet port To delete all CPU statistics of specified Ethernet port use the following command Command Description clear cpu statistics PORTS Deletes all CPU statistics for an Ethernet port 5 2 7 3 The Protocol statistics To enable disable protocol statistics Command Mode Descr
279. host as stub link information Routing infor mation can be assigned to each host which is connected with one router To configure the routing information to each host use the following command Command Description host A B C D area A B C D Configures the routing information to host A B C D area A B C D cost 0 65535 each host Command Description host A B C D area 1 4294967295 host A B C D area 1 4294967295 cost lt 0 Router 65535 Configures the routing information to each host 10 2 15 Passive Interface The passive interface which is configured by OSPF network operate as stub area There fore passive interface can not exchange the OSPF routing information To configure the passive interface use the following command Command Mode Description passive interface NTERFACE Router Configures the passive interface A B C D To release the configured as passive interface use the following command Command Mode Description no passive interface INTERFACE A B C D Router Releases the configured as passive interface A50010 Y3 C150 2 7619 355 UMN CLI 356 10 2 16 10 2 17 10 2 18 User Manual SURPASS hiD 6615 S223 S323 R1 5 Blocking Routing Information The hiD 6615 S323 can classify and restrict the routing information To configure this function sort the specific routing information in access list first and block the routing in formation in acce
280. host wants to become a member of the group Host query messages are addressed to the all hosts multicast group which has the address 224 0 0 1 and has an IP time to live TTL value of 1 The designated router for a LAN is the only router that sends IGMP host query messages For IGMP Version 2 the designated querier is the router with the lowest IP address on the subnet If the router hears no queries for the timeout period it becomes the querier To configure an IGMP query interval use the following command Command Description m Configures the IGMP query interval ip igmp query interval 1 18000 frequency at which IGMP host query mes 1 180002 Interface sages are sent unit second no ip igmp query interval Returns to the default value 125 Use this command to configure the timeout period before the router takes over as the A50010 Y3 C150 2 7619 285 UMN CLI 286 User Manual SURPASS hiD 6615 S223 S323 R1 5 querier for the interface after the previous querier has stopped querying Command Description Configures the IGMP queier timeout ip igmp querier timeout 60 300 number of seconds that router waits after the lt 60 300 gt Interface previous querier has stopped querying before it takes over as the querier no ip igmp querier timeout Returns to the default value 255 IGMP Maximum Response Time To configure the maximum response time advertised in IGMP querie
281. hours 15 minutes 24 88 seconds admin at ttypO0 from 10 0 1 4 1670 for 4 days 17 hours 53 minutes 28 76 seconds admin at ttypl from 147 54 140 133 49538 for 6 minutes 34 12 seconds SWITCH disconnect ttypO SWITCH where admin at from console for 4 days 22 hours 15 minutes 34 88 seconds admin at ttypl from 147 54 140 133 49538 for 6 minutes 44 12 seconds SWITCH A50010 Y3 C150 2 7619 47 UMN CLI 48 4 1 8 1 User Manual SURPASS hiD 6615 S223 S323 R1 5 Auto Log out For security reasons of the hiD 6615 S223 S323 if no command is entered within the configured inactivity time the user is automatically logged out of the system Administra tor can configure the inactivity timer To enable auto logout function use the following command Command Description Enables auto log out exec timeout lt 1 35791 gt lt 0 59 gt 1 35791 time unit in minutes by default 10 minutes Global 0 59 time unit in seconds exec timeout 0 Disables auto log out To display a configuration of auto logout function use the following command Command Mode Description Enable show exec timeout Global Shows a configuration of auto logout function oba The following is an example of configuring auto logout function as 60 seconds and view ing the configuration SWITCH config exec timeout 60 SWITCH config show exec timeout Log out time 60 seconds SWITCH config System Rebooting Manual System
282. ht only to read or right both to read and to write The SNMP agent has MIB variables to reply to request from SNMP administrator And SNMP administrator can ob tain data from the agent and save data in the agent The SNMP agent gets data from MIB which saves information on system and network SNMP agent sends trap to administrator for specific cases Trap is a warning message to alert network status to SNMP administrator The hiD 6615 8223 8323 enhances accessing management of SNMP agent more and limit the range of OID opened to agents The following is how to configure SNMP SNMP Community Information of SNMP Agent SNMP Com2sec e SNMP Group SNMP View Record Permission to Access SNMP View Record e SNMP Version 3 User SNMP Trap SNMP Alarm M Displaying SNMP Configuration Disabling SNMP SNMP Community Only an authorized person can access an SNMP agent by configuring SNMP community with a community name and additional information To configure an SNMP community to allow an authorized person to access use the fol lowing command on Global configuration mode Command Description snmp community ro rw COMMUNITY Creates SNMP community P ADDRESS OID COMMUNITY community name Global Deletes a created community no snmp community ro rw COMMUNITY COMMUNITY community name You can configure up to 3 SNMP communities for each read only and read write A50010 Y3 C150
283. iD 6615 8223 8323 R1 5 port02 2200 1518 port03 2200 1518 port04 2200 1518 port05 2200 1518 port06 2200 1518 port07 2200 1518 port08 2200 1518 port09 2200 1518 portl0 2200 1518 portll 1518 1518 portl2 1518 1518 SWITCH bridge 8 13 Blocking Direct Broadcast RFC 2644 recommends that system blocks broadcast packet of same network bandwidth with interfaceof equipment namely Direct broadcast packet Hereby SURPASS hiD 6615 supposed to block Direct broadcast packet by default setting However you can enable or disable it in SURPASS hiD 6615 In order to block Direct broadcast packet use the fol lowing command Command Mode Description no ip forward direct broadcast Enables blocking Direct broadcast packet Default Global ip forward direct broadcast Disables blocking Direct broadcast packet The following is an example of blocking Direct broadcast packet and showing it SWITCH config ip forward direct broadcast SWITCH config show running config Building configuration omitted 1 ip forward direct broadcast no snmp SWITCH config 8 14 Maximum Transmission Unit MTU Maximum value for the length of the data payload can be transmitted User can control Maximum Transmission Unit MTU with below command Command Mode Description mtu lt 68 1500 gt Configures maximum MTU size Interface no mtu Returns to the default MTU siz
284. ic lt 0 16777214 redistribute bgp connected kernel rip static metric type 1 2 Router Configures the external route transmission redistribute bgp connected kernel rip static route map MAP NAME redistribute bgp connected kernel rip static tag lt 0 4294967295 A50010 Y3 C150 2 7619 353 UMN CLI 354 10 2 13 User Manual SURPASS hiD 6615 S223 8323 R1 5 The following example shows how to configure it with more than 2 options redistribute bgp connected kernel rip static metric lt 0 16777214 gt tag lt 0 4294967295 redistribute bgp connected kernel rip static tag lt 0 4294967295 gt metric type 1 27 For efficient transmission of routing information and to avoid non matching between met ric and OSPF routing protocol use the default matric command to assign metric about redistribute route To configure the default metric use the following command Command Mode Description default metric lt 0 16777214 gt Router Configures the default metric To delete the default metric use the following command Command Mode Description no default metric lt 0 16777214 gt Router Deletes the default metric OSPF Distance An administrative distance is a rating of the trustworthiness of a routing information source such as an individual router or a group of routers Numerically an administrative distance is an inte
285. icast SSM range of IP multicast addresses use the following command When an SSM range of IP multicast addresses is defined by the ip pim ssm command no Multicast Source Discovery Protocol MSDP Source Active SA messages will be accepted or originated in the SSM range Command Description T Defines the SSM range of IP multicast address ip pim ssm range lt 1 99 gt AC 1 99 simple access list CESS LIST Global ACCESS LIST IP named standard access list ip pim ssm default Configures the SSM by default no ip pim ssm Disables the command PIM Snooping PIM Snooping is used to reduce unnecessary bandwidth by restricting data and multicast control packets which transmitted between each port In networks where a Layer 2 switch interconnects several routers the switch floods IP multicast packets on all multicast router ports by default even if there are no multicast receivers downstream If PIM Snooping is enabled the switch restricts multicast packets for each IP multicast group to only those multicast router ports that have downstream receivers joined to that group And the switch learns which multicast router ports need to receive the multicast traffic within a specific VLAN by listening to the PIM hello messages PIM join and prune messages To configure PIM Snooping use the following command Command Description ip pim snooping Enables PIM Snooping function on the switch ip pim sno
286. ication key SWITCH_A ssh login 172 16 209 10 Enter passphrase for key etc ssh id_dsa networks SWITCH_B To display the configured authentication keys in the hiD 6615 S324 use the following command Command Mode Description Enable show key list a Shows an authentication key of SSH server oba A50010 Y3 C150 2 7619 63 UMN CLI 64 4 5 User Manual SURPASS hiD 6615 S223 S323 R1 5 802 1x Authentication To enhance security and portability of network management there are two ways of au thentication based on MAC address and port based authentication which restrict clients attempting to access to port The port based authentication 802 1x decides to give ac cess to RADIUS server having the information about user who tries to access 802 1x authentication adopts EAP Extensible Authentication Protocol structure In EAP system there are EAP MD5 Message Digest 5 EAP TLS Transport Level Security EAP SRP Secure Remote Password EAP TTLS Tunneled TLS and the hiD 6615 223 S323 supports EAP MD5 and EAP TLS Accessing with user s ID and password EAP MD5 is one way Authentication based on the password EAP TLS accesses through the mutual authentication system of server authentication and personal authentication and it is possible to guarantee high security because of mutual authentication system At a request of user Authentication from user s PC EAPOL Start type of packets are transmitted to authenticator and
287. ified user defined syslog output level with a priority The order of priority is emergency gt alert gt critical gt error gt warning gt notice gt info gt debug If you set a specific level of syslog output you will receive only a syslog message for selected level or higher If you want receive a syslog message for all the levels you need to set the level to debug A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 The following is an example of configuring syslog message to send all logs higher than notice to remote host 10 1 1 1 and configuring local1 info to transmit to console SWITCH config syslog output notice remote 10 1 1 1 SWITCH config f syslog output priority locall info console SWITCH config show syslog System logger on running info local volatile info local non volatile notice remote 10 1 1 1 locall info console SWITCH config 7 5 2 Facility Code You can set a facility code of the generated syslog message This code make a syslog message distinguished from others so network administrator can handle various syslog messages efficiently To set a facility code use the following command Command Mode Description syslog local code lt 0 7 gt Sets a facility code Global no syslog local code Deletes a specified facility code The following is an example of configuring priority of all syslog messages which is trans mitted to remote host 10
288. igure IP address to be used in candidate RP use the following command Command Mode Description Configures RP address for multicast groups statically A B C D IP address ip pim rp address A B C D lt 1 Global 1 99 IP standard access list 99 gt lt 1300 1999 gt override T 1300 1999 IP standard access list expanded range override override dynamically RP mappings e f RP address configured through BSR and RP address configured statically are both available for a group range the RP address configured through BSR is chosen e f multiple static RPs are available for a group range then one with the highest IP address is chosen To delete configured IP address use the following command Command Description no ip pim rp address A B C D Deletes configured IP address Enabling Transmission of Candidate RP Message Use this command to give the router the candidate RP status using the IP address of the specified interface Command Description Configures a message for a candidate RP ip pim rp candidate NTERFACE INTERFACE interface name group list lt 1 99 gt interval 1 Global 1 99 IP standard access list 16383 gt priority lt 0 255 gt 1 16383 advertisement interval unit second 0 255 priority value To delete configured priority of candidate RP use the following command Command Description no ip pim rp candidate Unconfigures the entire setting of candid
289. igured to decide the way of packet route in order to divide on member port effectively when packets A50010 Y3 C150 2 7619 193 UMN CLI 194 8 2 1 2 8 2 1 3 8 2 2 User Manual SURPASS hiD 6615 S223 S323 R1 5 enter It is decided with Source IP address Destination IP address Source MAC address Destination Mac address and the user could get information of packets to decided packet route e dstip Destination IP address dstmac Destination MAC address srcdstip Refer to both Source IP address and Destination IP address srcdstmac Refer to both Source MAC address and Destination MAC address e Srcip Source IP address e srcmac Source MAC address The port designated as member port of port trunk is automatically deleted from existing VLAN Therefore if member port and aggregated port exist in other VLAN VLAN configu ration should be changed for the aggregated port Disabling Port Trunk To remove the configured port trunk from specified trunk group use the following com mand Command Description no trunk lt 0 5 gt PORTS Releases a configured trunk port no trunk distmode 0 5 If the user deleted member port from logical port or release port trunk they are automati cally contained as default VLAN Displaying Port Trunk Configuration To display a configuration of port trunk use the following command Command Mode Description Enable show trunk
290. information on the standard of AS arp Registers IP address and MAC address in ARP table bgp Helps BGP configuration bridge Opens Bridge Configuration mode copy Makes a backup file for the configuration of the switch dot1x Configures various functions of 802 1x daemon end Closes current mode and returns to User EXEC mode exit Closes current mode and returns to previous mode hostname Changes host name of the switch exec timeout Configures auto logout function fan Configures fan operation interface Opens Interface Configuration mode ip Configures various functions of the interface passwd Changes a system password qos Configures QoS restore factory defaults Restores the default configuration of the switch rmon alarm Opens Hmon alarm configuration mode rmon event Opens Rmon event configuration mode rmon history Opens Rmon history configuration mode route map Opens Route map Configuration mode router Opens Router Configuration mode OSPF RIP VRRP PIM BGP snmp Configures SNMP sntp Configures SNTP syslog Configures syslog time zone Configures time zone Tab 3 3 Main Commands of Global Configuration Mode Bridge Configuration Mode In Bridge Configuration mode you can configure various Layer 2 functions such as VLAN STP LACP EFM OAM etc To open Bridge Configuration mode enter the bridge command then the system prompt will b
291. ing Tracing Packet Route e Displaying User Connecting to e MAC Table Running Time of System System Information e System Memory Information e Average of CPU Load e Running Process Displaying System Image Displaying Installed OS Default OS e Switch Status e Tech Support Network Connection To verify if your system is correctly connected to the network use the command ping For IP network this command transmits echo message to ICMP Internet Control Mes sage Protocol ICMP is internet protocol that notifies fault situation and provides informa tion on the location where IP packet is received When ICMP echo message is received at the location its replying message is returned to the place where it came To perform a ping test to verify network status use the following command Command Mode Description ping P ADDRESS Enable Performs a ping test to verify network status A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 The following is the basic information to operate ping test Items Description Protocol ip Supports ping test Default is IP Sends ICMP echo message by inputting IP address or host name of Target IP address aEOHM destination in order to check network status with relative Repeat count 5 Sends ICMP echo message as many as count Default is 5 Datagram size 100 Ping packet size Default is 100 bytes It is considered as
292. ing pim snooping would be written on the chip In addition verify the hitbit about Entry after the Aging time to reset the aging time or delete Entry to manage the Multicast Entry efficiently To configure the multicast againg use the following command Command Description ip mcfdb aging time lt 10 Configures Aging tiem for Multicast Stream 21474830 Default 300sec ip mcfdb aging limit lt 256 Configures Maximun Multicast Stream for Aging 65535 Global Default 5000 no ip mcfdb aging time Restores it as a default no ip mcfdb aging limit To delete Muticast Stream Entry that has done the Aging use the following command Command Description f Deletes Multicast Stream Entry after Aging per vlan or clear ip mcfdb vlan VLAN a Global clear ip mcfdb vlan VLAN group Deletes Multicast Stream Entry after Aging per vlan or A B C D source A B C D group source To display about Againg information use the following command Command Description 7 Displays L2 Aging information show ip mcfdb ee ba ec at dee aging time aging limit information show ip mcfdb aging entry vlan VID group A B C D Displays L2 Aging information mac based detail Displays L3 Aging Entry information as Input interface RPF and Output Interface Detail displays input output Port for each interface show ip mfib vlan VID group A B C D detail and user fo
293. ing Login Password ssssssssseeee eene nemen 42 4 1 4 Management for System Account ssssssssee emen 42 41 4 1 Creating System ACCOUNt Hs i eror Er ort stones e e Hot berti d 42 4 1 4 2 Configuring Security Level ssssseseeeee eem eem 43 4 1 5 Limiting Number of User 2 dine ded eid eiie 47 4 1 6 Telnet ACCOSS incerta ERR DIU matadacoeaaeeaissantdict ana aS AR 47 4 1 7 Auto Log OWM dorta cess lebt em Hte beber i do breed 48 4 1 8 System Reboollng ect e d eget eee pet are RR PASARE iA 48 4 1 8 1 Manual System Rebooting ssssssseeene ene 48 4 1 8 2 Auto System Rebooting ssssssssseseee enm eene 49 4 2 System Authentication ssssssssssseeeeeeeneeene menn 49 4 2 1 Authentication Method sess 50 A50010 Y3 C150 2 7619 User Manual SURPASS hiD 6615 S223 S323 R1 5 4 2 2 4 2 3 4 2 4 4 2 4 1 4 2 4 2 4 2 4 3 4 2 4 4 4 2 5 4 2 5 1 4 2 5 2 4 2 5 3 4 2 5 4 4 2 6 4 2 7 4 2 8 4 3 4 3 1 4 3 2 4 3 3 4 3 4 4 3 5 4 3 6 4 3 7 4 3 8 4 4 4 4 1 4 4 1 1 4 4 1 2 4 4 1 3 4 4 1 4 4 4 1 5 4 4 2 4 4 2 1 4 4 2 2 4 4 2 3 4 5 4 5 1 4 5 1 1 4 5 1 2 4 5 1 3 4 5 1 4 4 5 1 5 4 5 1 6 4 5 1 7 4 5 1 8 4 5 2 4 5 2 1 4 5 2 2 4 5 2 3 4 5 2 4 4 5 3 A50010 Y3 C150 2 7619 UMN CLI Authentication Interface sss iirinn iiini mme 50 Primary Authentication Method sssssem emen 50 RA
294. ing active in the spanning tree Listening the port is still not forwarding data traffic but is listening to BPDUs in order to compute the spanning tree The port is comparing its own information path cost Bridge Identifier Port Identifier with information received from other candidates and deciding which is best suited for inclusion in the spanning tree Learning the port is preparing to forward data traffic The port waits for a period of time to build its MAC address table before actually forwarding data traffic This time is the forwarding delay Forwarding After some time learning address it is allowed to forward data frame This is the steady state for a switch port in the active spanning tree Disabled When disabled a port will neither receive nor transmit data or BPDUs A port is in this state because it is broken or disabled by administrator A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 8 3 2 RSTP Operation STP or RSTP is configured on network where Loop can be created However RSTP is more rapidly progressed than STP at the stage of reaching to the last topology This sec tion describes how the RSTP more improved than STP works It contains the below sec tions e Port States e BPDU Policy e Rapid Network Convergence Compatibility with 802 1d Port States RSTP defines port states as discarding learning and forwarding Blocking of 802 1d and listening is combine
295. ing command Command Description no stp mst forward delay Returns to the default value of STP RSTP and MSTP no stp pvst forward delay VLAN RANGE Max Age Max age shows how long path message is messages use the following command Command Returns to the default value of PVSTP and PVRSTP per VLAN valid To configure max age to delete useless Description stp mst max age lt 6 40 gt Configures max age of route message of STP RSTP or MSTP enter a max age time value default 20 stp pvst max age VLAN RANGE lt 6 40 gt Configures max age of route message of PVSTP PVRSTP enter a max age time value of VLAN de fault 20 It is recommended that max age is configured less than twice of forward delay and more than twice of hello time A50010 Y3 C 150 2 7619 221 UMN CLI 222 8 3 9 4 8 3 9 5 8 3 9 6 User Manual SURPASS hiD 6615 S223 S323 R1 5 To delete a configured max age use the following command Command Description Returns to the default max age value of STP RSTP no stp mst max age and MSTP no stp pvst max age VLAN Returns to the default max age value of PVSTP and RANGE PVRSTP BPDU Hop In MSTP it is possible to configure the number of hop in order to prevent BPDU from wandering BPDU passes the switches as the number of hop by this function To configure the number of hop of BPDU in MSTP use the following
296. ion Creates new VLAN by assigning VLAN ID VLANS enter the number of VLAN ID from 1 to 4094 vlan create VLANS The variable VLANS is a particular set of bridged interfaces Frames are bridged only among interfaces in the same VLAN Specifying PVID By default PVID 1 is specified to all ports You can also configure PVID To configure PVID in a port use the following command Command Description Configures VLAN PVID PORTS enter the port numbers PVIDS enter the PV IDs 1 to 4094 multiple entries possible vlan pvid PORTS PVIDS Assigning Port to VLAN To assign a port to VLAN use the following command Command Description Assigns a port to VLAN VLANS enter the VLAN ID PORTS enter the port number vlan add VLANS PORTS tagged untagged Deletes associated ports from specified VLAN vian del VLANS PORTS VLANS enter the VLAN ID PORTS enter the port number to be deleted When you assign several ports to VLAN you have to enter each port separated by a comma without space or use dash mark to arrange port range Deleting VLAN To delete VLAN use the following command Command Mode Description no vian VLANS Bridge Deletes VLAN enter the VLAN ID to be deleted When you delete VLAN all ports must be removed from VLAN before see the below procedure A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 8 1 1 5
297. ion enter the no ip igmp snooping tcn query solicit command To diable the configured TCN flood settings use the following commands Command Description no ip igmp snooping tcn flood Disables multicast flooding on the switch no ip igmp snooping tcn vian Disables multicast flooding on a VLAN interface VLANS flood no ip igmp snooping tcn flood i Returns to the default number of IGMP queries query coun no ip igmp snooping tcn flood fea i Returns to the default interval of IGMP queries query interva no ip igmp snooping tcn query Stops the switch from sending a query solicitation solicit address A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 223 S323 R1 5 9 2 6 9 2 6 1 9 2 6 2 IGMP v3 Snooping This chapter consists of these sections e IGMP Snooping Version e Join Host Management e Immediate Block IGMP Snooping Version The reports sent to the multicast router are sent based on the version of that interface A user can administratively configure the version of the port as 1 or 2 If the user has con figured the version specifically the reports are always sent out with only this version If the user has not administratively configured the version value and a v1 query is received on an interface this interface is made a v1 interface and all reports sent out of this inter face are v1 reports If no v1 query is received on an interface for th
298. ion for telnet access oba tacacs host primary radius selects RADIUS authentication tacacs selects TACACS authentication host selects nominal system authentication default 50 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 4 2 4 RADIUS Server 4 2 4 1 RADIUS Server for System Authentication To add delete the RADIUS server for system authentication use the following command Command Description Adds the RADIUS server with its information A B C D RADIUS server address KEY authentication key value login radius server A B C D KEY Adds the RADIUS server with its information login radius server A B C D Global A B C D RADIUS server address KEY auth_port PORT acct_port KEY authentication key value PORT auth_port Enters authentication port number optional acct port Enters accounting port number optional no login radius server A B C D Deletes an added RADIUS server You can add up to 5 RADIUS servers 4 2 4 2 RADIUS Server Priority To specify the priority of a registered RADIUS server use the following command Command Mode Description Specifies the priority of RADIUS server Global A B C D IP address 1 5 priority of RADIUS server login radius server move A B C D 1 5 4 2 4 3 Timeout of Authentication Request After the authentication request the hiD 6615 S223 S323 waits for the response from the RADIUS server
299. ion to a particular interface This is to prevent other systems on an interface from learning about routes dynamically Provides a local mechanism for increasing the value of routing metrics A50010 Y3 C150 2 7619 367 UMN CLI 368 10 3 9 1 10 3 9 2 10 3 9 3 User Manual SURPASS hiD 6615 S223 8323 R1 5 Filtering Access List and Prefix List The hiD 6615 S323 switch is able to permit and deny conditions that you can use to filter inbound or outbound routes by access list or prefix list Use the distribute list command to apply the access list to routes received from or forwarded to a neighbor User should configure the route information for a set of deny conditions based on match ing each access list or prefix list In addition this configuration is able to be applied on the specific interface as well as the whole routes information of switch To block the route information based on matching access list or prefix list use the follow ing command Command Mode Description distribute list ACCESS LIST in Apply a specific access list or prefix list to incoming or out INTERFACE outgoing RIP route updates on interface in order to block the route Router distribute list prefix PREFIX INTERFACE interface name LIST in out INTERFACE ACCESS LIST access list name PREFIX LIST prefix list name To remove the filtering access list or prefix list to incoming or outgoing RIP route Command Description
300. ion will be still written in routing table until the neighbor routers are notified that this route is removed from the routing table Garbage The invalid information of route is deleted on the routing table every 120 seconds Once the information of route is classified as invalid it s eventually removed from the routing table after 120 seconds A50010 Y3 C150 2 7619 369 UMN CLI 370 10 3 12 10 3 13 User Manual SURPASS hiD 6615 S223 8323 R1 5 To adjust the timers use the following command Command Description timers basic UPDATE TIMEOUT GARBAGE no timers basic UPDATE TIME OUT GARBAGE Adjusts RIP network timers Router Restores the default timers Split Horizon Normally routers that are connected to broadcast type IP networks and that use distance vector routing protocols employ the split horizon mechanism to reduce the possibility of routing loops Split horizon blocks information about routes from being advertised by a router out any interface from which that information originated This behavior usually op timizes communications among multiple routers particularly when links are broken How ever with non broadcast networks such as Frame Relay situations can arise for which this behavior is less than ideal For these situations you might want to disable split hori zon If the interface is configured with secondary IP address and split horizon is enabled up da
301. iption protocol statistics enable dis Global able arp icmp ip tcp Bridge udpj To display protocols statistics of Ethernet port use the following command Command Mode Description show protocol statistics avg pkt Shows protocols arp icmp ip tcp udp statistics of PORTS enable average packet for a specified Ethernet port Global Bridge PORTS Interface group for a specified Ethernet port show protocol statistics total Shows protocols arp icmp ip tcp udp statistics of To delete all protocol statistics of specified Ethernet port use the following command Command Mode Description clear protocol statistics Global PORTS Bridge Deletes all protocols statistics for an Ethernet port A50010 Y3 C150 2 7619 79 UMN CLI 80 5 2 8 5 2 9 5 3 User Manual SURPASS hiD 6615 S223 8323 R1 5 Port Status To display a port status use the following command Command Mode Description show port PORTS Shows configured state of port enter the port number Enable show port description PORTS Global Bridge show port module info PORTS Shows port module information Shows port specific description max number of char acters is 100 enter the port number The following is an example of displaying port information for port 1 to 12 SWITCH show port 1 12 NO TYPE PVID STATUS MODE FLOWCTRL INSTALLED ADMIN OPE
302. it is exceeded To configure the limitation of MRIB routing entry use the following command Command Description Enables multicast routing function LIMIT 1 214783647 number of routes Global THRESHOLD 1 214783647 ip multicast route limit LIMIT THRESHOLD p Disables the limitation configuration of MRIB routing no ip multicast route limit entry A50010 Y3 C150 2 7619 279 UMN CLI 280 9 1 3 User Manual SURPASS hiD 6615 S223 S323 R1 5 Clearing MRIB Information Clearing Total or Partial Group Entry of MRIB If you use the clear ip mroute command the MRIB clears the multicast route entries in its multicast route table and removes the entries from the multicast forwarder Each mul ticast protocol has its own clear multicast route command The protocol specific clear command clears multicast routes from the protocol and also clears the routes from the MRIB To delete the multicast route entries use the following command Command Mode Description clear ip mroute Deletes all multicast routes entries Enable clear ip mroute GROUP ADDR Global SRC IP ADDRESS Bridge Deletes specific multicast routes entries GROUP ADDR group IP address SRC IP ADDRESS source IP address Clearing Statistics of Multicast Routing Table To delete the multicast route statistics entries from IP multicast routing table use the fol lowing command Command Description POR
303. itted alarm and delete the records SWITCH config show snmp alarm history cold start minor Fri Mar 25 15 30 56 2005 System booted SWITCH config snmp clear alarm history SWITCH config show snmp alarm history SWITCH config To display a current alarm report use the following command Command Mode Description Enable show snmp alarm report Global Shows a current alarm report oba To deletes a recorded alarm report in the system use the following command Command Mode Description Enable snmp clear alarm report Global Deletes a recorded alarm report in the system oba 7 1 11 Disabling SNMP To disable SNMP feature use the following command Command Mode Description no snmp Global Disables SNMP feature f When you use the above command all configurations concerning SNMP will be deleted 118 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 7 2 7 2 1 Operation Administration and Maintenance OAM In the enterprise Ethernet links and networks have been managed via Simple Network Management Protocol SNMP Although SNMP provides a very flexible management so lution it is not always efficient and is sometimes inadequate to the task First using SNMP assumes that the underlying network is operational because SNMP re lies on IP connectivity however you need management functionality even more when the underlying network is non operational Second
304. ively To display a configuration of storm control use the following command Command Mode Description Enable show storm control Global Displays storm control configuration Bridge Jumbo frame Capacity The packet range that can be capable to accept is from 64 bytes to 1518 bytes Therefore packets not between these ranges will not be taken However the hiD 6615 S223 S323 can accept Jumbo frame larger than 1518 bytes through user s configuration To configure to accept Jumbo frame larger than 1518 bytes use the following command Command Description Configures to accept jumbo frame between specified jumbo frame PORTS 1518 9000 ranges 1518 9000 Max packet length To disable configuration to accept Jumbo frame use the following command Command Description Disables configuration to accept jumbo frame on speci no jumbo frame PORTS s fied port To display the configuration of Jumbo frame use the following command Command Mode Description Enable show jumbo frame Global Shows a configuration of jumbo frame Bridge Sample Configuration The following is an example of configuration to accept Jumbo frame under 2200 bytes in port 1 10 SWITCH configure terminal SWITCH config bridge SWITCH bridge jumbo frame 1 10 2200 SWITCH bridge show jumbo frame Name Current Default port01 2200 1518 A50010 Y3 C150 2 7619 275 UMN CLI User Manual SURPASS h
305. k A50010 Y3 C150 2 7619 225 UMN CLI 226 MSTP Configuration MST Region 1 Instance 1 VLAN 111 120 Instance 2 VLAN 121 130 Instance 3 VLAN 131 140 Region Name test Revision 1 VLAN 101 200 User Manual SURPASS hiD 6615 8223 8323 R1 5 MST Region 2 Instance 1 VLAN 170 Region Name test Revision 2 Instance 2 VLAN 180 190 Instance 3 VLAN 191 195 MST Region 3 Instance 4 VLAN 150 160 Instance 5 VLAN 161 165 Region Name sample Revision 5 Fig 8 27 Example of Layer 2 Network Design in MSTP Environment The following is an example of configuring MSTP in the switch SWITCH bridge stp SWITCH bridge stp SWITCH bridge stp SWITCH bridge stp SWITCH bridge stp SWITCH bridge stp force version mstp mst enable mst config id map 2 1 50 mst config id name 1 mst config id revision 1 mst config id commit SWITCH bridge show stp mst Status bridge id designated root root port max age hello time forward delay CIST regional root max hops name revision instance vlans enabled 8000 00d0cb000183 8000 00d0cb000183 0 20 00 2 00 15 00 8000 00d0cb000183 20 TEST path cost 0 bridge max age bridge hello time bridge forward delay CIST path cost _ Instance 6 VLAN 200 MST Region 4 Region Name test Revision 1 20 00 2 00 15 00 CIST 51 4094 2 1 50 SWITCH bridge
306. k amp Broadcast address to name Change the complied packet matching code to readable letters and close it Output link level header of each line Output outer internet address as symbol Buffer output data in line This is useful when other application tries to receive data from tcpdump Do not translate all address e g port host address When output host name do not print domain Do not run packet matching code optimizer This option is used to find bug in optimizer Interface is not remained in promiscuous mode Reduce output quantity of protocol information Therefore output line is shorter Output TCP sequence number not relative but absolute Time is not displayed on each output line Display more information Save the captured packets in a file instead of output Display each packet as hexacode c NUMBER Close the debug after receive packets as many as the number F FILE Recieves file as filter expression All additional expressions on command line are ignored Desinate the interface where the intended packets are transmitted If not designated it i INTERFACE automatically select a interface which has the lowest number within the system interfaces Loopback is excepted r FILE Read packets from the file which created by w option This is used to configure sample packet except the 68 byte default value The 68 byte is appropriate value for IP
307. l state of the point to point status of the MAC entity by the MAC relay entity To configure the point to point status use the following command Command Description Sets point to point MAC PORTS select the port number stp point to point mac PORTS auto auto detect auto force true force false force true force to point to point MAC force false force to shared MAC not point to point MAC True means the MAC is connected to a point to point LAN i e there is at most one other system attached to the LAN False means the MAC is connected to a non point to point LAN i e there can be more than one other system attached to the LAN To delete the point to point configuration use the following command Command Description Deletes point to point MAC configuration no stp point to point mac PORT PORT select the port number Edge Ports Edge ports are used for connecting end devices There are no switches or spanning tree bridges after the edge port To configure edge port mode use the following command Command Description Sets port edge mode PORTS select the port number stp edge port PORTS A50010 Y3 C150 2 7619 215 UMN CLI 216 8 3 5 9 User Manual SURPASS hiD 6615 S223 S323 R1 5 To delete the edge port mode use the following command Command Description Deletes port edge mode no stp edge port PORTS PORTS select the port numbe
308. laining options of command authentication message digest null authentication key KEY message digest key KEY md5 KEY hello interval 1 655357 retransmit interval lt 1 65535 gt dead interval 1 655352 transmit delay lt 1 65535 gt To configure a virtual link with one option use the following command Command Description area lt 0 4294967295 gt virtual link A B C D au thentication message digest null area lt 0 4294967295 gt virtual link A B C D au thentication key KEY area lt 0 4294967295 gt virtual link A B C D mes sage digest key KEY md5 KEY area lt 0 4294967295 gt virtual link A B C D hello interval lt 1 65535 gt Router Configures a virtual link area 0 4294967295 virtual link A B C D re transmit interval lt 1 65535 gt area lt 0 4294967295 gt virtual link A B C D dead interval lt 1 65535 gt area 0 4294967295 virtual link A B C D transmit delay lt 1 65535 gt The following example shows how to configure virtual link with more than 2 options area lt 0 4294967295 gt virtual link A B C D authentication key KEY authentication message digest null area lt 0 4294967295 gt virtual link A B C D hello interval 1 65 535 dead interval 1 655352 348 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 223 S323 R1 5 10 2 7 10 2 8 To delete a configured virtual link use the following com
309. le nterface Configuration mode use the following command Command Mode Description no interface INTERFACE Global Disables a specified interface To activate PIM SM after opening the nterface Configuration mode use the following command Command Mode Description ip pim sparse mode passive Interface Activates PIM SM on specified interface The ip pim sparse mode passive command enables passive mode operation for local members on the interfaces Passive mode essentially stops PIM transactions on the inter face allowing only IGMP mechanism to be active To turn off passive mode use the ip pim sparse mode passive or the ip pim sparse mode command To disable PIM SM use the following command Command Mode Description no ip pim sparse mode passive Interface Disables PIM SM from specified interface DR Priority To set the priority for which a router is elected as the designated router DR use the fol lowing command in interface configuration mode Command Description ip pim dr priority Configures the priority for router lt 0 4294967294 gt Interface 0 4294967294 priority value no ip pim dr priority Returns to the default value 1 The router with the highest priority value configured on an interface will be elected as the DR If this priority value is the same on multiple routers then the router with the highest IP address configured on an interface will be elected as the DR If
310. lease use a combination of upper and lower case letters and numbers Enter new password Enter Bad password too short Warning weak password continuing Re enter new password Enter Password changed SWITCH config user add testl level 1 levelluser Changing password for testl Enter the new password minimum of 5 maximum of 8 characters Please use a combination of upper and lower case letters and numbers Enter new password Enter Bad password too short Warning weak password continuing Re enter new password Enter Password changed SWITCH config show user User name Description Level test0 level0user 0 testl levelluser 1 SWITCH config The following is an example of configuring an authority of the security level O and 1 SWITCH config privilege view level 0 enable SWITCH config privilege enable level 0 show SWITCH config privilege enable level 1 configure terminal SWITCH config show privilege Command Privilege Level Configuration Node All Level Command EXEC ENABLE 1 configure terminal EXEC VIEW 0 enable EXEC ENABLE 0 show 3 entry s found SWITCH config In the above configuration as level 0 it is possible to use only show command in Privi 46 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 4 1 5 4 1 6 leged EXEC Enable mode however as level 1 it is possible to use not only the com mands in level 1 but
311. lete all related routing data WORD shutdown NEIGHBOR IP neighbor IP address Rout oer WORD peer group name or neighbor tag no neighbor NE GHBOR IP Enables the sessions with a previously existing ADDRESS WORD shutdown neighbor or peer group that had been disabled BGP Session Reset When you manage BGP network you can use the command to reset the session for all peers occasionally Because the internal connections are re established newly after reset ting the route information of the connected routers is restored by default You can reset the session in specified condition The hiD 6615 S323 is available with several parameters to reset the BGP connections The advanced configurations describe in the following sections are as follows e Session Reset of All Peers e Session Reset of Peers within Particular AS e Session Reset of Specific Route e Session Reset of External Peer e Session Reset of Peer Group Session Reset of All Peers To reset the sessions with all BGP peers use the following command Command Mode Description clear ip bgp Global Resets all sessions with BGP peer groups When the route parameters restore to the default value by reset command you can con figure the specific parameters for its initialization If you would like to reset clear the out going advertised routes only you should use out parameter Otherwise if you d like to re set clear the incoming advertised routes
312. lizing Authentication Status The user can initialize the entire configuration on the port Once the port is initialized the supplicants accessing to the port should be re authenticated Command Mode Description dot1x initialize PORTS Global Initializes the authentication status on the port Applying Default Value To apply the default value to the system use the following command Command Mode Description dot1x default PORTS Global Applies the default value Displaying 802 1x Configuration To display 802 1x configuration use the following command Command Mode Description Enable show dot1x PORTS Global Shows 802 1x configuration oba 802 1x User Authentication Statistic To display the statistics about the process of 802 1x user authentication use the following command Command Mode Description Shows the statistics of 802 1x user authentication on show dot1x statistics PORTS Global the port To reset statistics by deleting the statistics of 802 1x user authentication use the following command Command Mode Description I Makes reset state by deleting the statistics of 802 1x dot1x clear statistics PORTS Global on the port A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 4 5 7 Sample Configuration The following is to show the configuration after configuring pot number 4 as the authenti cation port and registering IP address of au
313. lowing command Command Description no erp ms s DOMAIN ID Disables ERP manual switch to secondary 8 9 3 7 Wait to Restore Time To configure Wait to Restore Time use the following command Command Description erp wait to restore DOMAIN ID Configures ERP wait to restore time 1 720 1 720 Wait to restore time in second To return the configured Wait to Restore Time as Default use the following command Command Description no erp wait to restore DOMAIN ID Configures ERP wait to restore time as default value 8 9 3 8 Learning Disable Time To configure ERP Learning Disable Time use the following command Command Description erp learn dis time DOMAIN ID Configures ERP learning disable time 0 500 0 500 learning disabling time unit millisecond To return the configured Learning Disable Time as Default use the following command Command Description no erp learn dis time DOMAIN ID Configures ERP learning disable time as default value 8 9 3 9 Test Packet Interval To configure ERP Test Packet Interval use the following command Command Description erp test packet interval DO Configures ERP test packet interval MAIN ID 10 500 10 500 packet interval unit millisecond A50010 Y3 C150 2 7619 269 UMN CLI 270 8 9 3 10 8 10 User Manual SURPASS hiD 6615 S223 8323 R1 5 To return ERP Test Packet Interval as Default use the following command Comman
314. lowing is an example of configuring port mirroring with a port Step 1 Connect a motoring PC to the monitor port of the switch Step 2 Enable mirroring function SWITCH bridge mirror enable SWITCH bridge Step 3 Configure the monitor port 1 and mirroring port 2 3 4 and 5 SWITCH bridge mirror monitor 1 SWITCH bridge mirror add 2 SWITCH bridge mirror add 3 5 SWITCH bridge Step 4 Check the configuration SWITCH bridge show mirror Mirroring enabled Monitor port Ingress Mirrored Ports Egress Mirrored Ports SWITCH bridge 82 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 6 System Environment 6 1 Environment Configuration You can configure a system environment of the hiD 6615 8223 8323 with the following items e Host Name Time and Date e Time Zone e Network Time Protocol e Simple Network Time Protocol SNTP e Terminal Configuration e Login Banner DNS Server e Fan Operation Disabling Daemon Operation e System Threshold 6 1 1 Host Name Host name displayed on prompt is necessary to distinguish each device connected to network To set a new host name use the following command Command Mode Description hostname NAME Creates a host name of the switch enter the name Global no hostname NAME Deletes a configured host name enter the name To see a new host name use the following command
315. ly A50010 Y3 C 150 2 7619 145 UMN CLI 146 7 6 2 7 7 6 3 User Manual SURPASS hiD 6615 8223 8323 R1 5 Displaying Rule The following command can be used to show a certain rule by its name all rules of a cer tain type or all rules at once sorted by rule type Command Mode Description Shows a rule enter a rule name NAME rule name show rule NAME show rule Enable Shows all rules sorted by type Global show rule all Shows all rules and admin access rules sorted by type show rule statistics Shows rule statistics show rule profile Rule Shows a current configuration of a rule The following is an example of configuring specific rule action on rule profile and showing it SWITCH configure terminal SWITCH config rule jean create SWITCH config rule jean priority low SWITCH config rule jean match copy to cpu SWITCH config rule jean apply SWITCH config rule jean exit SWITCH config rule jean create Already exist rule SWITCH config show rule rule jean priority low port any any match copy to cpu SWITCH config rule jean modify SWITCH config rule jean no match copy to cpu SWITCH config rule jean show rule rule jean priority low port any any SWITCH config rule jean QoS For hiD 6615 223 S323 it is possible to use Strict Priority Queuing Weighted Round Robin and Weighted Fair Queuing for a packet scheduling mode The
316. m local admin disable PORTS Disables local OAM To configure loopback function of the host connected to the switch use the following command Command Description Enables loopback function of peer oam remote loopback enable PORTS dou evice Disables loopback function of peer oam remote loopback disable PORTS device oam remote loopback start PORTS Operates loopback A50010 Y3 C150 2 7619 119 UMN CLI 120 7 2 2 7 2 3 7 2 4 User Manual SURPASS hiD 6615 S223 S323 R1 5 Local OAM Mode To configure Local OAM use the following command Command Description oam local mode active ive PORTS Configures the mode of local OAM passive Both request and loopback are possible for local OAM active However request or loop back is impossible for local OAM passive OAM Unidirection When RX is impossible in local OAM it is possible to send the information by using TX To enable disable the function use the following command Command Description oam local unidirection enable Sends the information by using TX PORTS oam local unidirection disable Disables to transmit the information by using TX PORTS Remote OAM To enable disable remote OAM use the following command Command Description oam remote oam admin 1 2 enable PORTS Enables remote OAM oam remote oam admin 1 2 disable PORTS Disabl
317. m port number 2 and 4 are decided according to the protocol In case the protocol is incongruous the route is decided according to the port based VLAN Sample Configuration 4 Configuring QinQ 10 port of SWITCH 1 and 11 port of SWITCH 2 are connected to the network where dif ferent VLANs are configured To communicate without changing VLAN configuration of SWITCH 1 and SWITCH 2 which communicate with PVID 10 configure it as follows a You should configure the ports connected to network communicating with PVID 11 as I Tagged VLAN port lt SWITCH 1 gt SWITCH bridge vlan dotlq tunnel enable 10 SWITCH bridge vlan pvid 10 11 SWITCH bridge show vlan dotlq tunnel Tag Protocol Id 0x8100 d double tagging port UES eene eese s a EEEN eo aia EOE sois wal mmn mede Uefa SWITCH bridge lt SWITCH 2 gt SWITCH bridge vlan dotlq tunnel enable 11 SWITCH bridge vlan pvid 11 11 SWITCH bridge show vlan dotlq tunnel Tag Protocol Id 0x8100 d double tagging port dEbag ee hte ee e EEE CEE HST Cort CRE EON enel ener sra re SWITCH bridge Sample Configuration 5 Configuring Shared VLAN with FID Configure br2 br3 br4 in the hiD 6615 S223 8323 configured Layer 2 environment and 24 ports as Uplink port is configured To transmit untagged packet through Uplink port rightly follow below configuration A50010 Y3 C150 2 7619 191 UMN CLI Uplink default lt gt br2 lt gt I
318. mand Command Description no area lt 0 4294967295 gt virtual link authentication message digest null no area lt 0 4294967295 gt virtual link authentication key KEY no area lt 0 4294967295 gt virtual link message digest key KEY md5 KEY no area lt 0 4294967295 gt virtual link hello interval 1 65535 no area lt 0 4294967295 gt virtual link retransmit interval lt 1 65535 gt no area lt 0 4294967295 gt virtual link dead interval lt 1 65535 gt no area lt 0 4294967295 gt virtual link transmit delay lt 1 65535 gt Deletes a configured virtual link Default Metric OSPF finds metric based on interface bandwidth For example default metric of T1 link is 64 but default metric of 64K line is 1562 If there are plural lines in the bandwidth you can view costs to use line by assigning metric to each line To classify costs to use line use the following command Command Description auto cost reference bandwidth Configures default metric in the unit of Mbps lt 1 4294967 gt default 100 To delete the configuration use the following command Command Mode Description no auto cost reference bandwidth Router Deletes the configuration Graceful Restart Support You need to restart OSPF protocol processor when there is network problem In this case it takes long time to restarts OSPF and there is no packet transmission Other routers are also need to delete
319. mand Command Description ny i Configures the IGMP fast leave function ip igmp immediate leave group list 1 99 1300 1999 WORD 1 99 access list number Interface 1300 1999 access list number expanded range WORD IP named standard access list no ip igmp immediate leave Disables the fast leave configuration Displaying the IGMP Configuration To display the multicast groups and related information use the following command Command Description show ip igmp groups detail show ip igmp groups A B C D detail Displays the multicast groups with receivers directly show ip igmp groups NTER Enable connected to the router and learned through IGMP FACE detail Global Bridge show ip igmp groups NTER FACE A B C D detail show ip igmp interface Displays multicast related information about an inter show ip igmp interface INTER FACE face A50010 Y3 C150 2 7619 287 UMN CLI 288 9 2 3 9 2 4 9 2 4 1 User Manual SURPASS hiD 6615 S223 S323 R1 5 L2 MFIB Occasionally unknown multicast traffic is flooded because a MAC address has timed out or has not been learned by the switch To guarantee that no multicast traffic is flooded to the port use the following command Command Description ip unknown multicast block Configures the blocking of unknown multicast traffic ip unknown multicast Configures the blocking
320. mart relay Global no ip dhcp smart relay Disables a smart relay DHCP Option 82 In some networks it is necessary to use additional information to further determine which IP addresses to allocate By using the DHCP option 82 a DHCP relay agent can include additional information about itself when forwarding client originated DHCP packets to a DHCP server The DHCP relay agent will automatically add the circuit ID and the remote ID to the option 82 field in the DHCP packets and forward them to the DHCP server The DHCP option 82 resolves the following issues in an environment in which untrusted hosts access the internet via a circuit based public network Broadcast Forwarding The DHCP option 82 allows a DHCP relay agent to reduce unnecessary broadcast flood ing by forwarding the normally broadcasted DHCP response only on the circuit indicated in the circuit ID DHCP Address Exhaustion In general a DHCP server may be extended to maintain a DHCP lease database with an IP address hardware address and remote ID The DHCP server should implement poli cies that restrict the number of IP addresses to be assigned to a single remote ID Static Assignment A DHCP server may use the remote ID to select the IP address to be assigned It may permit static assignment of IP addresses to particular remote IDs and disallow an ad dress request from an unauthorized remote ID IP Spoofing A DHCP client may associate the IP address
321. members On the VLAN network packets received on a port are forwarded only to ports that belong to the same VLAN as the receiving port Net work devices in different VLANs cannot communicate with one another without a Layer 3 switching device to route traffic between the VLANs These VLANs improve performance because they reduce the propagation of local traffic and they improve security benefits because they completely separate traffic Enlarged Network Bandwidth Users belonged in each different VLAN can use more enlarged bandwidth than no VLAN composition because they do not receive unnecessary Broadcast information A properly implemented VLAN will restrict multicast and unknown unicast traffic to only those links necessary to only those links necessary to reach members of the VLAN associated with that multicast or unknown unicast traffic Cost Effective Way When you use VLAN to prevent unnecessary traffic loading because of broadcast you can get cost effective network composition since switch is not needed Strengthened Security When using a shared bandwidth LAN there is no inherent protection provided against unwanted eavesdropping In addition to eavesdropping a malicious user on a shared LAN can also induce problems by sending lots of traffic to specific targeted users or net work as a whole The only cure is to physically isolate the offending user By creating logical partitions with VLAN technology we further enhance the prot
322. mmand Mode Description router P PROTOCOL Global Opens Router Configuration mode Routing functionalities such as RIP OSPF BGP VRRP and PIM SM are only available for hiD 6615 8323 Unavailable for hiD 6615 S223 According to routing protocol way Houter Configuration mode is divided into BGP RIP and OSPF They are used to configure each IP routing protocol Tab 3 10 shows a couple of main commands of Router Configuration mode Command Description distance Configures distance value to find better route neighbor Configures neighbor router network Configures network to operate each routing protocol redistribute Registers transmitted routing information to another router s table Tab 3 10 Main Commands of Router Configuration Mode VRRP Configuration Mode To open VRRP Configuration mode use the following command The system prompt is changed from SWITCH config to SWITCH config router Command Mode Description router vrrp INTERFACE GROUP ID Global Opens VRRP Configuration mode Tab 3 11 shows a couple of main commands of Router Configuration mode Command Description associate Configures associated IP address same with virtual router authentication Configures password of virtual router group preempt Activates deactivates preempt track Configures VRRP track vip access Configures the function of accessing associated IP address vr priority Assi
323. mon history j rmon history 5 owner test data source ifindex hdlcl interval 60 requested buckets 25 active SWITCH config rmonhistory 5 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 7 4 2 7 4 2 1 RMON Alarm There are two ways to compare with the threshold absolute comparison and delta com parison e Absolute Comparison Comparing sample data with the threshold at configured in terval if the data is more than the threshold or less than it alarm is occurred Delta Comparison Comparing difference between current data and the latest data with the threshold if the data is more than the threshold or less than it alarm is oc curred You need to open RMON Alarm Configuration mode first to configure RMON alarm Command Description Opens RMON Alarm Configuration mode 1 65535 index number rmon alarm lt 1 65535 gt The following is an example of listing available commands on RMON alarm Configuration mode SWITCH config rmon alarm 1 SWITCH config rmonalarm 1 RMON alarm configuration commands active Activate the event do To run exec commands in config mode exit End current mode and down to previous mode falling event Associate the falling threshold with an existing RMON event falling threshold Define the falling threshold help Description of the interactive help system owner Assign the owner who define and is using the history resources
324. mp ignore echo broad Releases blocked echo reply message to partner who cast is taking broadcast ping test to device Interval for Transmit ICMP Message User can configure the interval for transmit ICMP message After you configure the inter val ICMP message will be blocked until the period based on the last message is up For example if you configure the interval as 1 second ICMP will not be sent within 1 second after the last message has been sent A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 To configure interval to transmit ICMP message the administrator should configure the type of message and the interval time Use the following command to configure the interval for transmit ICMP message Command Mode Description Configures the interval for transmit ICMP message ip icmp interval rate mask MASK Global MASK user should input hexadecimal value until OxFFFFFFFF The default is 0x1818 If mask that is input as hexadecimal number is calculated as binary number 1 means Status ON 0 means Status OFF In binary number if the digit showed as 1 matches with the value of ICMP message It means ICMP Message is selected as Status ON Digit value starts from 0 For example if hexadecimal number 8 is changed as binary number it is 1000 In 1000 0 digit is 0 and 1 digit is 0 2 digit is 0 and 3 digit is 1 The digit showed as 1 is
325. ms for ADVA status use the following command Command Description snmp alarm severity adva fan fail critical Sends alarm notification with the sever major minor warning intermediate ity when ADVA informs fan fail 7 TES Sends alarm notification with the sever snmp alarm severity adva if misconfig critical i ity when ADVA informs there s any mis major minor warning intermediate configuration 2 Sends alarm notification with the sever snmp alarm severity adva if opt thres critical t EY d ity when ADVA informs traffic is over major minor warning intermediate NE threshold on optical interface g u Sends alarm notification with the sever snmp alarm severity adva if rcv fail critical i g g ity when ADVA informs to fail to receive major minor warning intermediate the packets snmp alarm severity adva if sfp mismatch Sends alarm notification with the sever critical major minor warning intermedi ity when ADVA informs SFP module is ate mismatched A50010 Y3 C150 2 7619 115 UMN CLI 116 Command User Manual SURPASS hiD 6615 S223 S323 R1 5 Description snmp alarm severity adva if trans fault criti cal major minor warning intermediate snmp alarm severity adva psu fail critical major minor warning intermediate snmp alarm severity adva temperature c
326. mu nity And because PVLAN edge can work on local switch the isolation between two Switches is impossible The hiD 6615 8223 8323 provides Private VLAN function like Private VLAN edge of Cisco product Because it does not create any sub VLAN port security is provided by port A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 isolation If you want to configure Private VLAN on the hiD 6615 S223 S323 switch refer to Port Isolation configuration 8 1 9 1 Port Isolation The Port Isolation feature is a method that restricts L2 switching between isolated ports in a VLAN Nevertheless flows between isolated port and non isolated port are not re stricted If you use the port protected command packet cannot be transmitted between protected ports However to non protected ports communication is possible To configure Port Isolation use the following command Command Description port protected PORTS Enables port isolation no port protected PORTS Disables port isolation 8 1 9 2 Shared VLAN This chapter is only for Layer 2 switch operation The hiD 6615 S223 8323 is Layer 3 switch but it can be used for Layer 2 also Because there is no routing information in Layer 2 switch each VLAN cannot communicate Especially the uplink port should re ceive packets from all VLANs Therefore when you configure the hiD 6615 S223 S323 as Layer 2 switch the uplink ports have to be included in all
327. n and leave messages from multicast groups configured under MVR Join and leave messages from all other multi cast groups are managed by IGMP snooping A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 223 S323 R1 5 9 2 7 1 9 2 7 2 9 2 7 3 Enabling MVR To use the MVR enable the MVR function with the following command Command Mode Description Enables MVR on the system Global Disables MVR on the system MVR Group Address Statically configure a VLAN interface to receive multicast traffic sent to the multicast VLAN and the IP multicast address An interface statically configured as a member of a group remains a member of the group until statically removed Command Mode Description Configures MVR group address Global GROUP ADDR specific group address ex a b c d or a b c d x y z w mvr vlan VLAN group GROUP ADDR To delete the statically configured MVR group address use the following command Command Mode Description Deletes a MVR group address Global GROUP ADDR specific group address ex a b c d or a b c d x y z w no mvr vlan VLAN group GROUP ADDR MVR IP Address Statically configure a VLAN interface to receive multicast traffic sent to the multicast VLAN and the IP multicast address An interface statically configured as a member of a group remains a member of the group until statically removed When a multicast server belongs to different netwo
328. n files The following is an example of displaying a list of configuration files SWITCH config copy running config SURPASShiD6615 SWITCH config show config list 13 default SURPASShiD6615 SWITCH config To delete backup file use the following command Command Mode Description erase config FILENAME Enable Deletes backup file 6 2 5 Restoring Default Configuration To restore a default configuration of the system use the following command Command Description restore factory defaults Restores a factory default configuration restore layer2 defaults Restores an L2 default configuration restore layer3 defaults Restores an L3 default configuration A50010 Y3 C150 2 7619 93 UMN CLI 94 i 6 3 6 3 1 User Manual SURPASS hiD 6615 S223 S323 R1 5 After restoring a default configuration you need to restart the system to initiate The following is an example of restoring a default configuration of the system SWITCH config restore factory defaults You have to restart the system to apply the changes SWITCH config System Management When there is any problem in the system you must find what the problem is and its solu tion Therefore you should not only be aware of a status of the system but also verify that the system is configured properly This section includes the following functions with CLI command e Network Connection IP ICMP Source Rout
329. n klogd c 1 admin 103 246 2 0 20552 S100 2 S 20 12 0 53 usr sbin swchd more Omitted SWITCH 6 3 13 Displaying System Image To check a current system image version use the following command Command Mode Description p Enable show version Shows version of system image Global To display a size of the current system image use the following command Command Mode Description Enable show os size Shows size of system image Global 6 3 14 Displaying Installed OS To display utilization of flash memory use the followng command Command Mode Description Enable show flash Shows utilization of flash memory Global 6 3 15 Default OS The hiD 6615 8223 8323 supports dual OS You can show the flash memory by using show system command When there are two kinds of system images installed user can 102 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 6 3 16 6 3 17 A configure one of two as default OS what user wants In hiD 6615 S223 S323 a system image saved in os1 is configured as default OS by default To desgnate a default OS use the following command Command Mode Description default os os1 os2 Enable Desgnates default OS of switch Switch Status To display temperature of switch power status and fan status use the following command Command Mode Description show status fan Enable Shows fan status of switch
330. n the pim System ip igmp snooping vlan VLANS Configures the mrouter port learning method on a mrouter learn pim VLAN interface Global no ip igmp snooping mrouter Disables the mrouter port learning method on the sys learn pim tem no ip igmp snooping vlan Disables the mrouter port learning method on a VLAN VLANS mrouter learn pim interface Displaying Mrouter Configuration To display IGMP snooping mrouter configuration use the following command Command Mode Description show ip igmp snooping mrouter Enable Shows the mrouter configuration on the system show ip igmp snooping vlan Global Shows the mrouter configuration and detail information VLANS mrouter Bridge on a VLAN interface Multicast TCN Flooding An IGMP snooping disabled switch does not flood multicast traffic to all ports in a VLAN when a spanning tree Topology Change Notification TCN is received A topology can change in a VLAN and it may invalidate previously learned IGMP snooping information A host that was on one port before the topology change may move to another port after the topology change The hiD 6615 8223 8323 switch helps to deliver multicast traffic is de livered to all multicast receivers in that VLAN when the topology changes When the spanning tree protocol is running in a VLAN a spanning tree topology change notification TCN is issued by the root switch in the VLAN A50010 Y3 C150 2 7619 295 U
331. nable disable IP source routing in the hiD 6615 S223 S323 use the following com mand Command Description ip icmp source route Enable IP source routing function no ip icmp source route Disable IP source routing function Step 2 Performs the ping test from PC as the designate route with the ping command Tracing Packet Route You can discover the routes that packets will actually take when traveling to their destina tions To do this the traceroute command sends probe datagram and displays the round trip time for each node If the timer goes off before a response comes in an asterisk is printed on the screen Command Mode Description traceroute ADDRESS CT Traces packet routes through the network nable traceroute ip ADDRESS ADDRESS IP address or host name The following is the basic information to trace packet routes Items Description Protocol ip Supports ping test Default is IP Sends ICMP echo message by inputting IP address or host name of Target IP address nee destination in order to check network status with relative Source address Source IP address which other side should make a response Numeric display n Hop is displayed the number instead of indications or statistics p g It is considered as successful ping test if reply returns within the con Timeout in seconds 2 i ias i figured time interval Default is 2 seconds Probe count 3 S
332. nd network using the following command A50010 Y3 C150 2 7619 95 UMN CLI User Manual SURPASS hiD 6615 S223 S323 R1 5 The following is the information to use ping test for multiple IP addresses Items Description Designates the address where the relative device should respond in Source address or interface Source ip address T f ice 0 The service filed of QoS Quality Of Service in Layer 3 application It e of service 0 ie is possible to designate the priority for IP Packet Decides whether Don t Fragment DB bit is applied to Ping packet or not Default is no If the user choose yes when the packets pass Set DF bit in IP header no through the segment compromised with the smaller data unit it pre vents the packet to be Fragment Therefore there could be error mes sage Data pattern OxABCD Configures data pattern Default is OxABCD Tab 6 3 Options for Ping for Multiple IP Addresses The following is to verify network status between 172 16 157 100 and 172 16 1 254 when IP address of the switch is configured as 172 16 157 100 SWITCH ping Protocol ip Target IP address 172 16 1 254 Repeat count 5 5 Datagram size 100 100 Timeout in seconds 2 2 Extended commands n y Source address or interface 172 16 157 100 Type of service 0 0 Set DF bit in IP header no no Data pattern OxABCD PATTERN Oxabcd PING 172 16 1 254 172 16 1 254 from 172 16 1
333. nd of BGP Configuration mode COMMAND all in the level privilege bridge level lt 0 15 gt Uses the specific command of Bridge Configuratio COMMAND all mode in the level privilege configure level lt 0 15 gt Uses the specific command of Global Configuratio COMMAND all mode in the level privilege dhcp option82 level Uses the specific command of DHCP Option 82 Con lt 0 15 gt COMMAND all figuration mode in the level privilege dhcp pool level lt 0 15 gt Uses the specific command of DHCP Configuratio COMMAND all mode in the level privilege dhcp class level Uses the specific command of DHCP Option 82 Con lt 0 15 gt COMMAND all figuration mode in the level Global privilege dhcp pool class level Uses the specific command of DHCP Configuratio lt 0 15 gt COMMAND all mode in the level privilege enable level lt 0 15 gt Uses the specific command of Privileged EXEC mode COMMAND all in the level privilege interface level lt 0 15 gt Uses the specific command of Interface Configuratio COMMAND all mode in the level privilege ospf level lt 0 15 gt Uses the specific command of OSPF Configuratio COMMAND all mode in the level privilege pim level lt 0 15 gt Uses the specific command of PIM Configuration mode COMMAND all in the level privilege rip level lt 0 15 gt Uses the specific command of RIP Configuration mode CO
334. nected to where it is possible to transmit multicast packet or message only to that port To designate the port connected to multicast router use the following command Command Description Designates the port where multicast router is con ip igmp snooping mrouter port nected to on the system PORTS cpu PORTS logical port number ID to use cpu identifies the CPU port to use ip igmp snooping vlan VLANS Designates the port where multicast router is con mrouter port PORTS cpu nected to on a VLAN interface A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 223 S323 R1 5 9 2 5 6 To disable the port where multicast router is connected use the following command Command Description no ip igmp snooping mrouter Disables the port where multicast router is connected port PORTS cpu on the system no ip igmp snooping vlan Global VLANS mrouter port PORTS cpu Disables the port where multicast router is connected on a VLAN interface Mrouter Port Learning Method For the hiD 6615 S323 multicast capable router ports are added to the forwarding table for every Layer 2 multicast entry The switch learns such ports through snooping on PIM packets The switch snoops on PIM packets on all VLANs To configure Mrouter port learning method use the following commands Command Description ip igmp snooping mrouter learn Configures the mrouter port learning method o
335. net as the follow ing order e System Login Password for Privileged EXEC Mode Changing Login Password Management for System Account Limiting Number of User Telnet Access e Auto Log out e System Rebooting System Login After installing the hiD 6615 S223 S323 finally make sure that each port is correctly con nected to PC for network and management And then turn on the power and boot the system as follow Step 1 When you turn on the switch booting will be automatically started and login prompt will be displayed SWITCH login Step 2 When you enter login ID at the login prompt password prompt will be displayed And en ter password to open Privileged EXEC View mode By default setting login ID is config ured as admin and it is possible to access without password SWITCH login admin Password SWITCH Step 3 In Privileged EXEC View mode you can check only the configuration for the switch To configure and manage the switch you should begin Privileged EXEC Enable mode The following is an example of beginning Privileged EXEC Enable mode SWITCH enable SWITCH A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 4 1 2 Password for Privileged EXEC Mode You can configure a password to enhance the security for Privileged EXEC Enable mode To configure a password for Privileged EXEC Enable mode use the following command Command Description Configures a passwor
336. nfigure the default route with an option use the following command Command Description default information originate metric lt 0 16777214 gt default information originate metric type 1 2 Router Configures the default route with one option default information originate always default information originate route map MAP NAME The following example shows how to configure default route with more than 2 options A default information originate metric type 1 2 always default information originate route map MAP NAME metric lt 0 16777214 gt To delete the configuration use the following command Command Description no default information originate no default information originate metric lt 0 16777214 gt no default information originate metric type 1 2 Router Deletes the configuration no default information originate always no default information originate route map MAP NAME Finding Period OSFP start to find the shortest path as soon as got a notification of changing the network component You can configure the period to find the path A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 223 S323 R1 5 10 2 12 To configure the period of finding use the following command Command Mode Description Configures the period of finding in the unit of second Router SPF DELAY 0 2147483647 default 5 SPF HOLD 0 2147483647 d
337. nfigured To disable configured PVSTP PVRSTP use the following command Command Mode Description stp pvst disable Bridge Disables PVSTP or PVRSTP in VLAN A50010 Y3 C150 2 7619 217 UMN CLI 218 8 3 6 2 8 3 6 3 8 3 6 4 User Manual SURPASS hiD 6615 S223 S323 R1 5 Root Switch In order establish PVSTP PVRSTP function first of all Root switch should be decided Each switch has its own Bridge ID and Root switch on same LAN is decided by compar ing their Bridge ID However the user can change Root switch by configuring Priority for it The switch having the lowest priority is decided as Root switch To change Root switch by configuring Priority for it use the following command Command Description stp pvst priority VLAN RANGE Configures a priority of switch lt 0 61440 gt no stp pvst priority Clears a priority of switch VLAN RANGE Path cost After deciding Root switch you need to decide to which route you will forward the packet To do this the standard is path cost Generally path cost depends on transmission speed of LAN interface in switch In case the route is overload based on Path cost it is better to take another route By considering the situation the user can configure Path cost of Root port in order to des ignate the route on ones own To configure Path cost use the following command Command Description stp pvst path cost VLAN RANGE PORTS Configures path co
338. nfiguring width of band width which packets pass through This function prevents receiving packets more than configured amount without enlarging bandwidth lt Rate Limit gt lt Flood Guard gt Configure Flood guard to Configure Rate Limit on port allow packets as many as n per a second 2 Control L 4 bandwidth Kj PEE n packets ee SLE ge n 1 Packets oe a Bandwidth Fig 8 30 Rate Limit and Flood Guard 8 6 1 Configuring Flood Guard To configure the number of packets which can be transmitted in a second use the follow ing command Command Description mac flood guard PORTS lt 1 Limits the number of packets which can be transmitted 2000000 to the port for 1 second no mac flood guard PORTS Clears the configured Flood Guard To display a configuration of flood guard use the following command Command Mode Description show mac flood guard macs Bridge Shows the configured Flood Guard 236 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 8 6 2 8 7 Sample Configuration The following is an example of showing the configuration after limiting the number of packets transmitted to the port number 1 as 10 000 SWITCH bridge mac flood guard 1 10000 SWITCH bridge show mac flood guard Port Rate fps Port Rate fps SP i EEA NE pa Same P EV QUE 1 10000 2 Unlimited 3 Unlimited 4
339. nformation is transmitted to port specified with the network command After RIP is enabled you can configure RIP with the following items RIP Neighbor Routers RIP Version e Creating available Static Route only for RIP Redistributing Routing Information Metrics for Redistributed Routes Administrative Distance e Originating Default Information e Routing Information Filtering Maximum Number of RIP Routes e RIP Network Timer Split Horizon Authentication Key Restarting RIP UDP Buffer Size of RIP Monitoring and Managing RIP RIP Neighbor Router Since RIP is broadcast protocol routers should be connected each other to transmit the routing information of RIP to non broadcast network To configure neighbor router to transmit RIP information use the following command on Router Configuration mode A50010 Y3 C150 2 7619 User Manual SURPASS hiD 6615 8223 8323 R1 5 Command UMN CLI Description neighbor A B C D no neighbor A B C D Router Configures a neighbor router to exchange routing in formation A B C D neighbor address Deletes the neighbor router m You can block the routing information to specific interface by using the passive interface command 10 3 3 RIP Version Basically the hiD 6615 S323 supports RIP version 1 and 2 However you can configure to receive either RIP v1 type packets only or RIP v2 type packets only To configure RIP version use the f
340. ng command Command Description EF Sets port bandwidth If you input egress or ingress you rate PORTS RATE egress in can configure outgoing packet or incoming packet The gress unit is 64 Kbps no rate PORTS Clears rate configuration of a specific port Clears rate configuration of a specific port by transmit no rate PORTS egress ingress eat ting direction Unless you input neither egress nor ingress they are configured to be same To switch egress is incoming packet To display the configured bandwidth use the following com mand Command Mode Description show rate Global Shows the configured bandwidth Sample Configuration The following is an example of showing the configuration after setting the bandwidth of 64Mbps to port number 1 and 128Mbps to the port number 2 SWTICH bridge rate 1 64 SWTICH bridge rate 2 128 SWTICH bridge show rate unit kbps E Enhanced Port Ingress Egress Port Ingress Egress fee ee Se ee dy 64 64 Ze 128 128 3n N A N A 4 N A N A 9r r N A N A 6 N A N A 7 N A N A 8 N A N A SWTICH bridge A50010 Y3 C 150 2 7619 235 UMN CLI User Manual SURPASS hiD 6615 S223 S323 R1 5 8 6 Flood Guard Flood guard limits number of packets how many packets can be transmitted in config ured bandwidth whereas Rate limit controls packets through co
341. ng mode d none disables an accounting function login accounting mode none Global start measures start point only start stop both stop measures stop point only both measures start and stop point both Displaying System Authentication To display a configured system authentication use the following command Command Mode Description Enable show login cisbsi Shows a configured system authentication oba A50010 Y3 C150 2 7619 User Manual SURPASS hiD 6615 S223 S323 R1 5 4 2 8 Sample Configuration Sample Configuration 1 Configuration RADIUS server UMN CLI The following is an example of configuring authorization method in SURPASS hiD 6615 It is configured to add RADIUS to default method in case of clients connecting through con sole and telnet And the priority is given to RADIUS in case of clients connecting through console and to default method in case of clients connecting through telnet Then show the configuration And The following is an example of configuring frequency of retransmit and timeout of response after registering RADIUS server SWITCH config user add user testl Changing password for Enter the new password user minimum of 5 maximum of Please use a combination of upper and lower case Enter new Re enter new password Password changed SWITCH config login SWITCH config login SWITCH config login SWITCH config login
342. ng table shows some examples of abbreviated commands Command Abbreviation clock exit show configure terminal Tab 3 13 Command Abbreviation Using Command of Privileged EXEC Enable Mode You can execute the commands of Privileged EXEC Enable mode as show ping telnet traceroute and so on regardless of which mode you are located on To execute the commands of Privileged EXEC Enable mode on another mode use the following command Command Description do COMMAND Executes the commands of Privileged EXEC mode A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 3 2 5 Exit Current Command Mode To exit to the previous command mode use the following command Command Description Exits to the previous command mode Exits to Privileged EXEC enable mode If you use the command exit on Privileged EXEC View mode or Privileged EXEC En able mode you will be logged out A50010 Y3 C150 2 7619 39 UMN CLI 40 4 1 4 1 1 User Manual SURPASS hiD 6615 S223 8323 R1 5 System Connection and IP Address System Connection After installing switch the hiD 6615 S223 S323 is supposed to examine that each port is rightly connected to network and management PC And then user connects to system to configure and manage the hiD 6615 S223 S323 This section provides instructions how to change password for system connection connect to system through tel
343. nnot be directly connected to source ports All source ports on a switch belong to the single multicast VLAN Receiver This configures a port as a receiver port if it is a subscriber port and should only re ceive multicast data It does not receive data unless it becomes a member of the multicast group either statically or by using IGMP leave and join messages Receiver ports cannot belong to the multicast VLAN To delete the statically configured MVR port use the following command Command Mode Description no mvr port PORTS Global Deletes a MVR port Displaying MVR Configuration To display an MVR configuration use the following command Command Mode Description show mvr Enable show mvr port Shows a configuration Global show mvr vlan VLANS IGMP Filtering and Throttling With the IGMP filtering feature you can filter multicast joins on a per port basis by config uring IP multicast profiles and associating them with individual switch ports An IGMP pro file can contain one or more multicast groups and specifies whether access to the group is permitted or denied If an IGMP profile denying access to a multicast group is applied to a switch port the IGMP join report requesting the stream of IP multicast traffic is A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 223 S323 R1 5 9 2 8 1 9 2 8 2 9 2 8 3 dropped and the port is not allowed to receive IP multicast traffic
344. no no match copy to cpu Applying Rule After configuring rule using the above commands apply it to the system with the following command If you do not apply the rule to the system all specified rules will be lost To save and apply a rule use the following command Command Description Applies a rule to the system 1 The switch performs a detailed plausibility check and rejects the rule if the configuration is incomplete contains bad or unsupported values or conflicts to other rules In this case the switch informs about the reason and the operator may correct the values 2 The switch may reject a rule with the message Already exist rule allthough the name will not be listed by command show rule Unfortunately the entered name in this case interferes with the name of an internally managed rule Remedy Select another name for the rule e g add a prefix 3 All previously entered values remain valid after successful or unsuccessful execution of command apply That is if several rules being different only in one value should be created then only the one changed value needs to be entered again Modifying and Deleting Rule To modify a rule use the following command Command Mode Description rule NAME modify Global Modifies a rule enter a rule name To delete a rule use the following command Command Mode Description no rule NAME Global Deletes a rule enter a rule name optional
345. node of ERP node mode no erp rmnode DOMAIN ID Configures ERP node mode as normal node 8 9 3 3 Port of ERP domain To configure Primary Port and Secondary port of RM Node use the following command Command Description erp port DOMAIN ID primary PORT secondary PORT Configures ports of ERP domain Primary port and secondary port should be different 8 9 3 4 Protected VLAN To configure Protected VLAN of ERP domain use the following command Command Description Configures protected VLAN of ERP domain erp protections DOMAIN ID VID VID VLAN ID To delete the configured Protected VLAN use the following command Command Description Deletes protected VLAN of ERP domain no erp protections V D VID VLAN ID 8 9 3 5 Protected Activation To configure ERP Protected Activation use the following command Command Description erp activation DOMAIN ID Configures ERP Protected Activation To disable ERP Protected Activation use the following command Command Description no erp activation DOMAIN ID Disables ERP Protected Activation 268 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 8 9 3 6 Manual Switch to Secondary To configure Manual Switch to Secondary use the following command Command Description erp ms s DOMAIN ID Configures ERP manual switch to secondary To disable Manual Switch to Secondary use the fol
346. number A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 223 S323 R1 5 10 1 1 3 10 1 2 Step 2 To specify a network to operate with BGP use the following command Command Description network A B C D M Adds BGP network to operate A B C D M network address with netmask A B C D network address NETMASK subnet mask network A B C D mask NET MASK Disabling BGP Routing Step 1 To delete a specified network to operate with BGP use the following command Command Description no network A B C D M Deletes BGP network A B C D M network address with netmask A B C D network address NETMASK subnet Mask no network A B C D mask NET Router MASK Step 2 Go back to Global Configuration mode using the exit command Step 3 To disable BGP routing of the chosen AS use the following command Command Mode Description Deletes assigned AS number to configure BGP routing no router bgp lt 1 65535 gt Global enter the AS number 1 65535 AS number Advanced Configuration The hiD 6615 S323 is possibly configured for the additional configurations related BGP The advanced configurations describe in the following sections are as follows Summary of Path Automatic Summarization of Path e M Mutti Exit Discriminator MED Choosing Best Path e Graceful Restart A50010 Y3 C150 2 7619 319 UMN CLI 320 10 1 2 1 10 1 2 2 User Manual SURPAS
347. o be inaccessible to Master Router Therefore the users on the interface are not able to communicate Counter measure Nd 3 If Link down happens by giving low priority automatically to Master Router Master Router will be changed at the same time with Link down Fig 8 29 VRRP Track To configure VRRP Track use the following command Command Description track interface NTERFACE pri Configures VRRP Track The Priority becomes lower ority 1 254 as the configured value To release VRRP Track configuration use the following command Command Mode Description no track interface INTERFACE VRRP Disables VRRP Track configuration Authentication Password If anyone knows Group ID and Associated IP address he can configure another device as a Virtual Router To prevent this user needs to configure a password named authenti cation password that can be used only in Virtual Router user configured A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 8 4 1 6 To configure an authentication password for security of Virtual Router use the following command on VRRP configuration mode Command Description authentication clear_text Configures an authentication password PASSWORD no authentication Deletes a configured authentication password Authentication password can be configured with maximum 7 digits The following is an example of c
348. o monitor port redirect transmits the classified traffic to specified port permit allows traffic matching given characteristics deny blocks traffic matching given characteristics e Rule Apply Applies the just configured rule Configured values will be checked and the rule be comes activated within the system An already applied rule can not be modified It needs to be deleted and then created again with changed values A50010 Y3 C150 2 7619 139 UMN CLI 140 7 6 2 7 6 2 1 7 6 2 2 User Manual SURPASS hiD 6615 S223 S323 R1 5 Scheduling Algorithm To handle overloading of traffics you need to configure differently processing orders of graphic by using scheduling algorithm The hiD 6615 8223 8323 provides Strict Priority Queuing SPQ Weighted Round Robin WRR Weighted Fair Queuing WFQ Queue Weight Queue weight can be used to additionally adjust the scheduling mode per queue in WRR or WFQ mode Queue weight controls the scheduling precedence of the internal packet queues The higher the weight value the higher the scheduling precedence of this queue Rule Configuration Rule Creation For the hiD 6615 S223 S323 you need to open Rule Configuration mode first To open Rule Configuration mode use the following command Command Mode Description rule NAME create Global Opens Rule Configuration mode enter rule name After opening Rule Configuration mode the pr
349. o ten addresses to port 7 SWITCH bridge max hosts 3 SWTICH bridge max hosts 1 SWTICH bridge max hosts 2 5 SWTICH bridge E SWTICH bridge max hosts To display configured max host use the following command Command Mode Description Enable show max hosts Global Shows configured max host Bridge The following is an example of displaying configured max hosts SWITCH bridge _ show max hosts port 1 0 5 current max port 2 4 0 5 current max pert 3 Q2 nen current max port 4 i ORE 0 Unlimited current max port 5 3 0 Unlimited current max port 6 P O Unlimited current max C port T i 0 10 ho current max port 8 777771 U7Unlimited current max port 9 0 Unlimited current max port 10 0 Unlimited current max 7 9 1 Max New Hosts Max new hosts feature is to limit the number of users by configuring the number of MAC address that can be learned on the system and on the port for a second The number of MAC address that can be learned on the system has the priority A50010 Y3 C150 2 7619 157 UMN CLI 158 7 10 7 10 1 User Manual SURPASS hiD 6615 S223 S323 R1 5 To configure max new hosts use the following command Command Description max new hosts PORTS MAX The number of MAC address that can be learned on MAC NUMBER the port for a second max new hosts system PORTS The number of MAC address that can be learned on MAX MAC NU
350. ocal tacacs primary SWITCH config login remote tacacs primary SWITCH config login tacacs server add 200 1 1 1 1 SWITCH config login tacacs interface default SWITCH config login tacacs socket port 1 SWITCH config login tacacs auth type pap SWITCH config login tacacs timeout 10 SWITCH config login tacacs priority level root SWITCH config show login AUTHEN Local login tacacs host 7 T d d Displayed according to the priority Remote login tacacs host Accounting mode both HOST maximum login counts 8 RADIUS lt Radius Servers amp Key gt Radius Retries 3 Radius Timeout 3 Radius Interface default TACACS Tacacs Servers amp Key 200 1 1 1 Ll Tacacs Timeout 10 Tacacs Socket Port 1 Tacacs Interface default T cacs PPP Id L Tacacs Authen Type PAP Tacacs Priority Level MAX ROOT SWITCH config 4 3 Assigning IP Address The switch uses only the data s MAC address to determine where traffic needs to come from and which ports should receive the data Switches do not need IP addresses to transmit packets However if you want to access to the hiD 6615 S223 S323 from remote 56 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 4 3 1 4 3 2 place with TCP IP through SNMP or telnet it requires IP address You can enable interface to communicate with switch interface on network and assign IP address as th
351. ocol statistics m HE reti o dede EP to deed ERR eee 79 POr Status fief cot nh biete bated fl Ais vircs P t Aeon Lees be Ue 80 Initializing Port Statistics cct ret rt et enint ee Mog a bein d 80 Port Miror ina itt tem oe e et deese A aem gere aae ea etn 80 System Environiriert oni ena d RET ette 83 Environment Configuration essen 83 HostiName sue eter mter eee erneute 83 Time and Dateie e i eine tie le eine ide d 83 Time Zone n e n ead DR I nee peines 84 Network Time Protocol 0 tee tete Rep HR ua Pet sete 84 NTP Network Time Protocol enm emen 85 Simple Network Time Protocol SNTP sseee emn 85 Terminal Configuration eesssseeseeeeneeenn nemen enne 86 LOGIN Banner 2 eet p tube eed t deve mates e ot e I pac dne bay 87 DNS S6GrVer i eat eet titel aet AA bi bet elc steadied 87 uerum 88 Disabling Daemon Operation ssee eee 88 System Threshold lt i see o eae ati det tros 88 CPU Load wi tice weed eden ices led eee cree He Oe e ete d e dd 88 Port Traffic eto t mtr ten m edu etes 89 Fan Operations iere ele teed ee eee ne de eee 89 System Temperature cca ttv ae ci ele a ie eee daa 90 SYSTEM MemoOLy nii bete m beet eie tutt etu fete 90 Enabling FTP S6rVer toi eret te e P e berto ette b Let E bec neue 90 Assigning IP Address of FTP Client 91 Configuration Management sssssssssseee
352. of Rule This function is to translate the value of specific VLAN ID which classified by Rule The switch makes Tag adding PVID on Untagged packets and use Tagged Packet as it is That is all packets are tagged in the Switch and VLAN Translation is to change the VLAN ID value of Tagged Packet in the Switch This function is to adjust traffic flow by changing the VLAN ID of packet Step 1 Open Rule Configuration mode using rule NAME create command Step 2 Classify the packet that VLAN Translation will be applied by Rule Step 3 Designate the VLAN ID that will be changed in the first step by the match vlan lt 1 4094 gt command Step 4 Open Bridge Configuration mode using the bridge command Step 5 Add the classified packet to VLAN members of the VLAN ID that will be changed Sample Configuration Sample Configuration 1 Configuring Port based VLAN The following is assigning vlan id of 2 3 and 4 to port 2 port 3 and port 4 SWITCH bridge vlan create 2 SWITCH bridge vlan create 3 SWITCH bridge vlan create 4 SWITCH bridge vlan del default 2 4 SWITCH bridge vlan add 2 2 untagged SWITCH bridge vlan add 3 3 untagged SWITCH bridge vlan add 4 4 untagged SWITCH bridge vlan pvid 2 2 SWITCH bridge vlan pvid 3 3 SWITCH bridge vlan pvid 4 4 SWITCH bridge show vlan u untagged port t tagged port A50010 Y3 C150 2 7619 189 UMN CLI User Manual SURPASS hiD 6615 S223 8323
353. of port traffic 6 1 12 3 Fan Operation The system fan will operate depending on a configured fan threshold To set a threshold of port traffic use the following command Command Description Sets a threshold of fan operation in the unit of centi threshold fan START TEMP grade C STOP TEMP Global START TEMP starts fan operation default 30 STOP TEMP stops fan operation default 0 no threshold fan Deletes a configured threshold of fan operation When you set a threshold of fan operation START TEMP must be higher than STOP TEMP To show a configured threshold of fan operation use the following command Command Mode Description Shows a status and configured threshold of fan opera show status fan Enable Global Bridge tion A50010 Y3 C150 2 7619 89 UMN CLI 6 1 12 4 6 1 12 5 6 1 13 90 User Manual SURPASS hiD 6615 S223 S323 R1 5 System Temperature To set a threshold of system temperature use the following command Command Description Sets a threshold of system temperature in the unit of threshold temp VALUE VALUE centigrade C Global VALUE Threshold temperature between 40 100 no threshold temp Deletes a configured threshold of system temperature To show a configured threshold of system temperature use the following command Command Mode Description Enable Shows a status and configured threshold of system show s
354. of unknown multicast traffic for port PORTS block a specific port Global no ip unknown multicast block no ip unknown multicast port Returns to the normal forwarding states PORTS block IGMP Snooping Basic Configuration Enabling IGMP Snooping per VLAN The hiD 6615 S223 S323 supports 256 Snooping Membership Group Table that are managed by each VLAN Snooping supports Enable Disable by VLAN independently By default IGMP snooping is globally disabled on the switch To enable disable global IGMP use the following steps Step 1 Open Global Configuration mode using the configure terminal command Step 2 Execute the ip multicast routing command Step 3 Enable IGMP snooping in all existing VLAN interfaces Command Mode Description ip igmp snooping Global Enables IGMP snooping globally Step 4 Return to Privileged EXEC Enable mode using exit command To globally disable IGMP snooping on all VLAN interfaces use the no ip igmp snooping command In Global Configuration mode follow these steps to enable IGMP snooping on a VLAN interface Step 1 Open Global Configuration mode using the configure terminal command Step 2 Execute the ip multicast routing command A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 223 S323 R1 5 9 2 4 2 9 2 5 Step 3 Enable IGMP snooping on a VLAN interface Command Mode Description Enables IGMP snooping on a VLAN interface ip igmp
355. oin Leave Set top Box 4 message SO IGMP Snooping PIM SM Fig 9 2 PIM SM Configuration Network You can configure IGMP Snooping with PIM SM as Fig 9 3 If more than one port are on the same interface and the hiD 6615 S323 is located in Layer 3 boundary IGMP Snoop A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 223 S323 R1 5 9 1 ing and PIM SM should be configured at the same time More than one port on same interface Layer 3 Network IGMP JoirilLeave message E Pa hiX 5430 PIM SM Q IGMP Snooping Fig 9 3 IGMP Snooping and PIM SM Configuration Network Multicast Routing Information Base In this chapter you can configure the common multicast commands for multicast routing information base Enabling Multicast Routing Required To provide multicast service on the hiD 6615 S323 you should use the ip multicast routing command necessarily If you disable the multicast routing the multicast protocol daemon remains present but does not perform multicast functions Enable the multicast routing function using the following command Command Mode Description ip multicast routing Enables multicast routing function Global no ip multicast routing Disables multicast routing function default Limitation of MRIB Routing Entry You can limit the number of multicast routes that can be added to a switch and generate an error message when the lim
356. ollowing command Command Description version 1 2 no version 1 2 Selects one type of RIP packets to transmit either RIP v1 or RIP v2 type packet Restores the default of specified RIP version type The preceding task controls default RIP version settings You can override the routers RIP version by configuring a particular interface to behave differently To control which RIP version an interface sends perform one of the following tasks after opening nterface Configuration mode Command Description ip rip send version 1 ip rip send version 2 ip rip send version 1 2 Interface Sends RIP v1 type packet only to this interface Sends RIP v2 type packet only to this interface Sends RIP v1 and RIP v2 type packets both To delete the configuration that sends RIP command Command version packet to interface use the following Description no ip rip send version 1 no ip rip send version 2 no ip rip send version 1 2 Interface Deletes the configuration of RIP v1 type packet for helping them to be sent to the interface Deletes the configuration of RIP v2 type packet for helping them to be sent to the interface Deletes the configuration of both RIP v1 and v2 type packets for helping them to be sent to the interface Similarly to control how packets received from an interface are processed perform one of the followin
357. om Broadcast type and NBMA network as a Frame relay can be broad cast network type NBMA type network need virtual circuit to connect routers But Point to multipoint type uses virtual circuit on part of network to save the management expenses It does not to need to configure Neighbor router to connect routers which are not directly connected It also saves IP resources and no need to configure the process for destination router It supports those benefits for stable network services Generally the routers and Layer 3 switches are using Broadcast type network To select an OSPF network type use the following command Command Mode Description ip ospf network broadcast non broadcast point to multi Interface Selects an OSPF network type point point to point Non Broadcast Network To operate NBMA type network neighbor router configuration is needed And IP address Priority Poll interval configuration as well Priority is information for designate router se lection and it configured 0 as a default Poll interval is the waiting time to re get the hello packet from dead Neighbor router It configured 120 seconds as a default To configure a router communicated by non broadcast type use the following command Command Description neighbor A B C D cost lt 1 65535 gt neighbor A B C D priority lt 0 255 gt neighbor A B C D priority 0 255 poll interval Configures a neighbor router of NBMA 1 65
358. ompt changes from SWITCH config to SWITCH config rule name After opening Rule Configuration mode a rule can be configured by user The rule priority rule match rule action and action parameter s can be configured for each rule 1 The rule name must be unique Its size is limited to 63 significant characters 2 The order in which the following configuration commands will be entered is arbitrary 3 The configuration of a rule being configured can be changed as often as wanted inclusive rule type until the command apply will be entered 4 Use the command show rule profile to display the configuration entered up to now You can not create the rule name which started with alphabet a If you try to enter a the error message will be appeared Rule Priority If rules that are more than two match the same packet then the rule having a higher prior ity will be processed first To set a priority for a rule use the following command Command Description priority low medium high highest Sets a priority for a rule A50010 Y3 C150 2 7619 User Manual SURPASS hiD 6615 S223 S323 R1 5 7 6 2 3 A Packet Classification UMN CLI After configuring a packet classification for a rule then configure how to process the packets To specify a packet classifying pattern use the following command When specifying a source and destination IP address as a packet classifying pattern the des
359. on 7 12 1 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 4 5 1 4 4 5 1 5 4 5 1 6 Authentication Port After configuring 802 1x authentication mode you should select the authentication port Command Mode Description dot1x nas port PORTS Designates 802 1x authentication port Global no dotix nas port PORTS Disables 802 1x authentication port Force Authorization The hiD 6615 S223 S323 can allow the users to request the access regardless of the au thentication from RADIUS server For example it is possible to configure not to be au thenticated from the server even though a client is authenticated from the server To manage the approval for the designated port use the following command Command Description dotix port control auto force ue Configures the way of authorization to control port authorized force unauthorized E whether it has the RADIUS authentication or not PORTS Global Deletes the configuration of the way of authorization to no dot1x port control PORTS control port auto Follows the authentication of RADIUS server force authorized Gives the authorization to a client even though RADIUS server didn t approve it Q force unauthorized Don t give the authorization to a client even though RADIUS server authenticates it Configuring Interval for Retransmitting Request Identity Packet In hiD 6615 8223 8323 it
360. on of Guide Book sss 21 Tab 3 1 Main Commands of Privileged EXEC View Mode sss 29 Tab 3 2 Main Commands of Privileged EXEC Enable Mode sss 29 Tab 3 3 Main Commands of Global Configuration Mode sess 30 Tab 3 4 Main Commands of Bridge Configuration Mode sss 31 Tab 3 5 Main Commands of Rule Configuration Mode sss 31 Tab 3 6 Main Commands of DHCP Configuration Mode sess 32 Tab 3 7 Main Commands of DHCP Option 82 Configuration Mode 32 Tab 3 8 Main Commands of Interface Configuration Mode ssssssss 33 Tab 3 9 Main Commands of RMON Configuration Mode sss 33 Tab 3 10 Main Commands of Router Configuration Mode sssssssssssss 34 Tab 3 11 Main Commands of VRRP Configuration Mode sss 34 Tab 3 12 Main Commands of Route map Configuration Mode ssssssss 35 Tab 3 13 Command Abbreviation sssssssseeeeeen emen enn 38 Tab 6 1 World TIme ZOorie s iit oot terreno Hob rii ipte do 84 Tab 6 2 Options for PING esse cocotte tan tet iele b et adteibes ebat br tenu An 95 Tab 6 3 Options for Ping for Multiple IP Addresses sssssssssssess 96 Tab 6 4 Options for Tracing Packet Route sssssseeee eene 98 Tab 7 1 Default 802 1p Priory to
361. one space after inputting SWITCH write memory Write to NV memory terminal Write to terminal SWITCH write Calling Command History In case of installed command shell you do not have to enter repeated command again When you need to call command history use this arrow key 1 When you press the ar row key the latest command you used will be displayed one by one The following is an example of calling command history after using several commands A50010 Y3 C150 2 7619 37 UMN CLI 38 3 2 3 3 2 4 User Manual SURPASS hiD 6615 S223 S323 R1 5 After using these commands in order show clock configure terminal interface 7 exit press the arrow key 1 and then you will see the commands from latest one exit interface 1 configure terminal show clock SWITCHconfig exit SWITCH show clock Mon 5 Jan 1970 23 50 12 GMT 0000 SWITCH configure terminal SWITCH config interface 1 SWITCH config if exit SWITCH config exit SWITCH press the arow key f SWITCH exit arrow key f SWITCH interface 1 arrow key f SWITCH configure terminal arrow key 1 M SWITCH show clock arrow key The hiD 6615 S223 S323 also provides the command that shows the commands used before up to 100 lines Command Mode Description show history Enable Shows a command history Using Abbreviation Most of the commands can be used also with abbreviated form The followi
362. onfiguration Protocol DHCP ssseeeee 238 DHCP SIV Clie P 239 DHGP Pool Creator o in enint netu ee 240 DHGP S bnet 1e eee e eee Hee ee eH ed cds 240 Range of IP Address ote t inc cet adigi ota acida 240 Default Gateway idee e e e MR RR tent RARE RR X MR RR ERNIA 241 IP ease TImes oc ie tr ode Hn RT nde eet edente di 241 DNS SeIVel didtur iie feat he cesta nee ditiis Aui s iude ean cael f iege cbe iis 242 Manual Binding 5 222 ct nrbi ite heben la teu ind teet epe iu tes ua Ltd tae 242 Domain Name et eA 243 DHCP Server Option eerie e nil bee Deoa t eser dei ended a 243 Static Mapping eri eter termo Eu do epo RE e UA Pre peg cis 243 Recognition of DHCP Client ssssssseeeee eem 243 IP Address Validation corone ite eater one e he nent 244 Authorized ARP areal td e dete tiq o eee 244 Prohibition of 1 N IP Address Assignment ssssesem 245 Ignoring BOOTP Request nemen 245 11 UMN CLI 12 8 8 1 16 8 8 1 17 8 8 2 8 8 2 1 8 8 2 2 8 8 2 3 8 8 2 4 8 8 2 5 8 8 3 8 8 3 1 8 8 3 2 8 8 3 3 8 8 4 8 8 4 1 8 8 4 2 8 8 5 8 8 5 1 8 8 5 2 8 8 5 3 8 8 5 4 8 8 5 5 8 8 6 8 8 6 1 8 8 6 2 8 8 6 3 8 8 6 4 8 8 6 5 8 8 6 6 8 8 6 7 8 8 6 8 8 8 7 8 8 7 1 8 8 7 2 8 8 7 3 8 8 7 4 8 8 7 5 8 8 7 6 8 8 7 7 8 8 8 8 8 8 1 8 8 8 2 8 8 8 3 8 8 9 8 8 9 1 8 8 9 2 8 8 10 8 9 8 9 1 8 9 2 8 9 3 8 9 3 1 User Manual SURPASS hiD 6615 8223 8323 R1 5 DHCP Packet
363. onfiguration must be processed from the first In this case the hiD 6615 S323 can change only router ID with out changing related configurations Command Description Changes only a router ID without changing related ospf router id A B C D i Router configurations no ospf router id A B C D Deletes a changed router ID To transfer above configuration to other routers Use the clear ip ospf process com mand to restart OSPF process To display configured router id use the following command Command Mode Description Enable show router id Global Displays configured router ID Bridge A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 Step 3 Use the network command to specify a network to operate with OSPF There are two ways to show network information configurations Firstly shows IP address with bitmask like 10 0 0 0 8 Secondly shows IP address with wildcard bit information like 10 0 0 0 0 0 0 255 The variable option after area must be IP address or OSPF area ID To configure a network use the following command Command Description network A B C D M area lt 0 4294967295 gt A B C D BE Specifies a network with OSPF area ID outer network A B C D A B C D area 0 4294967295 OSPF area ID lt 0 4294967295 gt A B C D 10 2 2 ABR Type Configuration The hiD 6615 S323 supports 4 types of OSPF ABR which are Cisco type ABR RFC
364. onfiguring Authentication password in Virtual Router as network and showing it SWITCH config vrrp authentication clear text network SWITCH config vrrp show running config Building configuration Omitted vrrp default 1 authentication clear text network associate 10 0 0 5 no snmp SWITCH config vrrp Preempt Preempt is a function that an added device with the highest Priority user gave is auto matically configured as Master Router without rebooting or specific configuration when you add an other device after Virtual Router is configured To configure Preempt use the following command on VRRP configuration mode Command Description preempt enable disable Enables or disables Preempt default enable The following is an example of disabling Preempt SWITCH config vrrp preempt disable SWITCH config vrrp exit SWITCH config show vrrp default virtual router 1 state master virtual mac address 00 00 5E 00 01 01 advertisement interval 1 sec priority 100 master down interval 3 624 sec 1 associate address 10 0 0 5 SWITCH config A50010 Y3 C150 2 7619 233 UMN CLI 234 8 4 1 7 8 5 User Manual SURPASS hiD 6615 S223 S323 R1 5 Also to make Preempt enable as default setting use the following command on VRRP configuration mode Command Description Deletes the former configuration of Preempt to enable no preempt it It VRRP Statistics To di
365. oosing Best Path There are a lot of path parameters BGP protocol which are IP address AS MED value and router ID Even if two paths look same under the condition of IP address they are ac tually different when other parameters are compared with each other A50010 Y3 C150 2 7619 321 UMN CLI User Manual SURPASS hiD 6615 S223 8323 R1 5 To ignore AS path for selecting the best path use the following command Command Description Ignores the information of AS path as a factor in the bgp bestpath as path ignore algorithm for choosing the best route Router i Considers the information of AS path as a factor in the no bgp bestpath as path ignore algorithm for choosing the best route If you would like to configure to select the best route by considering AS path length of Confederation you should configure the router first to ignore AS path for choosing the best route using the bgp bestpath as path ignore command before implementing the following command To consider AS path length of Confederation during the best path selection process use the following command Command Description Considers the information of AS path length of confed bgp bestpath compare confed eration as a factor in the algorithm for choosing the best aspath Router route no bgp bestpath compare Ignores AS path length of confederation as a factor in confed aspath the algorithm for choosing the best ro
366. oping vlan VLANS Enables PIM Snooping function on a specific interface no ip pim snooping Disables the PIM Snooping command no ip pim snooping vian VLANS To delete all L2 PIM snooping multicast groups of a specified port multicast address or vlan use the following command Command Description clear ip pim snooping groups Deletes all PIM snooping groups and source addresses A B C D of a specified multicast group address Enable clear ip pim snooping groups Global Deletes all PIM snooping groups and source addresses oba port PORTS of a specified port Bridge clear ip pim snooping groups Deletes all of the multicast router addresses and DR of vlan VLANS a specified VLAN By default PIM Snooping is disabled To operate PIM Snooping IGMP Snooping should be enabled as well A50010 Y3 C150 2 7619 315 UMN CLI 316 9 3 11 To display the PIM Snooping configuration Command User Manual SURPASS hiD 6615 S223 S323 R1 5 use the following command Description show ip pim snooping Shows the PIM snooping configuration such as en able disable status and the enabled VLANs show VLANS ip pim snooping vlan Shows the multicast router address and DR of a speci fied VLAN Enable Global Bridge show ip pim snooping groups A B C D show ip pim snooping groups port PORTS show ip pim snooping groups vlan VLANS Dis
367. or warning intermediate Configures the priority of fan remove alarm snmp alarm severity mfgd block critical major minor warning intermediate Configures the priority of IP conflict alarm Configures the priority of memory over alarm snmp alarm severity port link down critical major minor warning intermediate Configures the priority of MFGD block alarm snmp alarm severity port remove critical major minor warning intermediate Configures the priority of port link down alarm snmp alarm severity port thread over critical major minor warning intermediate Configures the priority of port remove alarm snmp alarm severity power fail critical major minor warning intermediate Configures the priority of port thread over alarm snmp alarm severity power remove critical major minor warning intermediate Configures the priority of power fail alarm snmp alarm severity rmon alarm rising criti cal major minor warning intermediate Configures the priority of power remove alarm snmp alarm severity rmon alarm falling criti cal major minor warning intermediate Configures the priority of RMON alarm rising alarm snmp alarm severity system restart critical major minor warning intermediate Configures the priority of RMON alarm falling alarm snmp alarm severity mod
368. ort is always 802 1Q tagged traffic The different customer VLANs existing in the traffic to a tunnel port shall be preserved when the traffic is carried across the network Trunk Port By trunk port we mean a LAN port that is configured to operate as an interswitch link port A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 8 1 8 1 8 1 8 2 able of carrying double tagged traffic A trunk port is always connected to another trunk port on a different switch Switching shall be performed between trunk ports and tunnels ports and between different trunk ports Double Tagging Operation Step 1 If there is no SPVLAN Tag on received packet SPVLAN Tag is added SPVLAN Tag TPID Configured TPID VID PVID of input port Step 2 If received packet is tagged with CVLAN the switch transmits it to uplink port changing to SPVLAN CVLAN When TPID value of received packet is same with TPID of port it recognizes as SPVLAN and if not as CVLAN Step 3 If Egress port is Access port Access port is configured as Untagged remove SPVLAN If egress port is uplink port transmit as it is Step 4 The hiD 6615 S223 S323 switch has 0x8100 TPID value as default and other values are used as hexadecimal number Double Tagging Configuration Step 1 Designate the QinQ port Command Mode Description Configures a qinq port vlan dotiq tunnel enable PORTS Bridge PORTS selects port number qin
369. ort of Active mode If each member port of the connected switch is configured as Active mode and Passive mode Active mode is the standard If both switches are configured as Passive mode link for member ports of two switches is not realized To configure the mode of member port use the following command Command Description lacp port activity PORTS active Configure the mode of member port select the mem passive ber port number default active To delete an operating mode of configured member port use the following command Command Description Deletes operation mode of configured member port no lacp port activity PORTS select the member port number A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 8 2 2 4 Identifying Member Ports within LACP The port configured as member port is basically configured to aggregate to LACP How ever even though the configuration as member port is not released they could operate as independent port without being aggregated to LACP These independent ports cannot be configured as trunk port because they are independent from being aggregated to LACP under the condition of being configured as member port To configure member port to aggregate to LACP use the following command Command Description p Designates whether a member port joins LACP or not lacp port aggregation PORTS woe select the member port should be included default
370. ospf restart helper max grace period 1 1800 only reload only upgrade ospf restart helper max grace period 1 1800 only upgrade only reload ospf restart helper only reload only upgrade ospf restart helper only reload only upgrade max grace period lt 1 1800 gt ospf restart helper only reload max grace period lt 1 1800 gt only upgrade ospf restart helper only upgrade only reload ospf restart helper only upgrade only reload max grace period lt 1 1800 gt ospf restart helper only upgrade max grace period lt 1 1800 gt only reload Configures the additional options for Global Graceful Restart A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 223 S323 R1 5 10 2 9 10 2 10 To release the configuration use the following command Command Description no ospf restart grace period lt 1 1800 gt ospf restart helper never Global Releases the configuration no ospf restart helper max grace period 1 1800 Opaque LSA Support Opaque LSA is LSA Type 9 Type 10 Type 11 The hiD 6615 S323 enables Opaque LSA as a default but it can be released by user To release the enabled Opaque LSA management use the following command Command Mode Description no capability opaque Router Releases the enabled Opaque LSA management To enable Opaque LSA management use the following command Command Mode Description cap
371. other s IP address The data is the key and should be the same value for each other For the key value every kinds of character can be used except for the space or special character RADIUS A Server Suppliant Authenticator Authentication Server RADI Authentication request US Servers in order Designate as default RADIUS server Response J 100 1 1 1 Fig 4 2 Multiple Authentication Servers If you register in several servers the authentication server starts form RADIUS server registered as first one then requests the second RADIUS server in case there s no re sponse According to the order of registering the authentication request the authentica tion request is tried and the server which responds to it becomes the default server from the point of response time A50010 Y3 C150 2 7619 65 UMN CLI 66 4 5 1 3 User Manual SURPASS hiD 6615 S223 S323 R1 5 After default server is designated all requests start from the RADIUS server If there s no response from default server again the authentication request is tried for RADIUS server designated as next one To configure IP address of RADIUS server and key value use the following command Command Description Registers RADIUS server with key value and UDP port of radius server IP ADDRESS Ip address of radius server NAME host name 0 65535 UDP port number KEY the value of key dotix radius server host P
372. other switches in stacking is named as Mas ter switch and the other switches managed by Master switch are named as Slave switch Regardless of installed place or connection state Master switch can check and manage all Slave switches The below steps are provided to configure stacking 8 10 1 Switch Group You should configure all the switches configured with stacking function to be in the same VLAN To configure the switches as a switch group belongs in the same VLAN use the following command Command Mode Description stack device NAME Global Configures device name or VID i For managing the stacking function the port connecting Master switch and Slave switch must be in the same VLAN 8 10 2 Designating Master and Slave Switch Designate Mater switch using the following command Command Mode Description stack master Global Designates Master switch After designating Master switch register Slave switch for Master switch To register Slave switch or delete the registered Slave switch use the following command Command Description stack add MACADDR DE Registers slave switch SCRIPTION Global MACADDR MAC address stack del MACADDR Deletes slave switch i To make stacking operate well it is required to enable the interface of Slave switch The switches in different VLANs can not be added to the same switch group You should designate Slave switch registered in Master Switch as Slave S
373. otiation on an Ethernet port use the following command Command Description Configures the auto negotiation of the specified port port nego PORTS on off enter the port number For the hiD 6615 S223 S323 you can configure transmit rate and duplex mode as stan dard to configure transmit rate or duplex mode of connected equipment even when auto negotiation is enabled For example when you configure transmit rate as 10Mbps with configured auto negotiation a port is worked by the standard 10Mbps full duplex mode By default auto negotiation is activated in 10 100 1000Base TX port of the hiD 6615 223 S323 However you cannot configure auto nego in fiber port The following is an example of deleting auto negotiate of port 7 and 8 and showing it SWITCH bridge SWITCH bridge port nego 7 8 off SWITCH bridge show port 7 8 NO TYPE PVID STATUS MODE FLOWCTRL INSTALLED ADMIN OPER 7 Ethernet 7 Up Up ForcefFull 100 Off Y 8 Ethernet 8 Up Up Force Full 100 Off Y SWITCH bridge Transmit Rate To set transmit rate of Ethernet port use the following command Command Description Sets transmit rate of Ethernet port as port speed PORTS 10 100 1000 10 100 1000Mbps enter the port num ber When auto nego is activated it is impossible to change transmit rate The following is an example of configuring transmit rate of port 1 as 10Mbps and showing it A50010 Y3 C150 2 7619 75 UMN CLI 7
374. ource without S G entry about source The First Hop router encap sulates the packet in Register message and unicasts to RP of multicast group RP decap sulates capsule of Register message and transmits it to members of multicast group Source First Hop Router Multicast Packet Encapsulates the packet in Register message and unicasts Decapsulates capsule of Register message and ps ES transmits it Q Fig 9 7 In Case Multicast Source not Directly Connected to Multicast Group A50010 Y3 C150 2 7619 313 UMN CLI 314 9 3 8 2 9 3 8 3 User Manual SURPASS hiD 6615 S223 S323 R1 5 When the Register message is transmitted the range of Checksum in header conforms to header part as RFC standard but whole packet is included in the range of checksum in case of Cisco router For compatibility with Cisco router you should configure the range of Checksum of Register message as whole packet To configure the range of Checksum of Register message as whole packet for compatibil ity with Cisco router use the following command Command Description He Rea Configures the option to calculate the Register check ip pim cisco register checksum sum over the whole packet Configures the option to calculate the Register check T 3 sum over the whole packet on multicast group speci ip pim cisco register checksum group list 1 99 1300 1999 ACCESS LIST fied b
375. oute to source and multicast group connected to the source are constituted all sources have route to connect to receiver directly In the below figure packets are usually transmitted through A gt B gt C gt D but packets are transmitted through faster route A C F when traffic is increased SPT Shortest Path Tree selects the shortest route between source and receiver regardless of RP it is called source based tree or short path tree SPT has S G entry S means source ad dress and G means multicast group 4 Optimized route by deleting unnecessary hops when traffic exceeds certain limit A 2 Ask RP for 1 Multicast packet multicast packet transmitted to RP Source D E 3 RP transmits multicast 9 j F packet for the request SS Fig 9 6 STP of PIM SM 9 3 1 PIM Common Configuration Routing functionalities such as RIP OSPF BGP and PIM SM are only available for hiD 6615 S323 Unavailable for hiD 6615 S223 304 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 9 3 1 1 9 3 1 2 PIM SM and Passive Mode You need to open nterface Configuration mode of specified interface for activating PIM SM on Ethernet interface To open nterface Configuration mode use the following com mand Command Mode Description Opens nterface Configuration mode of specified inter interface INTERFACE Global i ace To disab
376. ow ip protocols rip Shows RIP information being used in router Shows a routing table information involved in RIP Shows a current status of RIP protocol and its informa tion To quickly diagnose problems the debug command is useful for customers To display in formation on RIP routing transactions or debugging information use the following com mand Command Description debug rip events debug rip packet recv send debug rip packet recv send detail show debugging rip Enable Global Shows RIP event such as packet transmit and sending and changed RIP information Shows more detailed information about RIP packet The information includes address of packet transmis sion and port number Shows all information configured for RIP debugging A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 223 S323 R1 5 11 11 1 gt System Software Upgrade For the system enhancement and stability new system software may be released Using this software the hiD 6615 S223 323 can be upgraded without any hardware change You can simply upgrade your system software with the provided upgrade functionality via the CLI General Upgrade The hiD 6615 S223 323 supports the dual system software functionality which you can select applicable system software stored in the system according to various reasons such as the system compatibility or stabilit
377. owing command Command Description Configures the interval time of enabling LLDP frame Ildp reinitdelay 1 10 from the time of configuring not to process LLDP frame default 2 To configure delay time of transmitting LLDP frame use the following command Command Description Configures delay time of transmitting LLDP frame default 2 Ildp txdelay lt 1 8192 gt 124 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 7 3 6 Displaying LLDP Configuration To display LLDP configuration use the following command Command Mode Description show Ildp config PORTS Enable Shows LLDP configuration show lldp remote PORTS Global Show statistics for remote entries show Ildp statistics PORTS Bridge Shows LLDP operation and statistics To delete an accumulated statistics on the port use the following command Command Description clear Ildp statistics PORTS Deletes an accumulated statistics on the port The following is to configure to enable LLDP function on Bridge Configuration mode through port number 10 of the switch and operate it SWITCH bridge show lldp config 10 GLOBL MsgTxInterval 30 MsgTxHold 4 gt txITL 120 ReInitDelay 2 TxDelay 2 PORTS active adminStat optTLVs 10 disable Tx lt gt Rx 0Oxf PortDesc SysName SysDesc SysCap SWITCH bridge lldp enable 10 SWITCH bridge lldp disable 10 portdescription
378. p name for BGP Neighboring router within specified AS number use the following command Command Description Configures BGP neighboring router and specify AS number of BGP Neighbor NEIGHBOR IP neighbor IP address Router WORD peer group name or neighbor tag 1 65535 remote AS Number neighbor NEIGHBOR IP WORD remote as 1 655352 no neighbor NE GHBOR IP Deletes the configured BGP Neighbor within specified WORD remote as 1 655357 AS number Default Route The hiD 6615 S323 can be configured that particular neighboring BGP routers or peer group is assigned by default route as 0 0 0 0 Then neighboring router or member of peer group is able to receive the information of default route from the designated routers The following command allows neighboring BGP routers or Peer Group to transmit 0 0 0 0 as the default route To generate the default route to BGP neighbor or peer group use the following command Command Description Generates the default route to BGP Neighbor neighbor NE GHBOR IP NEIGHBOR IP neighbor IP address WORD default originate route WORD peer group name or neighbor tag map NAME 1 65535 remote AS number Router NAME route map name no neighbor NEI GHBOR IP WORD default originate route map NAME Removes the default route for BGP Neighbor or peer group Peer Group As the number of external BGP group increases the ability to support a l
379. parent to the Internet Engineeing Task Force IETF that RIP needed to be updated Consequently the IETF released RFC 1388 RFC 1723 and RFC 2453 which described RIP v2 the second version of RIP RIP v2 uses broadcast User Datagram Protocol UDP data packets to exchange routing information The hiD 6615 S323 sends routing information and updates it every 30 sec onds This process is termed advertised If a router does not receive an update from an other router for 180 seconds or more it marks the routes served by the non updating router as being unusable If there is still no update after 120 seconds the router removes all routing table entries for the non updating router The metric that RIP uses to rate the value of different routes is hop count The hop count is the number of routers that should be traversed through the network to reach the desti nation A directly connected network has a metric of zero an unreachable network has a metric of 16 This short range of metrics makes RIP an unsuitable routing protocol for large networks A router that is running RIP can receive a default network via an update from another router that is running RIP or the router can source generate the default network itself with RIP In both cases the default network is advertised through RIP to other RIP neighbors RIP sends updates to the interfaces in the specified networks If an interface s network is not specified it will not be advertised in any
380. pgrade supports TFTP only You must set up TFTP server before upgrading the system software in the boot mode n the boot mode the only interface you can use is MGMT interface So the system must be connected to the network via the MGMT interface All you configures in the boot mode is limited to the boot mode only To upgrade the system software in the boot mode perform the following step by step in struction Step 1 To open the boot mode press S key when the boot logo is shown up KKK KKK KKK KKK KKK KKK KKK KKK KKK KEK KKK ck ck ck ckckckckckckckckckckockckckckckckckckckckckckckckok Boot Loader Version 4 76 b Siemens AG im KKK KKK KEK KKK KKK KKK KKK ck ckckckockckock ck ckckckckckockckckckckckckckckckckckckckckckckockckckckckckckokckok Press s key to go to Boot Mode 0 Boot gt 374 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 Step 2 To enable the MGMT interface to communicate with TFTP server you need to configure a proper IP address subnet mask and gateway on the interface To configure an IP address use the following command Command Description ip A B C D Configures an IP address ip Shows a currently configured IP address To configure a subnet mask use the following command Command Description netmask A B C D Configures a subnet mask e g 255 255 255 0 netmask Shows a currently configured subnet mask
381. physical cable does not imply its membership in any particu lar VLAN VLAN association is determined by a set of rules applied to the frames by VLAN aware stations and or switches There are two methods for identifying the VLAN membership of a given frame Parse the frame and apply the membership rules implicit tagging Provide an explicit VLAN identifier within the frame itself VLAN Tag A VLAN tag is a predefined field in a frame that carries the VLAN identifier for that frame VLAN tags are always applied by a VLAN aware device VLAN tagging provides a num ber of benefits but also carries some disadvantages A50010 Y3 C150 2 7619 User Manual SURPASS hiD 6615 S223 S323 R1 5 Advantages UMN CLI Disadvantages VLAN association rules only need to be applied once Tags can only be interpreted by VLAN aware devices Only edge switches need to know the VLAN as sociation rules Edge switches must strip tags before forwarding frames to legacy devices or VLAN unaware domains Core switches can get higher performance by operating on an explicit VLAN identifier Insertion or removal of a tag requires recalculation of the FCS possibly compromising frame integrity VLAN aware end stations can further reduce the performance load of edge switches Tab 8 1 Mapping Frames to VLAN Tag insertion may increase the length of a frame be yond the maximum allowed by legacy equipment Advantage
382. pisei perti Ried gen 272 Broadcast Storm Control 2 eia bte eoi tec bed heels 274 Jumbo frame Capacity ipee tie te edt ER Hur dran 275 Blocking Direct Broadcast nerenin o E A E T eee 276 Maximum Transmission Unit MTU sessem 276 leues EE 278 Multicast Routing Information Base ssssse 279 Enabling Multicast Routing Required 279 Limitation of MRIB Routing Entry ssseseemm e 279 Clearing MRIB Information essem 280 Displaying MRIB Information sssee mmm 281 Multicast Time To Live Threshold sssse 281 MRIB D6bDUO die nip ien itn niit deam birth 281 Multicast AGING i eate teet tate teleni be ntes niea an 282 Internet Group Management Protocol IGMP sseee 283 IGMP Basic Configuration esses eee 283 IGMP Version per Interface sssssssssseseeeeme eene 283 Removing IGMP Enty seeriad iaae ene ener nnne 284 IGMP Debug et ke eet bte t debet E ERR REO 284 IGMP Robustness Value sse ener 284 IGMP Version 2 a initia va o aero t Mr MET Ee p eria 284 IGMP Static Join Setting oet eoe e eene tede te re tien datinadeneds 284 Maximum Number of Groups sssssssssseeeeneemenenen nnns 285 IGMP Query Configuration sse nem ener 285 IGMP w2 Fast LEVO ren a asia adh cinta iin t cedi 287 Displaying the IGMP Configuration
383. placed within different AS To find the best route by comparing MED values use the following command Command Mode Description Configures the router to consider the comparison of bgp always compare med i MEDs in choosing the best path from among paths Router Chooses the best path regardless of the comparison of MEDs no bgp always compare med Meanwhile when the best path is selected among the neighbor routers within same Autonomous System it doesn t compare MED values of them However in case the paths have same AS path information it does compare MED values If there are two paths with different AS path each other the comparison of MED is unnecessary work Other parameter s path information can be used to find the best path To compare MED values in order to choose the best path among lots of alternative paths included same AS path value use the following command Command Description Configures the router to compare MEDs in choosing bgp deterministic med the best path when paths have same AS path informa tion Configures the router not to compare MEDs even if the no bgp deterministic med paths have same AS path During the best path selection process use the bgp always compare med command in case of comparing MED values regardless of AS path Otherwise use the bgp deterministic med command if it compares MED values of lots of paths contained same AS path information Ch
384. playing PIM SM Configuration Shows the PIM snooping group source addresses of a specified VLAN port or multicast group address A B C D Multicast group address PORTS Spedify the logical port number to use VLANS VLAN ID ex NAME X X Y To display the information of PIM SM configuration use the following command Command Description show ip pim bsr router Shows Bootstrap router v2 show ip pim interface detail Shows PIM interface information show ip pim local members INTERFACE Enable Global show ip pim neighbor detail Shows PIM local membership information Shows PIM neighbor information show ip pim mroute A B C D Bridge Shows PIM master router show ip pim nexthop Shows PIM next hops show ip pim rp mapping Shows PIM Rendezvous Point RP information show ip pim rp hash A B C D Shows RP to be chosen based on group selected A B C D group address A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 223 S323 R1 5 10 A 10 1 IP Routing Protocol Routing functionalities such as RIP OSPF BGP and PIM SM are only available for hiD 6615 S323 Unavailable for hiD 6615 S223 Border Gateway Protocol BGP The Border Gateway Protocol BGP is an exterior gateway protocol EGP that is used to exchange routing information among routers in different autonomous systems AS BGP routing information incl
385. r Displaying Configuration To display the configuration after configuring STP RSTP and MSTP use the following command Command Description show stp Shows the configuration of STP RSTP MSTP Shows the configuration when it is configured as show stp mst MSTP Shows the configuration of specific Instance enter the show stp mst MSTID RANGE 3 Enable instance number Global Bridge Shows the configuration of the specific Instance for the ports show stp mst MSTID RANGE all MSTID_RANGE select the MST instance number PORTS detail all select all ports PORTS select port number detail show detail information as option In case STP or RSTP is configured in the SURPASS hiD 6615 223 S323 you should configure MSTID RANGE as 0 To display a configured MSTP of the switch use the following command Command Mode Description Shows the MSTP configuration identifier Enable show stp mst config id current Global current shows the current configuration as it is used to oba pending run MST Bridge pending shows the edited configuration For example after the user configures configuration ID if you apply it to the switch with stp mst config id commit command you can check configuration ID with the show stp mst config id current command However if the user did not use the stp mst config id commit command in order to ap ply to the switch after configu
386. r SWTICH2 config router vrrp default 1 SWITCH2 config router associate 10 0 0 5 SWITCH1 config router vr priority 102 SWITCH2 config router exit SWITCH2 config show vrrp default virtual router 1 state virtual mac address 00 00 5E 00 01 01 advertisement interval 1 sec preemption enabled priority 102 master down interval 3 620 sec 1 associate address 10 0 0 5 By default Priority of the hiD 6615 S323 is configured as 100 So unless you configure specific Priority this switch becomes Master Router because a device which has lower IP address has higher precedence Also when there are more than two Backup Routers IP addresses are compared to de cide order The following is an example of configuring Master Router and Backup Router by comparing IP addresses Virtual Routers Layer 3 SWITCH 1 10 0 0 1 and Layer 3 SWITCH 2 10 0 0 2 A50010 Y3 C150 2 7619 User Manual SURPASS hiD 6615 S223 S323 R1 5 Layer 3 SWITCH 1 IP address 10 0 0 1 24 gt SWTICH1 config router vrrp default 1 SWITCH1 config router associate 10 0 0 5 SWITCH1 config router exit SWITCH1 config show vrrp default virtual router 1 state 00 00 1 sec virtual mac address qE 00 01 01 advertisement interval preemption enabled priority 100 master down interval 3 624 sec 1 associate address 10 0 0 5 UMN CLI Layer 3 SWITCH 2 IP Address 10 0
387. r transmitted to client 3 IP assigned by hiX 5430 client 3 not by DHCP server A 10 1 1 1 10 1 1 10 IP assigned To prevent IP assignment from client 3 DHCP filtering is needed for the port Fig 8 34 DHCP Server Packet Filtering To enable the DHCP server packet filtering use the following command Command Description dhcp server filter PORTS Enables the DHCP server packet filtering no dhcp server filter PORTS Disables the DHCP server packet filtering To display a status of the DHCP server packet filtering use the following command Command Mode Description Enable show dhcp server filter Global Show a status of the DHCP server packet filtering Bridge 8 8 10 Debugging DHCP To enable disable a DHCP debugging use the following command Command Description debug dhcp filter lease Enables a DHCP debugging packet service all Enable no debug dhcp filter lease Disables a DHCP debugging packet service all 264 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 8 9 8 9 1 Ethernet Ring Protection ERP The ERP is a Siemens protection protocol and procedure to protect Ethernet ring topolo gies It is a fast failure detection and recovery so that it decreases the time to prevent Loop under 50ms The main characteristics of the ERP are the follows e It req
388. r Manual SURPASS hiD 6615 S223 S323 R1 5 Type Value Type Value ICMP_ECHOREPLY 0 ICMP_DEST_UNREACH 3 ICMP_SOURCE_QUENCH 4 ICMP_REDIRECT 5 ICMP_ECHO 8 ICMP_TIME_EXCEEDED 11 ICMP_PARAMETERPROB 12 ICMP_TIMESTAMP 13 ICMP_TIMESTAMPREPLY 14 ICMP_INFO_REQUEST 15 ICMP_INFO_REPLY 16 ICMP_ADDRESS 17 ICMP_ADDRESSREPLY Tab 7 2 ICMP Message Type The following figure shows simple ICMP message construction 0 7 15 16 31 8 bit Type 8 bit Code 16 bit Checksum Contents Depend on Type and Code It is possible to control ICMP message through user s configuration You can configure to block the echo reply message to the partner who is doing ping test to device and interval to transmit ICMP message Blocking Echo Reply Message It is possible to configure block echo reply message to the partner who is doing ping test to switch To block echo reply message use the following commands Command Description me F Blocks echo reply message to all partners who are ip icmp ignore echo all taking ping test to device za Blocks echo reply message to partner who is taking ip icmp ignore echo broadcast broadcast ping test to device To release the blocked echo reply message use the following commands Command Description UN Releases blocked echo reply message to all partners no ip icmp ignore echo all i who are taking ping test to device Global no ip ic
389. r all Deletes all the specified default gateways The following is an example of specifying the default gateway 100 1 1 254 SWITCH config service dhcp SWITCH config ip dhcp pool sample SWITCH config dhcp sample network 100 1 1 0 24 SWITCH config dhcp sample default router 100 1 1 254 SWITCH config dhcp sample 8 8 1 5 IP Lease Time Basically the DHCP server leases an IP address in the DHCP pool to DHCP clients which will be automatically returned to the DHCP pool when it is no longer in use or ex pired by IP lease time To specify IP lease time use the following command Command Description Sets default IP lease time in the unit of lease time default lt 120 2147483637 gt second default 3600 DHCP Pool Sets maximum IP lease time in the unit lease time max lt 120 2147483637 gt of second default 3600 no lease time default max Deletes specified IP lease time A50010 Y3 C 150 2 7619 241 UMN CLI 242 8 8 1 6 8 8 1 7 User Manual SURPASS hiD 6615 S223 8323 R1 5 The following is an example of setting default and maximum IP lease time SWITCH config service dhcp SWITCH config ip dhcp pool sample SWITCH config dhcp sample network 100 1 1 0 24 SWITCH config dhcp sample default router 100 1 1 254 SWITCH config dhcp SWITCH config dhcp SWITCH config dhcp DNS Server sample sample
390. r each port show ip mfib hidden Displays reserved information and destination user reserved dstuser information as a hidden command 282 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 223 S323 R1 5 9 2 9 2 1 9 2 1 1 Internet Group Management Protocol IGMP Internet Group Management Protocol IGMP is used by hosts and routers that support multicasting All the systems on a network can know which hosts belong to which multi cast groups IGMP is not multicast routing protocol but group management protocol Multicast routers can receive thousands of multicast packets from other group If a router does not have the information of host membership it has to broadcast the packets This is bandwidth waste To solve this problem one group list of members is maintained IGMP helps multicast router to create and renew the list The hiD 6615 S223 S323 supports IGMP Version 1 2 and 3 IGMP Basic Configuration This chapter explains how to configure basic IGMP features such as IGMP version IGMP DB and Debugging method IGMP Version per Interface You can configure the IGMP Protocol version on an interface To configure the IGMP Pro tocol version use the following command Command Description Selects an IGMP version 1 version 1 ip igmp version lt 1 3 gt Interface 2 version 2 3 version 3 default no ip igmp version Returns to the default setting version 3
391. r routing protocol Area into OSPF In this case if other routing protocol has default path use default information originate command to configure the all of default path is using the assigned ASBR To configure NSSA with various features use command with options area lt 0 4294967295 NSSA command has 4 options as default information originate no redistribution no summary translator role and it can be selected more than 2 options without order default information originate has metric lt 0 16777214 gt and metric type 1 2 as an option translator role must choose one of candidate never always as an options The following is explaining options of command default information originate or default information originate metric lt 0 16777214 gt or default information originate metric type 1 2 no redistribution no summary translator role candidate never always A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 To configure NSSA with one option use the following command Command Description area lt 0 4294967295 gt nssa default information originate area lt 0 4294967295 gt nssa default information originate metric lt 0 16777214 gt Router Configures NSSA with one option area lt 0 4294967295 gt nssa default information originate metric type lt 1 2 gt area lt 0 4294967295 gt nssa no redistribution area lt 0 4294967295 gt nssa no summary
392. r switch and Slave switch is different as below Switch A Master Switch SWITCH A config f show stack device default node ID 1 node MAC address status type name port 1 00 d0 cb 0a 00 aa active SURPASS hiD 6615 S223 8323 SWITCH A 24 2 00 d0 cb 22 00 11 active SURPASS hiD 6615 S223 8323 SWITCH B 24 SWITCH_A config Switch B Slave Switch SWITCH B config f show stack device default node ID 2 SWITCH_B config A50010 Y3 C150 2 7619 273 UMN CLI 274 8 11 User Manual SURPASS hiD 6615 S223 8323 R1 5 Sample Configuration 2 Accessing from Master Switch to Slave Switch The following is an example of accessing to Slave switch from Master switch configured in Sample Configuration 1 If you show the configuration of Slave switch in Sample Configuration 1 you can recognize node number is 2 SWITCH bridge rcommand 2 fey ing IZTLID Sys Connected to 127 1 0 1 Escape character is SWITCH login admin Password SWITCH To disconnect input as below SWITCH exit Connection closed by foreign host SWITCH bridge Broadcast Storm Control The hiD 6615 S223 S323 supports broadcast storm control for broadcast packets Broad cast storm is overloading situation of broadcast packets since they need major part of transmit capacity Broadcast storm may be often occurred because of difference of ver sions For example when there are mixed 4 3 BSD and 4 2 BSD or mixed
393. ration the configuration could be checked with the show stp mst config id pending command A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 8 3 6 8 3 6 1 Configuring PVSTP PVRSTP STP and RSPT are designed with one VLAN in the network If a port becomes blocking state the physical port itself is blocked But PVSTP Per VLAN Spanning Tree Protocol and PVRSTP Per VLAN Rapid Spanning Tree Protocol maintains spanning tree in stance for each VLAN in the network Because PVSTP treats each VLAN as a separate network it has the ability to load balance traffic by forwarding some VLANs on one trunk and other VLANs PVRSTP provides the same functionality as PVSTP with enhancement Switch C Fig 8 24 Example of PVSTP Activating PVSTP PVRSTP To configure PVSTP or PVRSTP configure force version in order to decide the mode In order to decide force version use the following command Command Description Activates PVSTP or PVRSTP function VLAN RANGE Vlan name stp pvst enable VLAN RANGE PVSTP is activated after selecting PVSTP in Force version using the above command and PVRSTP is activated after selecting PVRSTP using the above commands In PVSTP and PVRSTP it is possible to configure only the current VLAN If you input VLAN that does not exist error message is displayed For the switches in LAN where dual path doesn t exist Loop does not generate even though STP function is not co
394. rd can be displayed with the command show running config To encrypt the password not to be displayed use the following command Command Mode Description service password encryption Global Encrypts system password A50010 Y3 C150 2 7619 41 UMN CLI 42 4 1 3 4 1 4 4 1 4 1 U User Manual SURPASS hiD 6615 8223 8323 R1 5 To disable password encryption use the following command Command Description no service password encryption Disables password encryption Changing Login Password To configure a password for created account use the following command Command Mode Description passwd NAME Global Configures a password for created account The following is an example of changing password SWITCH config passwd Siemens Changing password for Siemens Enter the new password minimum of 5 maximum of 8 characters Please use a combination of upper and lower case letters and numbers Enter new password junior95 Re enter new password junior 95 Password changed SWITCH config The password you are entering won t be seen in the screen so please be careful not to make mistake Management for System Account Creating System Account For the hiD 6615 S223 S323 the administrator can create a system account In addition itis possible to set the security level from 0 to 15 to enhance the system security To create a system account use the following command Command Description
395. rding state of Switch A Switch C Switch D Fig 8 19 Network Convergece of 802 1w 3 208 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 8 3 3 It is same with 802 1d to block the connection of SWITCH D and SWITCH C However 802 1w does not need any configured time to negotiate between switches to make for warding state of specific port So it is very fast progressed During progress to forwarding state of port listening and learning are not needed These negotiations use BPDU Compatibility with 802 1d RSTP internally includes STP so it has compatibility with 802 1d Therefore RSTP can recognize BPDU of STP But STP cannot recognize BPDU of RSTP For example as sume that SWITCH A and SWITCH B are operated as RSTP and SWITCH A is connected to SWITCH C as designated switch Since SWITCH C which is 802 1d ignores RSTP BPDU it is interpreted that switch C is not connected to any switch or segment Switch A Switch B Switch C 802 1w 802 1w 802 1d Fig 8 20 Compatibility with 802 1d 1 However SWITCH A converts a port received BPDU into RSTP of 802 1d because it can read BPDU of SWITCH C Then SWITCH C can read BPDU of SWITCH A and accepts SWITCH A as designated switch Switch A Switch B Switch C 802 1w 802 1w 802 1d STP BPDU Fig 8 21 Compatibility with 802 1d 2 MSTP Operation To operate the network more effectively the hiD 6615 S223 S323 uses MS
396. re won t be any subsequent time jumps after the initial correction Unlike NTP SNTP usually uses just one Ethernet Time Server to calculate the time and then it jumps the system time to the calculated time It can however have back up Ethernet Time Servers in case one is not available To configure the switch in SNTP use the following commands Command Description sntp SERVER 1 SERVER 2 Specifies the IP address of the SNTP server It is pos sible up to three number of server SERVER 3 Global SERVER server IP address no sntp Disables SNTP function To display SNTP configuration use the following command Command Mode Description Enable show sntp Global Show SNTP configuration oba The following is to register SNTP server as 203 255 112 96 and enable it SWITCH config sntp 203 255 112 96 SWITCH config show sntp bst Go 203229 5 11 23 96 SWITCH config You can configure up to 3 servers so that you use second and third servers as backup use in case the first server is down Terminal Configuration By default the hiD 6615 8223 8323 is configured to display 24 lines composed by 80 characters on console terminal The maximum line displaying is 512 lines To set the number of line displaying on terminal screen use the following command Command Description Sets the number of line displaying on console terminal terminal length 0 512 Global enter th
397. reject traffic from all sources in the previous source list the last host on the port will be removed by immediate leave To configure the Immediate Block use the following command Command Description ip igmp snooping immediate Enables immediate block on the system block Global ip igmp snooping vlan VLANS Enables immediate block on a VLAN interface immediate block Multicast VLAN Registration MVR Multicast VLAN Registration MVR is for applications using wide scale deployment of multicast traffic across an Ethernet ring based service provider network MVR allows a subscriber on a port to subscribe or not to a multicast stream on the network wide multi cast VLAN It allows the single multicast VLAN to be shared in the network with subscrib ers remaining in separate VLANs MVR helps to continuously send multicast streams in the multicast VLAN but to isolate the streams from the subscriber VLANs for bandwidth and security reasons MVR assumes that subscribers subscribe or not join and leave these multicast streams by sending out IGMP join and leave messages These messages can originate from an IGMP version 2 compatible host Although MVR operates on the underlying mechanism of IGMP snooping the two features operate independently of each other One can be en abled or disabled without affecting the behavior of the other feature However if IGMP snooping and MVR are both enabled MVR reacts only to joi
398. ring below two cases 1 When Untagged Frame comes in and matches with Protocol VLAN Table tags PVID which configured on Protocol VLAN But in no matched situation tags PVID which configured on and operates VLAN 2 When Tagged Frame comes in and VID is 0 it switches by Protocol VLAN Table But if VID is not 0 it switches by normal VLAN Table MAC address based VLAN In order to configure VLAN based on MAC address user should designate MAC address use the following command A50010 Y3 C150 2 7619 181 UMN CLI 182 User Manual SURPASS hiD 6615 S223 S323 R1 5 Command Description vlan macbase MAC ADDRESS Configure VLAN based on MAC address lt 1 4094 gt no vlan macbase MAC Clears configured VLAN based on MAC address ADDRESS Subnet based VLAN In order to configure VLAN based on Subnet user should designate Subnet use the fol lowing command Command Description vlan subnet P ADDRESS M lt 1 Configure VLAN based on Subnet 4094 gt no vlan subnet P ADDRESS Clears configured VLAN based on Subnet To make precedence between MAC address and Subnet based VLAN user can choose one of both with below command Command Description vlan precedence MAC SUB Configure precedence between MAC based NET VLAN and Subnet based VLAN Tagged VLAN In a VLAN environment a frame s association with a given VLAN is soft the fact that a given frame exists on some
399. ritical major minor warning intermediate Sends alarm notification with the sever ity when ADVA informs to fail to transmit the packets Sends alarm notification with the sever ity when ADVA informs there s any problem on the power snmp alarm severity adva voltage high criti cal major minor warning intermediate Sends alarm notification with the sever ity when ADVA informs there is any problem in temperature snmp alarm severity adva voltage low critical major minor warning intermediate Sends alarm notification with the sever ity when ADVA informs the voltage is high Sends alarm notification with the sever ity when ADVA informs the voltage is low If you want to clear a configured ADVA alarm prioirity use the following command Command Description no snmp alarm severity adva fan fail no snmp alarm severity adva if misconfig no snmp alarm severity adva if opt thres no snmp alarm severity adva if rcv fail no snmp alarm severity adva if sfp mismatch no snmp alarm severity adva if trans fault no snmp alarm severity adva psu fail no snmp alarm severity adva temperature no snmp alarm severity adva voltage high no snmp alarm severity adva voltage low ERP Alarm Severity Clears a configured ADVA alarm prioirity To configure a severity of alarms for ERP status use the following command Command
400. rk from user s network a multicast router operates as Layer 3 forwarding for each MVR VLAN In this case when an IGMP packet of a subscriber is transmitted to the multicast server a source address of the IGMP packet may not match the network address of MVR VLAN To handle such a prob lem you can replace a source address of an IGMP packet with one of the IP addresses of MVR VLAN To configure a helper address to replace a source address of an IGMP packet use the following command Command Mode Description mvr vlan VLAN helper Gl bal Configures MVR group address oba IP ADDRESS IP ADDRESS specific IP address A50010 Y3 C150 2 7619 299 UMN CLI 300 9 2 7 4 9 2 7 5 9 2 8 User Manual SURPASS hiD 6615 S223 S323 R1 5 To delete the statically configured MVR group address use the following command Command Mode Description Deletes a MVR group address no mvr vian VLAN helper Global d IP ADDRESS specific IP address Send and Receive Port Statically configure a VLAN interface to receive multicast traffic sent to the multicast VLAN and the IP multicast address An interface statically configured as a member of a group remains a member of the group until statically removed Command Mode Description mvr port PORTS type receiver Siobal Configures MVR port oba source PORTS port number Source This configures uplink ports that receive and send multicast data as source ports Subscribers ca
401. rmation Base FIB Table The FIB is a table that contains a mirror image of the forwarding information in the IP rout ing table When routing or topology changes occur in the network the route processor up dates the IP routing table and CEF updates the FIB Because there is a one to one corre lation between FIB entries and routing table entries the FIB contains all known routes and eliminates the need for route cache maintenance that is associated with switching paths such as fast switching and optimum switching FIB is used for making IP destina tion prefix based switching decisions and maintaining next hop address information based on the information in the IP routing table The forwarding information base FIB table contains information that the forwarding processors require to make IP forwarding decisions To display Forwarding Information Base table use the following command Command Mode Description Enable show ip route fib Global Displays Forwarding Information Base table Bridge Forwarding Information Base FIB Retain Use this command to modify the retain time for stale routes in the Forwarding Information Base FIB during NSM restart Command Description fib retain Configures the retain time for FIB during NSM restart forever time lt 1 65535 gt Default 60sec Global no fib retain forever time lt 1 65535 gt Restores is as a default A50010 Y3 C150 2 7619 59 UMN CLI User M
402. ronment Root Switch To establish STP RSTP or MSTP function first of all root switch should be decided In STP or RSTP it is named as root switch and in MSTP it is as IST root switch Each switch has its own bridge ID and root switch on same LAN is decided by comparing their bridge ID However the user can modify root switch by configuring priority for it The switch hav ing the lowest priority is decided as root switch To change root switch by configuring priority for it use the following command Command Description Configures the priority of the switch MSTID RANGE select instance number 0 0 61440 priority value in steps of 4096 default 32768 stp mst priority MSTID RANGE lt 0 61440 gt no stp mst priority MSTID Clears the Priority of the switch enter the instance RANGE number Path cost After deciding root switch you need to decide to which route you will forward the packet To do this the standard is path cost Generally path cost depends on transmission speed of LAN interface in the switch The following table shows path cost according to transmit rate of LAN interface You can use same commands to configure STP and RSTP but their path costs are to tally different Please be careful not to make mistake A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 Transmit Rate Path cost 4M 250 10M 100 100M 19 1G 4 10G 2 Tab 8 2 STP
403. routing information and register it again Graceful Restart improves those inconveniences Although OSPF is restarting Graceful Restart makes the trans mission of a packet with routing information A50010 Y3 C150 2 7619 349 UMN CLI 350 User Manual SURPASS hiD 6615 S223 8323 R1 5 To configure the Graceful Restart use the following command Command Description capability restart graceful reliable graceful signaling Router no capability restart Configures the Graceful Restart Releases the configuration The following items are additional options for the Graceful Restart grace period When OSPF restarts process is keeping status in graceful for the time configured as grace period After the configured time OSPF operates in normal helper This is functions that helps other routers around the restarting router It makes re starting router as a working and transmitting to other routers only reload is for the case of OSPF router is restarting only upgrade is for the OSPF router which is up grading software and max grace period works when grace period from other routers has less value than it Configuration for Helper can be selected more than 2 options without order To configure the additional options for Graceful Restart use the following command Command Description ospf restart grace period 1 1800 ospf restart helper max grace period lt 1 1800 gt
404. rovider network can be elected as root switches If the priority of bridge B is zero or any value lower than that of the root bridge device B will be elected as a root bridge for this VLAN As a result network topology could be changed This may lead to sub optimal switching But by configuring root guard on switch A no switches be hind the port connecting to switch A can be elected as a root for the service provider s switch network In which case switch A will block the port connecting switch B To configure Root Guard use the following command Command Description stp pvst root guard Configures Root Guard on PVST network VLAN RANGE PORTS stp mst root guard Configures Root Guard on MST network MSTID RANGE PORTS Bridge no stp pvst root guard VLAN RANGE PORTS Disables Root Guard no stp mst root guard MSTID RANGE PORTS Restarting Protocol Migration There are two switches which configured as STP and RSTP Usually in this case STP protocol is used between two switches But if someone configures the STP switch to RSTP mode what happens Because the RSTP switch already received STP protocol packet the two switches still can work with STP mode even though RSTP is enabled at both If you enable this command the switch checks STP protocol packet once again A50010 Y3 C150 2 7619 219 UMN CLI 220 8 3 9 8 3 9 1 User Manual SURPASS hiD 6615 S223 S323 R1 5 To clear configured Res
405. rrent query interval it is refused To configure the frequency of hello interval value use the following command Command Description e F Configures the frequency of hello time ip pim query interval lt 1 18724 gt Interface 1 18724 hello message interval unit second no ip pim query interval Disables the hello message interval configuration 306 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 223 S323 R1 5 9 3 1 5 9 3 2 9 3 3 PIM Debug To activate PIM SM debugging use the following command Command Description Activates PIM debugging all all PIM debugging events PIM events debug pim all events nexthop nexthop PIM SM nexthop communications mib mfc nsm packet in mib PIM SM MIBs out state timer mfc MFC add delete update nsm PIM SM network service module communications packet incoming and or outgoing packets Enable state state transition on all PIM SM FSMs debug pim timer assert at Enables the PIM SM assert timers debugging debug pim timer bsr bst crp Enables the PIM SM BSR timer s debugging debug pim timer hello ht nlt tht Enables the PIM SM Hello timer s debugging debug pim timer joinprune jt 2 h Enables the PIM SM JoinPrune timer s debugging et ppt kat ot debug pim timer register rst Enables the PIM SM register timer s debugging BSR and RP
406. rs However typical FTP and telnet service has weakness for security SSH Secure Shell is security shell for login Through SSH all data are encoded traffic is compressed So transmit rate becomes faster and tunnel for existing ftp and pop which are not safe in security is supported 4 4 1 SSH Server The hiD 6615 8223 8323 can be operated as SSH server You can configure the switch as SSH server with the following procedure e Enabling SSH Server e Displaying On line SSH Client e Disconnecting SSH Client e Displaying Connection History of SSH Client e Assigning Specific Authentication Key 4 4 1 1 Enabling SSH Server To enable disable SSH server use the following command Command Mode Description ssh server enable Enables SSH server Global ssh server disable Disables SSH server 4 4 1 2 Displaying On line SSH Client To display SSH clients connected to SSH server use the following command Command Mode Description show ssh Enable Global Shows SSH clients connected to SSH server 4 4 4 3 Disconnecting SSH Client To disconnect an SSH client connected to SSH server use the following command Command Mode Description Disconnects SSH clients connected to SSH server PID SSH client number ssh disconnect P D Global 4 4 1 4 Displaying Connection History of SSH Client To display the connection history of SSH client use the following command Command Mode Description
407. rtup config figuration file FILENAME configuration file name Copies a specified configuration file to another configu copy FILENAME FILENAME2 ration file Deletes a specified configuration file erase FILENAME FILENAME configuration file name A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 To back up a system configuration file using FTP or TFTP use the following command Command Description copy ftp tftp config upload Uploads a file to ftp or fttp server with a name config FILE NAME startup config ured by user copy ftp tftp config download Downloads a file from ftp or fttp server with a name FILE NAME startup config configured by user Enable copy ftp tftp os upload os1 Uploads a file to ftp or fttp server with a name of os1 or os2 0S2 copy ftp tftp os download Downloads a file from ftp or fttp server with a name of os1 os2 os1 or os2 To access FTP to back up the configuration or use the backup file you should know FTP user ID and the password To back up the configuration or use the file through FTP you can check the file transmission because hash function is automatically turned on To display a system configuration file use the following command Command Description show startup config Shows a current startup configuration show config list Shows a list of configuratio
408. rver Global FILE Configuring Authentication Key SSH client can access to server through authentication key after configuring authentica tion key and informing it to server It is safer to use authentication key than inputting password every time for login and it is also possible to connect to several SSH servers with using one authentication key A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 To configure authentication key in the hiD 6615 8223 8323 use the following command Command Description Configures authentication key hk fea dsa rsa1 SSH ver 1 public key for the authentication ssh keygen rsa1 rsa dsa yg rsa SSH ver 2 public key for the authentication dsa SSH ver 2 public key for the authentication To configure authentication key and connect to SSH server with the authentication key perform the following procedure Step 1 Configure the authentication key in the switch SWITCH_A config ssh keygen dsa Generating public private dsa key pair Enter file in which to save the key etc ssh id_dsa Enter passphrase empty for no passphrase networks Enter same passphrase again networks Your identification has been saved in etc ssh id_dsa Your public key has been saved in etc ssh id_dsa pub The key fingerprint is d9 26 8e 3d fa 06 31 95 f8 fe 6 59 24 42 47 7e root hiD6615 SWITCH_A config Step 2 Connect to SSH server with the authent
409. s lt 0 7 gt Changes DSCP field enter DSCP value match cos lt 0 7 gt overwrite Changes 802 1p class of service enter CoS value 0 7 CoS value match cos same as tos overwrite Overwrites 802 1p CoS field in the packet 0 7 CoS value match ip prec lt 0 7 gt Overwrites 802 1p CoS field in the packet same as IP ToS precedence bits match ip prec same as cos Changes IP ToS precedence bits in the packet 0 7 ToS precedence value match bandwidth BANDWIDTH Changes IP ToS precedence bits in the packet same as 802 1p CoS value match vlan lt 1 4094 gt Determines maximum allowed bandwidth Mbps match copy to cpu Specifies matched packet VLAN ID 1 4094 VLAN ID match counter Copies to CPU match egress filter PORT Counts how many times the packets come into config ured Rule match egress port PORT A50010 Y3 C 150 2 7619 Deletes a specified egress port Overwrites a specified egress port 143 UMN CLI 144 User Manual SURPASS hiD 6615 S223 S323 R1 5 To delete a specified rule action match use the following command Command Description no match deny no match permit no match redirect no match mirror no match dscp no match cos no match ip prec no match bandwidth no match vian no match copy to cpu no match counter no match egress
410. s use the following command If the router is running IGMP v2 you can change this value Command Description m Configures the IGMP queier timeout ip igmp query max response 4346 1 240 Maximum response time in seconds adver ime 1 240 Interface tised in IGMP queries no ip igmp query max response PE Returns to the default value 10 time IGMP v2 Group specific or IGMP v3 Group source specific Query Message The Last Member Query Count is the number of Group Specific Queries sent before the router assumes there are no local members The Last Member Query Count is also the number of Group and Source Specific Queries sent before the router assumes there are no listeners for a particular source To configure the last member query count use the following command Command Description ip igmp last member query Configures the IGMP last member query count count 2 7 2 7 last member query count value Interface no ip igmp last member query i amp nee Returns to the default value 2 coun When a router receives an IGMP Version 2 leave group message on an interface it waits twice the query interval specified by the ip igmp last member query interval command after which if no receiver has responded the router drops the group membership on that interface To configure the last member query interval use the following command Command Description n Configures
411. s Con ip dhcp class CLASS figuration mode Global CLASS DHCP class name no ip dhcp class CLASS Deletes a created DHCP class Relay Agent Information Pattern To specify option 82 information for IP assignment use the following command Command Description relay information remote id ip A B C D circuit id hex HEXSTRING index lt 0 65535 gt text STRING relay information remote id hex HEXSTRING circuit id hex HEXSTRING index lt 0 65535 gt text STRING Specifies option 82 information for IP assignment relay information remote id text STRING cir cuit id hex HEXSTRING index lt 0 65535 gt text STRING A50010 Y3 C 150 2 7619 247 UMN CLI User Manual SURPASS hiD 6615 S223 S323 R1 5 To delete specified option 82 information for IP assignment use the following command Command Description no relay information remote id ip A B C D cir cuit id hex HEXSTRING index lt 0 65535 gt text STRING no relay information remote id hex HEX STRING circuit id hex HEXSTRING index lt 0 65535 text STRING Deletes specified option 82 information for IP assignment no relay information remote id text STRING circuit id hex HEXSTRING index lt 0 65535 gt text STRING To delete specified option 82 information for IP assignment use the following command Command Description i Deletes all specified option 82 informa no
412. s a kind of LAN Security function using by Cisco products and it can be classified to Private VLAN and Private edge Until now there is no standard document of it Private VLAN Edge Private VLAN edge protected port is a function in local switch That is it cannot work on between two different switches with protected ports A protected port cannot transmit any traffic to other protected ports Private VLAN Private VLAN provides L2 isolation within the same Broadcast Domain ports That means another VLAN is created within a VLAN There are three type of VLAN mode e Promiscuous A promiscuous port can communicate with all interfaces including the isolated and community ports within a PVLAN Isolated An isolated port has complete Layer 2 separation from the other ports within the same PVLAN but not from the promiscuous ports PVLANs block all traffic to iso lated ports except traffic from promiscuous ports Traffic from isolated port is for warded only promiscuous ports Community Community ports communicate among themselves and with their pro miscuous ports These interfaces separate at Layer 2 from all other interfaces in other communities or isolated ports within their PVLAN The difference between Private VLAN and Private VLAN edge is that PVLAN edge guar antees security for the ports in a VLAN using protected port and PVLAN guarantees port security by creating sub VLAN with the three types Promiscuous Isolation and Com
413. s and Disadvantages of Tagged VLAN From the perspective the VLAN aware devices the distinguishing characteristic of a VLAN is the means used to map a given frame to that VLAN In the case of tagged frame the mapping is simple the tag contains the VLAN identifier for the frame and the frame is assumed to belong to the indicated VLAN That s all there is to it To configure the tagged VLAN use the following command Command Description Configures tagged VLAN on a port VLANS enter the VLAN ID PORTS enter the port number vlan add VLANS PORTS tagged 8 1 6 VLAN Description You can describe each VLAN with the following command Command Description Describes VLAN characteristic vian description VLANS DESC VLANS enter the VLAN ID DESC enter the detail description no vian description VLANS Deletes the description about specified VLAN ID 8 1 7 Displaying VLAN Information User can display the VLAN information about Port based VLAN Protocol based VLAN and QinQ Command Description show vlan show vlan VLANS Shows all VLAN configurations Enable Shows a configuration for specific VLAN Global Bridge show vlan description Shows a description for specific VLAN show vlan dotiq tunnel Shows QinQ configuration show vlan protocol Shows VLAN based on protocol A50010 Y3 C 150 2 7619 183 UMN CLI 184 8 1 8 User Manual SURPASS hiD 6615 S223 83
414. scription a Commands you should use as is NAME PROFILE VALUE Variables for which you supply values PORTS For entry this variable see Section 5 1 Commands or variables that appear within square brackets are optional Range of number that you can use A choice of required keywords appears in braces You must se lect one Optional variables are separated by vertical bars Tab 1 2 Command Notation of Guide Book CE Declaration of Conformity The CE declaration of the product will be fulfilled if the construction and cabling is under taken in accordance with the manual and the documents listed there in e g mounting in structions cable lists where necessary account should be taken of project specific docu ments Deviations from the specifications or unstipulated changes during construction e g the use of cable types with lower screening values can lead to violation of the CE require ments In such case the conformity declaration is invalidated and the responsibility passes to those who have caused the deviations A50010 Y3 C150 2 7619 21 UMN CLI 22 1 6 User Manual SURPASS hiD 6615 8223 8323 R1 5 GPL LGPL Warranty and Liability Exclusion The Siemens product SURPASS hiD 6615 contains both proprietary software and Open Source Software The Open Source Software is licensed to you at no charge under the GNU General Public License GPL and the GNU Les
415. se address resolution Siemens switches find MAC address from IP address through address resolution protocol ARP This chapter consists of these sections ARP Table e ARP Alias e Gratuitous ARP Proxy ARP ARP Table Hosts typically have an ARP table which is a cache of IP MAC address mappings The ARP Table automatically maps the IP address to the MAC address of a switch In addition to address information the table shows the age of the entry in the table the encapsula tion method and the switch interface VLAN ID where packets are forwarded The hiD 6615 ARP saves IP MAC addresses mappings in ARP table for quick search Re ferring to the information in ARP table packets attached IP address is transmitted to net work When configuring ARP table it is possible to do it only in some specific interfaces A50010 Y3 C150 2 7619 165 UMN CLI User Manual SURPASS hiD 6615 S223 S323 R1 5 7 13 1 1 Registering ARP Table The contents of ARP table are automatically registered when MAC address corresponds to MAC address is founded The network administrator could use MAC address of spe cific IP address in Network by registering on ARP table To make specific IP address to be accorded with MAC address use the following com mand Command Description Sets a static ARP entry enter the IP address and the arp A B C D MACADDR MAC address MACADDR enter the MAC address Sets a static ARP entry enter the IP address
416. sed for STP RSTP MSTP PVSTP and PVRSTP Hello Time Hello time decides an interval time when a switch transmits BPDU To configure hello time use the following command Command Description Configures hello time to transmit the message in STP stp mst hello time 1 10 RSTP and MSTP 1 10 set the hello time default 2 Configures hello time to transmit the message in PVSTP and PVRSTP 1 10 set the hello time default 2 stp pvst hello time VLAN RANGE 1 10 A50010 Y3 C150 2 7619 User Manual SURPASS hiD 6615 S223 S323 R1 5 8 3 9 2 8 3 9 3 UMN CLI To clear configured hello time use the following command Command Description no stp mst hello time Returns to the default hello time value of STP RSTP and MSTP no stp pvst hellow time VLAN RANGE Forward Delay Returns to the default hello time value of PVSTP and PVRSTP It is possible to configure forward delay which means time to take port status from listen ing to forwarding To configure forward delay use the following command Command Description stp mst forward delay lt 4 30 gt Modifies forward delay in STP RSTP or MSTP enter a delay time value default 15 stp pvst forward delay VLAN RANGE lt 4 30 gt Modifies forward delay in PVSTP and PVRSTP enter a delay time value of VLAN default 15 To delete a configured forward delay use the follow
417. ser General Public License LGPL This Open Source Software was written by third parties and enjoys copyright protection You are entitled to use this Open Source Software under the conditions set out in the GPL and LGPL licenses indicated above In the event of conflicts between Siemens license conditions and the GPL or LGPL license conditions the GPL and LGPL conditions shall prevail with respect to the Open Source portions of the software The GPL can be found under the following URL http www gnu org copyleft gpl html The LGPL can be found under the following URL http www gnu org copyleft Igpl html In addition if the source code to the Open Source Software has not been delivered with this product you may obtain the source code including the related copyright notices by sending your request to the following e mail address opensrc dasannetworks com You will however be required to reimburse Siemens for its costs of postage and copying Any source code request made by you must be sent within 3 years of your purchase of the product Please include a copy of your sales receipt when submitting your request Also please include the exact name and number of the device and the version number of the installed software The use of Open Source Software contained in this product in any manner other than the simple running of the program occurs at your own risk that is without any warranty claims against Siemens For more information about t
418. sesee ee nene 61 Displaying On line SSH Client sssseeee eene 61 Disconnecting SSH Client sse eene 61 Displaying Connection History of SSH Client 61 Assigning Specific Authentication Key sssessee een 62 SSEGIIGnt xin itn ee ein nentes 62 login to SSEESerVel i i pd HER Das e ta dep eod 62 File Copy i e Hee eee e ea eot AN d pn eod dne Ld ecd 62 Configuring Authentication Key sssssseeee meme 62 802 1x Authentication 1 o tear te tec de i ied i ae dn deu 64 302 1x Authentication 5 2 ined mH Pete 65 Enabling 802 x pe teer i eed deed eee e e tbe t ites eed 65 Configuring RADIUS Server eene 65 Configuring Authentication Mode sssseee eem 66 Authentication Pott denim ice Mie de nae de HERR 67 Force Authorization nite p e ebat b I edet eter par 67 Configuring Interval for Retransmitting Request Identity Packet 67 Configuring Number of Request to RADIUS Server ssssssseees 68 Configuring Interval of Request to RADIUS Server ssseses 68 802 1x Re Authentication ssssesseeeeeeeenem eene 68 Enabling 802 1x Re Authentication sse 68 Configuring the Interval of Re Authentication ssssseeeee 69 Configuring the Interval of Requesting Re authentication 69 802 1x Re authentication
419. shold like CPU load traffic temperature etc Using this threshold the hiD 6615 S223 S323 generates syslog messages sends SNMP traps or performs a related procedure CPU Load To set a threshold of CPU load use the following command Command Description Sets a threshold of CPU load in the unit of percent 96 20 100 CPU load default 50 5 60 600 time Interval second threshold cpu lt 21 100 gt 5 60 600 lt 20 100 gt 5 60 600 Global no threshold cpu Deletes a configured threshold of CPU load A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 To show a configured threshold of CPU load use the following command Command Description show cpuload Shows a configured threshold of CPU load 6 1 12 2 Port Traffic To set a threshold of port traffic use the following command Command Description Sets a threshold of port traffic PORTS port number 1 1 1 2 2 1 THRESHOLD threshold value unit kbps 5 60 600 time Interval unit second threshold port PORTS THRESHOLD 5 60 600 rx txj no threshold port PORTS rx tx Deletes a configured threshold of port traffic x n The threshold of the port is set to the maximum rate of the port as a default To show a configured threshold of port traffic use the following command Command Description show port threshold Shows a configured threshold
420. snooping vian VLANS Global p gmp ping VLANS 1 4094 Step 4 Return to Privileged EXEC Enable mode using the exit command To diable IGMP snooping on a VLAN interface use the no ip igmp snooping vlan VLANS command for the specified VLAN number To display global IGMP use the following command Command Mode Description Enable show ip igmp snooping vlan did ping Global Shows IGMP snooping configuration VLAN sl Bridge Robustness Count for IGMP v2 Snooping Configure the robustness variable on a VLAN basis using the following command Command Description ip igmp snooping vlan VLANS robustness labia Configures the robustness variable variable 1 7 Global no ip igmp snooping vlan VLANS robustness Returns to the default value variable IGMP v2 Snooping Layer 2 switches can use IGMP snooping to constrain the flooding of multicast traffic by dynamically configuring Layer 2 interfaces so that multicast traffic is forwarded to only those associated with IP multicast devices Internet Group Management Protocol IGMP is the internet protocol that helps to inform multicast groups to multicast router In the mul ticast network multicast router sends only IGMP query massage that quest whether re ceive multicast packet when multicast packet is transmitted If a switch sends the join massage to multicast router multicast router transmits the multicast packet only to that switch
421. splay the VRRP statistics that packets have been sent and received use the follow ing command Mode Command Description Enable Global Bridge VRRP Shows statistics of packets in Virtual Router Group show vrrp stat The following is an example of viewing statistics of packets in Virtual Router Group SWITCH config show vrrp stat VRRP statistics VRRP packets rcvd with invalid TTL 0 VRRP packets rcvd with invalid version 0 VRRP packets rcvd with invalid VRID 0 VRRP packets rcvd with invalid size 0 VRRP packets rcvd with invalid checksum 0 VRRP packets rcvd with invalid auth type 0 VRRP packets rcvd with interval mismatch 0 SWITCH config To clear the VRRP statistics information use the following command Command Mode Description Enable Global Bridge VRRP clear vrrp stat Clears statistics of packets in Virtual Router Group Rate Limit User can customize port bandwidth according to user s environment By this configuration you can prevent a certain port to monopolize whole bandwidth so that all ports can use bandwidth equally Egress and ingress can be configured both to be same and to be dif ferent The hiD 6615 S223 S323 can apply the rate limit and support ingress policing and egress shaping A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 8 5 1 8 5 2 Configuring Rate Limit To set a port bandwidth use the followi
422. ss ID use the following command Command Description ip dhcp client class id hex HEXSTRING ip dhcp client class id text STRING no ip dhcp client class id Specifies a class ID Interface default system MAC address 8 8 6 4 Host Name Deletes a specified class ID To specify a host name use the following command Command Mode Description ip dhcp client host name NAME Interface Specifies a host name no ip dhep client host name 256 Deletes a specified host name A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 8 8 6 5 8 8 6 6 8 8 6 7 8 8 6 8 IP Lease Time To specify IP lease time that is requested to a DHCP server use the following command Command Description A Specifies IP lease time in the unit of ip dhcp client lease lt 120 2147483637 gt Interface second default 3600 no ip dhcp client lease Deletes a specified IP lease time Requesting Option To configure a DHCP client to request an option from a DHCP server use the following command Command Mode Description ip dhcp client request domain m Interface Configures a DHCP client to request a specified option name dns To configure a DHCP client not to request an option use the following command Command Mode Description no ip dhcp client request ined Configures a DHCP client not to request a spe
423. ss list To block the routing information in access list use the following command Command Mode Description distribute list ACCESS LIST out bgp connected kernel rip Router Blocks the routing information in access list static To release the configuration use the following command Command Description distribute list ACCESS LIST out bgp connected kernel rip Releases the configuration static Summary Routing Information In case of external routing protocol transmits to OSPF network more than 2 routing in formation can be summarized as one For example 192 168 1 0 24 and 192 168 2 0 24 can become 192 168 0 0 16 to transmit to OSPF network This summary reduces the number of routing information and it improves a stability of OSPF protocol And you can use no advertise option command to block the transmission of summarized routing information to outside Or assign the specific tag number to configure To configure the summary routing information use the following command Command Description summary address A B C D M Configures the summary routing information summary address A B C D M Blocks the transmission of summarized routing infor not advertise Router mation to outside no summary address A B C D M Configures the summary routing information with a tag lt 0 4294967295 gt specific tag OSPF Monitoring and Management You can view all kinds of statistics and da
424. ss list indicates the groups to which the threshold applies If the traffic rate from the source drops below the threshold traffic rate the leaf router will switch back to the shared tree and send a prune message toward the source Command Description Enables the ability for the last hop PIM router to switch ip pim spt threshold PP P to SPT ip pim spt threshold group list Enables the ability for the last hop PIM router to switch lt 1 99 gt 1300 1999 AC to SPT for multicast group addresses specified by the CESS LIST Global given access list no ip pim spt threshold no ip pim spt threshold group list lt 1 99 gt 1300 1999 AC CESS LIST Disables switching to SPT option A50010 Y3 C150 2 7619 User Manual SURPASS hiD 6615 8223 8323 R1 5 UMN CLI 9 3 7 PIM Join Prune Interoperability To configure the TX interval of PIM Join Prune Message use the following command Command Description ip pim message interval lt 1 65535 gt no ip pim message interval Configures Join Prune timer value Global 1 65535 interval unit second Disables TX interval configuration 9 3 8 Cisco Router Interoperability 9 3 8 1 Checksum of Full PIM Register Message Although source of multicast is not connected to multicast group multicast communica tion is possible In the below picture First Hop router directly connected to source can re ceive packet from s
425. ssage again that informs TCP con no ip tcp ignore rst unknown nection is not possible SYN Configuration SYN sets up TCP connection The hiD 6615 8223 8323 transmits cookies with SYN to a person who tries to make TCP connection And only when transmitted cookies are re turned it is possible to permit TCP connection This function prevents connection over crowding because of accessed users who are not using and helps the other users use service To permit connection only when transmitted cookies are returned after sending cookies with SYN use the following command Command Description k c Permits only when transmitted cookies are returned ip tcp syncookies after sending cookies with SYN Global Disables configuration to permit only when transmitted no ip tcp syncookies cookies are returned after sending cookies with SYN Packet Dump Failures in network can occur by certain symptom Each symptom can trace to one or more problems by using specific troubleshooting tools The hiD 6615 8223 8323 switch provides the debug command to dump packet Use debug commands only for problem isolation Do not use it to monitor normal network operation The debug commands pro duce a large amount of processor overhead Verifying Packet Dump You can configure a packet dump type to verify dumped packets as the follows e Packet Dump by Protocol Packet Dump with Option The hiD 6615 8223 832
426. sssseeee 364 10 3 5 Redistributing Routing Information ssesem 364 10 3 6 Metrics for Redistributed Routes sssssse emm 366 10 3 7 Administrative Distante ene a ER nemen 367 10 3 8 Originating Default Information emen 367 10 3 9 Routing Information Filtering ese m 367 10 3 9 1 Filtering Access List and Prefix List ssm 368 10 3 9 2 Disabling the transmission to Interface ssssee 368 10 3 9 3 Offset EISt un ente edt pend 368 10 3 10 Maximum Number of RIP Routes sssssseeeem eee 369 10 3 11 RIP Network Timer ssseseeee eem emm nnnm enema 369 10 3 12 Split elaro a ETETE E T E eene nennen esie nennen 370 10 3 13 Authentication Koy ii orn iere o t tte qr de e ERR UE ade P E 370 10 39 14 Restarting RIEz 1 tiunt ettet bomi mi 371 10 3 15 UDP Buffer Size of RIP iiti et tote tec be Ic oo e ids 371 10 3 16 Monitoring and Managing RIP ese meme 372 11 System Software Upgrade sss eee eene 373 11 1 General Upgrade abe tec bec i ete i de 373 11 2 Boot Mode Upgrade d petet Sete eed 374 11 3 FTP Upgrade 2 2 2 ndi dsl nb ee ee edt eins 377 12 Abbreviations idit pile d dne eda t dd ed ae Ree dde dui 379 16 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 Illustrations Fig 2 1 Network Structure with hiD 6615 S223 8323
427. ssssseeeeeeneeene nennen 238 Fig 8 32 Example of DHCP Relay Agent sese emen 250 Fig 8 33 DHCP Option 82 Operation ssssssssssesee eme 253 Fig 8 34 DHCP Server Packet Filtering ssseen nn 264 Fig 8 35 Ethernet Ring Protocol Operation in Failure State sssssss 265 Fig 8 36 Ring Protection ssssssssee eene AEAEE E K a ANAA nennen 266 Fig 8 37 Link Failure Recovery ssseeeemmeemm enm 266 A50010 Y3 C150 2 7619 17 UMN CLI 18 Fig Fig Fig Fig Fig Fig Fig Fig Fig 8 38 8 39 9 1 9 2 9 3 9 4 9 5 9 6 9 7 User Manual SURPASS hiD 6615 S223 8323 R1 5 Ring ROCOV resensie eieae pi d rede eu dev dude d rid Lan 267 Example of Stackihg aee et rete ode Ute ded 270 IGMP Snooping Configuration Network ssemm 278 PIM SM Configuration Network see meme 278 IGMP Snooping and PIM SM Configuration Network ssssse 279 IP M lticastilig zen dote i edt et e merda p ia ee 290 RET OPPIIN SM area tii rir te er een ise te peii 304 STP of PIN SM aii peii vele aude dba Maas 304 In Case Multicast Source not Directly Connected to Multicast Group 313 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 Tables Tab 1 1 Overview of Chapters sssssssssssssssssesee ener ener nnne eren 20 Tab 1 2 Command Notati
428. sssssssssssee eme 329 Session Reset of Peer Group ssssssssssseeeeeeereneen nens 330 Displaying and Managing BOP sse 331 Open Shortest Path First OSPF ssssssseeeen emen 333 Enabling OSPF 1 nenne ee eee Hs et P e ree eH eee e ene i 333 ABR Type Configuration ssssese eene 335 Compatibility Support sssssssssseeeemeeenn ene emere 335 OSPE Interface redes nin dede etie E 335 Authentication Type iie etate Rh tet e e EEG tud 336 Authentication Key cot n t E re t n p Ho c e it sg 336 Interface GosLb esee EA A 337 Blocking Transmission of Route Information Database 338 Routing Protocol Interval 3 iet eter t tet a ed IRL URE 338 OSPF Maximum Transmission Unit MTU ssseem 340 ejui 340 OSPF Network Type iacente tt te dn ire ended a dua sie 341 Non Broadcast Network sss eene 341 OSPF Area lee dcn eec ei e eg aed cene eed es aaa 342 Area Authenticatie es t tet bee ioi abbate bett urbe aM o quee tht diee 342 Default Cost of Area sssssssssssssssssssemeene eene erre 343 Blocking the Transmission of Routing Information Between Area 343 Not So Stubby Area NSSA ssssssssseeeee eene 344 Area Range e eh be teet Hen LE Hr t exi tc Hebr oce eub rhein 346 Shortcut Area cie RR HEB EI MA 346 Stub Area ier tege io ci le aee deant eoe eee 347 Vir
429. st to configure route lt 1 200000000 gt on user s own no stp pvst path cost VLAN RANGE PORTS Clears path cost configuration Port priority When all conditions of two switches are same the last standard to decide route is port priority It is also possible to configure port priority so that user can configure route manu ally To configure port priority use the following command Command Description stp pvst port priority Configures port priority VLAN RANGE PORTS lt 0 240 gt no stp pvst port priority VLAN RANGE PORTS Disables port priority configuration A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 8 3 7 8 3 8 Root Guard The standard STP does not allow the administrator to enforce the position of the root bridge as any bridge in the network with lower bridge ID will take the role of the root bridge Root guard feature is designed to provide a way to enforce the root bridge place ment in the network Even if the administrator sets the root bridge priority to zero in an ef fort to secure the root bridge position there is still no guarantee against bridge with prior ity zero and a lower MAC address Service provider Customer P Switch A Switch B Root Switch Root Guard Configuration Fig 8 25 Root Guard Software based bridge applications launched on PCs or other switches connected by a customer to a service p
430. stances can be generated from 1 to 64 Spanning tree which operates in each region is IST Internal Spanning Tree CST is applied by connecting each span ning tree of region Instance 0 means that there is not any Instance generated from grouping VLAN that is it does not operate as MSTP Therefore Instance 0 exists on all the ports of the equipment After starting MSTP all the switches in CST exchanges BPDU and CST Root is decided by comparing their BPDU Here the switches that don t operate with MSTP have instance 0 so that they can also join BPUD exchanges The operation of deciding CST Root is CIST Common amp Internal Spanning Tree CST Root amp IST Root E Instance 2 IST Root 8 m ZN Instance 3 IA IST Fig 8 22 CST and IST of MSTP 1 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 In CST A and B are the switches operating with STP and C D and E are those operating with MSTP First in CST CIST is established to decide CST Root After CST root is de cided the closest switch to CST root is decided as IST root of the region Here CST root in IST is IST root CST Root amp IST Root instance 2 instan Instance 2 IST Root Hs Rd dh Instance 3 Region A I Fig 8 23 CST and IST of MSTP 2 In above situation if B operates with MSTP B will send it s BPDU to CST root and IST root in order to request itself to be CST root However if any BPDU having hig
431. ster messages are sent from bursty sources The configured rate is per S G state not a system wide rate Command Description nam g a Configures the rate of register packets ip pim register rate limit 1 65535 the maximum number of packets that can be lt 1 65535 gt Global sent per second no ip pim register rate limit Disables the limit configuration Registeration Suppression Time Use this command to configure the register suppression time in seconds overriding the default value of 60 seconds Configuring this value modifies register suppression time at the DR and configuring this value at the RP modifies the RP keepalive period value if the ip pim re register kat command is not used A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 223 S323 R1 5 9 3 5 3 9 3 5 4 To configure the registration suppression time use the following command Command Description ip pim register suppression Configures the time of registration suppression lt 1 65535 gt Global 1 65535 The register suppression on time in seconds no ip pim register suppression Disables the registration suppression time Filters for Register Message from RP One network may include different multicast groups and routers that are not members of multicast group Therefore it can happen that routers which are members of another network or not members of multicast group apply for RP and transmit
432. stics only for uplink ports and History RMON History RMON history is periodical sample inquiry of statistical data about each traffic occurred in Ethernet port Statistical data of all ports are pre configured to be monitored at 30 minute interval and 50 statistical data stored in one port It also allows you to configure the time interval to take the sample and the number of samples you want to save The following is an example of displaying the default configuration of RMON history SWITCH config show rmon history config 5 RMON History configuration history index 5 data source t O71 1 buckets requested 50 buckets granted 50 interval time s 1800 owner none status under create SWITCH config To open RMON history mode use the following command Command Mode Description Opens RMON history Configuration mode 1 65535 index number rmon history lt 1 65535 gt Global The following is an example of opening RMON history Configuration mode with index number 5 SWITCH config rmon history 5 SWITCH config rmonhistory 5 Input a question mark lt gt at the system prompt on RMON Configuration mode if you A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 want to list available commands The following is an example of listing available commands on RMON Configuration mode SWITCH config rmonhistory 5 RMON history configuration commands a
433. stroes it as a default no qos seglimit PORTS lt 0 3 gt 7 6 3 5 Displaying QoS To display a configuration of QoS enter following command Command Mode Description show qos Shows the configuration of QoS for all ports Enable show qos PORTS Shows the configuration of QoS per each port Global Bridge show qos cpu Shows the configuration of QoS for CPU packets show qos buffer PORTS Shows the configuration of a buffer per each port 7 6 4 Admin Access Rule For the hiD 6615 8223 8323 it is possible to block a specific service connection like tel net FTP ICMP etc with an admin access rule function 150 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 7 6 4 1 7 6 4 2 Rule Creation For the hiD 6615 S223 S323 you need to open Admin Access Rule Configuration mode first After opening Admin Access Rule Configuration mode the prompt changes from SWITCH config to SWITCH config admin rule NAME To open Rule Configuration mode use the following command Command Mode Description i Opens Admin Access Rule Configuration mode enter rule NAME create admin Global i rule name After opening Admin Access Rule Configuration mode a rule can be configured by user The rule priority packet classification and rule action s can be configured for each rule 1 The rule name must be unique Its size is limited to 63 significant charact
434. system keeps the current file by writing to the file as the database changes Specifying DHCP Snooping Database Agent To specify a DHCP database agent and enable an automatic DHCP snooping database back up use the following command Command Description Specifies a DHCP snooping database agent and back ip dhcp snooping database up interval A B C D INTERVAL Global A B C D DHCP snooping database agent address INTERVAL 120 2147483637 unit second no ip dhcp snooping database Deletes a specified DHCP snooping database agent To request snooping binding entries from a DHCP snooping database agent use the fol lowing command Command Mode Description 4 I Requests snooping binding entries from a DHCP ip dhcp snooping database re Global snooping database agent new A B C D A B C D DHCP snooping database agent address Specifying DHCP Snooping Binding Entry The DHCP snooping binding table contains a hardware address IP address lease time VLAN ID and port information that correspond to the untrusted interfaces of the system To manually specify a DHCP snooping binding entry use the following command Command Description Configures binding on DHCP snooping table 1 4094 VLAN ID PORT port number A B C D IP address MAC ADDR MAC address 120 2147483637 lease time unit second ip dhcp snooping binding lt 1 4094 gt PORT A B C D MAC ADDR lt 120 2147483637 gt Global cl
435. t al EInk eder t tea aH I tac ib Ae D idees 347 Default Metric 3 22 1 2 ete piede oic ute e aba lesse ve ten lade es edad ade dne es 349 Graceful Restart Support eene eene nnne 349 Opaque LSA Support ineei tane ae ee aa ie A aaea nn e 351 Betault ROoUule e no a ai ie wen eee cet eee 351 Finding Perodi feti dtes etcdsepte ende id adeste en datu bestens 352 15 UMN CLI User Manual SURPASS hiD 6615 8223 8323 R1 5 10 2 12 External Routes to OSPF Network sssseeee meme 353 10 2 13 OSPF Distant oct sina ene A aia ee A 354 10 2714 HOSEIOUfOeS 11i iei A O 355 10 2 15 Passive Interface iot ict eed a c beo tiec be o ea t breites 355 10 2 16 Blocking Routing Information mmm 356 10 2 17 Summary Routing Information sssee eem 356 10 2 18 OSPF Monitoring and Management sss eme 356 10 2 18 1 Displaying OSPF Protocol Information sse 357 10 2 18 2 Displaying Debugging Information 359 10 2 18 3 Limiting Number of Database ssesssseeeeemenemn 359 10 2 18 4 Maximum Process of LSA ssssssssssssee eene eene 360 10 3 Routing Information Protocol RIP seen 361 10 3 1 Enabling IRIP rame a teer t ete tota 361 10 3 2 RIP Neighbor Router sssssseeeem emm enm ennemis 362 10 3 3 RIP VersIODE iine e tct tede 363 10 3 4 Creating available Static Route only for RIP
436. tabase agent should be a TFTP server which stores a DHCP lease d ata base as numerous files in the form of leasedb MAC ADDRESS e g leasedb 0A 31 4B 1 A 77 6A The DHCP lease database contains a leased IP address hardware address etc To specify a DHCP database agent and enable an automatic DHCP lease database back up use the following command Command Description TERVAL Global A B C D DHCP database agent address INTERVAL 120 2147483637 unit second Specifies a DHCP database agent and back up inter ip dhcp database A B C D IN val no ip dhcp database Deletes a specified DHCP database agent Upon entering the ip dhcp database command the back up interval will begin To display a configuration of the DHCP database agent use the following command Command Mode Description Enable show ip dhcp database Global Shows a configuration of the DHCP database agent Bridge Displaying DHCP Lease Status To display current DHCP lease status use the following command Command Description show ip dhcp lease all bound Shows current DHCP lease status abandon offer fixed free all all IP addresses POOL bound assigned IP address Enable Global abandon illegally assigned IP address offer IP address being ready to be assigned show ip dhcp lease detail Bridge A B C D fixed manually assigned IP address free remaining IP address POOL pool name A
437. tabase recorded in IP routing table These in formation can be used to enhance system utility and solve problem in case of trouble You can check network connection and data routes through the transmission A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 10 2 18 1 Displaying OSPF Protocol Information You can verify several information about OSPF protocol To display the information about OSPF protocol use the following command Command Mode Description show ip ospf Shows the information about OSPF protocol Enable show ip ospf lt 0 65535 gt Global Shows the information about a specific process ID in OSPF protocol To display OSPF routing table to ABR and ASBR use the following command Command Mode Description Enable show ip ospf border routers Global Shows OSPF routing table to ABR and ASBR oba To display the OSPF database use the following command Command Description show ip ospf database self originate max age show ip ospf database adv router A B C D show ip ospf database asbr summary exter nal network router summary nssa external opaque link opaque area opaque as show ip ospf database asbr summary exter nal network router summary nssa external opaque link opaque area opaque as self originate show ip ospf database asbr summary exter nal network r r mmar nssa al network router su
438. tail show stp mst MSTID RANGE all Shows a configuration for BPDU for STP RSTP and detail Enable MSTB Global Bridge show stp mst MSTID RANGE PORTS detail show stp pyst VLAN RANGE Shows a configuration for BPDU for PVSTP and all PORTS detail PVRSTP 224 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 8 3 10 Sample Configuration Backup Route When you design layer 2 network you must consider backup route for stable STP net work This is to prevent network corruption when just one additional path exits mg FS Bo Switch B 44 Switch C L H XN I A 3 H ZIN Aggregation Switch A Switch Switch D Fig 8 26 Example of Layer 2 Network Design in RSTP Environment In ordinary case data packets go to Root switch A through the blue path The black ar rows describe the routine path to the Aggregation Switch And the dot lines are in blocking state But if there is a broken between Switch A and Switch B the data from PC A should find another route at Switch D Switch D can send the data to Switch C and Switch E Be cause Switch E has shorter hop count than Switch B the data may go through the Switch E and A as the red line And we can assume Switch E is also failed at the same time In this case since Switch D can has the other route to Switch C the network can be stable than just one backup route networ
439. tarting Protocol Migration use the following command Command Description stp clear detected protocol Configures restarting protocol migration function PORTS Bridge Protocol Data Unit Configuration Bridge Protocol Data Unit BPDU is a transmission message in LAN in order to configure maintain the configuration for STP RSTP MSTP Switches that STP is configured ex change their information BPDU to find best path MSTP BPDU is general STP BPDU hav ing additional MST data on it s end MSTP part of BPDU does not rest when it is out of Region Hello Time Hello time decides an interval time when a switch transmits BPDU It can be config ured from 1 to 10 seconds The default is 2 seconds Max Age Root switch transmits new information every time based on information from another switches However if there are many switches on network it takes lots of time to transmit BPDU And if network status is changed while transmitting BPDU this in formation is useless To get rid of useless information max age is identified in each information Forward Delay Switches find location of another switches connected to LAN though received BPDU and transmit packets Since it takes certain time to receive BPDU and find the loca tion before transmitting packet switches send packet at regular interval This interval time is named forward delay The configuration for BPDU is applied as selected in force version The same commands are u
440. tatus temp Global temperature System Memory To set a threshold of system memory in use use the following command Command Description Sets a threshold of system memory in the unit of per threshold memory lt 20 100 gt cent Global 20 100 system memory in use no threshold memory Deletes a configured threshold of system memory Enabling FTP Server FTP server is enabled on hiD 6615 S223 S323 by default But this configuration can t provide the security serveice becaue it s easy to access to the port 23 by others If the default configuration is unnecessary on sysem user can disable the system as FTP server To enable disable the system of hiD S223 S323 as FTP server use the following com mand Command Description Enables disables the function for FTP serve ftp server enable disable Default enable The follwing is an example of displaying the status of FTP server SWITCH config ftp server disable SWITCH config show running config Omitted ftp server disable Omitted SWTICH config A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 6 1 14 6 2 6 2 1 Assigning IP Address of FTP Client Serveral IP addresses can be assigned on hiD 6615 S223 S323 But user can specify one source IP address connecting FTP server when the switch is a client To configure FTP binding address as a source IP address when hiD 6615 S223 S
441. te information and the capability to select the best path across the multiple protocols are critical Administrator should set the distance value based on whole routing networks To configure the administrative distance value use the following command Command Description Sets the administrative distance value for routes distance 1 255 A B C D M 1 255 distance value ACCESS LIST A B C D M IP source prefix Router ACCESS LIST access list name no distance lt 1 255 gt A B C D M Deletes the administrative distance value ACCESS LIST Originating Default Information You can set an autonomous system boundary router to generate and transmit a default route into an RIP routing domain If you specifically set to generate a default routes into an RIP network this router becomes an autonomous system AS boundary router How ever an AS boundary router does not generate a default route automatically into the RIP network To generate a default route into RIP by the AS boundary router use the following com mand on Router Configuration mode Command Description Generates a default route into RIP by the AS boundary default information originate router no default information originate Disables a default route feature Routing Information Filtering You can limit the routing protocol information by performing the following tasks Block the transmission of routing informat
442. ted port number To remove the specific ARP Inspection configuration use the following commands Command Description no ip arp inspection validate sre mac dst mac ip no ip arp inspection filter NAME Global Removes specific ARP inspection configuration vlan VLAN no ip arp inspection trust port PORTS To display checking and statistics use the following command Command Description show ip arp inspection vlan VLAN Enable Global Displays the information of ARP inspection Bridge show ip arp inspection statistics vlan VLAN show ip arp inspection trust port PORTS To clear ARP inspection mapping counter and statistics use the following command Command Mode Description clear ip arp inspection statistics Global vlan VLAN Bridge Clears ARP inspection statistics 168 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 7 13 4 7 13 5 7 14 Gratuitous ARP Gratuitous ARP is a broadcast packet like an ARP request It containing IP address and MAC address of gateway and the network is accessible even though IP addresses of specific host s gateway are repeatedly assigned to the other Configure Gratuitous ARP interval and transmission count using following commands And configure transmission delivery start in order to transmit Gratuitous ARP after ARP reply Gratuitous ARP is transmitted after some time from
443. tents of the MRIB VIF table use this command Command Mode Description show ip mvif FNAME Enable Displays IP multicast interface 9 1 5 Multicast Time To Live Threshold Use this command to configure the time to live TTL threshold of packets being for warded out of an interface Command Description i Configures the time to live threshold for multicast ip multicast ttl threshold packet 0 255 interface Default 1 no ip multicast ttl threshold Restores is as a default 9 1 6 MRIB Debug Use this command to debug events in the multicast RIB Command Description Debugs event in the multicast RIB all all Ipv4 multicast debugging fib msg multicast FIB messages debug nsm mcast all fib msg mrt multicast routes mrt register stats vif i Enable register multicast PIM register messages stats multicast statitics vif multicast interface no debug nsm mcast all fib Disables the debug event msg mrt register stats vif A50010 Y3 C150 2 7619 281 UMN CLI User Manual SURPASS hiD 6615 S223 8323 R1 5 9 1 7 Multicast Aging L2 and L3 Join information about Multicast Group used to apply on the chipset without Multicast Stream which makes dissatisfaction for Maximum Multicast Entry Multicast Ag ing is to optimize Multicast Entry management using Multicast L2 Aging When Multicast Stream comes in L2 filtering port igmp snoop
444. tes might not be sourced by every secondary address One routing update is sourced per network number unless split horizon is disabled To enable or disable split horizon mechanism use the following command in nterface Configuration mode Command Description MR Enables the split horizon mechanism ip rip split horizon poisoned Interface poisoned performs poisoned reverse no rip ip split horizon poisoned Disables the split horizon mechanism Authentication Key RIP v1 does not support authentication If you are sending and receiving RIP v2 packets you can enable RIP authentication on an interface The key chain determines the set of keys that can be used on the interface If a key chain is not configured plain text authen tication can be performed using string command The hiD 6615 S323 supports two modes of authentication on an interface for which RIP authentication is enabled plain text authentication and MD5 authentication The default authentication in every RIP v2 packet is plain text authentication Do not use plain text authentication in RIP packets for security purposes because the unencrypted authentication key is sent in every RIP v2 packet Use plain text authentication when security is not an issue for example to ensure that misconfigured hosts do not participate in routing A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 To configure RIP authentication
445. th the same IP address Switch B NIA A g Slave Switch ST AR Step 1 Assign IP address in Interface configuration mode of Switch and enable interface using no shutdown command In order to enter into nterface configuration mode you should A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 open Interface configuration mode of VLAN to register as a switch group for stacking The following is an example of configuring Interface of switch group as 1 SWITCH_A configure terminal SWITCH_A config interface 1 SWITCH_A interface ip address 192 168 10 1 16 SWITCH_A interface no shutdown SWITCH_A interface m If there are several switches rest of them are managed by a single IP address of Master switch Therefore you don t need to configure IP address in Slave switch Step 2 Configure Switch A as Master switch Configure VLAN to belong in the same switch group after registering Slave switch configure it as a Master switch Switch A Master Switch SWITCH A config f stack master SWITCH A config ft stack device default SWITCH A config f stack add 00 d0 cb 22 00 11 Step 3 Configure VLAN in order to belong to the same switch group in Switch B registered by Master switch as Slave switch and configure as a Slave switch Switch B Slave Switch SWITCH B config f stack slave SWITCH B config f stack device default Step 4 Check the configuration The information you can check in Maste
446. the IGMP last member query interval ip igmp last member query 3 1000 25500 frequency at which IGMP group specific interval lt 1000 25500 gt Interface host query messages are sent unit millisecond no ip igmp last member query m int Returns to the default value 1000 milliseconds interva A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 223 S323 R1 5 9 2 2 4 9 2 2 5 IGMP v2 Fast Leave In IGMP version 2 you can minimize the leave latency of IGMP memberships This com mand is used when only one receiver host is connected to each interface When this command is not configured the router sends an IGMP group specific query message upon receipt of an IGMP Version 2 group leave message The router stops for warding traffic for that group only if no host replies to the query within the timeout period The timeout period is determined by the ip igmp last memberquery interval command and the IGMP robustness variable which is defined by the IGMP specification By default the timeout period is 2 seconds When the ip igmp immediate leave command is enabled on an interface the router does not send IGMP group specific host queries on receiving an IGMP Version 2 leave group message from that interface Instead the router immediately removes the interface from the IGMP cache for that group and informs the multicast routing protocols To configure the IGMP v2 fast leave use the following com
447. the MAC arp A B C D MACADDR INTER address and enter an interface name FACE INTERFACE enter an interface name MACADDR enter the MAC address To delete registered IP address and MAC address or change all the contents of ARP table use one of the following command Command Description no arp A B C D Negates a command or set sets its default Global Negates a command or set sets its default enter the IP no arp A B C D INTERFACE address and enter the interface name clear arp Deletes all the contents of ARP table Deletes all the contents of ARP table enter the inter clear arp INTERFACE face name 7 13 1 2 Displaying ARP Table To display ARP table registered in switch use one of the following command Command Mode Description show arp Shows ARP table Enable show arp INTERFACE A B C D Global Shows ARP table for specified interface enter the in terface name or IP address br1 br2 The following is an example of registering 10 1 1 1 as IP address and 00 d0 cb 00 00 01 as MAC address This command displays ARP table SWITCH config arp 10 1 1 1 00 d0 cb 00 00 01 SWITCH config show arp Address HWaddress Type Interface 10 254 254 105 00 bb cc dd ee 05 DYNAMIC br4094 10 25 25 00 00 cd 01 82 d0 DYNAMIC br2 SWITCH config 166 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 7 13 2 7 1
448. the management information be tween near switches The information carries the management information that can rec ognize the switches and the function This information is saved in internal MIB Manage ment Information Base When LLDP starts to operate the switches send their information to near switches If there is some change in local status it sends their changed information to near switch to inform their status For example if the port status is disabled it informs that the port is disabled to near switches And the switch that receives the information from near Switches processes LLDP frame and saves the information of the other switches The information received from other switches is aged LLDP Operation Type If you activated LLDP on a port configure LLDP operation type Each LLDP operation type works as the follow both sends and receive LLDP frame e tx only only sends LLDP frame rx only only receives LLDP frame disable does not process any LLDP frame To configure how to operate LLDP use the following command Command Description lldp adminstatus PORTS both Configurs LLDP operation type tx only rx only disable default disable Basic TLV LLDP is transmitted through TLV There are mandatory TLV and optional TLV In optional TLV there are basic TLV and organizationally specific TLV Basic TLV must be in the switch where LLDP is realized specific TLV can be added according to the feat
449. the path costs of two paths are 100 same their port priorities are compared and port with smaller port priority is se lected to transmit packet All these functions are automatically performed by BPDU which is the information of switch It is also possible to configure BPDU to modify root switch or path manually Path cost 100 Port priority 7 Port 1 Path 1 WS m VIE dh arem 2 Path cost 100 Port priority 8 Port 2 path cost of PATH 1 path cost of PATH 2 100 unable to compare PATH 1 port priority 7 PATH 2 port priority 8 PATH 1 lt PATH 2 PATH 1 is chosen Fig 8 12 Port Priority A50010 Y3 C150 2 7619 203 UMN CLI User Manual SURPASS hiD 6615 S223 S323 R1 5 Port States Each port on a switch can be in one of five states Listening a BPDUS or timeout indicate Forwarding timer Potential to become active expired BPDUs indicate port should not be active B l n d i i C Blocking I BPDUs indicate port a Learning should not be active EN Forwarding timer BPDUs indicate port expired should not be active Disabled C P Fig 8 13 Port State Blocking a port that is enabled but that is neither a Designated port nor a Root port will be in the blocking state A blocking port will not receive or forward data frames nor will it transmit BPDUS but instead it will listen for other s BPDUs to determine if and when the port should consider becom
450. the switch is supposed to bring them back to the source IP address What if too many unreached packets are com ing into the system it might cause slow down the system operation Not to bring these messages back to source IP address on a specific interface use the following command on nterface Configuration mode Command Description i Configures not to bring unreached messages back to ip unreachables their source IP address on interface Interface Brings all unreached messages back to their source IP no ip unreachables address on interface 7 15 IP TCP Flag Control TCP Transmission Control Protocol header includes six kinds of flags that are URG ACK PSH RST SYN and FIN For the hiD 6615 223 S323 you can configure RST and SYN as the below 7 15 1 RST Configuration RST sends a message when TCP connection can not be done to a person who tries to make it However it is also possible to configure to block the message This function will A50010 Y3 C 150 2 7619 173 UMN CLI 174 7 15 2 7 16 7 16 1 User Manual SURPASS hiD 6615 S223 S323 R1 5 help prevent that hackers can find impossible connections To configure not to send the message that informs TCP connection can not be done use the following command Command Mode Description Configures to block the message that informs TCP ip tcp ignore rst unknown i connection can not be done Global 1 Responds the me
451. thentication port and information of RADIUS server SWTICH config SWTICH config dotlx system auth control SWTICH config dotix nas port 4 dotix port control force authorized 4 SESE dE c SWTICH config dotix radius server host 10 1 1 1 auth port 4 key test SWTICH config show dotlx 802 1x authentication is enabled RADIUS Server 10 1 1 1 Auth key test Porthnable sul Deneve tus ale mu See Sud E She Be Beh aoe OE P PE perg BP e C dd deiode efte et Die coe MOS Iie Deo be a ge E E he MacEpsbie Jbil Riere9 RORXCERDEAOHAISGUA MINAS RIS Ros AUN ON AR UR ca RE MacAuthed 4 o aC C C ak a gle PRO Sahat al alin ow hatte oo p port based m mac based a authenticated u unauthenticated SWTICH config The following is configuring a term of re authentication as 1800 and a tem of re authentication as 1000 sec SWTICH config dotlx timeout quiet period 1000 4 SWTICH config ft dotlx timeout reauth period 1800 4 SWTICH config dotlx reauth enable 4 SWTICH config show dotlx 4 Port 4 SystemAuthControl Enabled ProtocolVersion 0 PortControl Force Authorized PortStatus Unauthorized ReauthEnabled True QuietPeriod 1000 ReauthPeriod 1800 SWTICH config The following is an example of showing the configuration after configuring the authentica tion based on MAC address SWTICH config dotlx auth mode mac base 4 SWTICH config show dotlx 802 1x a
452. there is only one VLAN in the network traditional STP works However in more than one VLAN network STP cannot work per VLAN To avoid this problem the hiD 6615 S223 S323 supports Multiple Spanning Tree Protocol MSTP Link Aggregation Trunking The hiD 6615 8223 8323 aggregates several physical interfaces into one logical port aggregate port Port trunk aggregates interfaces with the standard of same speed same duplex mode and same VLAN ID According to IEEE 802 3ad the hiD 6615 8223 8323 can configure maximum 8 aggregate ports and up to 12 trunk groups LACP The hiD 6615 8223 8323 supports Link Aggregation Control Protocol LACP complying with IEEE 802 3ad which aggregates multiple links of equipments to use more enlarged bandwidth System Management based on CLI It is easy for users who administer system by using telnet or console port to configure the functions for system operating through CLI CLI is easy to configure the needed functions after looking for available commands by help menu different with UNIX Broadcast Storm Control Broadcast storm control is when too much of broadcast packets are being transmitted to network a situation of network timeout because the packets occupy most of transmit ca pacity The hiD 6615 8223 8323 supports broadcast and multicast storm control which disuses flooding packet that exceed the limit during the time configured by user A50010 Y3 C150 2 7619 25 UMN CLI 26 User
453. tian filter INTERFACE Global from specified interface INTERFACE enter the interface name It is not possible to configure both QoS and Martian filter at the same time To disable the configured Martian filter function use the following command Command Mode Description Disables a configured Martian filter function INTERFACE enter an interface name no ip martian filter INTERFACE Global To see a configuration of Martian filter use the show running config command Max Host You can limit the number of users by configuring maximum number of users also named as max hosts for each port In this case you need to consider not only the number of PCs in network but also devices such as switches in network For the hiD 6615 S223 S323 you have to lock the port like MAC filtering before configur ing max hosts In case of ISPs it is possible to arrange billing plan for each user by using this configuration To configure max host use the following command A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 Command Description Limits the number of connection to a port by setting maximum host PORTS enter the port number 1 16 enter the maximum MAC number max hosts PORTS 1 16 no max hosts PORTS Deletes configured max host enter the port number The following is an example of configuring to allow two MAC addresses to port 3 and five addresses to port 1 2 and t
454. tination IP address must be after the source IP address Command Description port SRC PORT any DST PORT cpu any vlan VID any Classifies a physical port SRC PORT source port number DST PORT destination port number cpu CPU port any any physical port ignore dscp lt 0 63 gt any Classifies a VLAN VLAN 1 4094 any any VLAN ignore cos lt 0 7 gt any Classifies a DSCP value 0 63 DSCP value any any DSCP ignore tos lt 0 255 gt any Classifies the IEEE 802 1p priority 0 7 802 1p priority value any any 802 1p priority value ignore ip prec lt 0 7 gt any Classifies all ToS field 0 255 ToS value any any ToS value ignore length lt 21 65535 gt any Classifies an IP precedence 0 7 IP precedence value any any IP precedence value ignore ethtype 7YPE NUM arp any Classifies a packet length 21 65535 IP packet length any any IP packet length ignore mac SRC MAC ADDRESS SRC MAC ADDRESS MASK BITS any DST MAC ADDRESS DST MAC ADDRESS MASK BITS any Classifies the Ethernet type TYPE NUM Ethernet type field hex e g 0800 for IPv4 arp address resolution protocol any any Ethernet type ignore ip A B C D A B C D M any A B C D A B C D M any 0 255 A50010 Y3 C 150 2 7619 Classifies MAC address SRC MAC ADDRESS source MAC address DST MAC AD
455. tion no rmon event lt 1 65535 gt Global Delete RMON event of specified number 7 4 3 7 Displaying RMON Event To display RMON alarm use the following command Command Description show running config rmon Shows a configured RMON event event 134 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 7 5 Syslog The syslog is a function that allows the network element to generate the event notification and forward it to the event message collector like a syslog server This function is enabled as default so even though you disable this function manually the syslog will be enabled again This section contains the following contents e Syslog Output Level Facility Code e Syslog e Disabling Syslog Displaying Syslog Message Displaying Syslog Configuration 7 5 1 Syslog Output Level Syslog Output Level without a Priority To set a syslog output level use the following command Command Description syslog output emerg alert crit err warning notice info debug console Generates a syslog message of selected level or higher and forwards it to the console syslog output emerg alert crit Generates a syslog message of selected level or err warning notice info higher in the system memory debug local volatile non volatile deletes a syslog message after restart volatile non volatile reserves a syslog message syslog o
456. tion E TATE TTE eene nemen NTE 205 MS TE ODpeFatiO 5 oi nnde teque retest 209 Configuring STP RSTP MSTP PVSTP PVRSTP Mode Required 211 Configuring STP RSTP MSTP sssseeseee eene ener nenne 212 Activating STP RSTP MSTP EE A E eene 212 Root Switch ente te ede e eed a uude d ede d edd epe d te E tila 212 Patli cost ie tet E reta tite b needs 212 Port prionty 2 cot eee eA A a ie eese d ne ARR ud 213 MSHMPCDMEE C 214 MSTP Protocol rnt tee det d tee dii ted etes 215 Point to point MAC Parameters ssssssssssssee eene 215 Edge ROMs is uiu rte membro nisi etae A iden 215 A50010 Y3 C150 2 7619 User Manual SURPASS hiD 6615 S223 S323 R1 5 8 3 5 9 8 3 6 8 3 6 1 8 3 6 2 8 3 6 3 8 3 6 4 8 3 7 8 3 8 8 3 9 8 3 9 1 8 3 9 2 8 3 9 3 8 3 9 4 8 3 9 5 8 3 9 6 8 3 9 7 8 3 9 8 8 3 10 8 4 8 4 1 8 4 1 1 8 4 1 2 8 4 1 3 8 4 1 4 8 4 1 5 8 4 1 6 8 4 1 7 8 5 8 5 1 8 5 2 8 6 8 6 1 8 6 2 8 7 8 8 8 8 1 8 8 1 1 8 8 1 2 8 8 1 3 8 8 1 4 8 8 1 5 8 8 1 6 8 8 1 7 8 8 1 8 8 8 1 9 8 8 1 10 8 8 1 11 8 8 1 12 8 8 1 13 8 8 1 14 8 8 1 15 A50010 Y3 C150 2 7619 UMN CLI Displaying Configuration sse emm emm 216 Configuring PVSTP PVRSTP aiiai ane e ARAE eene 217 Activating PVSTP PVRSTP errs AR EO 217 ROOUSWITCN eas it aiaiai tna ect bob dM e aur ette eiii Eana 218 Dathiecost cede A A 218 Port priority ini sett ie
457. to skip the MTU verification Interface no ip ospf A B C D mtu ignore in DD process OSPF Priority Routers have each role to exchange the information on OSPF network DR Designated Router is one of essential role to get and transmit the route information in the same area The router having the highest priority becomes DR Designated Router If there are routers which have same priority the highest router ID will be DR Normally router has priority 1 but it can be changed to make DR through the configura tion of priority To configure a priority of OSPF router use the following command Command Mode Description ip ospf priority 0 255 ip ospf A B C D priority 0 255 Interface Configures a priority of OSPF router A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 223 S323 R1 5 10 2 4 8 10 2 5 To delete a configured priority of OSPF router use the following command Command Mode Description no ip ospf priority Interface Deletes a configured priority of OSPF router no ip ospf A B C D priority OSPF Network Type There are 4 types of OSPF network Broadcast network NBMA Non broadcast multiple access network Point to multipoint network and Point to point network User can configure OSPF network as a Broadcast network or Non broadcast network type For example if the network does not support multicasing it can be configured Non broadcast type fr
458. tory of specified number enter the no rmon alarm 1 655352 Global value for deleting Displaying RMON Alarm To display RMON alarm use the following command Command Description show running config rmon Shows a configured RMON alarm alarm RMON Event RMON event identifies all operations such as RMON alarm in the switch You can config ure event or trap message to be sent to SNMP management server when sending RMON alarm You need to open HMON Event Configuration mode to configure RMON event Command Mode Description Opens RMON Event Configuration mode 1 65535 index number rmon event lt 1 65535 gt Global Event Community When RMON event is happened you need to input community to transmit SNMP trap message to host Community means a password to give message transmission right A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 To configure community for trap message transmission use the following command Command Description Configures password for trap message transmission community NAME right NAME community name 7 4 3 2 Event Description It is possible to describe event briefly when event is happened However the description will not be automatically made Thus administrator should make the description To make a description about event use the following command Command Description Describes the event description DESCRIPTION Max
459. trouble some to set the configuration manually and the rate to adjust to the network environment changes when connecting to the switch using logical port However if the user configures physical port aggregated with the logical port in each switches the switches are con nected as the configuration Therefore it is easier for user to configure comparing to the port trunk and could quickly respond to the environmental changes Port Trunk Port trucking enables you to dynamically group similarly configured interfaces into a sin gle logical link aggregated port to increase bandwidth while reducing the traffic conges tion Configuring Port Trunk To make logical port by aggregating the ports use the following command Command Description trunk 0 5 PORT Adds a port to the aggregation port group Adds a port to the aggregation group and designates trunk distmode 0 5 PORTS 3 odis ae d dstip dstmac srcdstip srcdstmac srcip sremac physical port as logical port and decide which packets are transmitted to the aggregated port 1 5 Trunk Group ID For the hiD 6615 8223 8323 source destination MAC address is basically used to decide packet route If packets enter to logical port aggregating several ports and there s no way to decide packet route the packets could be gathered on particular member port so that it is not possible to use logical port effectively Therefore hiD 6615 8223 8323 is conf
460. tual link The following items describe 7 configurations for virtual link e Authentication This is configuration for security of routing information message digest uses MD5 to encode for authentication null means not using any of authentication e Authentication key Configures the authentication which is based on text encoding Message digest key Configures the authentication which is based on md5 type e MHello interval OSPF router sends Hello packet to notify existence of itself Hello interval is that packet transmission interval e Retransmit interval When router transmits LSA it is waiting for approval information come from receiver A50010 Y3 C150 2 7619 347 UMN CLI User Manual SURPASS hiD 6615 S223 8323 R1 5 In this time if there is no answer from receiver for configured time the router trans mits LSA again Retransmit interval is configuration of the time interval between transmission and retransmission Dead interval If there is no hello packet for the configured time The router perceives other router is stopped working Dead interval is configuration of the time interval which perceives other router is stopped operating Transmit delay When a router transmits LSA the traffic can be delayed by status of communications Transmit delay is considering of the configuration for LSA transmission time Configuration for virtual link can be selected more than 2 options without order The fol lowing is exp
461. ual UMN CLI SURPASS hiD 6615 223 S323 R1 5 10 2 10 2 1 Open Shortest Path First OSPF Open shortest path first OSPF is an interior gateway protocol developed by the OSPF working group of Internet Engineering Task Force IETF OSPF designed for IP network supports IP subnetting and marks on information from exterior network Moreover it sup ports packet authorization and transmits receives routing information through IP multicast It is most convenient to operate OSPF on layered network OSPF is the most compatible routing protocol in layer network environment The first set ting in OSPF network is planning network organized with router and configures border router faced with multiple section After that sets up the basic configuration for OSPF router operation and assigns interface to Area To make compatible OSPF router configuration for user environment each router configuration must be accorded by verification This section provides configurations for OSPF routing protocol Lists are as follows Enabling OSPF e ABR Type Configuration e Compatibility Support e OSPF Interface e Non Broadcast Network e OSPF Area e Default Metric e Graceful Restart Support e Opaque LSA Support e Default Route Finding Period e External Routes to OSPF Network e OSPF Distance e Host Route Passive Interface Blocking Routing Information Summary Routing Information e OSPF Monitoring and Management Routing
462. udes the complete route to each destination BGP uses the routing information to maintain a database of network reachability information which it ex changes with other BGP systems BGP uses the network reachability information to con struct a graph of AS connectivity thus allowing BGP to remove routing loops and en force policy decisions at the AS level Multiprotocol BGP MBGP extensions enable BGP to support IPv6 MBGP defines the attributes MP_REACH_NLRI and MP_UNREACH_NLRI which are used to carry IP v6 reachability information Network layer reachability information NLRI update messages carry IPv6 address prefixes of feasible routes BGP allows for policy based routing You can use routing policies to choose among multi ple paths to a destination and to control the redistribution of routing information BGP uses the Transmission Control Protocol TCP as its transport protocol using port 179 for establishing connections Running over a reliable transport protocol eliminates the need for BGP to implement update fragmentation retransmission acknowledgment and sequencing The routing protocol software supports BGP version 4 This version of BGP adds support for classless interdomain routing CIDR which eliminates the concept of network classes Instead of assuming which bits of an address represent the network by looking at the first octet CIDR allows you to explicitly specify the number of bits in the network address thus providin
463. uired no additional underlying protection mechanism within the ring configuration the complete functionality is implemented on the interface units of the system and does not require additional dedicated hardware which may raise network complexity and costs e Itis a unique robustness functionality which runs on every network element involved in the ring configurations It means each system is active part of the ring protection mechanism Therefore it guarantees a maximum of 50 ms to switch over towards a new configuration after link or system failures ERP and STP cannot be configured at once ERP Operation Ethernet Ring Protection ERP is a concept and protocol optimized for fast failure detec tion and recovery on Ethernet ring topologies The Protection of fast failure detection and recovery occurs on RM Node An Ethernet ring consists of two or more switches One of the nodes on the ring is designated as redundancy manager RM and the two ring ports on the RM node are configured as primary port and secondary port respectively The RM blocks the secondary port for all non control traffic belongs to this ERP domain Here if Line failure occurs the Nodes detecting Link Failure transmit Link Down message and Link Failure port becomes Blocking status When the RM nodes receive this link down message it immediately declares failed state and opens the logically blocked pro tected VLANs on the secondary port Then Ethernet Ring restarts the
464. ule remove critical major minor warning intermediate Configures the priority of system restart alarm snmp alarm severity temperature high critical major minor warning intermediate Configures the priority of module remove alarm Configures the priority of temperature high alarm A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 If you want to delete a configured alarm severity use the following command Command Mode Description no snmp alarm severity fan fail no snmp alarm severity cold start no snmp alarm severity broadcast over no snmp alarm severity cpu load over no snmp alarm severity dhcp lease no snmp alarm severity dhcp illegal no snmp alarm severity fan remove no snmp alarm severity ipconflict no snmp alarm severity memory over no snmp alarm severity mfgd block Global Deletes a configured alarm severity no snmp alarm severity port link down no snmp alarm severity port remove no snmp alarm severity port thread over no snmp alarm severity power fail no snmp alarm severity power remove no snmp alarm severity rmon alarm rising no snmp alarm severity rmon alarm falling no snmp alarm severity system restart no snmp alarm severity module remove no snmp alarm severity temperature high 7 1 9 5 ADVA Alarm Severity To configure a severity of alar
465. up Therefore PIM SM is proper when constituent mem bers of group are dispersed in wide area or bandwidth used for the whole is small Sparse mode is the most useful on WAN and can be used on LAN For standard of PIM SM you can refer to RFC 2362 RPT and SPT RP Rendezvous Point works in a central role for PIM SM Viewing the below chart mul ticast packet is transmitted to D as RP from A as source through B and C And D RP transmits multicast packet after receiving join message from E or F That is all multicast packets are transmitted with passing through RP Rendezvous Point For instance even though F needs multicast packet the packet is passed through A B C D C F not A2BCF Like this route made with focusing on RP is RPT Rendezvous Point Tree or shared tree There is only one RP in one multicast group RPT has G entry because receiver can send a message to RP without knowing source G means multicast group A50010 Y3 C150 2 7619 303 UMN CLI User Manual SURPASS hiD 6615 8223 8323 R1 5 1 Multicast packet B transmitted to RP A 2 Ask RP for multicast packet E H 2 Ask RP for multicast packet 3 RP transmits multicast packet for the request 3 RP transmits multicast packet for the request Fig 9 5 RPT of PIM SM Also routers on packet route automatically optimize route by deleting unnecessary hops when traffic exceeds certain limit After r
466. uration type between standard BGP and ZebOS BGP for the hiD 6615 S323 The standard BGP is one of the general BGP configuration type which includes the fol lowing restrictions Manual transmission of community information You should send the community information or message to neighbors directly using the neighbor A B C D WORD send community command No synchronization Standard configuration type does not support a synchronization between IGP and eBGP In this type BGP network disables IGP synchronization in BGP by default No auto summary Standard configuration type does not support auto summary feature By default the system disables the automatic network number summarization The ZebOS type requires no specific configuration for sending out BGP community and extended community attributes ZebOS type is the default for the hiD 6615 S323 To select configuration type of the BGP router use the following command Command Description bgp config type standard ze Sets the BGP configuration type between standard and bos ZebOS Global Deletes the recent BGP configuration type and returns no bgp config type to default Enabling BGP Routing Step 1 To define an AS number and open Router Configuration mode use the following com mand Command Mode Description Assigns AS number to configure BGP routing and router bgp lt 1 65535 gt Global opens Router Configuration mode 1 65535 AS
467. ure of the switch A50010 Y3 C150 2 7619 123 UMN CLI User Manual SURPASS hiD 6615 S223 S323 R1 5 In hiD 6615 223 S323 the administrator can enable and disable basic TLV by selecting it To enable basic TLV by selecting it use the following command Command Description IIldp enable PORTS portdescrip Selects basic TLV that is sent in the port tion sysname sysdescription portdescription Port s description syscap syscap System s capablility sysname System s name sysdescription System s description lidp disable PORTS portde scription sysname sysde Disables basic TLV configured as sent in the port scription syscap 7 3 4 LLDP Message In hiD 6615 S223 S323 it is possible to configure the interval time and times of sending LLDP message To configure the interval time and times of LLDP message use the fol lowing command Command Description 2 Configures the interval of sending LLDP message The IIdp msg txinterval lt 5 32768 gt i unit is second IIdp msg txhold 2 10 Configures the periodic times of LLDP message i Default for sending LLDP message is 4 times in every 30 seconds 7 3 5 Interval and Delay Time In hiD 6615 8223 8323 the administrator can configure the interval time of enabling LLDP frame after configuring LLDP operation type To configure the interval time of ena bling LLDP frame after configuring LLDP operation type use the foll
468. ure prevents Denial of Service DoS attack on the network by permanent STP recalculation That is caused by the temporary introduction and subsequent removal of STP devices with low zero bridge priority A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 To configure BPDU guard in the switch perform the following procedure Step 1 Configure the specific port as edge port Command Mode Description stp edge port PORTS Brid Configures the port as Edge port ridge no stp edge port PORTS Disables Edge port configuration Step 2 Configure BPDU Guard Command Description stp bpdu guard Configures BPDU Guard function on switch no stp bpdu guard Disables BPDU Guard function However BPDU Guard can be corrupted by unexpected cause In this case the edge port is blocked immediately and remains at this state until user recovers it To prevent this problem the hiD 6615 8223 8323 switch provides BPDU guard auto recovery function When an edge port is down for BPDU packet which came from other switch the port is recovered automatically after configured time To configure BPDU Guard auto recovery use the following command Command Description stp bpdu guard auto recovery Configures BPDU Guard auto recovery on switch stp bpdu guard auto recovery Configures BPDU Guard auto recovery time time lt 10 1000000 gt no stp bpdu guard auto recover
469. ut Resets the session of BGP router connected to exter nal AS clear ip bgp external ipv4 uni external clears all external peers cast multicast out out clears outgoing advertised routes unicast multicast address family modifier clear ip bgp external soft in Updates the route information only while the session is out possible of BGP router connected to external AS Apply clear ip bgp external ipv4 uni the route either incoming or outgoing routes cast multicast soft in out external clears all external peers Session Reset of Peer Group To reset the session for all members of a peer group use the following command Command Mode Description To reset the session for all configured routers of speci clear ip bgp peer group GROUP Global fied peer group GROUP peer group name See Section 10 1 5 1 when you configure the detail parameters To reset the sessions of BGP routers which are members of specified peer group and ini tialize the details of route configurations use the following command Command Description clear ip bgp peer group GROUP Resets the session for all members of specified peer in prefix filter group in clears incoming advertised routes clear ip bgp peer group GROUP Global ipv4 unicast multicast in pre fix filter prefix filter pushes out prefix list ORF and does in bound soft reconfiguration GROUP peer group name A50010 Y3
470. ute When comparing similar routes from more than 2 peers the BGP router does not consider router ID of the routes It selects the first received route The hiD 6615 S323 uses router ID in the selection process similar routes are compared and the route with lowest router ID is selected as the best route Router ID can be manually set by using the following command To select the best path by comparing router ID use the following command However the default condition is that BGP receives routes with identical eBGP paths from eBGP peers Command Description Selects the best path using the router ID for identical bgp bestpath compare routerid P P E eBGP paths Router no bgp bestpath compare routerid Disables selecting the best path using the router ID The hiD 6615 S323 is basically configured not to compare MED values of the path infor mation that exchanges between the Confederation Peers But just in case it can be con figured to compare MED values of the path information that exchanges between Confed eration Peers 322 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 223 S323 R1 5 10 1 2 5 To compare MED values on the exchange of path information between Confederation Peers use the following command Command Description bgp bestpath med confed miss Configures the router to consider the MED in choosing ing as worst a path from among the paths on the
471. ute com no route A B C D M mand Redistributing Routing Information The hiD 6615 S323 can redistribute the routing information from a source route entry into the RIP tables For example you can instruct the router to re advertise connected kernel or static routes as well as other routes established by routing protocol This capability ap plies to all the IP based routing protocols To redistribute routing information from a source route entry into the RIP table use the following command A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 8223 8323 R1 5 Command Description redistribute kernel connected static ospf bgp redistribute kernel connected static ospf bgp metric lt 0 16 gt Registers transmitted routing information in another redistribute kernel connected Router router s RIP table static ospf bgp route map 1 16 metric value WORD WORD pointer to route map entries redistribute kernel connected static ospf bgp metric lt 0 16 gt route map WORD To delete the configuration for redistributing routing information in another router s RIP ta ble use the following command Command Description no redistribute kernel con nected static ospf bgp no redistribute kernel con nected static ospf bgp met ric 0 16 Removes the configuration of transmitted routing in no redistribute kernel
472. uthentication is enabled RADIUS Server 10 1 1 1 Auth key test 802 1x 123456789012345678901234567890123456789012 A50010 Y3 C150 2 7619 71 UMN CLI User Manual SURPASS hiD 6615 S223 S323 R1 5 PortAuthed 454445 4474 84 7318 8 848 3187910 08 878 878 80 8 78 0 9 8 8 76 MacEnabTse racy BM Gia use uo dose at dieses cease we dou rego eux oe Era OTE idee aac e es utrum Pm p port based m mac based a authenticated u unauthenticated SWTICH config 72 A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 5 5 1 Port Configuration It is possible for user to configure basic environment such as auto negotiate transmit rate and flow control of the hiD 6615 S223 S323 port Also it includes instructions how to con figure port mirroring and port as basic Port Basic It is possible to configure default environment of port such as port state speed To con figure port you need to open Bridge Configuration mode by using the command bridge on Global Configuration mode When you begin Bridge Configuration mode system prompt will be changed from SWITCH config to SWITCH bridge SWITCH config bridge SWITCH bridge The hiD 6615 S223 S323 have 12 electrical and optical combo 100 1000Base X Ethernet ports The direction to configure each port is different depending on its features Read the below instruction carefully and follow it before you configure Refer to belo
473. utput emerg alert crit err warning notice info debug remote P ADDRESS Generates a syslog message of selected level or higher and forwards it to a remote host To disable a specified syslog output use the following command Command Description no syslog output emerg alert crit err warning notice info debug console no syslog output emerg alert crit err warning notice info Deletes a specified syslog output debug local volatile non volatile no syslog output emerg alert crit err warning notice info debug remote P ADDRESS A50010 Y3 C150 2 7619 135 UMN CLI 136 Syslog Output Level with a Priority User Manual SURPASS hiD 6615 8223 8323 R1 5 To set a user defined syslog output level with a priority use the following command Command Description syslog output priority auth authpriv cron daemon kern local1 local2 local3 local4 local5 local6 local7 Ipr mail news sys log user uucp emerg alert crit err warning notice info console syslog output priority auth authpriv cron daemon kern local1 local2 local3 local4 local5 local6 local7 Ipr mail news sys log user uucp emerg alert crit err warning notice info local volatile non volatile syslog output priority auth authpriv cron daemon
474. value of configured member port use the following command Command Description g Deletes key value of selected member port select the no lacp port admin key PORTS member port number Priority of Member Port To configure priority of LACP member port use the following command Command Description lacp port priority PORTS lt 1 Sets the LACP priority of member port select the port 65535 gt number default 32768 To remove port priority of configured member port use the following command Command Description Deletes port priority of selected member port select no lacp port priority PORTS the member port number Priority of Switch In case the member ports of connected switches are configured as Active mode LACP system enabled it is required to configure which switch would be a standard for it For this case the user could configure the priority on switch The following is the command of configuring the priority of the switch in LACP function Command Description dm Sets the priority of the switch in LACP function enter lacp system priority lt 1 65535 gt i M the switch system priority default 32768 To delete the priority of configured switch use the following command Command Description no lacp system priority Clears the priority of the configured switch A50010 Y3 C150 2 7619 User Manual SURPASS hiD 6615 S223 S323 R1 5 8 2 2 9 Displaying LACP Configuration
475. vent in the system occurs through CLI and ACI E You can also set the alarm severity on each alarm and make the alarm be shown only in case of selected severity or higher This enhanced alarm notification allows system ad ministrators to manage the system efficiently Enabling Alarm Notification To configure whether the switch enable transmitting SNMP alarm or not use the following command Command Mode Description snmp notify activity enable Global Enables disables an alarm notification on CLI or ACI E oba disable default disable A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 S223 S323 R1 5 7 1 9 2 7 1 9 3 A Default Alarm Severity To configure a priority of alarm use the following command Command Description snmp alarm severity default a e j Configures the priority of alarm critical major minor warning default minor intermediate Alarm Severity Criterion You can set an alarm severity criterion to make an alarm be shown only in case of se lected severity or higher For example if an alarm severity criterion has been set to major you will see only an alarm whose severity is major or critical To configure alarm severity criteria in CLI use the following command Command Mode Description snmp alarm severity criteria i be a4 Configures the severity criterion critical major minor warning Global default warnin
476. ver must be set up first Us ing the load command the system will download the new system software from the Server The following is an example of upgrading the system software stored in os1 in the boot mode Boot load os1 10 27 41 82 V5212G 3 18 x TFTP from server 10 27 41 82 our IP address is 10 27 41 83 Filename V5212G 3 18 x Load address Oxffffe0 Loading 444 dE HE dE EEE EEE EHH EEE EEE FE FE FE EEE EEE EEE EH EEE HEHE FE FE FE HE ERE EEE FE E FE E F H EEE SF PERRET EE HEE HEE EE FE FE FE EH EH EEE EE FE FE FE ERE EEE FE FE FE AE EEE ERE EEE HEE EEE BEE PERRET FE AE FE AE EH EE EEE EE FE FE FE EEE EH HEE FE FE FE EE ERE EEE RHE ERE ERE EEE HEE RE BRE PERE EEE EEE HEE FE E FE EE FE FE FE EEE FE FE FE FE FE AE FE FE FE FE AE FE AE EE EEE FE FE FE AE FE FE E ERE EEE HEE EEE H H E HERE EHH EHH FE FE EE FE E FE FE FE AE FE FE FE FE AE FE FE FE FE AE FE AE FE FE FE FE AE FE AE E FE FE FE AE FE FE E FE AE FE FE E TE AE FE AE FE FE FE HE HEHE E HE H E Omitted FEFE AE FE E TE AE FE AE FE FE FE HEE FE FE FE FE FE AE FE FE FE EH FE FE FE FE FE FE AE FE FE FE FE AE FE FE E FE FE FE AE FE FE FE FE AE FE FE AE TE AE FE AE FE FE FE FE E FE EHE EHE H E FEFE FE AE E FE AE EEE FE FE AE FE FE E FE AE FE AE FE FE EEE FE FE FE FE FE AE FE FE FE FE AE FE AE FE FE FE FE AE FE FE FE FE AE FE FE FE ERE AE FE FE FE HE HEHE E HE H E FEFE FE HE E FE AE FE AE FE FE FE TE HE FE E FE FE FE AE FE FE FE FE AE EE FE FE FE FE AE FE FE FE FE AE FE AE E FE FE FE AE F
477. verage of CPU load using the following command Command Mode Description View Shows threshold of CPU utilization and average of show cpuload Enable vo CPU utilization Global 6 3 12 Running Process The hiD 6615 S223 S323 provides a function that shows information of the running proc esses The information with this command can be very useful to manage the switch To display information of the running processes use the following command Command Mode Description Enable show process ceda Shows information of the running processes oba A50010 Y3 C150 2 7619 101 UMN CLI User Manual SURPASS hiD 6615 S223 S323 R1 5 The following is an example of displaying information of the running processes SWITCH show process USER PID SCPU MEM VSZ RSS TTY STAT START TIME COMMAND admin 1 0 2 0 2 1448 596 S 20 12 0 05 init 3 admin 2 0 0 0 0 0 0 S 20 12 0 00 keventd admin 3 0 0 0 0 0 0 SN 20 12 0 00 ksoftirqd CPUO admin 4 0 0 0 0 0 0 S 20 12 0 00 kswapd admin 5 0 0 0 0 0 0 S 20 12 0 00 bdflush admin 6 0 0 0 0 0 0 32 S 20 12 0 00 kupdated admin 7 0 0 0 0 0 0 S 20 12 0 00 mtdblockd admin 8 0 0 0 0 0 0 SW 20 12 0 00 bcmDPC admin 9 1 4 0 0 0 0 SW 20 12 0229 bcmCNTR 0 admin 10 1 4 0 0 0 Oi 2 SW 20 12 0 29 bcmCNTR 1 admin 17 0 0 0 0 0 0 SWN 20 12 0 00 jffs2_gced_mtd3 admin 149 0 0 0 3 1784 776 2 S Jan01 0 00 sbin syslogd m admin 151 0 0 0 2 1428 544 S Jan01 0 00 sbi
478. w figure for front interfaces of hiD 6615 S223 S323 LALLI LALA ALLS A EEA AAAA Fig 5 1 hiD 6615 S223 S323 Interface To display the configuration of the physical port use the following command Command Mode Description Enable show port PORTS Global Shows port configuration Bridge When you use the command show port command if you input letter at port number the message Invalid port port will be displayed and if you input wrong number the message Invalid range 100 1 18 will be displayed SWITCH bridge show port port Sinvalid port port SWITCH bridge show port 100 SInvalid range 100 1 18 SWITCH bridge Selecting Port Type User should select port type due to the hiD6615 S223 S323 switch ports have two types RJ45 and SFP To select port type use the following command A50010 Y3 C150 2 7619 73 UMN CLI User Manual SURPASS hiD 6615 S223 S323 R1 5 Command Description Selects port type ort medium PORT sfp rj45 E tefp rj45 Default RJ45 To view the configuration of switch port type use the following command Command Mode Description Enable show port medium Global Shows port type Bridge 5 2 Ethernet Port Configuration 5 2 1 Enabling Ethernet Port To enable disable a port use the following command Command Mode Description 1 5 Enables disables a port enter
479. wing command Command Description Set the system authentication method local authentication for console access c remote authentication for telnet access login local remote radius tacacs host all enable radius selects RADIUS authentication Global tacacs selects TACACS authentication host selects nominal system authentication default all selects all the authentication methods login local remote radius Disables a configured system authentication method tacacs host all disable 4 2 2 Authentication Interface If more than 2 interfaces are specified to the hiD 6615 8223 9323 you can designate one specific interface to access RADIUS or TACACS server To designate an authentication interface use the following command Command Description Designates an authentication interface radius selects RADIUS authentication login radius tacacs interface INTERFACE A B C D tacacs selects TACACS authentication INTERFACE interface name A B C D IP address optional 4 2 3 Primary Authentication Method You can set the order of the authentication method with giving the priority to each authen tication method To set the primary authentication method use the following command Command Description Set the primary authentication method local authentication for console access login local remote radius Gl bal remote authenticat
480. wing command Command Description ie Configures the first Alarm to occur when object is firstly startup type rising more than upper bound of threshold To configure the first alarm to occur when object is firstly more than threshold or less than threshold use the following command Command Description Configures the first Alarm to occur when object is firstly startup type rising and fallin pve 3 5 more than threshold or less than threshold Interval of Sample Inquiry The interval of sample inquiry means time interval to compare selected sample data with upper bound of threshold or lower bound of threshold in terns of seconds A50010 Y3 C150 2 7619 131 UMN CLI 7 4 2 8 7 4 2 9 7 4 2 10 7 4 3 7 4 3 1 132 User Manual SURPASS hiD 6615 S223 S323 R1 5 To configure interval of sample inquiry for RMON alarm use the following command Command Description Configures interval of sample inquiry sample interval lt 0 65535 gt unit second Activating RMON Alarm After finishing all configurations you need to activate RMON alarm To activate RMON alarm use the following command Command Mode Description active RMON Activates RMON alarm Deleting Configuration of RMON Alarm When you need to change a configuration of RMON alarm you should delete an existing RMON alarm To delete RMON alarm use the following command Command Mode Description Deletes RMON his
481. wing command Command Description ip igmp snooping explicit A Enables explicit host tracking on the system tracking Global ip igmp snooping vlan VLANS Enables explicit host tracking on a VLAN interface explicit tracking A50010 Y3 C150 2 7619 297 UMN CLI 298 9 2 6 3 9 2 7 User Manual SURPASS hiD 6615 S223 8323 R1 5 To display a configuration use the following command Command Mode Description show ip igmp snooping explicit Enable tracking vlan VLANS port Global Shows a configuration PORTS group A B C D Bridge Immediate Block For a Layer 2 IGMP v2 host interface to join an IP multicast group a host sends an IGMP membership report for the IP multicast group For a host to leave a multicast group it can either ignore the periodic IGMP general queries or it can send an IGMP leave message When the switch receives an IGMP leave message from a host it sends out an IGMP group specific query to determine whether any devices connected to that interface are in terested in traffic for the specific multicast group The switch then updates the table entry for that Layer 2 multicast group so that only those hosts interested in receiving multicast traffic for the group are listed However IGMP v3 hosts send IGMP v3 membership reports with the allow group record mode to join a specific multicast group When IGMP v3 hosts send membership reports with the block group record to
482. witch To des ignate Slave switch use the following command Command Mode Description stack slave Global Designates as a slave switch A50010 Y3 C150 2 7619 271 UMN CLI 272 8 10 3 8 10 4 8 10 5 8 10 6 User Manual SURPASS hiD 6615 S223 8323 R1 5 Disabling Stacking To disable stacking use the following command Command Mode Description no stack Global Disables the stacking function Displaying Stacking Status Command Mode Description Enable show stack Shows a configuration of stacking Global Accessing to Slave Switch from Master Switch After configuring all stacking configurations it is possible to configure and mange by ac cessing to Slave switch from Master switch To access to Slave switch from Mater switch use the following command in Bridge con figuration mode Command Mode Description Accesses to a slave switch NODE node number rcommand NODE Global NODE means node ID from configuring stacking in Slave switch If you input the above command in Mater switch Telnet connected to Slave switch is displayed and it is possible to configure Slave switch using DSH command If you use the exit command in Telnet the connection to Slave switch is down Sample Configuration Sample Configuration 1 Configuring Stacking The following is a stacking configuration by designating SWITCH A as a master and SWITCH B as a slave Switch A Master Switch Manage wi
483. xample to display a configuration of syslog SWITCHf show running config syslog l syslog start syslog output info local volatile syslog output info local non volatile SWITCH Saving System Configuration If you change a configuration of the system you need to save the changes in the system flash memory To save all changes of the system use the following command Command Description write memory Saves all changes in the system flash memory When you use the command write memory make sure there is no key input until OK message appears Auto Saving In hiD 6615 S223 S323 it is possible to save the configuration automatically To configure the con figuration periodically use the following command Command Description a Saves auto configuration periodically write interval lt 10 1440 gt MM 10 1440 auto saving interval Default 10 minute no write interval Disables auto saving function System Configuration File To manage a system configuration file use the following command Command Description Copies a running configuration file copy running config FILENAME A FILENAME configuration file name startup config startup config startup configuration file Copies a startup configuration file copy startup config FILENAME i e FILENAME configuration file name Enabl Copies a specified configuration file to the startup con nable copy FILENAME sta
484. y Disables BPDU Guard auto recovery function no stp bpdu guard auto recovery time To recover a blocked port by manually use the following command Command Description stp bpdu guard err recovery PORTS Recovers a blocked port by manually 8 3 9 7 Self Loop Detection Although there is no double path in user s equipment loop can be caused by network en vironment and cable condition connected to equipment To prevent this the hiD 6615 9223 8323 has self loop detection to perceive that outgoing packet is got back Through the self loop detection you can prevent packet which comes back because it blocks the port A50010 Y3 C150 2 7619 223 UMN CLI User Manual SURPASS hiD 6615 S223 S323 R1 5 To enable disable self loop detection use the following command Command Description self loop detect enable dis Enables disables self loop detection function able To display a configuration for BPDU use the following command Command Description Shows status of self loop detection and a port where show self loop detect j Enable loop is happed Global Shows self loop detection status on specified ports Bridge all all the ports PORTS selected port show self loop detect all PORTS 8 3 9 8 Displaying BPDU Configuration To display the configuration for BPDU use the following command Command Description show stp mst MSTID RANGE all PORTS de
485. y To upgrade the system software of the switch use the following command Command Description Downloads the system software of the switch via FTP or TFTP Enable os1 os2 the area where the system software is stored copy ftp tftp os download os1 os2 copy ftp tftp os upload os1 Uploads the system software of the switch via FTP or os2 TFTP To upgrade the system software FTP or TFTP server must be set up first Using the copy command the system will download the new system software from the server To reflect the downloaded system software the system must restart using the reload command For more information see Section 4 1 8 The following is an example of upgrading the system software stored in os1 SWITCH copy ftp os download os1 To exit press Ctrl D IP address or name of remote host FTP 10 100 158 144 Download File Name V5212G 3 18 x User Name admin Password Hash mark printing on 1024 bytes hash mark Downloading NOS HEHE HE EEE HEE FE FE FE FE FE AE FE FE E EHH EH EH HEE FE FE AE FE FE FE EE EH EE EE EE FE FE FE EE EE ERE ERE REE HERE HEE HE EHH EH EE AE FE AE FE FE FE EE AE FE FE FE FE AE EE EE AE FE AE FE FE FE EE EE EEE HE AE FE AE EE EE EE EEE ERE REE HEHE HE E FE FE AE TE AE FE FE FE FE FE FE AE FE FE ERE AE FE FE FE FE AE FE FE FE FE AE FE AE FE FE E FE FE FE AE FE EE FE FE FE FE TE AE FE FE FE TE AE FE E FE FE FE TE E FE HE E E REE HERE FE AE FE E FE FE AE FE
486. y the access list 1 99 simple access list 1300 1999 simple access list extended range ACCESS LIST IP named standard access list To delete a configured Cisco compatible checksum option use the following command Command Description no ip pim cisco register Deletes a configured value checksum This command is disabled by default And Register Checksum is calculated only over the header by default Candidate RP Message with Cisco BSR Cisco s BSR code does not conform to the latest BSR draft it does not accept candidate RPs with a group prefix number of zero To make the hiD 6615 S323 candidate RP work with a Cisco BSR use the following command This command is used to inter operate with older Cisco IOS versions Command Description Configure the Candidate RP Message to work with ip pim crp cisco prefix PP P P Global Cisco BSR no ip pim crp cisco prefix Return to the default setting Excluding GenID Option To exclude the GenID option from Hello packets on particular interface for inter operation with older Cisco IOS versions use the following command Command Mode Description ip pim exclude genid Excludes the GenID from hello packets Interface no ip pim exclude genid Returns to the default setting A50010 Y3 C150 2 7619 User Manual UMN CLI SURPASS hiD 6615 223 S323 R1 5 9 3 9 9 3 10 i PIM SSM Group To define the Source Specific Mult
487. you want to know the point of 30 000 times of sample inquiry if you configure apSvcConnections as 30 000 it is for Absolute com parison To compare object selected as sample with the threshold use the following command Command Mode Description sample type absolute RMON Compares object with the threshold directly Delta comparison compares difference between current data and the latest data with the threshold For instance in order to know the point of variable notation rule 100 000 more than the former rule configure apCntHits as Delta comparison To configure delta com parison use the following command Command Description Compares difference between current data and the sample type delta latest data with the threshold Upper Bound of Threshold If you need to occur alarm when object used for sample inquiry is more than upper bound of threshold you have to configure the upper bound of threshold To configure upper bound of threshold use the following command Command Description Configures upper bound of threshold rising threshold VALUE VALUE 0 2147483647 After configuring upper bound of threshold configure to generate RMON event when ob ject is more than configured threshold Use the following command Command Description Configures to generate RMON event when object is rising event lt 1 65535 gt more than configured threshold 1 65535 event index A50010 Y3 C150 2 7619
Download Pdf Manuals
Related Search