SMC TigerAccess
Contents
1. coooccccoccnccccnnoncnccocnnnnonnnoncnonnnnnnonnnonacnonarononons 160 7 4 2 8 Activating RMON Alarm ccccccccseeceeeeeeeeeeeeeeeeseeeeeeseeeesaaeeeesaaeeeeseeeeesaees 160 7 4 2 9 Deleting Configuration Of RMON Alam 161 TAO RMON EVO iria E 161 TAS Event COMMON a o E E EE 161 TASZ Event Bee e srl da tein etehueaneennptles esac 161 7 4 3 3 Subject of RMON Event 162 PAO E Ee Ke 162 7 4 3 5 Activating RMON Event 162 7 4 3 6 Deleting Configuration Of RMON Event 162 e 163 Syslog Output Level 163 Fac COG EE 165 SYVSIOG BING AdArESS E 166 Debug Message for Remote Terminal n nnnnonnnnnennnnnnnnnennnennnnenennnesennne 166 DISADIING SY re enp 166 Displaying Syslog Message 166 Displaying Syslog Configuration oocccccccnnccconccnconoconcnnnnnnonnnnonnonanencnnnnons 167 7 6 Quality Of GericeiOo 168 How 10 Operate DO EE 169 7 0 2 Packet Classic BEE 171 LOAI A 171 170 2 2 gt COMMOUMMG FOW ts 171 7 6 2 3 Applying and modifying Elow a 174 7 6 2 4 COassCreaton 174 7 0 3 Packet Conditioning a 175 10 31 EN Ge leede EE 175 F002 Packet COIN ta 176 7 6 3 3 Average Packet Counter n nnnnennenennnoennenrnrrnrnrersnrensnrrrsnrrrsnrrrsnrrsnrrrsnrrrne 176 A A oie 177 7 6 3 5 Applying and modifying Policer ccccceeeccecseeeeeseeeeeeeeeeeeseeeeeesaeeeesseeeeeaees 178 LOA RUCACION ici 178 COA WR Ge te al Oui de 178 T042 le paa AA Ad 179 TOS PONCY RAMO sai ibi iba 185 LOAA SOUCY AC2. 251 CLI 252 i 8 2 1 2 8 2 1 3 8 2 2 Management Guide TigerAccess EE It is possible to input O to 4 as the trunk group ID and the switch supports 5 logical aggregated ports in LACP The group ID of port trunk and the aggregator ID of LACP cannot have same ID For the switch a source destination MAC address is basically used to decide packet route If packets enter to logical port aggregating several ports and there is no way to decide packet route the packets could be gathered on particular member port so that it is not possible to use logical port effectively Therefore the switch is configured to decide the way of packet route in order to classify the member ports effectively when packets enter It is decided with source IP address destination IP address source MAC address desti nation MAC address and the user could get information of packets to decided packet route The port designated as a member port of port trunk is automatically deleted from existing VLAN Therefore if the member port and aggregated port exist in different VLAN each other VLAN configuration should be changed for their aggregation Disabling Port Trunk To disable the configured port trunk use the SE command ee E a configured trunk port no trunk lt 0 4 gt PORTS Bridge 0 4 trunk group ID If a port is deleted from a logical port or the port trunk is disabled the port will be added to the default VLAN Displaying P
3. ip igmp snooping vlan VLANS immediate Global Enables immediate block on a VLAN block VLANS VLAN ID 1 4094 367 CLI 368 9 2 5 Management Guide TigerAccess EE To disable IGMPv3 immediate block use the following command man Te ages no ip igmp snooping immediate l l Disables immediate block globally block Global o Ip n i igmp snooping vlan Disables immediate block on a VLAN VLANS immediate block VLANS VLAN ID 1 4094 IGMPv3 immediate block is enabled by default Displaying IGMP Snooping Information To display a current IGMP snooping configuration use the following command e e re Enable show ip igmp snooping vlan loba Shows a current IGMP snooping configuration oba VLANS VLAN VLAN ID 1 4094 Bridge To display the IGMP snooping table use the following command show ip igmp snooping groups Shows the IGMP snooping table globally A B C D mac based mac based lists groups on a MAC address basis Enable show ip igmp snooping groups Global Shows the IGMP snooping table per port oba port PORTS cpu mac based Brid PORTS port number ridge show ip igmp snooping groups Shows the IGMP snooping table per VLAN vian VLANS mac based VLANS VLAN ID 1 4094 To display the collected IGMP snooping statistics use the following command og rem show ip igmp snooping stats Enable Shows the collected IGMP snooping statistics port PORTS cpu Global PORTS port number To cl
4. essesenseeereeeeeeea 79 S920 SS A io sent a a a a E 83 53207 TR RER EE 84 O E 84 5 9 2 0 Impulse Nolse Protection tada 86 5 3 2 9 Trellis Coded Modulation TOM 86 Dia 10 Mamada A A A 87 E E SNR MAMA o a vomaneagus 88 e KEE lee Hate ren ON 90 5992 19 Ghandshake TON tala 91 5 3 3 VDSL Checking Errors of VDSL Port 91 e E Gong Prol olla liada clara lodo 95 EE LING CONO profile iia A A A A 95 03 42 Alarm Contig profile dis 98 590 CONNU CRE 102 535 1 M dem Fort Rese terrne eer eege gie 102 5 3 5 2 Installing System Image of CHE 102 5 3 5 3 Installing CPE System Image File mGlave cc ccccecceesseeeeeseeeeeeaeeeeeeaees 104 5 3 5 4 Configuring AGC Auto Gain Control 106 5 3 5 5 Checking Length of Cable between CPE and CO 107 59 539060 Auto negotiation o CRE a ea i 107 9997 Mans ML RAS OU ES 107 9900 DUplex mode Ol OPE EE 107 535 9 Auto Upgrade of CPE Mage E 108 SMC7824M VSW Management Guide CLI TigerAccess EE 59 5 10 Displaying TEE 108 9 4 POT Ve e Le uti a o de cedo 110 6 System Environment wists ae 112 6 1 Environment Configuration ccoocccccnccocnconcncnnncconoconnnonnnnnnncnnnnnnnncnnns 112 Gal e Na Mead dd 112 612 lime a a Dalenni na ancien de cate ential E 112 Oslo TIME ZOMCs EE 113 6 1 4 Network Time Protocol NIT 113 6 1 5 Simple Network Time Protocol NIT 114 646 Terminal Configuratii s secen a aa a a eee 115 Gots EOI Baena a ted dma tat na enacted tewacay s 115 0
5. ooccccoccncccccccccnnconcnnconnnconcnonnnnononcncnannnnns 49 4 2 5 4 Additional TACACS Confguraton 49 42 0 AACCOURUNG ee adi 50 4 2 7 Displaying System Authentcaton 50 43 e eine ie e ie Nte Le 51 AOA Enabling INterna Cesna a i 51 4 3 2 Assigning IP Address to Network Interface ccccceesseeeeeeeeeeeeeeeeeeeeaees 92 4 3 3 Static Route and Default Gateway i cccccceccceeseeeeeeeeeeeesaeeeeesaeeeeseaees 52 4 34 Interface Eeer ege a da 53 4 3 5 Displaying Interface AAA 54 44 Secure oel SSH estan S 55 Ae So EE 55 441 1 Enabling SSH Servar iria a Ae Bact 55 4 4 1 2 Displaying On line SSH Cent 55 4 4 1 3 Disconnecting SSH Cent 55 4 4 1 4 Assigning Specific Authentication key 56 4 4 1 5 Displaying Connection History of SSH Cent 56 BA Son Ela EE 56 44 21 Eogimto SSH SIENA A A ates 56 AA O EE 56 4 4 2 3 Authentication key ENNEN 57 AS 902 1 AUtMMentica lO a sa 58 45 1 GOZAN AAN O 59 E 0 A a tet 59 E EE EE usada 59 SN E Authenticaton ModE css ed 60 4 5 1 4 A A et ha pidetunaatatoekDeudaundeceniakaataes 61 4021 0 iP OCC AUINONnZallON a ca 61 4 5 1 6 Interval for Retransmitting Request Identity Packet nnnnnnnnannnennnnsnnneennnnn 61 4 5 1 7 Number of Requests to RADIUS Server occcocccccccccccccccconcnconcncnoccnnoncncnncnnnos 61 4 5 1 8 Interval of Request to RADIUS Server ooccoccccccccnccccncccccnconcncnncnononnnnoncncnncnnnos 62 A522 SOZ 1X RE AUINENUCAUION sisi eae aorti
6. DHCP Lease Database DHCP Database Agent The switch provides a feature that allows to a DHCP server automatically saves a DHCP lease database on a DHCP database agent The DHCP database agent should be a TFTP server which stores a DHCP lease data base as numerous files in the form of leasedb MAC ADDRESS e g leasedb 0A 31 4B 1 A 77 6A The DHCP lease database contains a leased IP address hardware address etc 313 CLI 314 8 6 3 2 8 6 3 3 Management Guide TigerAccess EE To specify a DHCP database agent and enable an automatic DHCP lease database back up use the following command e e re Specifies a DHCP database agent and back up inter ip dhcp database A B C D IN val TERVAL A B C D DHCP database agent address INTERVAL 120 2147483637 unit second no ip dhcp database Deletes a specified DHCP database agent Upon entering the ip dhcp database command the back up interval will begin To display a configuration of the DHCP database agent use the following command e mn show ip dhcp database Shows a configuration of the DHCP database agent Displaying DHCP Lease Status To display current DHCP lease status use the following command a m See show ip dhcp lease all bound Shows current DHCP lease status abandon offer fixed free all all IP addresses POOL bound assigned IP address Enable Global show ip dhcp lease detail Bridge A B C D abandon illegally
7. Therefore the message that corresponds to 3 4 11 and 12 is chosen as the message limiting the transmission rate SMC7824M VSW Management Guide CLI TigerAccess EE Tab 7 2 shows the result of mask calculation of default value ee Status ICMP_DEST_UNREACH 3 ICMP_SOURCE_QUENCH 4 ICMP_ECHO 8 Tab 7 2 Mask Calculation of Default Value To configure the limited ICMP transmission time use the following command ne eos ip icmp interval rate limit N Global Configures a limited ICMP transmission time oba TERVAL INTERVAL 0 2000000000 unit 10 ms D The default ICMP interval is 1 second 100 ms To return to default ICMP configuration use the following command IN wows Raion ip icmp interval default Global Returns to default configuration To display ICMP interval configuration use the following command CO ma a O Enable show ip icmp interval Global Shows ICMP interval configuration Bridge SMC7824M VSW 225 CLI 226 7 14 7 14 1 7 14 2 7 15 Management Guide TigerAccess EE TCP Flag Control TCP Transmission Control Protocol header includes six kinds of flags that are URG ACK PSH RST SYN and FIN For the switch you can configure RST and SYN as the below RST Configuration RST sends a message when TCP connection cannot be done to a person who tries to make it However it is also possible to configure to block the message This function will help p
8. na rees cpe agc on PORTS Enables AGC in CPE SMC7824M VSW Management Guide TigerAccess EE 9 3 9 5 9 3 9 6 5 3 5 7 5 3 5 8 SMC7824M VSW CLI To designate AGC and configure it manually you should designate the distance To dis able the configured AGC use the following command na e See cpe agc off 0 agc off 1 agc off 2 agc off 3 Disable AGC in CPE and configure the agc off 4 agc off 5 agc off 6 agc off 7 agc distance manually off 8 agc off 9 agc off 10 PORTS There can be some error in manually designated distance Checking Length of Cable between CPE and CO To check cable length from CO to CPE use the following command a Y a show Ire ewl PORTS Enable Global Bridge Checks cable length from CO to CPE Auto negotiation of CPE To enable or disable the auto negotiation of CPE Ethernet port use the following com mand e e rees Enables the auto negotiation on CPE ethernet port cpe nego PORTS on Bridge default on cpe cpe nego PORTS off cpe nego PORTS off off Disables the auto negotiation CPE ethernet port the auto Disables the auto negotiation CPE ethernet port CPE ethernet port Transmit Rate of CPE To set the transmit rate of an Ethernet port of CPE use the ee command a the transmit rate of the CPE ethernet port to cpe speed PORTS 10 100 Bridge 10 100 Mbps Duplex mode of CPE To set the duplex mode on an Ethe
9. 1cccsccsccsenssccsecsescsecnesceecsnssesennsnseesennsnaes 135 7 1 Simple Network Management Protocol NM 135 CET SNMP COMMU IY senseless lie vines es ess 135 SMC7824M VSW 7 CLI Management Guide TigerAccess EE 7 1 2 Information Of SNMP Agent 136 PALO SNMP COMZ2S6C saunia aa 137 Fa kde TE Ei EEN 137 7 1 5 SNMP View eco 138 7 1 6 Permission to Access SNMP View Record 138 TA ONMP Versions Us rodas 139 Aso CSL Aid 139 TRST SNMP Trap Mode ee ee EE 139 n SONME Trap HOS ne ene ee eee eee ee ee enn ee 140 TAB SNMP Trap in Event Mode tee 140 Le ER RE e le e Ce BEE 141 1 1485 Displaying SNMP Train A in 142 EE GE AAI aaa dos 143 TEST Alarm Not PAU ds 143 1 92 Alarm Seventy Gl ctrl tas 143 7 1 9 3 Default Alarm Severity oocccoonccccocncococononononnnnonononononnnnononnnnonnnoncnnnrnnnnnncnnnos 144 7 1 9 4 Generic Alarm Severity aicsin A 144 7 1 9 5 ADVA Alarm Severin ii 146 Tigo EE Meat ie 147 7 1 9 7 STP Guard Alarm Gevertvy 147 7 1 9 8 Displaying SNMP Alarm Severity ccccccccseeeeeeeeeeeseeeeeeeeeeeeseeeeeeseeeeeeas 148 7 1 10 Displaying SNMP Configuration a aaannaannannnnannnnnnnnnnnnnnnrnnnnennnnnrrnnrrnnni 148 Tal Disabling oN EE 148 7 2 Operation Administration and Maintenance COAM 149 SE OAWILOOPD Caio iodo 149 EE E ocal OAM leie EEN 150 Tiza e Re e Mee seis 150 7 20 REMOS OAM tens at id is A 150 7 2 5 Displaying OAM Contouraton isien aa a a a 151 7 3 Link
10. A ech II ae gt Policin gt Marking 8 Remarking _ Scheduling Te Classification p g E Action ER IM Rule QoS Fig 7 1 Procedure of QoS operation The structure of Rule has 4 types of categories with different roles for QoS Flow Defines traffic classification criterias such as L3 source and destination IP address L2 source and destination MAC address Ethernet type length Class of Service CoS Differentiated Services Code Point DSCP and so on A unique name needs to be assigned to each flow e Class Includes more than 2 flows for the efficient traffic management in the application of rule to this set of flows Additionally a unique name needs to be assigned to each class e Policer Defines the packet counter coloring rate limit including metering function which will be applied to specified Flow and Class The policer adjusts how and what is to be classified within transmitted packets packet counter calculates the classified packets for identifying a flow rate limit defines which packets conform to or exceed the given rate metering uses to trigger real time traffic conditioning actions e Policy Configures the policy classifying the action s to be performed if the configured rule classification fits transmitted packet s It cannot only include a specified Flow Class or Policer but also set marking remarking according to the various parameters such as CoS and DSCP whic
11. Disabling SNMP To disable SNMP use the following command e e re When you use the no snmp command all configurations of SNMP will be lost SMC7824M VSW Management Guide CLI TigerAccess EE 7 2 Operation Administration and Maintenance OAM In the enterprise Ethernet links and networks have been managed via Simple Network Management Protocol SNMP Although SNMP provides a very flexible management so lution it is not always efficient and is sometimes inadequate to the task First using SNMP assumes that the underlying network is operational because SNMP re lies on IP connectivity however you need management functionality even more when the underlying network is non operational Second SNMP assumes every device is IP ac cessible This requires provisioning IP on every device and instituting an IP overlay net work even if the ultimate end user service is an Ethernet service This is impractical in a carrier environment For these reasons carriers look for management capabilities at every layer of the network The Ethernet layer has not traditionally offered inherent management capabilities so the IEEE 802 3ah Ethernet in the First Mile EFM task force added the Operations Admini stration and Maintenance OAM capabilities to Ethernet like interfaces These manage ment capabilities were introduced to provide some basic OAM function on Ethernet media EFM OAM is complementary not competitive with SNMP man
12. Tab 3 5 shows main commands of DHCP Pool Configuration mode default router Configures the default gateway of the pool range Configures the range of IP addresses Tab 3 5 Main Command of DHCP Pool Configuration Mode DHCP Option Configuration Mode In DHCP Option Configuration mode you can configure DHCP option You can define DHCP options that are carried in the DHCP communication between DHCP server and client or relay agent A specific DHCP option can be defined by its format type length and value SMC7824M VSW Management Guide TigerAccess EE SMC7824M VSW CLI To open DHCP Option Configuration mode use the command Then the system prompt will be changed from SWITCH config to SWITCH dhcp opt NAME e e Se i i Opens DHCP Option Configuration mode to configure ip dhcp option format NAME Global DHCP options Tab 3 7 is the main commands of DHCP Option Configuration mode am Configures the attribute for option field in the DHCP packet Tab 3 6 Main Command of DHCP Option Configuration Mode DHCP Option 82 Configuration Mode In DHCP Option 82 Configuration mode you can configure DHCP option 82 for DHCP re lay agent This feature enables network administrators to manage IP resources more effi ciently To open DHCP Option 82 Configuration mode enter the ip dhcp option82 command then the system prompt will be changed from SWITCH config to SWITCH config opt82 e e Se Op
13. This chapter consists of the following sections e ARP Table e ARP Alias e ARP Inspection e Gratuitous ARP e Proxy ARP ARP Table Hosts typically have an ARP table which is a cache of IP MAC address mappings The ARP Table automatically maps the IP address to the MAC address of a switch In addition to address information the table shows the age of the entry in the table the encapsula tion method and the switch interface VLAN ID where packets are forwarded The switch saves IP MAC addresses mappings in ARP table for quick search Referring to the information in ARP table packets attached IP address is transmitted to network When configuring ARP table it is possible to do it only in some specific interfaces Registering ARP Table The content of ARP table is automatically registered when the relation between MAC ad dress and IP address has been found The network administrator could use MAC address of specific IP address in Network by registering on ARP table To make specific IP address to be accorded with MAC address use the following com mand e e See Sets a static ARP entry enter the IP address and the arp A B C D MACADDR MAC address MACADDR MAC address Global Sets a static ARP entry enter the IP address the MAC arp A B C D MACADDR INTER address and enter an interface name FACE INTERFACE interface name MACADDR MAC address 213 CLI 214 7 12 1 2 7 12 2 Management Guide TigerAcc
14. To delete the key value of a specified member port use the following command e e en Deletes the key value of a specified member port se no lacp port admin key PORTS Bridge lect the member port number 255 CLI Management Guide TigerAccess EE 8 2 2 7 Port Priority To configure priority of an LACP member port use the following command ee e ee lacp port priority PORTS lt 1 Brid Sets the LACP priority of a member port select the ridge 65535 gt port number default 32768 To delete the configured port priority of the member port use the following command Tennent ewe Raton o Deletes the configured port priority of a selected mem no lacp port priority PORTS Bridge ber port select the member port number 8 2 2 8 Displaying LACP Configuration To display a configured LACP use the following command e Y See show lacp aggregator Shows the information of aggregated port show lacp aggregator AGGRE Shows the information of selected aggregated port GATIONS Enable ggreg p Global show lacp port Brid Shows the information of member port ridge show lacp port PORTS Shows the information of appropriated member port show lacp statistics Shows aggregator statistics To reset LACP statistics information use the following command na e een Enable clear lacp statistic Global Resets the information of statistics Bridge 256 SMC7824M VSW Management Guide TigerAcce
15. With above configuration the packets from port 2 and 4 are decided according to the pro tocol kinds In case the protocol is incongruous the route is decided according to the port based VLAN Sample Configuration 4 Configuring QinQ Port 10 of SWITCH 1 and port 11 of SWITCH 2 are connected to the network where dif ferent VLANs are configured To communicate without changing VLAN configuration of SWITCH 1 and SWITCH 2 which communicate with PVID 10 configure it as follows You should configure the ports connected to network communicating with PVID 11 as Tagged VLAN port The network communicating with PVID 11 Communicating with PVID 10 Connecting to port 11 of Switch 1 Switch 2 Switch 1 Communicating with PVID 10 Connecting to port 10 of Switch 1 lt SWITCH 1 gt SWITCH bridge vlan dotlq tunnel enable 10 SWITCH bridge vlan pvid 10 11 SWITCH bridge show vlan dotlq tunnel Tag Protocol Id lt 0x8100 d dousle tagging port SMC7824M VSW Management Guide CLI TigerAccess EE Port 123456789012345678901234567890123 cher le cuadra E sar Sa be BE taint ee ae Ot Beier alah de ie a SWITCH bridge lt SWITCH 2 gt SWITCH bridge vlan dotlq tunnel enable 11 SWITCH bridge vlan pvid 11 11 SWITCH bridge show vlan dotlq tunnel Tag Protocol Id 0x8100 d double taggi g port Port 123456789012345678901234567890123 dtag deade reksi Ge e eg Ee A SWITCH bridge
16. e e re ip dhcp snooping trust PORTS Blocks broadcast request packets of Egress traffic on filter egress bcast req specified trusted port no ip dhcp snooping trust Unblocks broadcast request packets of Egress traffic PORTS filter egress bcast req on specified trusted port DHCP Rate Limit To set the number of DHCP packets per second pps that an interface can receive use the following command e e re ip dhcp snooping limit rate B Sets a rate limit for DHCP packets unit pps PORTS lt 1 255 gt no ip dhcp snooping limit rate geck Deletes a rate limit for DHCP packets PORTS Normally the DHCP rate limit is specified to untrusted interfaces and 15 pps is recom mended for a proper value However if you want to set a rate limit for trusted interfaces keep in mind that trusted interfaces aggregate all DHCP traffic in the switch and you will need to adjust the rate limit to a higher value DHCP Lease Limit The number of entry registrations in DHCP snooping binding table can be limited If there are too many DHCP clients on an interface and they request IP address at the same time it may cause IP pool exhaustion To set the number of entry registrations in DHCP snooping binding table use the follow ing command n mn l SC Enables a DHCP lease limit on a specified untrusted ip dhcp snooping limit lease ort PORTS lt 1 2147483637 gt p Global 1 2147483637 the number of entry registrations n
17. es e re lacp port activity PORTS active er Configures the operation mode of the member port ridge passive E default active To delete the configured operation mode of the member port use the following command e Y Se S Deletes the configured operation mode of the member no lacp port activity PORTS Bridge A port Priority of Switch In case the member ports of connected switches are configured as Active mode LACP system enabled it is required to configure which switch would be a standard for it For this case the user could configure the priority on switch The following is the command of configuring the priority of the switch in LACP function e mees DEE i Sets the priority of the switch in LACP function enter lacp system priority lt 1 65535 gt Bridge the switch system priority default 32768 To delete the priority of configured switch use the following command na een no lacp system priority Clears the priority of the configured switch Manual Aggregation The port configured as member port is basically configured to aggregate to LACP How ever even though the configuration as member port is not released they could operate as independent port without being aggregated to LACP These independent ports cannot be configured as trunk port because they are independent from being aggregated to LACP under the condition of being configured as member port SMC7824M VSW Management
18. show dotlx 25 Port 25 config SystemAuthControl Enabled ProtocolVersion 0 PortControl Force Authorized PortSstatus Unauthorized ReauthEnabled True QuietPeriod lt T000 ReauthPeriod 1800 TxPeriod 30 PaeState INITIALIZE SWITCH config SMC7824M VSW 65 CLI Management Guide TigerAccess EE The following is the example of configuring the port 25 with the MAC based authentica tion SWTICH config dotlx auth mode mac base 25 SWTICH config show dotlx 802 1x authentication is enabled RADIUS Server TimeOut 1 S RADIUS Server Retries 3 RADIUS Server 10 1 1 1 Auth key test 802 1x P2345678 90123456 890123456 8 90123 eT Te bain nent este pte hea EE POr rtCAUCHSG EE Mac Mia Die a de Mais MacAuthed ld de EE p port based m mac based a authenticated u unauthenticated SWITCH config 66 SMC7824M VSW Management Guide TigerAccess EE 3 5 1 5 2 5 2 1 5 2 2 SMC7824M VSW CLI Port Configuration The switch provides maximum 24 VDSL ports including integrated splitters In this chapter you can find the instructions for the basic port configuration such as auto negotiation flow control transmit rate etc Please read the following instructions carefully before you con figure a port in the switch This chapter contains the following sections e Port Basic e Ethernet Port Configuration e VDSL Port Configuration e Port Mirr
19. 226 Transfer complete ftp 13661428 bytes sent in 223 26Seconds 61 19Kbytes sec ftp gt bye 221 Goodbye CIAS To upgrade the system software via the FTP server the FTP server should be enabled on the system For more information see Section 6 1 11 SMC7824M VSW Management Guide TigerAccess EE 11 SMC7824M VSW CLI Abbreviations AES Advanced Encryption Standard ARP Address Resolution Protocol CE Communaut Europ enne CIDR Classless Inter Domain Routing CLI Command Line Interface Cos Class of Service DA Destination Address DHCP Dynamic Host Configuration Protocol DSCP Differentiated Service Code Point DSL Digital Subscriber Line DSLAM Digital Subscriber Line Access Multiplexer EMC Electro Magnetic Compatibility EN Europaische Norm European Standard ERP Ethernet Ring Protection FDB Filtering Data Base FE Fast Ethernet FTP File Transfer Protocol GB Gigabyte GE Gigabit Ethernet HW Hardware ID Identifier IEC International Electrotechnical Commission IEEE 802 Standards for Local and Metropolitan Area Networks IEEE 802 1 Glossary Network Management MAC Bridges and Internetworking IEEE Institute of Electrical and Electronic Engineers IETF Internet Engineering Task Force IGMP Internet Group Management Protocol IGMPv1 Internet Group Management Protocol Version 1 IGMPv2 Internet Group Management Protocol Version 2 IGMPv3 Internet Group Management Protocol Version 3 IP Internet Protocol
20. CLI Fig 8 29 shows an example of ERP operation when a link failure occurs 3 Nodes detecting Link Failure send Link Down message Node A Node B N SSES Unused Link for Traffic Secondary Primary Node C RM Node 1 Secondary port of RM node is blocking in Normal state Fig 8 29 ERP Operation in case of Linnk Failure After RM node receives Link Down messages from other nodes it unblocks its secondary port for traffic transmission with Node B directly connected to the secondary port RM node sends RM Link Down messages and informs the other nodes that its secondary port begins forwarding the traffic Fig 8 30 shows an example of a ring protection after a link failure Node A Node B RM Link Down RM Link Down Node C RM Node Sends RM Link Down Ack to both ports and unblocks secondary port Fig 8 30 Ring Protection 291 CLI 292 Management Guide TigerAccess EE If Node A and Node B detect the link failure being recovered they send Link Up message to RM node But these nodes keep the blocking status of the link recovered ports Fig 8 31 shows an example of a Link Failure Recovery operation 2 Nodes adjacent to old failure send Link Up message to RM node Node A Node B Node C RM Node Fig 8 31 Link Failure Recovery After RM node receives Link Up message it blocks its own secondary port RM n
21. CLI IP Lease Time To specify IP lease time that is requested to a DHCP server use the following command eene ee Specifies IP lease time in the unit of Interface second default 3600 no ip dhcp client lease time Deletes a specified IP lease time ip dhcp client lease time lt 120 2147483637 gt Requesting Option To configure a DHCP client to request an option from a DHCP server use the following command ip dhcp client request domain Interface Configures a DHCP client to request a specified option name dns To configure a DHCP client not to request an option use the following command e e ee no ip dhcp client request ee Configures a DHCP client not to request a specified nterface domain name dns option Forcing Release or Renewal of DHCP Lease The switch supports two independent operation immediate release a DHCP lease for a DHCP client and force DHCP renewal of a lease for a DHCP client To force a release or renewal of a DHCP release for a DHCP client use the following command ze e Se release dhcp INTERFACE release dhcp INTERFACE INTERFACE Forces a release of a DHCP lease Enable renew dhcp INTERFACE Forces a renewal of a DHCP lease Displaying DHCP Client Configuration To display a DHCP client configuration use the following command e e en Enable show ip dhcp client INTERFACE Global Shows a configuration of DHCP client Interface 335 CLI 3
22. COMMAND all privilege dhcp pool class level lt 0 15 gt COMMAND all privilege dhcp option82 level lt 0 15 gt COMMAND all privilege dhcp class level lt 0 15 gt COMMAND all Global Uses the specific command of Privileged EXEC View mode in the level Uses the specific command of Privileged EXEC Enable mode in the level Uses the specific command of Global Configuration mode in the level Uses the specific command of nterface Configuration mode in the level Uses the specific command of Rule Configuration mode in the level Uses the specific command of Bridge Configuration mode in the level Uses the specific command of RMON Configuration mode in the level Uses the specific command of DHCP Pool Configura tion mode in the level Uses the specific command of DHCP Pool Class Con figuration mode in the level Uses the specific command of DHCP Option 82 Con figuration mode in the level Uses the specific command of DHCP Class Configura tion mode in the level The commands that are used in low level can be also used in the higher level For exam ple the command in level O can be used in from level 0 to level 14 The commands should be input same as the displayed commands by show list There fore it is not possible to input the commands in the bracket separately SWITCH show list clear arp clear arp IFNAME clear cpe stat error PORTS clear ip arp inspection statistics vlan VL
23. DST MAC ADDR DST MAC ADDRIM any mac da not found Management Guide TigerAccess EE To specify a packet classifying pattern with source destination IP address or MAC ad dress use the following command e e re Classifies an IP address A B C D source destination IP address A B C D M source destination IP address with mask any any source destination IP address 0 255 IP protocol number Classifies an IP protocol ICMP A B C D source destination IP address A B C D M source destination IP address with mask any any source destination IP address Classifies an IP protocol ICMP A B C D source destination IP address A B C D M source destination IP address with mask any any source destination IP address 0 255 ICMP message type number 0 255 ICMP message code number Classifies an IP protocol TCP UDP A B C D source destination IP address A B C D M source destination IP address with mask any any source destination IP address Classifies an IP protocol TCP UDP A B C D source destination IP address A B C D M source destination IP address with mask any any source destination IP address 0 65535 TCP UDP source destination port range any any TCP UDP source destination port Classifies an IP protocol TCP A B C D source destination IP address A B C D M source destination IP address with mask any any source destination IP address 0 65535 TCP source destination port range any
24. EE Tech Support Information For various reason a system error may occur Once the system error occurs system engineers try to examine the internal system information such as a system configuration log data memory dump and so on to solve the problem To reduce the effort to acquire the detail informtation of the system for a technical suppport the switch provides the function that generates all the system information reflecting the current state Using this function you can verify all the details on a console screen or even in the remote place via FTP TFTP To generate the tech support information use the following command e e Se tech support all crash info Generates the tech support information on a console console screen i Generates the tech support information in the remote tech support all crash info place via FTP or TFTP The name of the generated remote A B C D ftp tftp information file is a info This is not changeable In case of generating the tech support information on a console screen the contents will be displayed without the screen pause regardless of your terminal configuration System Boot Information To display the information of the last system boot use the following command omar e ets show boot info Enable Global Bridge Shows the information of the last system boot The following is the sample output of the show boot info command after turn on with the power switc
25. Sample Configuration 5 Configuring Shared VLAN with FID Configure br2 br3 br4 in the switch configured Layer 2 environment and port 24 as Up link port is configured To transmit untagged packet through Uplink port rightly follow be low configuration Outer Network default SWITCH bridge SWITCH bridge vlan add br3 24 untagged vlan add br4 24 untagged SWITCH bridge vlan create br2 SWITCH bridge vlan create br3 SWITCH bridge vlan create br4 SWITCH bridge vlan del default 3 8 SWITCH bridge vlan add br2 3 4 untagged SWITCH bridge vlan add br3 5 6 untagged SWITCH bridge vlan add br4 7 8 untagged SWITCH bridge vlan add br2 24 untagged SMC7824M VSW 249 CLI Management Guide TigerAccess EE vlan create br5 SWITCH bridge vlan add br5 1 42 untagged vlan fid 1 5 5 show vlan u untagged port t tagged port Name VID FID 123456789012345678901234567890123 default Ti 5 RS EEN WUUMUUUEU A DEZA 2 5 lte eege A E EE E EE br 3 3 5 34 OC e EE br4 4 Sch Haken hans hts E ER NR ee e a Ee Ee ee Best 5 5 uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu SWITCH bridge 250 SMC7824M VSW Management Guide TigerAccess EE 8 2 8 2 1 8 2 1 1 SMC7824M VSW CLI Link Aggregation Link aggregation complying with IEEE 802 3ad bundles several physical ports together to one logical po
26. The following is an example to change the name of CPE file into single file name after ex iting from FTP i Input the port number connected to CPE which is supposed to install system image Step 4 Install the system image file to the CPE a A the system image file of CPE which is con cpe nos download PORTS Bridge nected through a port Step 5 To set the active OS of the CPE system use the following command mana on cpe nos active PORTS os1 2 Bridge Sets the default OS of the system os To display the version of CPE system image and active OS use the following command e ma See Enable Shows the version and active software image of CPE show cpe version PORTS Global which is connected with a port Bridge PORT VDSL port number Step 6 Reboot the CPE in which new system image file is installed 5 3 5 3 Installing CPE System Image File in Slave With staking configured in this switch you can install system image file in Slave after new system image file of CPE is saved in Master RAM To install CPE system image file in Slave Perform the below steps Step 1 Connect to Slave from Master SWITCH bridge rcommand 2 Tey Wie Lets load e Connected to 127 1 0 2 Escape character is SWITCH login root Password SWITCH 104 SMC7824M VSW Management Guide TigerAccess EE SMC7824M VSW CLI Step 2 Connect to FTP of Master to bring new system image file of CPE stored in
27. To specify a packet classifying pattern use the following command e me ees ip A B C D A B C D M any A B C D A B C D M any 0 255 ip A B C D A B C D M any A B C D A B C D M any icmp ip 4 B C D A B C D M any A B C D A B C D M any icmp lt 0 255 gt any lt 0 255 gt any ip 4 B C D A B C D M any A B C D A B C D M any tcp udp ip 4 B C D A B C D M any A B C D A B C D M any tcp udp lt 0 65535 gt any lt 0 65535 gt any ip 4 B C D A B C D M any A B C D A B C D M any tcp lt 0 65535 gt any lt 0 65535 gt any TCP FLAG any Admin Flow Classifies an IP address A B C D source destination IP address A B C D M source destination IP address with mask any any source destination IP address 0 255 IP protocol number Classifies an IP protocol ICMP A B C D source destination IP address A B C D M source destination IP address with mask any any source destination IP address Classifies an IP protocol ICMP A B C D source destination IP address A B C D M source destination IP address with mask any any source destination IP address 0 255 ICMP message type number 0 255 ICMP message code number Classifies an IP protocol TCP UDP A B C D source destination IP address A B C D M source destination IP address with mask any any source destination IP address Classifies an IP protocol
28. When there is any problem in the system you must find what the problem is and its solu tion Therefore you should not only be aware of a status of the system but also verify if the system is correctly configured This section describes the following functions with CLI command e Network Connection e IP ICMP Source Routing e Tracing Packet Route e Displaying User Connecting to System e MAC Table e Running Time of System e System Information e System Memory Information e Running Process e Displaying System Image e Displaying Installed OS e Default OS e Switch Status e Tech Support Information e System Boot Information Network Connection To verify if your system is correctly connected to the network use the ping command For IP network this command transmits a message to internet control message protocol ICMP ICMP is an internet protocol that notifies fault situation and provides information on the location where IP packet is received When the ICMP echo message is received at the location its replying message is returned to the place where it came from To perform a ping test to verify network status use the following command e e re ping A B C D Performs a ping test to verify network status The followings are the available options to perform the ping command ml Premier Protocol ip Supports ping test The default is IP Sends ICMP echo message by inputting IP address or host name of Target
29. are optional A choice of required keywords appears in braces You must se lect one e een oncom Optional variables are separated by vertical bars Tab 1 2 Command Notation of Guide Book SMC7824M VSW Management Guide TigerAccess EE 1 5 A 1 6 SMC7824M VSW CLI Virus Protection To prevent a virus infection you may not use any software other than that which is re leased for the Operating System OS based on Basis Access Integrator Local Craft Terminal LCT and transmission system Even when exchanging data via network or external data media e g floppy disks there is a possibility of infecting your system with a virus The occurrence of a virus in your sys tem may lead to a loss of data and breakdown of functionality The operator is responsible for protecting against viruses and for carrying out repair pro cedures when the system is infected You have to do the following e You have to check every data media used data media as well as new ones for virus before reading data from it e You must ensure that a current valid virus scanning program is always available This program has to be supplied with regular updates by a certified software e Itis recommended that you make periodic checks against viruses in your OS e At the LCT it is recommended to integrate the virus scanning program into the startup sequence CE Declaration of Conformity The CE declaration of the product
30. By default it is disabled The BPDU filter enabled port acts as if STP is disabled on the port This feature can be used for the ports that are usually connected to an end system or the port that you don t want to receive and send unwanted BPDU packets Be cautious about using this feature on STP enabled uplink or trunk port If the port is removed from VLAN membership correspond BPDU filter will be automatically deleted To enable or disable the BPDU filtering function on the edge port use the following com mand ee e rs spanning tree edgeport bpdufil Enables a BPDU filtering function by default on all ter default edge ports Bridge no spanning tree edgeport Disables a BPDU filtering function by default on all bpdufilter default edge ports BPDU Guard BPDU guard has been designed to allow network designers to enforce the STP domain borders and keep the active topology predictable The devices behind the ports with STP enabled are not allowed to influence the STP topology This is achieved by disabling the port upon receipt of BPDU This feature prevents Denial of Service DoS attack on the network by permanent STP recalculation That is caused by the temporary introduction and subsequent removal of STP devices with low zero bridge priority To configure BPDU guard in the switch perform the following procedure Step 1 Configure the specific port as edge port e e Se spanning tree port PORTS Bridge Configures the po
31. CLI 142 7 1 8 5 Management Guide TigerAccess EE an ee no snmp trap temp threshold Global Disables each SNMP trap no snmp trap dhcp lease no snmp trap fan no snmp trap module no snmp trap pps control snmp trap pps control Displaying SNMP Trap To display the configuration of the SNMP trap use the following command show snmp trap Enable Shows the configuration of SNMP trap Global show snmp alarm report Bridge Shows a collected alarm report based trap The following is an example of configuring the trap v1 host trap v2 host and inform trap host SWITCH config snmp trap host 10 1 1 1 SWITCH config snmp trap2 host 20 1 1 1 SWITCH config snmp inform trap host 30 1 1 1 SWITCH config show snmp trap snmp trap mode event Type Host Community inform trap host 30 1 1 1 trap2 host 2 al trap host ERC E Trap List Trap type Status auth fail enable cold start enable cpu threshold enable port threshold enable dhcp lease enable power enable module enable fan enable temp threshold enable mem threshold enable SWITCH config SMC7824M VSW Management Guide TigerAccess EE 7 1 9 7 1 9 1 7 1 9 2 gt P SMC7824M VSW CLI SNMP Alarm The switch provides an alarm notification function The alarm will be sent to a SNMP trap host whenever a specific event in the system occurs through CLI You can also set the alarm severity on each a
32. Enabl ane packet type Global statistics total Bridge show cpu Shows the traffic statistics of the average packet han dled by CPU PORTS To delete the collected statistics of the traffic handled by CPU use the following com mand e e retos Description Global Deletes the collected statistics of the traffic handled by clear cpu statistics PORTS EN ridge The following is the sample output of the show cpu statistics total command with the Ethernet port 25 SWITCH config show cpu statistics total 25 Port Tx Rx Time pkts bytes bits pkts bytes bits POTG eege ee ee ee Ge ee SS ee SS SS Ucast 43 3074 24592 0 0 0 Mcast 348025 2088 167052000 0 0 0 Beast 0 0 0 1349 80940 647520 SWITCH config The switch can be configured to generate a syslog message when the number of the packets handled by CPU exceeds a specified value This function allows system adminis trators to monitor the switch and network status more effectively To configure the switch to generate a syslog message according to the number of the packets handled by CPU use the following command e e re Generates a syslog message according to the speci ENER fied number of the packets handled by CPU This is cpu statistics limit unicast multicast broadcast PORTS lt 10 100 gt configurable for each packet type and physical port Global unicast multicast broadcast packet type PORT
33. For the enhanced system security the switch provides two authentication methods to ac cess the switch such as Remote Authentication Dial In User Service RADIUS and Ter minal Access Controller Access Control System Plus TACACS Authentication Method To set the system authentication method use the following command e e Se Sets a system authentication method local console access login local remote radius remote telnet SSH access tacacs host all enable dis radius RADIUS authentication able tacacs TACACS authentication Global host nominal system authentication default all all types of the authentication no login local remote radius tacacs host all Deletes a configured system authentication method Authentication Interface If more than 2 interfaces exist in the switch you can set one interface to access RADIUS or TACACS server To set an authentication interface use the following command e e Se Sets an authentication interface radius RADIUS authentication tacacs TACACS authentication Global INTERFACE interface name A B C D source IP address optional no login radius tacacsj D ns i Deletes a specified authentication interface interface Primary Authentication Method login radius tacacs interface INTERFACE A B C D You can set the order of the authentication method by giving the priority to each authenti cation method To set the primary au
34. Global A B C D IP address 1 5 priority of TACACS server login tacacs server move A B C D lt 1 5 gt Timeout of Authentication Request After the authentication request the switch waits for the response from the TACACS server for specified time To specify a timeout value use the following command e me See i Specifies a timeout value login tacacs timeout lt 1 100 gt l Global 1 100 timeout value for the response default 5 no login tacacs timeout Deletes a specified timeout value Additional TACACS Configuration The switch provides several additional options to configure the system authentication via TACACS server TCP Port for the Authentication To specify TCP port for the system authentication use the following command e e Se login tacacs socket port Specifies TCP port for the authentication lt 1 65535 gt Global 1 65535 TCP port no login tacacs socket port Deleted the configured TCP port for the authentication 49 CLI 90 4 2 6 4 2 7 Management Guide TigerAccess EE Authentication Type To select the authentication type for TACACS use the following command ee ee Selects an authentication type for TACACS login tacacs auth type ascii ascii plain text pap chap pap password authentication protocol chap challenge handshake authentication protocol no login tacacs auth type Deletes a specified authentication type Priority Level According t
35. Host A and Host B can use Host C s MAC address as the destination MAC address for traffic intended for Host A and Host B ARP Inspection is a security feature that validates ARP packets in a network It discards ARP packets with invalid IP MAC address binding To activate deactivate the ARP inspection function in the system use the following com mand e e re f Activates ARP inspection on a specified VLAN ip arp inspection vlan VLANS Global VLANS VLAN ID 1 4094 no ip arp inspection vlan VLANS Deactivates ARP inspection on a specified VLAN ARP Access List You can exclude a given range of IP addresses from the ARP inspection using ARP ac cess lists ARP access lists are created by the arp access list command on the Global Configuration mode ARP access list permits or denies the ARP packets of a given range of IP addresses 215 CLI 216 Management Guide TigerAccess EE To create delete ARP access list ACL use the following command e e Se Opens ARP ACL configuration mode and creates an arp access list NAME ARP access list Globa NAME ARP access list name no arp access list NAME Deletes an ARP access list After opening ARP Access List Configuration mode the prompt changes from SWITCH config to SWITCH config arp acl NAME After opening ARP ACL Configu ration mode a range of IP addresses can be configured to apply ARP inspection By default ARP Access List discards the ARP p
36. RSTP is also provided IEEE 802 1w defines the recovery time as 2 seconds If there is only one 23 CLI 24 Management Guide TigerAccess EE VLAN in the network traditional STP works However in more than one VLAN network STP cannot work per VLAN To avoid this problem the switch supports multiple spanning tree protocol MSTP IEEE 802 1s Trunking amp Link Aggregation Control Protocol LACP The switch aggregates several physical interfaces into one logical port aggregate port Port trunk aggregates interfaces with the standard of same speed same duplex mode and same VLAN ID The switch supports link aggregation control protocol LACP complying with IEEE 802 3ad which aggregates multiple links of equipments to use more enlarged bandwidth System Management based on CLI It is easy for users who administer system by using telnet or console port to configure the functions for system operating through CLI CLI is easy to configure the needed functions after looking for available commands by help menu different with UNIX Broadcast Storm Control Broadcast storm control is when too much of broadcast packets are being transmitted to network a situation of network timeout because the packets occupy most of transmit ca pacity switch supports broadcast and multicast storm control which disuses flooding packet that exceed the limit during the time configured by user Outband Management Interface The switch can c
37. SACO ERP Shared ls cet aras 293 944 Configuring ERP Doma sr 294 CAA ERP DOMAIN NaMe ir eins 294 8 4 4 2 Primary and Secondary Port 294 GAO Protected LAN cales 294 8444 CONTO NV LAIN cialis 295 12 SMC7824M VSW Management Guide CLI TigerAccess EE 9445 JERP RNO PON ee dee Ee Eed 295 8 4 4 6 Displaying ERP DOM Mind See tia eg 295 8 4 5 Selecting the Node sai 296 8 4 6 Protected GEO dia 296 8 4 7 Manual Switch to Secondary cooccccccocccnccnoccnnononcnnonnncnnonancnnnnnnnnnconanennonanens 296 8 4 8 Wait to Restore Time ccconccconccocncconnoconnoconccnanononconnnonannonannnnnnnonanenanonos 297 8 4 9 Learning Disable TING ui ENEE eege 297 9 4 10 Test Packet inte vaa vilesdeae a 298 SAT IN E ERR 8 ee e OM TIME EE 298 Ss ER 0 gt PP ida 299 8 4 13 Displaying ERP Contguraton 299 G9 A A E 300 8 6 Dynamic Host Configuration Protocol ODHCHR ees 302 9 0 1 DACP SENET ario dd ii de 303 86l A wlio ee ne ah NA oc ea 304 EE DHCP SUUDME EE 304 90 3 RATE O e ee 304 8614 Delaull Gateway caidas ii 305 E Ee IP Lease TIM td 305 0 0 1 0 DNS SQRVCR ee E Ee 306 SO gt Manta BM ueno ri a o is 306 6 05150 DOMAIN INGIIG cua aaa aaa 307 8 6 1 9 DHCP Server Option visir A ai ii 307 86 110 Statie Mappl dais o Aner e dental ON eta ia 307 8 6 1 11 Recognition of DHCP Client ooonccccooncnccccccncccncnnononnncnnnnononnnnnnnnnnnnnnnnnnnnnnos 308 8 0 M12 IP AQUaress e le EE 308 EE tee RE 309 8 6 1 14
38. SWITCH config service dhcp SWITCH config ip dhcp pool sample SWITCH config dhcp sample DHCP Subnet To specify a subnet of the DHCP pool use the following command e Se Specifies a subnet of the DHCP pool network A B C D M DHCP Pool A B C D M network address no network A B C D M Deletes a specified subnet The following is an example of specifying the subnet as 100 1 1 0 24 SWITCH config service dhcp SWITCH config ip dhcp pool sample SWITCH config dhcp sample network 100 1 1 0 24 SWITCH config dhcp sample You can also specify several subnets in a single DHCP pool Range of IP Address To specify a range of IP addresses that will be assigned to DHCP clients use the follow ing command e e re Specifies a range of IP addresses range A B C DA B C D DHCP Pool A B C D start end IP address no range A B C D A B C D Deletes a specified range of IP addresses SMC7824M VSW Management Guide CLI TigerAccess EE The following is an example for specifying the range of IP addresses SWITCH config service dhcp SWITCH config ip dhcp pool sample SWITCH config dhcp sample network 100 1 1 0 24 SWITCH config dhcp sam default router 100 1 1 254 range 100 1 1 1 100 1 1 100 le p SWITCH config dhcp sample p SWITCH config dhcp sample D You can also specify several inconsecutive ranges of IP add
39. To display a status of the DHCP server packet filtering use the following command e e en Enable show dhcp server filter Global Show a status of the DHCP server packet filtering Bridge 8 6 11 Debugging DHCP To enable disable a DHCP debugging use the eS command debug dhcp ffilter lease Enables a DHCP debugging packet service all Enable no debug dhcp poderte lease Disables a Disabiesa DHCP denn Data DHCP denn packet a service all SMC7824M VSW 337 CLI 338 8 7 8 7 1 Management Guide TigerAccess EE Single IP Management It is possible to manage several switches with one IP address by using stacking If there is a limitation for using IP addresses and there are too many switches which you must manage you can manage a number of switches with one IP address using this stacking function It is named One IP Management because you can easily manage various switches and subscribers connected to the switch with this stacking function The switch provides the function The following is an example of the network where stacking is configured Switch E on e gt Switch Switch Master Switch SSES Manage with the same IP address Slave Switch lt Switch B Slave Switch Switch C Fig 8 38 Example of Single IP management A switch which is supposed to manage the other switches in stacking is named as Mas ter switch and
40. ee e See erp domain DOMAIN ID trap lotp ulotp mul Enables the system to send ERP Trap Se Bridge tiple rm rmnode reachability message in case of the event To disable the system to generate ERP trap message use the following command mane tome reten no erp domain DOMAIN ID trap lotp ulotp Brid Disables the system to generate ERP ridge multiple rm rmnode reachability S trap The following options hold the configuration of the ability to transmit LOTP ULOTP Multi ple RM or RMNode reachability Traps lotp Enables disables an RM node to transmit the LOTP traps ulotp Enables disables an RM node to transmit the ULOTP Undirectional Loss Of Test Packets traps multiple rm Enables disables an RM node to transmit the trap in case of Multiple RM nodes rmnode reachability Enables disables a normal node to transmit RMnode Reachablility traps Displaying ERP Configuration To display a configuration of ERP use the following command na m O show erp domain lt 1 64 gt Enable Shows the information of ERP Global l show erp state 1 64 domain ID Bridge 299 CLI Management Guide TigerAccess EE 8 5 Loop Detection The loop may occur when double paths are used for the link redundancy between switches and one sends unknown unicast or multicast packet that causes endless packet floating on the LAN like loop topology That superfluous traffic eventually can result in network
41. ip dhcp check client hardware Prohibits assigning plural IP addresses address Global ip fe o check client Pei assino pate assigning Pei assino pate IP addresses fe o Ignoring BOOTP Request To allow a DHCP server to ignore received bootstrap protocol BOOTP request packets use the following command O eoma ra pon ip dhcp bootp ignore S Ignores BOOTP request packets lobal no ip dhcp bootp ignore Permits BOOTP request packets DHCP Packet Statistics To display DHCP packet statistics of the DHCP server use the following command mana To en show ip dhcp server statistics Enable Shows DHCP packet statistics Global clear ip dhcp statistics Bridge Deletes collected DHCP packet statistics The following is an example of displaying DHCP packet statistics SWITCH config show ip dhcp server statistics Message Recieved Error 0 0 DHCP DISCOVER 0 DHCP REQUEST 0 DHCP DECLINE 0 DHCP RELEASE 0 DHCP INFORM 0 Message Sent Error 0 0 DHCP OFFER 0 DHCP ACK 0 DHCP NAK 0 SWITCH config SMC7824M VSW Management Guide TigerAccess EE 8 6 1 17 8 6 1 18 8 6 2 SMC7824M VSW CLI Setting DHCP Pool Size To limit a size of DHCP pool use the following command ee es ee ip dhcp max pool size lt 1 8 gt Global Configures a maximum size of DHCP pool Displaying DHCP Pool Configuration To display a DHCP pool configuration use the following command na e See
42. no system circuit no system circuit id port type physical port type no system circuit id port type physical 8 6 6 3 Option 82 Reforwarding Policy A DHCP relay agent may receive a DHCP packet from a DHCP server or another DHCP relay agent that already contains relay information You can specify a DHCP option 82 re forwarding policy to be suitable for the network To specify a DHCP option 82 reforwarding policy use the following command e a ee Specifies a DHCP option 82 reforwarding policy replace replaces an existing DHCP option 82 informa tion with a new one keep keeps an existing DHCP option 82 information policy drop normal option82 Option 82 default none normal DHCP packet option82 DHCP option 82 packet none no DHCP packet default 322 SMC7824M VSW Management Guide TigerAccess EE 8 6 6 4 8 6 7 SMC7824M VSW CLI Option 82 Trust Policy Default Trust Policy To specify the default trust policy for DHCP packets use the following command e e See trust default deny permit Option 82 Specifies the default trust policy fora DHCP packet If you specify the default trust policy as deny the DHCP packet that carries the informa tion you specifies below will be permitted and vice versa Trusted Remote ID To specify a trusted remote ID use the following command Command Mode Description trust remote id hex HEXSTRING trust remote id ip A B C D Option 82 Specifi
43. show spanning tree mst lt 1 64 gt active detail show spanning tree mst lt 1 64 gt blockedport show spanning tree mst lt 1 64 gt detail active show spanning tree mst lt 1 64 gt inconsistentports show spanning tree mst lt 1 64 gt bridge address detail for ward time hello time id max age protocol priority system id show spanning tree mst lt 1 64 gt root address cost detail forward time hello time id max age port priority system id show spanning tree mst lt 1 64 gt port PORTS H active detail cost detail active edgeport inconsistency rootcost state priority H show spanning tree mst con figuration digest show spanning tree mst lt 1 64 gt summary totals Enable Global Bridge Shows all configurations of a specific MSTP instance 1 64 MSTP instance ID number Shows information of a specific MSTP instance on active interface 1 64 MSTP instance ID number detail detailed MSTP information as option Shows information of the blocked ports Shows detailed information of the specific MSTP in stance 1 64 MSTP instance ID number Shows information of root inconsistency state 1 64 MSTP instance ID number Shows information of the bridge status and configura tion of a specific MSTP instance 1 64 MSTP instance ID number Shows the status and configuration for the root bridge of a specifiec MSTP instance 1
44. use the eo command ip arp inspection trust port EE a trust state on a port as trusted PORTS PORTS port number Global no ip arp ee trust port ee Sets a trust state ona ae as untrusted PORTS ae number To display a configured trust port of the ARP inspection use the following command e e Se Enable show ip arp inspection trust Global Shows a configured trust port of the ARP inspection ort PORTS Ip Bridge ARP Inspection Log buffer Log buffer function shows the list of subscribers who have been used invalid fixed IP ad dresses This function saves the information of users who are discarded by ARP inspec tion and generates periodic syslog messages Log buffer function is automatically enabled with ARP inspection If this switch receives invalid or denied ARP packets by ARP inspection it creates the table of entries that in clude the information of port number VLAN ID source IP address source MAC address and time In addition you can specify the maximum number of entries After one of entries is displayed as a syslog message it is removed in the order in which the entries appear in the list To configure the options of log buffer function use the following command ee Tea ip arp inspection log buffer Specifies the number of entries in log buffer entries lt 0 1024 gt 0 1024 the max number of entries default 32 Global entries Sets the interval for displaying syslog messages of ip arp inspe
45. y Source address or interface 172 16 157 100 Type of service 0 0 Set DF bit in 1P header no no Data pattern OxABCD PATTERN Oxabcd PING 172 16 1 254 172 16 1 254 from 172 16 157 100 100 128 108 bytes from 172 16 1 254 icmp seq 1 ttl 255 time 30 4 ms 108 bytes from 172 16 1 254 icmp seq 2 ttl 255 time 11 9 ms 108 bytes from 172 16 1 254 icmp seq 3 ttl 255 time 21 9 108 bytes from 172 16 1 254 icmp seq 4 ttl 255 time 11 9 ms 108 bytes from 172 16 1 254 icmp seq 5 ttl 255 time 30 1 172 16 1 254 pind statistics 5 packets transmitted 5 received 0 packet loss time 8050ms rtt min avg max mdev 11 972 21 301 30 411 8 200 ms SWITCH IP ICMP Source Routing C Request The route for general PING test PC Fig 6 1 Ping Test for Network Status The following is to verify network status between 172 16 157 100 and 172 16 1 254 when IP address of the switch is configured as 172 16 157 100 bytes of data If you implement PING test to verify the status of network connection ICMP request ar rives at the final destination as the closest route according to the routing theory SMC7824M VSW Management Guide TigerAccess EE 6 3 3 SMC7824M VSW CLI In the above figure if you perform ping test from PC to C it goes through the route of ABC This is the general case But the switch can enable to perform ping test from PC as
46. 3 admin 2 0 0 0 0 0 O S Feb23 0 00 keventd admin 3 040 0 0 0 0O SN Feb23 0 00 ksoftirqd CPug admin 4 0 0 0 0 0 0 S Feb23 0 00 kswapd admin 5 0 0 0 0 0 O S Feb23 0 00 bdflush admin 6 0 0 0 0 0 0 Feb23 0 00 kupdated admin 7 0 0 0 0 0 0 2 gt Feb23 0 00 mtdblockd admin 8 0 0 0 0 0 O S lt Feb23 0 00 bcmDPC admin 9 0 0 0 0 0 O S lt Feb23 0 29 bcmCNTR O admin 16 0 0 0 0 0 U 2 SN Feb23 0 00 jffs2 gcd medo admin 81 0 0 Sech 10524 5492 S Feb23 0 53 usr sbin swchd admin 83 0 0 1 5 6756 3756 S Feb23 0 53 usr sbin nsm Omitted SWITCH FTP Server FTP server is enabled on this switch by default But this configuration can t provide the security serveice becaue it s easy to access to the port of 23 by others If the default 117 CLI 118 6 1 12 6 1 13 6 1 13 1 Management Guide TigerAccess EE configuration is unnecessary on sysem user can disable the system as FTP server To enable disable the system of this switch as FTP server use the following command a ee Enables disables the FTP server on the system ftp server enable disable Global default enable If the FTP server is disabled the system software upgrade cannot be done via FTP server FTP Client address You can specify several IP addresses to this switch However you can also specify one IP address when this switch has access to FTP server as a client To assign source IP address that uses when this switch
47. 3 Link Layer Discovery Protocol LLDP 7 3 1 7 3 2 Link Layer Discovery Protocol LLDP is the function of transmitting data for network management for the switches connected in LAN according to IEEE 802 1ab standard LLDP Operation The switch supporting LLDP transmits the management information between near switches The information carries the management information that can recognize the network elements and the function This information is saved in internal Management In formation Base MIB When LLDP starts to operate the switches send their information to near switches If there is some change in local status it sends their changed information to near switch to inform their status For example if the port status is disabled it informs that the port is disabled to near switches And the switch that receives the information from near switches processes LLDP frame and saves the information of the other switches The in formation received from other switches is aged Enabling LLDP To enable LLDP use the following command II e O Enables LLDP function on a port Ildp PORTS mgmtaddr A B C D A B C D IP address that is given to LLDP packet Bridge no lldp PORTS mgmtaddr l i Disables LLDP function A B C D SMC7824M VSW Management Guide TigerAccess EE 7 3 3 7 3 4 7 3 5 D SMC7824M VSW CLI LLDP Operation Type If you activated LLDP on a port configure LLDP operation type Each LLDP op
48. 381 CLI 382 IRL ISP ITU ITU T L2 LACP LAN LCT LLDP LLID MAC McFDB MFC MTU MVR NE NTP OAM ORL OS PC PVID Qos QRV RFC RMON RSTP RTC SA SFP SNMP Management Guide TigerAccess EE Input Rate Limiter Internet Service Provider International Telecommunication Union International Telecommunication Union Telecommunications standardization sector Interface Unit Layer 2 Link Aggregation Control Protocol Local Area Network Local Craft Terminal Link Layer Discover Protocol Logical Link ID Medium Access Control Multicast Forwarding Database Multicast Forwarding Cache Maximum Transmission Unit Multicast VLAN Registration Network Element Network Time Protocol Operation Administration and Maintenance Output Rate Limiter Operating System Personal Computer Port VLAN ID Quality of Service Querier s Robustness Variable Request for Comments Remote Monitoring Rapid Spanning Tree Protocol Real Time Clock Source Address Small Form Factor Pluggable Simple Network Management Protocol SMC7824M VSW Management Guide TigerAccess EE SMC7824M VSW SNTP SSH STP SW TCN TCP TFTP TIB TOS UDP UMN VID VLAN VoD VPI VPN xDSL CLI Simple Network Time Protocol Secure Shell Spanning Tree Protocol Software Topology Change Notification Transmission Control Protocol Trivial FTP Tree Information Base Type of Service User Datagram Protocol User Manual VLAN ID Virt
49. 5 32768 gt e unit is second default 30 EISE k Default for sending LLDP message is 4 times in every 30 seconds 153 CLI 154 7 3 6 1 3 1 Management Guide TigerAccess EE Reinitiating Delay To configure the interval time of enabling LLDP frame after configuring LLDP operation type use the following command e me ees Configures the interval time of enabling LLDP frame lldp reinitdelay lt 1 10 gt i from the time of configuring not to process LLDP frame default 2 To configure delay time of transmitting LLDP frame use the following command SCC Configures delay time of transmitting LLDP frame Ildp txdelay lt 1 8192 gt Bridge default 2 Displaying LLDP Configuration To display LLDP configuration use the following command e e een show Ildp config PORTS Shows LLDP configuration LLDP Shows LLDP configuration show lldp remote PORTS Show statistics for remote entries show lldp statistics PORTS Shows LLDP operation and statistics To delete an accumulated statistics on the port use the following command na e een Enable clear lldp statistics PORTS Global Deletes an accumulated statistics on the port Bridge The following is the sample output of the show Ildp config command SWITCH config show lldp config 1 2 GLOBL MsgTxInterval 30 MsgTxHold 4 gt txTTL 120 ReInitDelay 2 TxDelay 2 PORTS active adminStat mgmtAddress op
50. 8797 6288 Fax 65 6 238 6466 Fax 82 2 553 7202 Fax 81 45 224 2331 Fax 61 2 8875 7777 Fax 91 22 8204443 lf you are looking for further contact information please visit www smc com www smc europe com or www smc asia com SMC Networks 20 Mason Irvine CA 92618 Phone 949 679 8000 Networks TECHNICAL SUPPORT From U S A and Canada 24 hours a day 7 days a week Phn 800 SMC 4 YOU 949 679 8000 Fax 949 679 1481 English Technical Support information available at www smc com English For Asia Pacific Technical Support information available at www smc asia com Deutsch Technischer Support und weitere Information unter www smc com Espanol En www smc com Ud podr encontrar la informaci n relativa a servicios de soporte t cnico Francais Informations Support Technique sur www smc com Portugu s Informa es sobre Suporte T cnico em www smc com Italiano Le informazioni di supporto tecnico sono disponibili su www smc com Svenska Information om Teknisk Support finns tillg ngligt p www smc com Nederlands Technische ondersteuningsinformatie beschikbaar op www smc com Polski Informacje o wsparciu technicznym sa dostepne na www smc com eStina Technicka podpora je dostupna na www smc com Magyar M szaki tamogat informacio elerhet on www smc com BABAL ARLA ai www smc pre come if Si AS AMC E anh IS EAR FH A E www smcnetworks com tw 222 mansamiayanmuina a lai www smc asia com SZ TEN
51. ADM OPR PBO 10 Custom Level 1 Up Up SI St St Bei SEI 2 Up Up DA He 11 3 Up Down TE Ohh E der 4 Up Down SCH dh bh el 11 5 Up Down Enable P S A eet aoe e Jil SWITCH bridge If you control power according to VDSL line it is applied to all ports You cannot configure power consumption supplied to VDSL line with power control ac cording to the distance of line enabled In this case the standard to decide power con sumption is the distance To configure power consumption supplied to VDSL line use the following command es Fee Ire PORTS pbo length 11213 Ge Configures power consumption supplied to VDSL line ridge 1415161718191 10 3 according to the distance i The default is 2 80 SMC7824M VSW Management Guide CLI TigerAccess EE To configure the power back off length of each upstream band use the following com mand e e rees Ire PORTS band pbo length u0 LENGTH u1 LENGTH Ire PORTS band pbo length u0 Configures the power back off length per upstream LENGTH ui LENGTH u2 l band LENGTH LENGTH distance from 100m to 900m 1 10 Ire PORTS band pbo length u0 u1 u4 U1 U4 band configuration LENGTH ui LENGTH u2 LENGTH u3 LENGTH The following table shows distance of 1 9 in the above command Each variable means as the below Tab 5 4 Value of PBO Length You should control supplied power of VDSL port according to distance of VDSL line The following is an exampl
52. CLI Management Guide TigerAccess EE To specify a remote ID use the following command om ee system remote id hex HEXSTRING system remote id ip A B C D remote system remote id ip A B C D ip A B C D Specifies a remote ID Option 82 system remote id text STRING remote system remote id text STRING text STRING default system MAC address system remote id option format NAME remote system remote id option format NAME option format NAME To specify a circuit ID use the following command ICO E O system circuit id PORT hex HEXSTRING system circuit id PORT index lt 0 65535 gt system circuit id PORT index lt 0 65535 gt PORT index lt 0 65535 gt Specifies a circuit ID system circuit id PORT text STRING system circuit id PORT text STRING PORT text STRING Option 82 default port number system circuit system circuit id port type physical port type system circuit id port type physical system circuit id PORT option format NAME system circuit id PORT option format NAME PORT option format NAME To delete a specified remote and circuit ID use the following command ana een no system remote id no no system remote id option format remote no system remote id option format option format Deletes a specified remote and circuit Option 82 no system circuit no system circuit id PORT option format PORT no system circuit id PORT option format format ID
53. EE Quality of Service QoS The switch provides a rule and QoS feature for traffic management The rule classifies in coming traffic and then processes the traffic according to user defined policies You can use the physical port 802 1p priority CoS VLAN ID DSCP and so on to classify incom ing packets You can configure the policy in order to change some data fields within a packet or to re lay packets to a mirror monitor by a rule QoS Quality of Service is one of useful func tions to provide more reliable service for traffic flow control It is very serviceable to pre vent overloading and delaying or failing of sending traffic by giving priority to traffic QoS can give priority to specific traffic by basically offering higher priority to the traffic or lower priority to the others When processing traffic the traffic is usually supposed to be processed in time order like first in first out This way not processing specific traffic first might cause undesired traffic loss in case of traffic overloading However in case of overloading traffic QOS can apply processing order to traffic by reorganizing priorities according to its importance By favor of QoS you can predict network performance in advance and manage bandwidth more efficiently The QoS provides the following benefits Control over network resources Bandwidth delay and packet loss can be effectively controlled by QoS feature The net work administrator can
54. EE EEE HHH HH HEH HH EE EE EE HE HE EH HH EE EEE EEE HE EE EE EEE EE EE EEE HTH HE HHT HEHE EE EE EE EH EE EE EH HE HE EEE EEE EE EE EH EE EE EEE EEE EEE EEE HEH done Bytes transferred 13661822 d0767e hex Update flash Are you sure y n y Erasing 0x01D00000 Ox0O1ID1IFFFF Programming 0x01D00000 Ox01D1FFFE Verifying 0x01D00000 Ox0O1ID1IFFFF Boot gt flashinfo Flash Information Bytes Area OS size Default OS Standby 0S OS Version osl 13661806 x e 5 01 3001 os2 13661412 4 07 1008 Boot gt SMC7824M VSW Management Guide TigerAccess EE 10 3 SMC7824M VSW CLI Step 4 Reboot the system with the new system software using the following command e e Se Reboots the system with specified system software reboot os1 os2 Boot l os1 os2 the area where the system software is stored If the new system software is a current standby OS just exit the boot mode then the in terrupted system boot will be continued again with the new system software To exit the boot mode use the following command e e Se FTP Upgrade The system software of the switch can be upgraded using FTP This will allow network or system administrators to remotely upgrade the system with the familiar interface To upgrade the system software using FTP perform the following step by step instruction Step 1 Connect to the switch with your FTP client software To login the system you can use the system user ID and
55. Environment 1 To transmit the untagged packet from uplink port to subscriber a new VLAN should be created including all subscriber ports and uplink ports This makes the uplink ports to rec ognize all other ports FID helps this packet forwarding FDB is MAC Address Table that recorded in CPU FDB table is made of FID FDB Identification Because the same FID is managed in the same MAC table it can recognize how to process packet forwarding If the FID is not same the system cannot know the information from MAC table and floods the packets Outer Network 4 SWITCH bridge show vlan u untagged port t tagged port 1 2 3 4 Name 123456789012345678901234567890123456789012 default u uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu DEZA Wiese ir dey ech ca vets ein det sec ths Settee te Geer 8 K EN eh SECH E aa NT iaa ME ca bra E O uk a ee A ee Dowie AA BES l SS SEENEN esca dsc esa go bre uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu default br2 SWITCH bridge Fig 8 7 Incoming Packets under Layer 2 Shared VLAN Environment 2 In conclusion to use the switch as Layer 2 switch user should add the uplink port to all VLANs and create new VLAN including all ports If the communication between each VLAN is needed FID should be same SMC7824M VSW 245 CLI 246 8 1 11 8 1 12 Management Guide TigerAccess EE To configure FID use the following command e e ees
56. IP address o l destination in order to verify network status Repeat count 5 Sends ICMP echo message as many as count The default is 5 Datagram size 100 Ping packet size The default is 100 bytes Tab 6 2 Options for Ping SMC7824M VSW Management Guide TigerAccess EE SMC7824M VSW CLI nn eee It is considered as successful ping test if reply returns within the con Timeout in seconds 2 figured time interval The default is 2 seconds Extended commands n Shows the additional commands The default is no Tab 6 2 Options for Ping Cont The following is an example of ping test 5 times to verify network status with IP address 172 16 1 254 SWITCH ping Protocol ip ip Target IP address 172 16 1 254 Repeat count b 5 Datagram size 100 100 Timeout in seconds 2 2 Extended commands n n PING 172 16 1 254 172 16 1 254 100 128 bytes of data Warning time of day goes back 394us taking countermeasures 108 bytes from 172 16 1 254 icmp seq 1 ttl 255 time 0 058 ms 108 bytes from 172 16 1 254 icmp seq 2 ttl 255 time 0 400 ms 108 bytes from 172 16 1 254 icmp seq 3 tt1l 255 time 0 403 ms 108 bytes from 172 16 1 254 icmp seq 4 ttl 255 time 1 63 ms 108 bytes from 172 16 1 254 icmp seq 5 ttl 255 time 0 414 ms ee E E o ping Statistics 5 packets transmitted 5 received 0 packet loss time 8008ms rtt min avg ma
57. If you need to make many MAC filtering policies at a time it is hard to input command one by one In this case it is more convenient to save MAC filtering policies at letc mfdb conf and display the list of MAC filtering policy To view the list of MAC filtering policy at etc mfdb conf use the following command n See mac filterlist Bridge Shows the list of MAC filtering policy at etc mfdb conf SMC7824M VSW Management Guide TigerAccess EE 7 12 7 12 1 7 12 1 1 SMC7824M VSW CLI Address Resolution Protocol ARP Devices connected to IP network have two addresses LAN address and network address LAN address is sometimes called as a data link address because it is used in Layer 2 level but more commonly the address is known as a MAC address A switch on Ethernet needs a 48 bit MAC address to transmit packets In this case the process of finding a proper MAC address from the IP address is called an address resolution On the other hand the progress of finding the proper IP address from the MAC address is called reverse address resolution The switches and DSLAMs find their MAC addresses from the IP addresses through address resolution protocol ARP ARP saves these ad dresses in ARP table for quick search Referring to the IP addresses in ARP table the packets containing the IP address are transmitted to network When configuring the ARP table it is possible to do it only in some specific interfaces
58. Layer Discovery Protocol CT DP 152 Sd DR eene BEE 152 Liz nelle e DR EE 152 Loa LEDP Operation Pe Dio a 153 Fog Basic TEV oeaan ideas 153 30 ELDRE Mess AGC asii eege 153 2360 JIRCINIUAUN OG RER 154 7 3 7 Displaying LLDP Configuration cccccocccnnoconnnncconnonononcnnonononnnnoncnnonnanonoos 154 ZA Remote Monitoring HMON 155 Ad RMON HISO Vs rica 155 7 4 1 1 Source Port of Statistical Data 156 7 4 1 2 Subject of RMON Histop NEE 156 TANS NUMbDer e EE e le E EE 156 7 4 1 4 Interval of Sample Inquiry ccccocccccccnccccnncccnnocccnncncnnnonnnonanonononononnnonacnnnos 157 TAMOS Activating RMON HIStory inicio 157 7 4 1 6 Deleting Configuration of RMON History c cooocccccoccncccoccnconoconononcnnnnoncnnnnos 157 7 4 1 7 Displaying RMON History csicsa a E 157 T42 AMON AGN EE 158 FAZ SUDjECLOL RMON Alanis ereraa AA 158 7 4 2 2 Object of Sample Ingoum cc ccccceecceeceeeeeeeeeeeeseeeeeseeeeeeseeeeeseaeeeeseeeeesaees 158 7 4 2 3 Absolute and Delta Comparison occcccccccccncccccnccnnnncncnnonnnnnnnnnncnnnonononenaninnns 158 SMC7824M VSW Management Guide TigerAccess EE SMC7824M VSW 7 6 1 7 5 Syslog 7 5 1 7 5 2 7 5 3 7 5 4 ESAS 7 5 6 1 9 7 CLI 7 4 2 4 Upper Bound of Threshold 00nnnannnannnennnennnennnnnnnnnnnrnnnnnnnnrnnnrrnnrrsrrrenrene 159 7 4 2 5 Lower Bound of Threshold AAA 159 7 4 2 6 Standard of the First Alamm 160 7 4 2 7 Interval of Sample Inquiry
59. Prohibition of 1 N IP Address Assignment 309 8 6 1 15 Ignoring BOOTP Reouest rana aie Ta 310 86116 DHCP Racket Ee 310 SOAAT Seting DACP POOS Zes id 311 8 6 1 18 Displaying DHCP Pool Configuration ccccocccnccoccnncnoconcconcnnnnonnnnonanononnnoos 311 8 6 2 DHCP Address Allocation with Option 8 311 8 6 2 1 DHCP Class Capability oooocccoocccoconcncocononononcnnononononnnnnnononnnnonaninonnnoos 312 8 622 DHGP Class Creation a a o ee 312 8 6 2 3 Relay Agent Information Pattern oooocccccocccncccccnncnonnnnnnnononnnnnnonnnnnnnnnnnnnnnns 312 8 6 2 4 Associating Be EE 313 8 6 2 5 Range of IP Address for DHCP Claes 313 8639 DHCP ease Database iii ios 313 6 6 95 DACP Database Ag ei EE 313 8 6 3 2 Displaying DHCP Lease Status ooccccococonoconcncocononccnononononconononnnconanononnns 314 8 6 3 3 Deleting DHCP Lease Database ooccccocococcconcococononccnononncnncononononcnnnnnnnnnns 314 964 DHEP Relay Agent da ee 315 S641 DACP Ee ee 315 8 6 4 2 Smart Relay Agent Forwarding se nnsesnnsnsnennenneesrrresnrrnsrrrnsrrrnsrrresrrrrsrrren 316 9 0 4 3 DHGP Server ID Opt iii 316 8 6 4 4 DHCP Relay Giattetce cc ecccccceccecsseeeeeeeeeeeseeeeeseeeeeeseeeeeeseeeeesaaeeeesaaeees 317 E DE ELE ere paa id 318 8 6 5 1 Entering DHCP Option Mode ccooccccccoccnccccccncconcnncnoncncononononnnnonononnnnnnnnnnnnnos 318 8 6 5 2 Configuring DHCP Option Fommat 319 8 6 5 3 Deleting DHCP Option Format 319 SMC7824
60. RMON VALUE 0 2147483647 After configuring upper bound of threshold configure to generate RMON event when ob ject is more than configured threshold Use the following command e e rees Configures to generate RMON event when object is rising event lt 1 65535 gt RMON more than configured threshold 1 65535 event index Lower Bound of Threshold lf you need to occur alarm when object used for sample inquiry is less than lower bound of threshold you should configure lower bound of threshold To configure lower bound of threshold use the following command ze e Se falling threshold VALUE RMON Configures lower bound of threshold After configuring lower bound of threshold configure to generate RMON event when ob ject is less than configured threshold Use the following command Configures to generate RMON alarm when object is falling event lt 1 65535 gt RMON l less than configured threshold 159 CLI 160 7 4 2 6 7 4 2 7 7 4 2 8 Management Guide TigerAccess EE Standard of the First Alarm It is possible for users to configure standard when alarm is first occurred User can select the first point when object is more than threshold or the first point when object is less than threshold or the first point when object is more than threshold or less than threshold To configure the first RMON alarm to occur when object is less than lower bound of threshold first use the following command
61. S Enables CPU flood guard function ridge no cpu flood guard disable Disables CPU flood guard function To display a configuration of CPU flood guard use the following command e e re Enable show cpu flood guard Global Shows a configured CPU flood guard Bridge 344 SMC7824M VSW Management Guide TigerAccess EE 8 9 3 SMC7824M VSW CLI Port Flood Guard A packet storm occurs unexpectedly when a large number of broadcast unicast or multi cast packets are received on a port Forwarding these packets can cause the network to slow down or to time out This switch provides pps control function that controls traffic for a specified port by threshold value If a large number of incoming packets exceed the threshold the traffic is discarded during specified time when pps control function enables on this port To set the threshold of pps control use the following command e e Se Sets the threshold of port traffic PORTS port number 1 2 3 THRESHOLD threshold value the number of packets per 1 second pps control port PORTS THRESHOLD 5 60 600 Global 5 60 600 time interval unit second no pps control port PORTS Deletes the configured threshold of port traffic To set the timer for blocking traffic use the following command e e See Sets the time of changing the state of a blocked port to NORMAL If you set the interval as 10 the state of the pps control port PORT
62. STP It is easy and fast to configure new protocol The IEEE 802 1w also supports backward compatibil ity with IEEE 802 1d The switch provides STP RSTP and MSTP For more detail description of STP and RSTP refer to the following sections e STP Operation s RSTP Operation e MSTP Operation e Enabling STP Function Required e Configuring MSTP PVSTP Mode e STP Basic Configuration e Configuring MSTP e Configuring PVSTP e Root Guard e Restarting Protocol Migration e Loop Back Detection e BPDU Configuration e Sample Configuration STP Operation The 802 1d STP defines port state as blocking listening learning and forwarding When STP is configured in LAN with double paths switches exchange their information includ ing the bridge ID SMC7824M VSW Management Guide TigerAccess EE SMC7824M VSW CLI It is named as BPDU Bridge Protocol Data Unit Switches decide port state based on the exchanged BPDU and automatically decide an optimized path to communicate with the root switch Root Switch The critical information to decide a root switch is the bridge ID Bridge ID is composed of two bytes priority and six bytes MAC address The root switch is decided with the lowest bridge ID Switch A Priority 8 ROOT DP DP Switch C Priority 10 Switch B Priority 9 DP RP Root Port DP Designated Port Switch D Fig 8 11 Root Switch After configuring STP switches
63. Specifies EBS sTCMonlyy color cir BANDWIDTH cbs BURST To configure the meter to discard all red colored packets use the following command ee e re color red action drop Configures the meter to discard red colored packets Policer no color red action drop Configures the meter to permit red colored packets SMC7824M VSW Management Guide TigerAccess EE 7 6 4 3 7 6 4 4 7 6 4 5 SMC7824M VSW CLI Policy Priority If rules that are more than two match the same packet then the rule having a higher prior ity will be processed first To set a priority for a policy use the following command e me See priority low medium high i Policy Sets a priority for a policy default medium highest Policy Action To specify the rule action for the packets matching configured classifying patterns use the following command n O action match deny Denies the classified packets action match permit Permits the classified packets Redirects the classified packets to specified port VLANS VLAN ID 1 4094 PORTS port number i f Sends a copy of classified packets to mirror monitoring action match mirror Policy i port Specifies a VLAN ID of classified packets VLANS VLAN ID 1 4094 action match redirect vlan VLANS port PORTS action match vlan VLANS action match copy to cpu Sends classified packets to CPU action match route next hop Specifies next hop address of classi
64. TCP UDP A B C D source destination IP address A B C D M source destination IP address with mask any any source destination IP address 0 65535 TCP UDP source destination port number any any TCP UDP source destination port Classifies an IP protocol TCP A B C D source destination IP address A B C D M source destination IP address with mask any any source destination IP address 0 65535 TCP source destination port number any any TCP source destination port TCP FLAG TCP flag e g S SYN F FIN any any TCP flag Classifies an IP header length ip header length lt 1 15 gt When specifying a source and destination IP address as a packet classifying pattern the destination IP address must be after the source IP address 1 15 IP header length value 193 CLI 194 7 6 6 3 7 6 6 4 Management Guide TigerAccess EE To delete a specified packet classifying pattern use the following command mn Deletes a specified packet classifying pattern for each Admin Flow l no ip header length option Applying and modifying Admin Flow After configuring an admin flow using the above commands apply it to the system with the following command If you do not apply it to the system all specified configurations from Admin Flow Configuration mode will be lost To save and apply an admin flow use the following command se e A ap Admin Flow Applies an admin flow to the system To
65. The following diagram illustrates how the object instances of Agent Sampler Poller and Receiver are linked together in memory when the agent is running ae sFlow Agent sFlow Packet sample sFlow Device from switch fabri Packet samples Sampler sFlow Datagrams sFlow Interface counter Poller Kernel Fig 7 18 sFlow Agent Diagram Each interface or module inside the switch router has an ASIC or Network Processor which performs the packet sampling function The packet samples and interface counter sampling are forwarded to the central CPU where the sFlow agent is running SMC7824M VSW 229 CLI 230 7 16 1 7 16 2 Management Guide TigerAccess EE The sFlow Agent maintains linked lists of Samplers Pollers and Receivers Internally the agent extracts the interface data of the flow sample from sFlow device creates new flow sampling data You can get more specific information of flow samples including in put output interface of sampling ingress egress packets VLAN priority AS number and so on sFlow sampler of agent is in charge of encoding the packet samples and sending them to the receiver sFlow poller of the agent collects the sampling of network interface counters The poller is also in charge of encoding the interface counter data and sending them to the receiver Both flow and counter samples are combined in sFlow datagrams And sFlow receiver encodes those samples into UDP datagrams and sends the da
66. The following is an example of enabling the port mirroring on the port 2 and 3 with the monitoring port 1 SWITCH bridge mirror enable SWITCH bridge mirror monitor 1 SWITCH bridge mirror add 2 3 SWITCH bridge show mirror Mirroring enabled Monitor port 1 Ingress mirrored ports SH 02 03 o a so Sa SS Ss So Sa SS Se sa Sa So Sasa Sa Se as Egress mirrored ports 02 US Sa Zement Se Zeen SS tae ee Se SS SS ee Se Zeie SS ee ee ES SWITCH bridge 111 CLI 112 6 1 6 1 1 Management Guide TigerAccess EE System Environment Environment Configuration You can configure a system environment of the this switch with the following items e Host Name e Time and Date e Time Zone e Network Time Protocol NTP e Simple Network Time Protocol SNTP e Terminal Configuration e Login Banner s DNS Server e Fan Operation e Disabling Daemon Operation e FTP Server e FTP Client address e System Threshold Host Name Host name displayed on prompt is necessary to distinguish each device connected to network To set a new host name use the following command e e e hostname NAME Creates a host name of the switch enter the name Global no hostname NAME Deletes a configured host name enter the name The following is an example of changing host name to TEST SWITCH config hostname TEST TEST config Time and Date To set system time and date use the fol
67. VSW CLI Port based VLAN The simplest implicit mapping rule is known as port based VLAN A frame is assigned to a VLAN based solely on the switch port on which the frame arrives In the example de picted in Fig 8 1 frames arriving on ports 1 through 4 are assigned to VLAN 1 frame from ports 5 through 8 are assigned to VLAN 2 and frames from ports 9 through 12 are assigned to VLAN 3 Stations within a given VLAN can freely communicate among themselves using either unicast or multicast addressing No communication is possible at the Data Link layer be tween stations connected to ports that are members of different VLANs Communication among devices in separate VLANs can be accomplished at higher layers of the architec ture for example by using a Network layer router with connections to two or more VLANs Multicast traffic or traffic destined for an unknown unicast address arriving on any port will be flooded only to those ports that are part of the same VLAN This provides the de sired traffic isolation and bandwidth preservation The use of port based VLANs effec tively partitions a single switch into multiple sub switches one for each VLAN VLAN 1 NVIA Fig 8 1 Port based VLAN The IEEE 802 1Q based ports on the switches support simultaneous tagged and untagged traffic An 802 1Q port is assigned a default port VLAN ID PVID and all untagged traffic is assumed to belong to the port default PVID Thus the ports par
68. a DHCP class to assign IP addresses use the follow ing command e e See no ip no ip dhcp use class use no ip dhcp use class Disables the Disables the DHCP server to use a DHCP class Disables the DHCP server to use a DHCP class to use a DHCP class Enables the DHCP server to use a DHCP class to ip dhcp use class Global assign IP addresses DHCP Class Creation To create a DHCP class use the following command e ee Creates a DHCP class and opens DHCP Class Con ip dhcp class CLASS figuration mode pal CLASS DHCP class name no ip dhcp class CLASS Deletes a created DHCP class Relay Agent Information Pattern To specify option 82 information for IP assignment use the following command ees e ee relay information remote id ip A B C D circuit id hex HEXSTRING index lt 0 65535 gt text STRING relay information remote id hex HEXSTRING circuit id hex HEXSTRING index lt 0 65535 gt text STRING Specifies option 82 information for IP assignment relay information remote id text STRING cir cuit id hex HEXSTRING index lt 0 65535 gt text STRING To delete specified option 82 information for IP assignment use the following command ana tem no relay information remote id ip A DCD cir cuit id hex HEXSTRING index lt 0 65535 gt text STRING no relay information remote id hex HEX STRING circuit id hex HEXSTRING index lt 0 65535 gt text STRIN
69. a receiver for the group To enable IGMP snooping S Query Report Agency use the following command e e re i igm snoopin s query H Igmp ping SS Global Enables IGMP snooping s query report agency report agency SMC7824M VSW Management Guide TigerAccess EE 9 2 3 6 SMC7824M VSW CLI To disable IGMP snooping S Query Report Agency use the following command e me See no ip igmp snooping s query Global Disables IGMP snooping s query report agency report agency Explicit Host Tracking Explicit host tracking is one of the important IGMP snooping features lt has the ability to build the explicit tracking database by collecting the host information via the membership reports sent by hosts This database is used for the immediate leave for IGMPv2 hosts the immediate block for IGMPv3 hosts and IGMP statistics collection To enable explicit host tracking use the following command es on igm snoopin explicit STE KR j Enables explicit host tracking globally ai Global ip igmp snooping vlan VLANS Enables explicit host tracking on a VLAN explicit tracking VLANS VLAN ID 1 4094 To disable explicit host tracking use the SE command no ip igmp snooping explicit EE RS y Disables explicit host tracking globally tracking Global ip id snooping vlan Disables explicit host eee on a VLAN VLANS id VLANS VLAN ID eee 4094 You can also restrict the number of hosts on a port for the switch performance
70. additional configurations In this switch you can configure some parameters such as CoS DSCP and queue for Bridge based CoS Marking To configure Bridge based CoS Marking use the following command e e See Marks 802 1p class of service for incoming packets through a port enter CoS value qos mark inbound port cos port PORTS lt 0 7 gt port cos port based user priority marking for untagged cos lt 0 packets 0 7 CoS value Marks DSCP field on incoming packets through a port qos mark inbound port dscp enter DSCP value port PORTS dscp lt 0 63 gt port dscp port based DSCP marking for IP packets 0 63 dscp value Marks a queue number on incoming packets through a qos mark inbound port queue port port PORTS queue lt 0 7 gt port queue default queue marking 0 7 queue number 186 SMC7824M VSW Management Guide TigerAccess EE i SMC7824M VSW CLI Port based user priority marking can be configured and applied to untagged packets only To delete Bridge based CoS Marking use the following command SSC no qos mark inbound port cos Deletes CoS marking configuration of port port PORTS Bridge no qos mark inbound port A a D Dates DCP marking conguaton ope DSCP Dates DCP marking conguaton ope configuration of port po no qos mark inbound o EEN Queue EEN configuration of port queue o PORTS To display Bridge based CoS Marking use the following command na me See show gos mark
71. address to forward ARP packets use the following command e me See Permits ARP packets of all IP addresses with all MAC addresses which have not learned before on ARP in permit ip any mac any host spection table or a specific MAC address MACADDR any ignores sender MAC address host sender host MACADDR sender MAC address permit ip host A B C D mac any ARP ACL Permits ARP packets from a specific host host MACADDR MACADDR MAC address permit ip range A B C D A B C D Permits ARP packets of a given range of IP addresses mac any A B C D start end IP address of sender vee Permits ARP packets of a sender IP network ad permit ip A B C D A mac any host MACADDR dresses A B C D A sender IP network address To delete the configured ranged of IP address to permit ARP packets use the following command a m See no permit ip any mac any host MACADDR Deletes a configured range of IP address to permit ARP packets no oe ip host A B C D mac any ignores sender MAC address oe host MACADDR ARP ACL host sender host MACADDR sender MAC address A B C D start end IP address of sender A B C D A sender IP network address no pl ip range A B C D A B pl D mac any no permit ip A B C D A mac aa aa host MACADDR By the following command the ARP access list also refers to a DHCP snooping binding table to permit the ARP packets for DHCP users This reference enables the system to permit ARP pack
72. allowing the system to save the system con figuration automatically This feature prevents unsaved system configuration lost by un expected system failure To allow the system to save the system configuration automatically use the following command e e Se Enables auto saving with a given interval write interval lt 10 1440 gt W ae Global 10 1440 auto saving interval unit minute no write interval write no write interval Disables auto saving System Configuration File To copy a system configuration file use the following command e me Se l Copies a running configuration file copy running config FILENAME l KS FILENAME configuration file name startup config o startup config startup configuration file i Copies a startup configuration file copy startup config FILENAME i i l FILENAME configuration file name Enable Copies a specified configuration file to the startup con copy FILENAME startup config figuration file FILENAME configuration file name Copies a specified configuration file to another configu copy FILENAME1 FILENAME2 ee ration file To back up a system configuration file using FTP or TFTP use the following command mm r on copy ftp tftp config upload Uploads a file to FTP or TFTP server with the name FILENAME startup config configured by user copy realan howl tftp config download Downloads a file from FTP or TFTP server with the realan hong startup config nam
73. an alarm for input voltage high Sets ADVA severity of an alarm for input voltage low To delete configured ADVA alarm severity use the following command ana tan ee no snmp alarm severity adva fan fail no snmp alarm severity adva if misconfig no snmp alarm severity adva if opt thres no snmp alarm severity adva if rcv fail Global Deletes configured ADVA alarm sever ity no snmp alarm severity adva voltage high no snmp alarm severity adva voltage low 146 SMC7824M VSW Management Guide CLI TigerAccess EE 7 1 9 6 ERP Alarm Severity To set severity of an alarm for ERP use the following command a ee snmp alarm severity erp Sets severity of an alarm for loss of test packet LOTP domain lotp critical major in ERP domain minor warning intermediate snmp alarm severity erp WW Sets severity of an alarm for multiple redundancy man domain multi rm critical major agers RM created minor warning intermediate snmp alarm severity erp Global domain reach fail critical ma Sets severity of an alarm for disconnection of ERP jor minor warning intermedi domain ate snmp alarm severity erp Sets severity of an alarm for loss of test packet LOTP domain ulotp critical major l in ERP port minor warning intermediate To delete configured severity of an alarm for ERP use the following command e me O no snmp alarm severity erp dom
74. and en hanced security To specify the maximum number of hosts on a port use the following command e e See ip igmp snooping explicit Specifies the maximum number of hosts on a port tracking max hosts port PORTS PORTS port number count lt 1 256 gt Global 1 256 maximum number of hosts default 256 no ip igmp snooping explicit D i Deletes the specified maximum number of hosts tracking max hosts port PORTS 363 CLI 364 9 2 3 7 Management Guide TigerAccess EE To display the explicit tracking information use the following command show ip igmp snooping explicit e BE i i Shows the explicit host tracking information globally tracking show ip igmp snooping explicit Shows the explicit host tracking information per VLAN tracking vlan VLANS VLANS VLAN ID 1 4094 show ip igmp snooping explicit Shows the explicit host tracking information per port tracking port PORTS PORTS port number show ip igmp snooping explicit Shows the explicit host tracking information per group tracking group A B C D A B C D multicast group address Explicit host tracking is enabled by default Multicast Router Port Configuration The multicast router port is the port which is directly connected to a multicast router A switch adds multicast router ports to the forwarding table to forward membership reports only to those ports Multicast router ports can be statically specified or dynamically learned by incoming IGMP
75. any TCP source destination port TCP FLAG TCP flag e g S SYN F FIN any any TCP flag Classifies MAC address SRC MAC ADDR source MAC address DST MAC ADDR destination MAC address SRC DST MAC ADDR M source destination MAC address with mask bit any any source destination MAC address ignore Classifies destination MAC addresses learned on MAC table Classifies destination MAC addresses not learned on MAC table SMC7824M VSW Management Guide CLI TigerAccess EE When specifying a source and destination IP address as a packet classifying pattern the destination IP address must be after the source IP address To specify a packet classifying pattern with various parameters DSCP CoS ToS IP precedence packet length Ethernet type IP header use the following command e e Se Classifies a DSCP value dscp lt 0 63 gt any 0 63 DSCP value any any DSCP ignore Classifies an 802 1p priority cos lt 0 7 gt any 0 7 802 1p priority value any any 802 1p priority value ignore Classifies all ToS field tos lt 0 255 gt any 0 255 ToS value any any ToS value ignore Classifies IP precedence ip precedence lt 0 7 gt any 0 7 IP precedence value any any IP precedence value ignore Classifies a packet length This can be used only in the extension mode 21 65535 IP packet length any any IP packet length ignore length lt 21 65535 gt any Classifies the Ethernet typ
76. assigned IP address offer IP address being ready to be assigned fixed manually assigned IP address free remaining IP address POOL pool name Deleting DHCP Lease Database To delete a DHCP lease database use the following command e e ee clear ip dhcp leasedb A B C D M Deletes a DHCP lease database a specified subnet clear ip dhcp leasedb pool Enable Deletes a DHCP lease database of a specified DHCP POOL Global pool clear ip dhcp leasedb all Deletes the entire DHCP lease database SMC7824M VSW Management Guide TigerAccess EE 8 6 4 8 6 4 1 SMC7824M VSW CLI DHCP Relay Agent A DHCP relay agent is any host that forwards DHCP packets between clients and servers The DHCP relay agents are used to forward DHCP requests and replies between clients and servers when they are not on the same physical subnet The DHCP relay agent for warding is distinct from the normal forwarding of an IP router where IP datagrams are switched between networks somewhat transparently By contrast DHCP relay agents receive DHCP messages and then generate a new DHCP message to send out on another interface The DHCP relay agent sets the gate way address and if configured adds the DHCP option 82 information in the packet and forwards it to the DHCP server The reply from the server is forwarded back to the client after removing the DHCP option 82 information DHCP Server RA Relay Agent 1 Relay Agent 2 SD L
77. authenticated every regular time However there are some cases of implementing re authentication immediately In the switch it is possible to implement re authentication immediately regardless of configured time interval e e See i Performs re authentication regardless of the configured dot1x reauthenticate PORTS Global time interval 63 CLI 64 4 5 3 4 5 4 4 5 5 4 5 6 Management Guide TigerAccess EE Initializing Authentication Status The user can initialize the entire configuration on the port Once the port is initialized the supplicants accessing to the port should be re authenticated e e See dot1x initialize PORTS Global Initializes the authentication status on the port Restoring Default Value To restore the default value of the 802 1x configuration use the following command dot1x default PORTS Global Restores the default value of the 802 1x configuration Displaying 802 1x Configuration To display 802 1x configuration use the following command DONT E IE pshowdottx Enable Shows 802 1x configuration on the system Global show dot1x PORTS Bridge Shows 802 1x configuration on the port 802 1x User Authentication Statistics It is possible for user to make reset state by showing and deleting the statistics of 802 1x user authentication To display the statistics about the process of 802 1x user authentication use the following command e mee Enable show dot1x
78. based on system is set to allow all packets for each port However the basic policy can be changed for user s requests After configuring basic policy of filtering for all packets use the following command on Bridge mode to show the configuration e e Soe mac filter default policy deny Brid Configures basic policy of MAC Filtering in specified ridge permit PORTS S port Enable show mac filter default policy Global Shows the basic policy Bridge SMC7824M VSW Management Guide TigerAccess EE 7 11 2 SMC7824M VSW CLI By default basic filtering policy provided by system is configured to permit all packets in each port Sample Configuration This is an example of blocking all packets in port 1 and port 3 SWTICH bridge mac filter default policy deny 1 3 SWTICH bridge show mac filter default policy PORT POLICY PORT POLICY E t Dee ee ce pr E 1 DENY 2 DENY 3 DENY 4 PERMIT 5 PERMIT 6 PERMIT 7 PERMIT 8 PERMIT 9 PERMIT 10 PERMIT 11 PERMIT 12 PERMIT 13 PERMIT 14 PERMIT 15 PERMIT 16 PERMIT 17 PERMIT 18 PERMIT 19 PERMIT 20 PERMIT 21 PERMIT 22 PERMIT 23 PERMIT 24 PERMIT 25 PERMIT 26 PERMIT 27 PERMIT 28 PERMIT 29 PERMIT 30 PERMIT 31 PERMIT 32 PERMIT 33 PERMIT SWITCH config Adding Policy of MAC Filter You can add the policy to block or to allow some packets of specific address after config uring the basic policy of MAC Filtering To add this policy use
79. clients configure Same as stan dard in 5 3 3 VDSL Checking Errors of VDSL Port each error is checked every 15 minutes and SNMP trap is sent when it meets configured threshold To configure an alarm config profile perform the following steps Step 1 To configure alarm config profile you need to enter into Alarm config Profile mode Use the following command CO m on Opens alarm config profile mode alarm config profile NAME Bridge NAME alarm config profile name The following is an example of entering into Alarm config Profile mode to configure alarm config profile named TEST SWITCH config terminal SWITCH config bridge SWITCH bridge alarm config profile TEST SWITCH bridge alarm config profile TEST Meanwhile use exit to exit from Alarm config Profile mode Step 2 Configures detail of Profile Use the following command e e See Configures duration of CRC LOF and LOS The unit is second thresh 15min ess lt 0 900 gt Configures threshold of duration of LOF The unit is thresh 15min lofs lt 0 900 gt d second Configures threshold of duration of LOL The unit is thresh 15min lols lt 0 900 gt second SMC7824M VSW Management Guide CLI TigerAccess EE e me See f Configures threshold of duration of LOS The unit is thresh 15min loss lt 0 900 gt d second Configures threshold of duration of SES The unit is thresh 15min sess lt 0 900 gt second
80. config syslog output priority locall info console SWITCH config show syslog System logger on running info local volatile info local non volatile notice remote 10 1 1 1 locall info console SWITCH config Facility Code You can set a facility code of the generated syslog message to send them remote syslog server This code make a syslog message distinguished from others so network adminis trator can handle various syslog messages efficiently Facility code is only used with sys log messages to send to remote syslog server To set a facility code use the following command a m See syslog local code lt 0 7 gt Sets a facility code Global Deletes a specified facility code no no syslog local code no syslog local code code The following is an example of configuring priority of all syslog messages which is trans mitted to remote host 10 1 1 1 as the facility code 0 SWITCH config syslog output err remote 10 1 1 1 SWITCH config syslog local code 0 SWITCH config show syslog System logger on running info local volatile info local non volatile err remote 10 1 1 1 local code 0 SWITCH config 165 CLI Management Guide TigerAccess EE 7 5 3 Syslog Bind Address You can specify an IP address to attach to the syslog message for its identity To specify the IP address to bind to a syslog message use the following command e e es syslog bind address A DCD DE Specifies
81. created SNMP view record NEE EEN VIEW view record name To display a created SNMP view record use the following command e e een Enable show snmp view Global Shows a created SNMP view record Bridge The following is an example of creating an SNMP view record SWITCH config snmp view TEST included 410 SWITCH config show snmp view View List ViewName Type SubTree Mask TEST included 410 SWITCH config Permission to Access SNMP View Record To grant an SNMP group to access to a specific SNMP view record use the following command e e re snmp access GROUP v1 v2c Grants an SNMP group to access a specific SNMP READ VIEW WRITE VIEW NO view record TIFY VIEW GROUP group name snmp access GROUP v3 no Global Grants an SNMP version 3 group to access a specific oba auth auth priv READ VIEW SNMP view record WRITE VIEW NOTIFY VIEW GROUP group name Deletes a granted SNMP group to access a specific no snmp access GROUP SNMP view record SMC7824M VSW Management Guide TigerAccess EE 7 1 8 1 A SMC7824M VSW CLI To display a granted SNMP group to access to a specific SNMP view record use the fol lowing command e e See Enable Shows a granted SNMP group to access to a specific show snmp access Global SNMP view record Bridge SNMP Version 3 User In SNMP version 3 you can register an SNMP agent as user If you register an SNMP version 3 user y
82. extract the IP subnet portion of the IP Source Address in the encapsu lated datagram Once it is known that a given frame carries an IP datagram belonging to a given subnet the switch can transmit the frame as needed within the confines of the subnet to which it belongs If a device with a given IP address moves within the VLAN aware network the boundaries of its IP subnet can automatically adjust to accommodate the station s ad dress VLAN 2 IP Subnet 192 168 20 0 VLAN 1 IP Subnet 192 168 10 0 VLAN 3 IP Subnet 192 168 30 0 Fig 8 2 Subnet based VLAN To configure subnet based VLAN use the following command Configures subnet based VLAN vlan subnet A B C D M VLANS Bridge VLANS VLAN ID 1 4094 To clear subnet based VLAN configuration use the following command ee e Se no vlan subnet 4 B C D M Clears configured VLAN based on subnet Tagged VLAN In a VLAN environment a frame s association with a given VLAN is soft the fact that a given frame exists on some physical cable does not imply its membership in any particu lar VLAN VLAN association is determined by a set of rules applied to the frames by VLAN aware stations and or switches SMC7824M VSW Management Guide TigerAccess EE 8 1 6 SMC7824M VSW CLI There are two methods for identifying the VLAN membership of a given frame e Parse the frame and apply the membership rules implicit tagging e Provide an explicit VLAN identifier with
83. fault It causes superfluous data transmission and network fault To prevent this the switch provides the loop detecting function The loop detecting mechanism is as follows The switch periodically sends the loop detecting packet to all the ports with a certain in terval and then if receiving the loop detecting packet sent before the switch performs a pre defined behavior To enable disable the loop detection globally use the following command e e See loop detect enable disable Enables disables the loop detection globally i For the detailed configuration of the loop detection you need to issuing the loop detect enable command first If you do not all the commands concerning the loop detection will show an error message To enable disable the loop detection on a specified port use the following command een ra Som loop detect PORTS Enables the loop detection on a specified port Bridge no no loop detect PORTS no loop detect PORTS Disables the loop detection on a specified port To define the behavior on a specified port when a loop is occurred use the following command e a Se Enables the blocking option This configures a speci loop detect PORT block fied port to automatically change its state to BLOCKED when a loop is detected on it default disable Forces the state of a blocked port to change to NOR loop detect PORT unblock MAL Bridge Sets the interval of changing the state of a bloc
84. first one are suppressed to avoid increasing the unneces sary traffic For an IGMP querier it is sufficient to know that there is at least one inter ested member for a group on the network segment When a host is not interested in receiving the multicast traffic for a particular group any more it can explicitly leave the group by sending leave group messages Upon receiving a leave message a querier then sends out a group specific query message to determine if there is still any host interested in receiving the traffic If there is no reply the querier stops forwarding the multicast traffic 351 CLI Management Guide TigerAccess EE 9 1 2 1 IGMP Static Join When there are no more group members on a network segment or a host cannot report its group membership using IGMP multicast traffic is no longer transmitted to the network segment However you may want to pull down multicast traffic to a network segment to reduce the time from when an IGMP join request is made to when the requested stream begins arriving at a host which is called the zapping time The IGMP static join feature has been developed to reduce the zapping time by statically creating a virtual host that behaves like a real on a port even if there is no group member in the group where the port belongs As a result a multicast router realizes there is still group member allowing multicast traffic to be permanently reachable on the group To configure the IGMP static
85. group list use the following command mm ra rem show ip igmp static group Shows the IGMP static join group list Enable 1 99 IP standard access list Global 1300 1999 IP standard access list expanded Bridge WORD access list name VLANS VLAN ID 1 4094 show ip igmp static group list lt 1 99 gt lt 1300 1999 gt WORD vlan VLAN If you do not specify the reporter option the IP address configured on the VLAN is used as the source address of the membership report by default If no IP address is configured on the VLAN 0 0 0 0 is then used This feature only supports an IGMPv2 host it does not support IGMPv3 host IGMP Version 3 IGMP version 3 provides support for the source filtering which is to receive multicast traf fic for a group from specific source addresses or from except specific source addresses allowing the Source Specific Multicast SSM model The source filtering is implemented by the major revision of the membership report IGMPv3 membership reports contain two types of the record current state and state change Each record specifies the information of the filter mode and source list The re port can contain multiple group records allowing reporting of full current state using fewer packets The switch runs IGMPv3 by default and there are no additional IGMPv3 parameters you need to configure IGMPv3 snooping features are provided IGMPv3 Messages There are two types of IGMPv3 messages of c
86. gt 0 20 response value default 2 To set a validation value of timeout for the responses from an IP address for a requested ping or ARP use the following command e e See Sets a validation value of timeout for the responses in ip dhcp arp ping timeout lt 100 5000 gt Global the unit of millisecond 100 5000 timeout value default 500 SMC7824M VSW Management Guide TigerAccess EE 8 6 1 13 8 6 1 14 SMC7824M VSW CLI Authorized ARP The authorized ARP is to limit the lease of IP addresses to authorized users This feature enables a DHCP server to add ARP entries only for the IP addresses currently in lease referring to a DHCP lease table discarding ARP responses from unauthorized users e g an illegal use of a static IP address When this feature is running dynamic ARP learning on an interface will be disabled since DHCP is the only authorized component currently allowed to add ARP entries The authorized ARP is enabled only in a DHCP server To limit the lease of IP addresses to authorized users use the following command e me ees ip dhcp authorized arp start Discards an ARP response from unauthorized user lt 120 2147483637 gt timeout lt 120 start starting time default 3600 sec 2147483637 gt timeout expire time Global ip dhcp authorized arp lt 120 Discards an ARP response from unauthorized user 2147483637 gt 120 2147483637 expire time no ip dhcp authorized arp Dis
87. has access to FTP server as a client use the following command e n mn no no ftp bind address no ftp bind address ftp bind address A B C D Specifies an IP address to bind it to be the ftp client lobal Deletes a specified IP address as the ftp client Please be careful that the FTP bind address is also applied to TFTP server s bind address System Threshold You can configure the system with various kinds of the system threshold such as CPU load traffic temperature etc Using this threshold the switch generates syslog mes sages sends SNMP traps or performs a relevant procedure CPU Load To set the threshold of CPU load use the following command e e een Sets the threshold of CPU load in the unit of percent threshold cpu lt 21 100 gt 5 60 600 lt 20 100 gt 5 60 600 Global 21 100 CPU load high default 50 20 100 CPU load low 5 60 600 time interval Second no threshold cpu Deletes the configured threshold of CPU load SMC7824M VSW Management Guide TigerAccess EE 6 1 13 2 6 1 13 3 SMC7824M VSW CLI To show the configured threshold of CPU load use the following command e e See show epuload show epuload Enable Shows the configured threshold of CPU load the Shows the configured threshold of CPU load threshold of CPU load Global Shows the CPU usage every 5 seconds during current show cpu trueload Bridge 10 minutes P
88. in Interface configuration mode of Switch and enable interface using no shutdown command In order to enter into Interface configuration mode you should enter into Interface configuration mode of VLAN to register as a switch group for stacking The following is an example of configuring Interface of switch group as 1 SWITCH A configure terminal SWITCH A config interface 1 SWITCH A interface ip address 192 168 10 1 16 SWITCH A interface no shutdown SWITCH A interface If there are several switches rest of them are managed by IP address of Master switch Therefore you don t need to configure IP address in Slave switch SMC7824M VSW Management Guide TigerAccess EE SMC7824M VSW CLI Step 2 Configure Switch A as Master switch Configure VLAN to belong in the same switch group and after registering Slave switch configure it as a Master switch lt Switch A Master Switch gt SWITCH A config stack master SWITCH A config stack device default SWITCH A config stack add 00 d0 cb 22 00 11 Step 3 Configure VLAN in order to belong to the same switch group in Switch B registered in Master switch as Slave switch and configure as a Slave switch lt Switch B Slave Switch gt SWITCH B config stack slave SWITCH B config stack device default Step 4 Check the configuration The information you can check in Master switch and Slave switch is different as below lt Switch A Master Swit
89. is newly connected to root packet cannot be transmitted between the ports because state of two switches becomes listening and no loop is created In this state if root transmits BPDU to SWITCH A SWITCH A transmits new BPDU to SWITCH A and SWITCH C switch C transmits new BPDU to SWITCH D SWITCH D which received BPDU from SWITCH C makes port connected to SWITCH C Blocking state to prevent loop after new link 263 CLI Management Guide TigerAccess EE ROOT 1 New link created Switch A E bg _ 2 Transmit BPDU Be NS at listening state Switch C 3 Block to prevent loop BPDU Flow Switch D Switch B Fig 8 17 Network Convergence of 802 1d This is very epochal way of preventing a loop The matter is that communication is dis connected during two times of BPDU Forward delay till a port connected to switch D and SWITCH C is blocked Then right after the connection it is possible to transmit BPDU al though packet cannot be transmitted between switch A and root ROOT 1 New link created por Switch A p Eug _ 2 Negotiate between Switch A and ROOT Traffic Blocking Switch B Switch C 8 Switch D Fig 8 18 Network Convergence of 802 1w 1 SWITCH A negotiates with root through BPDU To make link between SWITCH A and root port state of non edge designated port of SWITCH is changed to blocking Although SWITCH A is connected to root loop
90. l Configures threshold of duration of UAS The unit is thresh 15min uass lt 0 900 gt a second i If the threshold is configured as 0 it means no limit and the default of threshold is no limit The following is an example of configuring threshold of profile named TEST as 5 minutes 300 seconds thresh 15min ess 300 thresh 15min lofs 300 thresh 15min lols 300 SWITCH bridge alarm config profile TEST SWITCH bridge alarm config profile TEST thresh 15min loss 300 ye bridge alarm config profile TEST SWITCH bridge alarm config profile TEST SWITCH bridge alarm config profile TEST thresh 15min sess 300 SWITCH bridge alarm config profile TEST thresh 15min uass 300 bridge alarm config profile TEST To confirm the configuration use the following command e e See show Ire alarm config profile Shows the configuration of alarm config Enable Global Bridge PORTS profiles The following is an example of confirming the above configuration SWITCH bridge alarm config profile TEST show running config omitted alarm config profile TEST thresh 15min lofs 300 thresh 15min loss 300 thresh 15min lols 300 thresh 15min ess 300 omitted SWITCH bridge alarm config profile TEST Step 3 Enables configurations Unless you do it they will not be applied to ports To enable or disable configuration of Profile use the following com
91. limit the bandwidth for non critical applications such as FTP file transfers so that other applications have a greater amount of bandwidth available to them Effective use of resources An effective use of network resources can support guaranteed bandwidth to a few critical applications to ensure reliable application performance QoS ensures that the most im portant and critical traffic is transmitted immediately without starvation Customized service QoS helps the internet service providers provide differentiated services for their custom ers of the network It allocates guaranteed bandwidth to more important applications that produce real time traffic such as voice video and audio Traffic Prioritization As you deploly QoS it guarantees bandwidth and reduces delay time to ensure the appli cations can transmit the packets properly by handling the traffic with higher priority than regular traffic SMC7824M VSW Management Guide TigerAccess EE 7 6 1 SMC7824M VSW CLI How to Operate QoS QoS operation is briefly described as below Incoming packets are classified by configured conditions and then processed by meter ing packet counter and rate limiting on specific policer After marking and remarking ac tion the switch transmits those classified and processed packets via a given scheduling algorithm Fig 7 1 shows the simple procedure of QoS operation Outgoing Incoming Packets Packets Ho Packet p
92. of second default 3600 lease time max lt 120 2147483637 gt no lease time default max Deletes specified IP lease time SMC7824M VSW 305 CLI 306 8 6 1 6 8 6 1 7 Management Guide TigerAccess EE The following is an example of setting default and maximum IP lease time SWITCH config service dhcp SWI SWI SWI SWI SWI SWI SWI TCH contigo ip TCH config dhcp dhcp pool sample config dhcp TCH config dhcp TCH config dhcp TCH config dhcp TCH TCH config dhcp DNS Server sam sam sam sam sam D o 2 oe O D 0 D sample network 100 1 1 0 24 default router 100 1 1 254 range 100 1 1 1 100 1 1 100 lease time default 5000 lease time max 10000 To specify a DNS server to inform DHCP clients use the following command e Y ees dns server A DC Di A B C D2 4 B C D8 no dns server A B C D1 A B C D2 4 B C D8 no dns server all Specifies a DNS server Up to 8 DNS servers are pos sible A B C D DNS server IP address DHCP Pool Deletes a specified DNS server Deletes all the specified DNS servers The following is an example of specifying a DNS server SWI SWI SWI SWI SWI SWI SWI SWI SWI TCH config ip TCH config dhep TCH config dhep TCH config dhcp TCH config dhcp TCH config dhep TCH config dhcep TCH config dhcp sa
93. option82 is enabled This allows an enhanced security and efficient ID assignment in the Layer 2 environment with a DHCP option82 field If DHCP snooping is enabled in the system of switch DHCP packets includes DHCP op tion82 field by default To enable disable the switch enabled by DHCP snooping to insert or remove DHCP op tion82 field use the following command e me en ip dhcp snooping information Enables the switch to insert DHCP option 82 field in option forwarded DHCP packets to the DHCP server Global no ip dhcp snooping informa Disables the switch not to insert DHCP option 82 field tion option in forwarded DHCP packets to the DHCP server DHCP Snooping Option DHCP snooping switch may receive DHCP messages Discover Request with various different options from clients which cause DHCP server hard to manage client s inform tion in the perspective of data consistency That s why this function is necessay The switch operating DHCP snooping can modify or attach an option field of the DHCP messages Discover Request with a defined snooping option and can forward them to DHCP server The snooping option can be applied on a port basis or on entire ports Be fore using this function a global DHCP option format should be created For details of setting the DHCP option format refer to the 8 6 5 DHCP Option To set a DHCP snooping option for a specifc port use the following command na e See Specifies a snoopin
94. password Note that you must use the command line based interface FTP client software when up grading the switch If you use the graphic based interface FTP client software the system cannot recognize the upgraded software Step 2 Set the file transfer mode to the binary mode using the following command n See bin FTP Sets the file transfer mode to the binary mode Step 3 Enable to print out the hash marks as transferring a file using the following command mana on eeh FTP Prints out the hash marks as transferring a file Step 4 Uploads the new system software using the following command e m See Uploads the system software put FILENAME os1 os2 FILENAME system software file name os1 os2 the area where the system software is stored 379 CLI 380 A Management Guide TigerAccess EE Step 5 Exit the FTP client using the following command e e een bye FTP Exits the FTP client To reflect the downloaded system software the system must restart using the reload command For more information see Section 4 1 10 1 The following is an example of upgrading the system software of the switch using the FTP provided by Microsoft Windows XP in the remote place Microsoft Windows XP Version 5 1 2600 C Copyright 1985 2001 Microsoft Corp C gt ftp 10 27 41 91 Connected to 10 27 41 91 220 FTP Server 1 2 4 FTPD User 10 27 41 91 none admin 331 Password required fo
95. port use the following command show port statistics avg pkt Shows the traffic statistics of the average packet for a PORTS specified Ethernet port show port statistics avg pps Shows the traffic statistics per packet type for a speci PORTS fied Ethernet port Enable Ke show port statistics interface Global Shows the interface MIB counters of a specified oba PORTS Ethernet port Bridge show port statistics rmon Shows the RMON MIB counters of a specified Ethernet PORTS port show port statistics media Shows the traffic statics per media adaptor unit of CO adaptor PORTS VDSL port The following is the sample output of the show port statistics avg pkt command with the Ethernet port 25 SWITCH config show port statistics avg pkt 25 Slot Port TX Rx Time pkts s bytes s bits s pkts s bytes s bits s DOGG 2 o Se ee a eee 5 sec 2 186 1 488 11 1106 8 848 1 min 0 60 480 3 148 1 872 10 min 0 6 48 1 15 1 184 SWITCH config To delete all collected statistics for an Ethernet port use the following command e e Se clear port statistics PORTS all Deletes all collected statistics for an Ethernet port 71 CLI 9 2 7 2 12 Management Guide TigerAccess EE CPU Statistics To display the statistics of the traffic handled by CPU use the following command ee a ee show cpu statistics avg pkt PORTS Shows the statistics of the traffic handled by CPU per
96. port priority 7 PATH 2 port priority 8 PATH 1 lt PATH 2 PATH 1 is chosen Fig 8 13 Port Priority Port States Each port on a switch can be in one of five states el Dea jy BPDUs or timeout indicate Forwarding timer Potential become active expired BPDUs r port should not be active BPDUs indicate port me should not be active sf Learning b N indicate port EIN umer expired should not be active Forwarding Ja Disabled o Fig 8 14 Port State e Blocking a port that is enabled but that is neither a Designated port nor a Root port will be in the blocking state A blocking port will not receive or forward data frames nor will it transmit BPDUs but instead it will listen for other s BPDUs to determine if and when the port should consider becoming active in the spanning tree e Listening the port is still not forwarding data traffic but is listening to BPDUs in order to compute the spanning tree The port is comparing its own information path cost Bridge Identifier Port Identifier with information received from other candidates and deciding which is best suited for inclusion in the spanning tree SMC7824M VSW 261 CLI Management Guide TigerAccess EE e Learning the port is preparing to forward data traffic The port waits for a period of time to build its MAC address table before actually forwarding data traffic This time is the forwarding delay e Forwardin
97. priority for specified VLAN priority Path cost After deciding Root switch you need to decide to which route you will forward the packet To do this the standard is path cost Generally path cost depends on transmission speed of LAN interface in switch In case the route is overload based on Path cost it is better to take another route By considering the situation the user can configure Path cost of Root port in order to des ignate the route on ones own To configure the path cost value for specified vlan in PVSTP use the following command eene See Configures path cost to configure route spanning tree vlan VLANS port PORTS cost on user s own lt 1 200000000 gt i VLANS VLAN ID 1 4094 PORTS port number no spanning tree vlan VLANS port PORTS cost Deleted a configured path cost SMC7824M VSW Management Guide CLI TigerAccess EE 8 3 8 4 Port Priority When all conditions of two routes of switch are same the last standard to decide a route is port priority You can configure port priority and select a route manually To configure a port priority for specified VLAN use the following command en rs rem Configures the port priority of specific VLAN spanning tree vlan VLANS port Wee VLANS VLAN ID 1 4094 PORTS port priority lt 0 240 gt ees 0 240 port priority in increments of 16 default 128 no spanning tree vlan VLANS Deleted the configuration port priority of specifiec port PORTS port priori
98. protocol STP Ethernet ring protection ERP etc notify switches in the topology using a topology change notification TCN When TCN is received the switch where an IGMP snooping is running will flood multicast traffic to all ports in a VLAN since a network topology change in a VLAN may invalidate previously learned IGMP snooping information However this flooding behavior is not de sirable if the switch has many ports that are subscribed to different groups The traffic could exceed the capacity of the link between the switch and the end host resulting in packet loss Thus a period of multicast flooding needs to be controlled to solve such a problem Enabling TCN Multicast Flooding To enable the switch to flood multicast traffic when TCN is received use the following command e e Se S i Enables the switch to flood multicast traffic when TCN ip igmp snooping tcn flood is received Global Enables the switch to flood multicast traffic on a VLAN ip igmp snooping tcn vlan VLANS flood when TCN is received VLANS VLAN ID 1 4094 To disable the switch to flood multicast traffic when TCN is received use the following command e Se no ip no ip igmp snooping ten flood _ snooping tcn no ip igmp snooping ten flood _ Disables the switch to flood multicast traffic when TCN no ip igmp snooping ten vlan Global VLANS flood is received TCN Flooding Suppression When TCN is received the switc
99. queries and PIM hello packets Static Multicast Router Port You can statically configure Layer 2 port as the multicast router port which is directly con nected to a multicast router allowing a static connection to a multicast router To specify a multicast router port use the following command e a O Specifies a multicast router port globally PORTS port number ip igmp snooping mrouter port PORTS cpu Global cpu CPU port ip igmp snooping vlan VLANS Specifies a multicast router port on a VLAN mrouter port PORTS cpu VLANS VLAN ID 1 4094 To delete a specified multicast router port use the following command e me See no ip igmp snooping mrouter port PORTS cpu no ip Lomp snooping vlan Global Deletes a specified multicast router port VLANS mrouter port PORTS cpu SMC7824M VSW Management Guide TigerAccess EE SMC7824M VSW CLI Multicast Router Port Learning Multicast router ports are added to the forwarding table for every Layer 2 multicast entry The switch dynamically learns those ports through snooping on PIM hello packets To enable the switch to learn multicast router ports through PIM hello packets use the fol lowing command e e See ip igmp snooping mrouter learn Enables to learn multicast router ports through PIM pim hello packets globally Global Enables to learn multicast router ports through PIM hello packets on a VLAN VLANS VLAN ID 1 4094 ip igmp s
100. reflected into the switch To apply the configuration to the system use the following command II wee ton apply MST config Apllies the configuration of the region to the system After deleting the configured configuration ID apply it to the system using the above command To display the current and edited configuration on MSTP Configuation mode use the fol lowing command A the current configuration as it is used to run MSTP MSTP show pending show pending Shows the edited configuration of MSTP the edited Shows the edited configuration of MSTP of MSTP Shows all configurations of MSTP For example after setting the configuration ID if you apply it to the switch with the apply command you can check the configuration ID with the show current command However if the user did not use the apply command to apply the configurations to the switch the configuration could be checked with the show pending command 275 CLI 276 8 3 7 5 8 3 7 6 Management Guide TigerAccess EE Enabling MSTP configuration To enable disable a MSTP daemon by applying MSTP configurations to the system use the following command a a Se spanning tree mst Enables MSTP function on the system Bridge no spanning tree mst Disables MSTP function on the system Displaying Configuration To display the configuration of MSTP use the following command e a See show spanning tree mst lt 1 64 gt
101. registered instead of IP address user can do telnet FTP TFTP and ping command to the hosts on the domain with domain name To search domain name use the following command IC rs rem Global It is possible to delete DNS server and domain name at the same time with the below command Re A Weg Global Deletes DNS server and domain name SMC7824M VSW Management Guide TigerAccess EE 6 1 9 6 1 10 6 1 11 SMC7824M VSW CLI Fan Operation For the switch it is possible to control fan operation To control fan operation use the fol lowing command ze e See fan operation on off Global Configures fan operation It is possible to configure to start and stop fan operation according to the system tempera ture To configure this see Section 6 1 13 3 To display fan status and the temperature for fan operation use the following command e e en Enable Shows the fan status and the temperature for the fan show status fan Global operation Bridge Disabling Daemon Operation You can disable the daemon operation unnecessarily occupying CPU To disable certain daemon operation use the following command e me See halt PID Disables the daemon operation You can display the PID of each running processs with the show process command SWITCH show process USER PID SCPU SMEM VSZ RSS TTY STAT START TIME COMMAND admin 1 Ir 0 2 1448 592 Y S Feb23 0 05 init
102. route database Bridge table database Interface Description Enable Shows configured routing information To specify a description on an interface use the following command e me O description DESCRIPTION Specifies a description on an interface Interface Deletes a specified description The following is the example of specifying a description on the interface 1 SWITCH config interface 1 SWITCH config if description sample description SWITCH config if show interface 1 Interface default Hardware is Ethernet address is 00d0 cb00 0d83 Description sample description index 43 metric 1 mtu 1500 lt UP BROADCAST RUNNING MULTICAST gt VRF Binding Not bound Bandwidth 100m 53 CLI Management Guide TigerAccess EE inet 10 27 41 91 24 broadcast 10 27 41 255 input packets 3208070 bytes 198412141 dropped 203750 multicast packets 0 input errors 12 length 0 overrun 0 CRC 0 frame 0 fifo 12 missed O output packets 11444 bytes 4192789 dropped 0 output errors 0 aborted 0 carrier 0 fifo 0 heartbeat 0 window 0 collisions O SWITCH config 4 3 5 Displaying Interface To display an interface status and configuration use the following command e ma See Enable Global Shows an interface status and configuration Bridge INTERFACE interface name show interface INTERFACE Interface Enable show ip interface INTERFACE Global Shows brief information of interface oba bri
103. send SNMP trap when a port NODE is disconnected from network Configures the system to send SNMP trap when mem snmp trap mem threshold ory usage exceeds or falls below the threshold Configures the system to send SNMP trap when CPU snmp trap cpu threshold load exceeds or falls below the threshold Configures the system to send SNMP trap when the snmp trap port threshold port traffic exceeds or falls below the threshold Configures the system to send SNMP trap when sys snmp trap temp threshold tem temperature exceeds or falls below the threshold Configures the system to send SNMP trap when no snmp trap dhcp lease more IP address is left in the DHCP pool Configures the system to send SNMP trap when the snmp trap fan l fan begins to operate or stops Configures the system to send SNMP trap when there snmp trap module is any problem in module Configures the system to send SNMP trap when the snmp trap pps control number of packets per second exceeds or falls below the PPS threshold 7 1 8 4 Disabling SNMP Trap To disable the SNMP trap use the following command OO eom rem no snmp trap auth fail no snmp no snmp trap cold start no snmp trap cold start Global Disables each SNMP trap no snmp trap link up no snmp trap link up PORTS NODE no snmp trap link up PORTS NODE no snmp trap link no snmp trap link down PORTS NODE PORTS no snmp trap link down PORTS NODE SMC7824M VSW 141
104. show ip dhcp pool POOL Enable Shows a DHCP pool configuration show ip dhcp pool summary Global Shows a summary of a DHCP pool configuration POOL Bridge POOL pool name The following is an example of displaying a DHCP pool configuration SWITCH config show ip dhcp pool summary Total 1 Pools Total 0 0 00 of total Available 0 0 00 of total Abandon 0 0 00 of total Bound 0 0 00 of total Offered 0 0 00 of total Fixed 0 0 00 of total sample Total 0 0 00 of the pool 0 00 of total Available 0 0 00 of the pool 0 00 of total Abandon 0 0 00 of the pool 0 00 of total Bound 0 0 00 of the pool 0 00 of total Offered 0 0 00 of the pool 0 00 of total Fixed 0 0 00 of the pool 0 00 of total SWITCH config DHCP Address Allocation with Option 82 The DHCP server provided by the switch can assign dynamic IP addresses based on DHCP option 82 information sent by the DHCP relay agent The information sent via DHCP option 82 will be used to identify which port the DHCP REQUEST came in on The feature introduces a new DHCP class capability which is a method to group DHCP clients based on some shared characteristics other than the subnet in which the clients reside The DHCP class can be configured with op tion 82 information and a range of IP addresses 311 CLI 312 8 6 2 1 8 6 2 2 8 6 2 3 Management Guide TigerAccess EE DHCP Class Capability To enable the DHCP server to use
105. state priority H show spanning tree vlan VLANS Shows a summary of a specific vlan id summary totals totals the total lines of PVSTP SMC7824M VSW 279 CLI 280 8 3 9 Management Guide TigerAccess EE Root Guard The standard STP does not allow the administrator to enforce the position of the root bridge as any bridge in the network with lower bridge ID will take the role of the root bridge Root guard feature is designed to provide a way to enforce the root bridge place ment in the network Even if the administrator sets the root bridge priority to zero in an ef fort to secure the root bridge position there is still no guarantee against bridge with prior ity zero and a lower MAC address Service provider Customer Switch A y Switch B Root Guard Configuration Root Switch Fig 8 26 Root Guard Software based bridge applications launched on PCs or other switches connected by a customer to a service provider network can be elected as root switches If the priority of bridge B is zero or any value lower than that of the root bridge device B will be elected as a root bridge for this VLAN As a result network topology could be changed This may lead to sub optimal switching But by configuring root guard on switch A no switches be hind the port connecting to switch A can be elected as a root for the service provider s switch network In which case switch A will block the port connecting switch B To confi
106. statistical data use the following command e See Specifies a data object ID data source NAME RMON NAME enters a data object ID ex ifindex n1 port1 Subject of RMON History To identify a subject using RMON history use the following command mana on Identifies subject using relevant data enter the name owner NAME RMON max 32 characters Number of Sample Data To configure the number of sample data of RMON history use the following command e e een Defines a bucket count for the interval enter the num requested buckets lt 1 65535 gt ber of buckets 1 65535 bucket number default 50 SMC7824M VSW Management Guide TigerAccess EE 7 4 1 4 7 4 1 5 7 4 1 6 7 4 1 7 SMC7824M VSW CLI Interval of Sample Inquiry To configure the interval of sample inquiry in terms of second use the following command a ee Defines the time interval for the history in seconds interval lt 1 3600 gt RMON enter the value default 1800 1 sec is the minimum time which can be selected But the minimum sampling interval currently is 30 sec i e all intervals will be round up to a multiple of 30 seconds Activating RMON History To activate RMON history use the following command Command Mode Description Before activating RMON history check if your configuration is correct After RMON history is activated you cannot change its configuration If you need to change configura
107. statistics PORTS Global Bridge Shows the statistics of 802 1x user authentication on the port To make reset state by deleting the statistics of 802 1x user authentication use the fol lowing command e me See ae Makes reset state by deleting the statistics of 802 1x dot1x clear statistics PORTS Global on the port SMC7824M VSW Management Guide CLI TigerAccess EE 4 5 7 Sample Configuration The following is the example of configuring the port 25 with the port based authentication specifying the information of RADIUS server SWTI SWTI SWTICH config SWTICH SWTICH 802 1x authentication is enabled RADIUS Server TimeOut 1 S RADIUS Server Retries 3 CH dotlx system auth control CH config dotlx nas port 25 dotl1x port control force authorized 25 dotlx radius server host 10 1 1 1 auth port 1812 key test config show dotlx RADIUS Server 10 1 1 1 Auth key test 802 1x 112345678901 234567 0901234567890123 POPECE MAGS leia dd Sear Did saa oy jag Wide CS VOR ER D EEN EE HN E Te le E EE p port based m mac based a authenticated u unauthenticated SWITCH config The following is the example of setting the interval of requesting reauthentication to 1000 sec and the interval of reauthentication to 1800 sec SWTICH config dotlx timeout quiet period 1000 25 SWTICH dotlx timeout reauth period 1800 25 SWTICH config dotlx reauth enable 25 SWTICH config
108. system y n 45 CLI 46 4 1 10 2 Auto System Rebooting Management Guide TigerAccess EE The switch reboots the system according to user s configuration There are two basis for system rebooting These are CPU and memory CPU is rebooted in case CPU Load or In terrupt Load continues for the configured time Memory is automatically rebooted in case memory low occurs as the configured times To enable the auto system rebooting use the following command e me ees Configures the system to restart automatically in case auto reset cpu lt 50 100 gt lt 1 100 gt TIME auto reset memory lt 1 120 gt lt 1 10 gt no auto reset cpu memory an average of CPU or interrupt load exceeds the con figured value during the user defined time 50 100 average of CPU load 1 100 average of interrupt load Configures the system to restart automatically in case memory low occurs as the configured value 1 120 time of memory low 1 10 count of memory low Disables auto system rebooting To display a current configured auto system rebooting use the following command e e re show auto reset cpu Enable Global show auto reset memory Bridge Shows a current configured auto system rebooting by CPU Shows a current configured auto system rebooting by system memory SMC7824M VSW Management Guide TigerAccess EE 4 2 4 2 1 4 2 2 4 2 3 SMC7824M VSW CLI System Authentication
109. than one constellation encoder Each encoder receives a set of bits that are encoded using a constellation en coder as described in the previous sections In this basis DMT is referred as multi carrier In DMT modulation frequency channel is named frequency bins bins tone DMT tones and sub channel Fig 5 2 shows process of DMT modulation 19 CLI 76 9 3 2 Management Guide TigerAccess EE lt Encoder 1 gt Bin O 1 Bin2 es O gt gt o bit input lt Encoder 3 gt Bin3 Frequency 3 Fig 5 2 DMT Modulation Meanwhile DMT using multi carrier can control carrier about exterior noise differently came from each frequency in detail whereas chip implementation is more complicated than QAM and power consumption is quite high Also it is possible to process many digi tal signals Although its fundamental is complicated processing speed is faster than QAM Configuring VDSL Port You can configure profile interleave of VDSL port This chapter describes the following lists e Displaying Status of VDSL Port e Enabling VDSL Port e Profile of VDSL Port e Controlling Power according to Connection Distance e PSD Level e PSD Mask Level e Interleave e Impulse Noise Protection e Trellis Coded Modulation TCM e Ham band e SNR Margin e Bitloading Per Tone e G handshake Tone SMC7824M VSW Management Guide TigerAccess EE 9 3 2 1 9 3 2 2 A SMC7824M VSW CLI D
110. the IP address to bind to a syslog message oba no syslog bind address Deletes a specified IP address 7 5 4 Debug Message for Remote Terminal To display a syslog debug message to a remote terminal use the following command ee os terminal monitor Enables the terminal monitor function Enable Disables the terminal monitor function 7 5 5 Disabling Syslog To disable the syslog use the following command e e See D The syslog is basically enabled in the system 7 5 6 Displaying Syslog Message To display the received syslog message in the system memory use the following com mand e e een Shows the received syslog messages show syslog local volatile volatile removes the syslog messages after restart non volatile NUMBER non volatile reserves the syslog messages NUMBER shows the last N syslog messages Enable show syslog local volatile Shows the received syslog messages in the reverse Global non volatile reverse order Bridge show syslog volatile non Shows the usage of the area where the received sys volatile information log messages are stored clear syslog local volatile non l Removes the received syslog messages volatile 166 SMC7824M VSW Management Guide CLI TigerAccess EE The following is the sample output of displaying received syslog messages SWITCH show syslog local non volatile 25 Aug 28 03 33 24 system Power A is Fault Aug 28 03 33 35 sys
111. the following command in Bridge Configuration mode e me ees mac filter add MAC ADDRESS Allows or blocks packet which brings a specified MAC deny permit lt 1 4094 gt address to specified port PORTS To show a configuration about MAC filter policy use the following command n en Enable show mac filter Global Shows MAC filter policy Bridge 211 CLI 212 7 11 3 7 11 4 Management Guide TigerAccess EE Sample Configuration The latest policy is recorded as number 1 The following is an example of permitting MAC address 00 02 a5 74 9b 17 and 00 01 a7 70 01 d2 and showing table of filter policy SWITCH bridge mac filter add 00 02 a5 74 9b 17 permit SWITCH bridge mac filter add 00 01 a7 70 01 d2 permit SWITCH bridge show mac filter ID MAC ACTION 1 00 01 a7 70 01 dq2 PERMIT 2 00 02 a5 74 9b 17 PERMIT SWITCH bridge The following is an example of displaying one configuration SWITCH bridge show mac filter 1 ID MAC ACTION L Et Steen er E El PERMIT SWITCH bridge Deleting MAC Filter Policy To delete MAC filtering policy use the following command e me See mac filter del SOURCE MAC a e Bridge Deletes filtering policy for specified MAC address ADDRESS To delete MAC filtering function use the following command e e re no mac filter Deletes all MAC filtering functions Listing of MAC Filter Policy
112. the location of other switches connected to LAN though received BPDU and transmit packets Since it takes certain time to receive BPDU and find the loca tion before transmitting packet switches send packet at regular interval This interval time is named forward delay The configuration for BPDU is applied as selected in force version The same commands are used for STP RSTP MSTP and PVSTP SMC7824M VSW Management Guide TigerAccess EE 8 3 12 1 8 3 12 2 SMC7824M VSW CLI Hello Time Hello time decides an interval time when a switch transmits BPDU To configure hello time use the following command n See Configures hello time to transmit the message in MSTP 1 10 the hello time default 2 sec spanning tree mst hello time lt 1 10 gt Configures hello time to transmit the message in spanning tree vlan VLANS hello PVSTP per VLAN time lt 1 10 gt 1 10 the hello time default 2 sec VLANS VLAN ID 1 4094 To delete a configured hello time use the AAA R command Returns to the E hello time value of STP RSTP no spanning tree mst hello time and MSTP Bridge no pl vlan VLANS Returns to the atumeto deal me ene hello time value of PVSTP pl Forward Delay Time It is possible to configure forward delay which means time to take port status from listen ing to forwarding To configure forward delay use the following command nn e eos spanning tree mst forward time Sets the forward
113. the network infrastructure The point of implementing multicast is how to deliver source traffic to specific destinations without any burden on the sources or receivers using the minimized network bandwidth The solution is to create a group of hosts with addressing the group and to let the net work determine how to replicate the source traffic to the receivers The traffic will then be addressed to the multicast address and replicated to the multiple receivers by network devices Standard multicast protocols such as IGMP provide most of these capabilities IP multicast features on the switch consist of the group membership management Layer 2 multicast forwarding which allows network administrators to successfully achieve the effective and flexible multicast deployment Fig 9 1 shows an example of the IP multicast network In this case the switch is config ured only with IGMP snooping L2 multicast forwarding feature in the Layer 2 network Layer 2 Network Layer 3 Network et PPP P Hoe eeererereererereerereseeressererereeneneseeneseeseseeees CC jr ebe RR en e Re Rees seen es Ree e eso sees Re ss es e IGMP Join Leave PIM Join Prune message d message Po e D KR e e fr ed enee eg e e e e e e em er Multicast Server IGMP Snooping PIM SM Fig 9 1 IGMP Snooping in the L2 network SMC7824M VSW Management Guide TigerAccess EE 9 1 9 1 1 SMC7824M VSW CLI Multicast Group Membership The most impo
114. this process the receiving device normally sends a PAUSE frame to the sending device when its buffer is full The sending device then stops sending data for a while This is particularly important where the sending device is capable of sending data much faster than the receiving device can receive it To enable the flow control on an Ethernet port use the following command e e een port flow control PORTS on oe Enables the flow control on a specified port enter a ridge off E port number default off The following is an example of enabling the flow control on the Ethernet port 25 SWITCH bridge show port 25 NO TYPE END STATUS MODE FLOWCTRL INSTALLED ADMIN OPER ADMIN OPER 25 Ethernet 2 Up Up Auto Full 1000 Off Off Y SWITCH bridge port flow control 25 on SWITCH bridge show port 25 NO TYPE PVID STATUS MODE FLOWCTRL INSTALLED ADMIN OPER ADMIN OPER 25 Ethernet 2 Up Up Auto Full 1000 Y SWITCH bridge Port Description To specify a description of an Ethernet port use the following command e ees port description PORTS Specifies a description of an Ethernet port maximum DESCRIPTION Bridge number of characters is 100 no port description PORTS Deletes a specified description of an Ethernet port SMC7824M VSW Management Guide TigerAccess EE 9 2 7 9 2 7 1 SMC7824M VSW CLI Traffic Statistics Packet Statistics To display the traffic statistics of an Ethernet
115. to agents The following is how to configure SNMP e SNMP Community e Information of SNMP Agent e SNMP Com2sec e SNMP Group e SNMP View Record e Permission to Access SNMP View Record e SNMP Version 3 User e SNMP Trap e SNMP Alarm e Displaying SNMP Configuration e Disabling SNMP SNMP Community Only an authorized person can access SNMP agent by configuring SNMP community with a community name and additional information To configure SNMP community to allow an authorized person to access use the following command e e re snmp community ro rw Creates SNMP community COMMUNITY A B C D OID COMMUNITY community name Global no snmp community ro rw Deletes created community COMMUNITY You can configure up to 3 SNMP communities for each read only and read write 135 CLI 136 7 1 2 Management Guide TigerAccess EE To display configured SNMP community use the following command a Y mn Enable show snmp community Global Shows created SNMP community Bridge The following is an example of creating 2 SNMP communities SWITCH config snmp community ro public SWITCH config snmp community rw private SWITCH config show snmp community Community List Type Community Source OID ro public rw private SWITCH config Information of SNMP Agent You can specify the basic information of SNMP agent as administrator location and ad dress that confirm its
116. using OAM func unforced forceA forceB Bridge i ion PORTS oam remote system interval lt 0 255 gt PORTS oam remote system mode master slave PORTS oam remote system reset PORTS 7 2 5 Displaying OAM Configuration To display OAM configuration use the following command rowo Shows remote OAM variable 0 255 branch number 0 255 leaf number show oam remote variable lt 0 255 gt lt 0 255 gt PORTS Shows remote OAM specific variable 0 255 branch number 0 255 leaf number 0 4 instance number show oam remote variable spe cific lt 0 255 gt lt 0 255 gt lt 0 4 gt PORTS The following is an example of enabling OAM loopback via port 2 of the switch and per forming remote loopback SWITCH bridge oam local admin enable 2 SWITCH bridge oam remote loopback enable 2 SWITCH bridge show oam local 2 LOCAL PORT 2 item value admin ENABLE mode ACTIVE mux action FORWARD par action DISCARD variable UNSUPPORT SMC7824M VSW 151 CLI 152 Management Guide TigerAccess EE link event UNSUPPORT loopback SUPPORT disable uni direction UNSUPPORT disable SWITCH bridge show oam remote 2 REMOTE PORT 2 item value mode ACTIVE MAC address 00 qd0 cb 27 00 94 variable UNSUPPORT link event UNSUPPORT loopback SUPPORT enable uni direction UNSUPPORT SWITCH bridge oam remote loopback start 2 PORT 2 The remote DTE loopback is success SWITCH bridge 7
117. without any modification code lt 1 254 gt policy lt keep Global l Ge replace deletes the DHCP messages option and adds replace j the snooping default option if both of them are same However if they are different each other replace op tion just adds the snooping default option no ip dhcp snooping default Removes the DHCP snooping default option for a option code lt 1 254 gt given port DHCP User Class ID The switch can send the packets based on the policy or value of DHCP user class ID in the DHCP message sent by the client The user class ID on DHCP option 77 field identi fies the type of client sending the DHCP Discover Request message If switch receives DHCP message from a client it forwards the same packet to the server with keep policy of DHCP option 77 Otherwise it adds user class ID to the packet on the configured port and forwards it to the server when the packet has no user class ID and the policy of DHCP option 77 is replace DHCP server can use DHCP option 77 field to specify IP addresses of a particular pool based on user class ID of DHCP client To use DHCP option 77 fucntion DHCP snooping must be enabled in the system of switch In case DHCP snooping is disabled in the system the configured DHCP option 77 is automatically deleted To configure a user class id of DHCP option 77 on a specified port use the following command e e een ip dhcp snooping user class id Global Configures DHCP user cl
118. 0 EMC System Memory Information To display a system memory status use the following command e e See show memory show memory Enable Shows system memory information Shows system memory information memory information show memory dhcp imi lib Global Shows system memory information with a specific nsm Bridge option Running Process The switch provides a function that shows information of the running processes The in formation with this command can be very useful to manage the switch To display information of the running processes use the following command a Y en show process Shows information of the running processes The following is an example of displaying information of the running processes SWITCH show process USER PID SCPU SMEM VSZ Roo ELY STAT START TIME COMMAND admin 1 E 0 2 1448 S92 F S 20712 0105 LATE 3 admin 2 Oi 30 0 0 0 O S 20 12 0 00 keventd admin a Diech 0170 0 ar E SN 20 12 0 00 ksoftirqd CPUG admin 4 0 0 540 0 D 2 S 20 12 0 00 kswapd admin 5 0 0 0 0 O EE Ze S 20 12 0 00 bdflush admin 6 0 0 0 0 0 Os 2 S 20 12 0 00 kupdated admin 7 Oj 0 ER 0 O S 20 12 0 00 mtdblockd admin 8 0 0 0 0 0 0 2 SW lt 20 12 0 00 bcmDPC admin 9 1 4 0 0 0 0O SW lt 20 12 0 29 bcmCNTR O0 admin ER 1 4 0 0 0 O SW lt 20 212 0229 BOmeNTR 1 admin t7 0 0 0 70 0 Ok E SWN 20212 HESE LCE ged meda admin 149 0 0 0 3 1784 FIG 2 S Jan01 0 00 sbin syslog
119. 1 130 Instance 3 VLAN 131 140 Region Name test Revision 1 Router Fig 8 28 Management Guide TigerAccess EE MST Region 2 Instance 1 VLAN 170 Instance 2 VLAN 180 190 Instance 3 VLAN 191 195 Region Name test Revision 2 MST Region 3 Instance 4 VLAN 150 160 Instance 5 VLAN 161 165 Lee eon Name sample Sa sion 5 MST Region 4 Region Name test Revision 1 VLAN 101 200 Example of Layer 2 Network Design in MSTP Environment The following is an example of configuring MSTP in the switch SWI SWI SWI SWI SWI SWI SWI SWI SWI TCH bridge spanning tree TCH bridge spanning tree mode mst TCH bridge spanning tree mst configuration TCH Gonfig mst TCH TCH conti g mst TCH contig mst TCH config mst config mst instance 2 vlan 1 50 name test revision 1 apply exit TCH bridge show spanning tree mst configuration name revision instance vlans test 51 4094 LeU SWITCH bridge SMC7824M VSW Management Guide TigerAccess EE 8 4 8 4 1 SMC7824M VSW CLI Ethernet Ring Protection ERP The ERP is a protection protocol for Ethernet ring topology to prevent Loop from a link failure or recovery It is designed to minimize the time for removing Loop within 50 milli seconds while there is an enormous amount of traffic flow in Metro Ethe
120. 1 8 DNS oe nae en are aes 116 SE H ARQ CV AO EE 117 6 1 10 Disabling Daemon Operation 117 GEN WR GN e EE 117 6 1 12 FTP Client Address E 118 6 1 13 System elen ee DEE 118 ida GPU Lodi ideal 118 ORIS 2 PON Tramo ias 119 SEN KE FARO DCR EE 119 6 1 13 4 System Temperature 120 EE AN 120 6 1 13 6 SFP Module optional uplink oort cc ceeccceseeeeeeeeeeeeseeeeeeeseeeeeeseeeeesaees 121 6 2 Configuration Management 123 6 2 1 Displaying System Confguraton 123 6 2 2 Writing System Configuration ccccoonncncocccnnoconnnnccnnncnnonononnononnononnncnnononons 123 p29 A e egret eee eee ee 124 6 2 4 System Configuration Eie 124 6 2 5 Restoring Default Contguraton 125 6 3 System Management 126 6 3 1 Network Connect as 126 632 IPICMP S0 rce Routing sisi llano 128 69 3 Macing Fackel ROUE EE 129 6 3 4 Displaying User Connecting to System oocccooncnncccccnconoconcononcnnononcnnnnnanonos 130 OSS MAC Ta an a E E Meee ee 131 6 360 TRUANING TIME Of Syste ii ii 131 6 027 System JEE zsa a laa eceaste 131 6 3 8 System Memory Information cccccconnnnccconcnnononcnncnnnnnnonononnononnnnconanennnnanens 132 6 39 RUNNING Gi ee 132 6 3 10 Displaying System Mage inicio cd 133 6 3 11 Displaying Installed Oz 133 6 0 12 Default eege 133 oo ern E ltda daa 133 6 3 14 Tech Support Information nannannnannnennnnnnnsennnennnnnrnnnrnnnrrnrrnrnrrnnrrserrene 134 6 3 15 System Boot formator DEE 134 7 Network ManagQeme nt
121. 10 3 11 5 1 9 2 9 3 9 4 9 0 9 6 9 9 8 5 9 6 1 6 2 6 3 6 4 7 1 7 2 7 3 8 1 8 2 8 3 Management Guide TigerAccess EE OVERVIEW of Ena alista 19 Command Notation of Guide Book 20 Main Command of Privileged EXEC View Mode occoocccccoccccccccncoccnccocononono 26 Main Command of Privileged EXEC Enable Mode oananeennnennnnnnennnnnnnnnn 26 Main Command of Global Configuration Mode occccoccccccccnccccnnccncnonononononos 27 Main Command of Bridge Configuration Mode occccoccncccccnccccncccncnccononononos 28 Main Command of DHCP Pool Configuration Mode ccococccccccncccccncccccncnnoo 28 Main Command of DHCP Option Configuration Mode 29 Main Command of DHCP Option 82 Configuration Mode 29 Main Command of Interface Configuration Mode ooccconccconcccocnconnncconcnnnnos 30 The Commands of Rule Configuration Mode 30 Main Command of RMON Configuration Mode ccoocccoccccocnncocccocnncncncnnnnss 31 Command Abbreviation ccccccccccsecccceeeeeeeceeseeceeseeeeseeeeeseeeeseueesseeeesaeeeeas 35 Information displayed by Command SNOW Ire 17 ROME OF V DSL PON iio oca 78 Option Dand 0l VDSL POM SE 79 Value Of e ET Le d DEE 81 The frequency of PSD Level per band 83 The Value of PSD Mask Level ricos dd 84 Bandwidth of Ham band Frequency occcccoccncccnccnnccnnccnconononnononcnncnnnencononennnnnos 88 Sub commands in Bitloading Per TON cccoccccccccncccccnconcncconononononononon
122. 115788 4 07 1008 CONFIG 4194304 663552 3530752 Total SITAS 136 27986802 9761934 SWITCH reload Do you want to save the system configuration y nly Do you want to reload the system y nly Broadcast message from admin ttyp0 Fri Aug 18 15 15 41 2006 0000 The system is going down for reboot NOW 10 2 Boot Mode Upgrade In case that you cannot upgrade the system software with the general upgrade procedure you can upgrade it with the boot mode upgrade procedure Before the boot mode up grade please keep in mind the following restrictions e A terminal must be connected to the system via the console interface To open the N boot mode you should press lt S gt key when the boot logo is shown up e The boot mode upgrade supports TFTP only You must set up TFTP server before upgrading the system software in the boot mode e n the boot mode the only interface you can use is MGMT interface So the system must be connected to the network via the MGMT interface e All you configures in the boot mode is limited to the boot mode only To upgrade the system software in the boot mode perform the following step by step in struction Step 1 To open the boot mode press lt S gt key when the boot logo is shown up KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK Ka Ka Boot Loader Version 5 43 S KR SMC networks Inc S Ka Ka kk kk kk kk kk kk Ek kk kk kk kk kk kk kk Ek kk kk kk kk kk kk kk Ek kk kk kk Press s ke
123. 2 2 vlan pvid 3 3 SWITCH bridge vlan pvid 4 4 show vlan u untagged port t tagged port Name VID FID 123456789012345678901234567890123 default IN 1 u uuuuuuuuuuuuuuuuuuuuuuuuuuuuu br2 2 St Lat ons secs eeh Sena Sains a Sans Sans Sans bes PES 3 A EK br4 4 4 O SWITCH bridge Sample Configuration 2 Deleting Port based VLAN The following is deleting br3 among configured VLAN SWITCH bridge vlan del br3 3 SWITCH bridge exit SWITCH config interface br3 SWITCH interface shutdown SWITCH interface exit SWITCH config bridge SWITCH bridge no vlan br3 SWITCH bridge show vlan u untagged port t tagged port Name VID FID 123456789012345678901234567890123 default 1 1 u UUUUUUUuuuuuuuuuuuuuuuuuuuuuu DEZA 2 2 DAA A P EI eee daeeecs br4 4 4 lio o ata a o bb a Das SWITCH bridge Sample Configuration 3 Configuring Protocol based VLAN The following is an example of configuring protocol based VLAN on the port 2 and port 4 247 CLI 248 Management Guide TigerAccess EE 0x800 packet among 0x900 packet among the packets entering the packets entering to to Port 2 Port 4 SWITCH bridge vlan pvid 2 ethertype 0x800 5 SWITCH bridge vlan pvid 4 ethertype 0x900 6 SWITCH bridge show vlan protocol Ethertype VID 123456789012345678901234567890123 0x0800 AR 0x0900 O D SWITCH bridge
124. 2 forwarding table for the destination address Multicast addresses never appear as source addresses therefore the switch cannot dynamically learn multi cast addresses This multicast flooding causes unnecessary bandwidth usage and dis carding unwanted frames on those nodes which did not want to receive the multicast transmission To avoid such flooding IGMP snooping feature has been developed The purpose of IGMP snooping is to constrain the flooding of multicast traffic at Layer 2 IGMP snooping as implied by the name allows a switch to snoop the IGMP transaction between hosts and routers and maintains the multicast forwarding table which contains the information acquired by the snooping When the switch receives a join request from a host for a particular multicast group the switch then adds a port number connected to the host and a destination multicast group to the forwarding table entry when the switch re ceives a leave message from a host it removes the entry from the table By maintaining this multicast forwarding table the switch dynamically forward multicast traffic only to those interfaces that want to receive it as nominal unicast forwarding does Multicast Packet 2 Forward the multicast traffic to the port on which the join message is received Multicast Router 1 Request the multicast traffic Fig 9 2 IGMP Snooping SMC7824M VSW Management Guide TigerAccess EE 9 2 2 1 9 2 2 2 SMC7824M
125. 20 6 1 13 4 6 1 13 5 Management Guide TigerAccess EE When you set the threshold of fan operation START TEMP must be higher than STOP TEMP To show the configured threshold of fan operation use the following command e e ee Shows the status and configured thresh show status fan Enable Global Bridge old of fan operation System Temperature To set the threshold of system temperature use the following command Command Mode Description Sets the threshold of system temperature in the unit of threshold temp lt 40 100 gt centigrade C SE 40 100 system temperature default 80 no threshold temp Deletes a configured threshold of system temperature To show the configured threshold of system temperature use the following command nn e ets Enable Shows the status and configured threshold of system show status temp Global i i emperature Bridge P System Memory To set the threshold of system memory in use use the following command e me Se Sets the threshold of system memory in the unit of threshold memory lt 20 100 gt percent Global 20 100 system memory in use no threshold memory Deletes the configured threshold of system memory SMC7824M VSW Management Guide TigerAccess EE 6 1 13 6 SMC7824M VSW CLI SFP Module optional uplink port The system module will operate depending on monitoring type of temperaturem RX TX power voltage or Txb
126. 25 gt 1 25 maximum response time default 10 seconds ip igmp snooping vlan VLANS Global e e i f Specifies a maximum query response time querier max response time lt 1 dE VLANS VLAN ID 1 4094 gt To delete a specified maximum query response time use the following command e Y See no ip igmp snooping querier max response time no ip igmp snooping vlan Global Deletes a specified maximum query response time VLANS querier max response time Displaying IGMP Snooping Querier Information To display IGMP querier information and configured parameters use the following com mand e e re Enable show ip igmp snooping vlan ae Shows IGMP querier information and configured pa oba VLANS querier detail rameters Bridge IGMP Snooping Last Member Query Interval Upon receiving a leave message a switch with IGMP snooping then sends out a group specific IGMPv2 or group source specific query IGMPv3 message to determine if there is still any host interested in receiving the traffic If there is no reply the switch stops forwarding the multicast traffic However IGMP messages may get lost for various rea sons SO you can specify an interval to send query messages To specify an interval to send group specific or group source specific query messages use the following command e e re bn Specifies a last member query interval ip igmp snooping last member i 100 10000 last member query interval query
127. 3 00 24 GCOMPALDINITY WIT COZ LEE 266 38 393 MOT Operation scent ovo el is eee eee ee ee 266 o OR EE 267 8 3 4 Enabling STP Function Required oocccccoooccncoconcnnconononononcnnononcnnnonanonoos 268 8 3 5 Configuring MSTP PVSTP Mode ooccccccocccccccoccnccoccocccnoconcnnonononnoncnncnnanons 269 6 9 6 STP Basic CONMNGQUPATON ci id 269 EE Ralmecost Metu ii 269 O 270 8309 BRO ans MU leie COMME a 271 o A Led E 271 89300 CLINI VG seat te tae ee Ee 212 9 3 0 0 Displaying COM qUe 272 93 7 e et ellene MO EE 273 o ele e EE 273 RA A 273 o ES POROY seian a Podesta cadacs Powis uatseraamrasnts 274 0 314 MST REGION EE 274 6 3 7 0 Enabling dE Ge ele Ee TE 276 8 3 7 6 Displaying Configuration ccccccceecceeeeeeeeeseeeeeeeeeeeeaeeeeesaeeeesaeeeesaneeesaees 276 9 90 COMMGUMIN GP VS TR ii iaa 277 Soo Enab PYS TE tdi do 217 8382 RI e seca te eee ae aie tt eee es 278 o o nn a 278 9994 ROTTEN Nando ii 279 Sc Displaying CONT UA ION as 279 839 O A SEET 280 8 3 10 Restarting Protocol Mioraton 281 90 39 11 LOOP Back Detection isena o ee 281 8 0212 BPDOU COMNGUATION ri 282 A E e TNO EE 283 A BA E E E 283 E NK MIKAGE aa ante a a e aE a Pate 284 83124 BRDU Hop COIN o O a daa 284 99129 DROW RINGING EE 285 8 3120 DEDICA eee es ce ee ee ae a 285 8 39 19 Sample Configura ON secas ld 287 8 4 Ethernet Ring Protection ERD 289 SAT ERP Mechanis Msc let de 289 84 2 Loss of Test Packet LOTP EE 293
128. 36 8 6 10 8 6 10 1 8 6 10 2 Management Guide TigerAccess EE DHCP Filtering DHCP Packet Filtering For the switch it is possible to block the specific client with MAC address If the MAC ad dress blocked by administrator requests an IP address the server does not assign IP ad dress This function can provide the security of DHCP server Not to assign IP address for specific client of a port use the following command ze e Se ip dhcp filter port PORTS Sua Configures a port in order not to assign IP address oba no ip dhcp filter port PORTS Disables DHCP packet filtering Not to assign IP address for specific client with a specific MAC address use the following command e mee Blocks a MAC address in case of requesting IP ad ip dhcp filter address MAC d ress Global MAC ADDR client s MAC address no ip dhcp filter address l o Disables DHCP MAC filtering MAC ADDR DHCP Server Packet Filtering ADDR Dynamic Host Configuration Protocol DHCP makes DHCP server assign IP address to DHCP clients automatically and manage the IP address Most ISP operators provide the service as such a way At this time if a DHCP client connects with the equipment that can be the other DHCP server such as Internet access gateway router communication failure might be occurred DHCP filtering helps to operate DHCP service by blocking DHCP request which enters through subscriber s port and goes out into uplink po
129. 64 MSTP instance ID number Shows information of MSTP instance for specified port 1 64 MSTP instance ID number Shows information of the region configuration digest MD5 digest included in the current MSTCI Shows a summary of a specific MSTP instance totals the total lines of MSTP SMC7824M VSW Management Guide TigerAccess EE 8 3 8 8 3 8 1 SMC7824M VSW CLI Configuring PVSTP STP and RSPT are designed with one VLAN in the network If a port becomes blocking state the physical port itself is blocked But PVSTP Per VLAN Spanning Tree Protocol and PVRSTP Per VLAN Rapid Spanning Tree Protocol maintains spanning tree in stance for each VLAN in the network Because PVSTP treats each VLAN as a separate network it has the ability to load balance traffic by forwarding some VLANs on one trunk and other VLANs PVRSTP provides the same functionality as PVSTP with enhancement VLAN 3 NN VLAN 1 Yo Switch A witch D Switch Z VLAN 2 Switch C Fig 8 25 Example of PVSTP To configure PVSTP use the following steps Step 1 Enable STP function using the spanning tree command Step 2 Decide PVSTP mode using the spanning tree mode rapid pvst command Step 3 Enable PVSTP function using the spanning tree vlan VLANS command Step 4 Configure detail options if specific commands are required Enabling PVSTP To enable PVSTP function use the following command e e O Activates PVSTP
130. 7824M VSW CLI Configuring Interface The Layer 2 switches only see the MAC address in an incoming packet to determine where the packet needs to come from to and which ports should receive the packet The Layer 2 switches do not need IP addresses to transmit packets However if you want to access to the switch from a remote place with TCP IP through SNMP or telnet it requires an IP address You can enable the interface to communicate with another network device on the network by assigning an IP address as follows e Enabling Interface e Assigning IP Address to Network Interface e Static Route and Default Gateway e Interface Description e Displaying Interface Enabling Interface To assign an IP address to an interface you need to enable the interface first If the inter face is not enabled you cannot access it from a remote place even though an IP address has been assigned To configure an interface you need to open nterface Configuration mode first To open Interface Configuration mode use the following command n See Global Opens Interface Configuration mode to configure a interface NTERFACE ae Interface specified interface To enable disable an interface use the following command IC EC O Interface To enable disable an interface in Global Configaration mode use the following command na me ees interface noshutdown NTER Enables an interface FACE Global interface shutdown NTERFACE Disable
131. 8 1100 default 4 1108 2000 default 5 2008 3000 default 6 3008 3750 default d 3758 4500 default 8 4508 5200 default 9 5208 7000 default 10 7008 8500 60 0 SMC7824M VSW 83 CLI 84 9 3 2 6 9 3 2 7 Management Guide TigerAccess EE ET 8508 12000 default 12 12008 16700 default d 16708 17600 default 14 17608 18100 default 15 18108 30000 default SWITCH bridge PSD Mask Level To configure PSD Level use the following command eg e See Ire PORTS psd mask level 01 1 2 3 4 5 6 Brid Configures PSD Mask Level in VDSL ridge 7 8 9 10 11 12 13 143 S line PSD Level is basically configured as Default a ECG icons O maen O ens Jo ens sons n O so secas O oa ni er e l a Oo e f mme CI meer nex Tab 5 6 The Value of PSD Mask Level If you configure PSD MASK Level of VDSL line it is applied to all ports Interleave There is Interleave process to correct data error before modulation digital signal into ana log signal Interleave gathers certain size of data re organize the gathered data and transmit the data divided by certain size In the below image you can see disperse errors by re organizing gathered data through Interleave By the way Interleave prevents error by enhanced correction but may slow down transmit rate because packets are gathered Therefore you need to consider user s condition to configure mode On the other hand if you skip Int
132. 8 1 4 Subnet based VAN 238 91o Tagged VELAN A a ee aes 238 BAO VEAN DESCHPUON siora eege aa 239 GEN E NEAN ee En e EE 240 8 1 8 Displaying VLAN Information ooonncnccconcncococcnnconocononononnnnnnnnnconanoncononons 240 Silo IMD 241 8 1 9 1 Double Tagging COperaton ae aa a E a a 242 8 1 9 2 Double Tagging Configuration ccoconcccccoccncononcnononnnnononononnnnnnononenonnnrincnnens 242 Ge TRIDSGOMMGUIAU ON cities catia Ee 243 SMO ay Cl 2 SO ON EE 243 E WR EN WE a WLAN wt ae ce ea ee 244 Sra VEAN TASA bee ee ey i near eo ne eet ee 246 6 1 12 Sample Contigua Mt nien ineei a a aa E E E 246 O2 EINK AO GlSC AMA nea ita 251 002 1 Geleet H ln EE 251 8 2 1 1 Configuring Port nu 251 822 IDISADING MH OF Ne Te 252 8 2 1 3 Displaying gl OF Gi RE 252 8 2 2 Link Aggregation Control Protocol LACH 252 9221 EE ee te Meier 253 0 222 Operation lee 254 A EIERE edd 254 G2 24 Manual AOS Da acti iel ee a A aera eee 254 8 2 2 5 BPDU Transmission E 255 922 0 e elle tational KEY ua a aes 255 0224 PORC PONY Aere 256 8 2 2 8 Displaying LACH Configuration cccccccccseeeeeceeeeeeaeeeeecaeeeeeeeeeeesaeeeeesaaees 256 11 CLI Management Guide TigerAccess EE 6 3 Spanning Tree Protocol STP BE 257 Sec SCHEIER ee a eeh 258 02 HE EE eg de EE 262 8321 A a a a aie aie a iS Gees 262 A IBRD e EE 263 8 3 2 3 Rapid Network Convergence oocccccoccccccoococonoconononcononnnnonononononnnnnnnnnnrnnonaninnnas 26
133. A A ASE www smc asia comS VsStAlI BHEL C INTERNET E mail address techsupport smc com Driver updates http www smc com index cfm action tech_support_drivers_downloads World Wide Web http www smc com 20 Mason Irvine CA 92618 Phn 949 679 8000 e www smc com
134. A the number of packets matching the rule in counter octet packet Policer octet unit or packet unit Disables a packet counter function a Disables a packet counter function counter function The switch cannot display how many packets are actually dropped by rule configuration However you better know the number of packets that are dropped by rule configuration even if these packets are attackable or unnecessary for the packet management To solve this problem switch adds the feature that transmits the dropped packets to null port and monitors them These packets on null port are eventually eliminated from the network To count a number of dropped packets use the following command gr eme A Sends the dropped packets to Null port for the packet action match redirect blackhole Policer i counter To reset a collected policy counter use the following command e mae Enable clear policy counter NAME all Global Resets a collected policy counter Bridge To display the number of packets on each rule use the following command e me show class statistics class statistics Enable Shows a collected class counter Shows a collected class counter collected class counter Ee show policer statistics statistics Global Shows a collected policer counter a collected Shows a collected policer counter counter show policy statistics show policy statistics statistics Shows a collected
135. AN NAMBE clear ip dhcp authorized arp invalid ip dhcp leasedb A B C D M clear ip dhcp leasedb all clear Omitted SMC7824M VSW 41 CLI 42 Management Guide TigerAccess EE The commands starting with the same character are applied by inputting only the starting commands For example if you input show all the commands starting with show are applied To delete a configured security level use the following command E Deletes all configured security lev no privilege i els no privilege view level lt 0 15 gt COMMAND all no privilege enable level lt 0 15 gt COMMAND all no privilege configure level lt 0 15 gt COM MAND all no privilege interface level lt 0 15 gt COMMAND all no privilege flow policer policy level lt 0 15 gt COMMAND all no privilege bridge level lt 0 15 gt COMMAND all no privilege rmon alarm level lt 0 15 gt COM Global Delete a configured security level on MAND all each mode no privilege rmon event level lt 0 15 gt COM MAND all no privilege rmon history level lt 0 15 gt COM MAND all no privilege dhcp pool level lt 0 15 gt COM MAND all no privilege dhcp pool class level lt 0 15 gt COMMAND all no privilege dhcp option82 level lt 0 15 gt COMMAND all no privilege dhcp class level lt 0 15 gt COM MAND all To display a configured security level use the following command show priv
136. Access List 7 12 3 2 Enabling ARP Inspection Filtering 7 12 3 3 ARP Address Validation 7 12 3 4 ARP Inspection on Trust Port 7 12 3 5 ARP Inspection Log buffer 7 12 3 6 Displaying ARP Inspection 7 12 4 Gratuitous ARP 7 12 5 Proxy ARP 7 13 ICMP Message Control 7 13 1 Blocking Echo Reply Message 7 13 2 Interval for Transmit ICMP Message 7 14 TCP Flag Control 7 14 1 RST Configuration 7 14 2 SYN Configuration 7 15 Packet Dump 7 15 1 Packet Dump by Protocol 7 15 2 Packet Dump with Option 7 15 3 Debug Packet Dump 7 16 sFlow Monitoring Management Guide TigerAccess EE SMC7824M VSW Management Guide TigerAccess EE SMC7824M VSW CLI 716 1 SFIOW SERVICE EE 230 Pi VO PROCITE ele 230 ent E Enabling Sr IOW ON FON AR 231 7 16 4 Maximum IP Header Gre 231 CAOS OIM e EE 231 eh Sample EE 231 1 16 7 Configuring Receiver E 232 IGT RECO ID ee EE 232 7 16 7 2 Collect IP address and port 232 LAGT Maximum Datagram SiZe cc 232 7 16 7 4 Owner Name of sFlow Hecenver 232 LAOTI MMS AN AAA AR 233 116 9 Receiver INdox to ciales 233 1210 9 E EE e Le e 233 8 System Main Functions oooccoccccncccnccnnccanccanccancnnncancnancnancnnncancnanenans 234 8 1 Virtual Local Area Network VAN 234 Ole Gel e Ee VEAN carac 235 Stbl Creating VLAN WE 236 SEZ SD SCI VIG EVID eener ee eg 236 Solio ASSIGNING PORTO VELAN EE 236 SA Deleting EAN EEN 236 01 2 e te ee E En VLAN dc ip ee 231 Galo MAC Dased VIANA ias 237
137. BAND NO To confirm disabled Ham band use the following command es e ses show Ire ham band PORTS Enable Global Bridge Shows disabled Ham band You can configure plural Ham bands up to thirteen bands For example if you input band band2 band3 in order then three Ham bands 87 CLI Management Guide TigerAccess EE The following table shows bandwidth of Ham band frequency tenet mmm mme e mee emeng e me mer SSC mere band20 28 000 29 100 ETSI 28 000 29 700 ANNEX F ETSI T1E1 Tab 5 7 Bandwidth of Ham band Frequency The following is an example of disabling Ham band 1 and Ham band 3 of VDSL port 1 and 2 SWITCH bridge lre 1 2 ham band bandl band SWITCH bridge show lre ham band 1 4 Port Status HAM Band ADM OPR 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 1 HescPeser HI oth E LA Ek EG kr dd do 2 Up Down 11 131 1 1 4 4 E F t DeFa It 3 o Downe A Ab EZ ALR EE RE O e E cal O OS 4 UpyPown oth tt Wh fe ot Wh dk FE oth E kk bd SWITCH bridge 5 3 2 11 SNR Margin In digital and analog communication SNR Signal to Noise Ratio ratio of signal divided by noise When the signal strength is referred as Vs and the noise strength is referred as Vn the formula can be SNR dB 20 log10 Vs Vn When the signal strength is same 88 SMC7824M VSW Management Guide TigerAccess EE SMC7824M VSW CLI with or less than the noise strength stable communication cann
138. CH bridge show port 25 NO TYPE PY LD STATUS MODE FLOWCTRL INSTALLED ADMIN OPER ADMIN OPER 23 Ethernet 2 Up Up Auto Pul1 10 OTE OEL Y SWITCH bridge Duplex Mode Ethernet operates in either half duplex or full duplex mode In full duplex mode frames travel in both directions simultaneously over two channels on the same connection for an aggregate bandwidth of twice that of half duplex mode Full duplex networks are very effi cient since data can be sent and received simultaneously To set the duplex mode on an Ethernet port use the following command e e een Sets full duplex or half duplex mode on a specified port duplex PORTS full half port enter a port number The following is an example of setting the duplex mode on the Ethernet port 25 to half duplex mode SWITCH bridge show port 25 NO ICE PVID STATUS MODE FLOWCTRL INSTALLED ADMIN OPER ADMIN OPER 25 Ethernet 2 Up Up Aut FullJ1000 Off Off Y SWITCH bridge port duplex 25 half SWITCH bridge show port 25 NO TYPE PVID STATUS MODE FLOWCTRL INSTALLED ADMIN OPER ADMIN OPER 25 Ethernet 2 Up Up Autd Half f1000 off Off y SWITCH bridge 69 CLI 70 9 2 9 9 2 6 Management Guide TigerAccess EE Flow Control In Ethernet networking the flow control is the process of adjusting the flow of data from one network device to another to ensure that the receiving device can handle all of the in coming data For
139. CH load ftp 172 16 232 1 Connected to 172 16 232 1 220 FTP Server ready Name 172 16 232 1 root anonymous 331 Password required for anonymous Password anonymous da san com 230 User ga logged in Remote system type is UNIX Using binary mode to transfer files Step 2 Store system image file as CPE of this switch by using the following command e e Se get FILENAME Ftp Stores system image file as CPE of this switch To download as binary mode input bin command and input hash command to download as hash mark The following exemple shows how to store CPE file ftp gt bin 200 Type set to I ftp gt hash Hash mark printing on 1024 bytes hash mark ftp gt get cpe local cpe remote cpe 200 PORT command successful 150 Opening BINARY mode data connection for cpe 464228 bytes FERIA E E E E H H H H HHH TEE HEE EE E EE HOE E E E E E E E E dd TE TE TE TE TE TE TE TE dt TE FE TE TE TE FE FE FE FE FE FE FE FE FE HE HE HE E HE H H H E E E E E E H H H ddi HH TH dd dd HE dt dt OE OEE OEE dt SEE 226 Transfer complete 464228 bytes received in 0 secs 1600 Kbytes sec ftp gt Step 3 After exiting from FTP change the name of system image file of CPE in stored in this switch into name of configured single file To change into the name of single file please use the following command e e store cpe nos FILENAME Stores system image file in CPE 103 CLI Management Guide TigerAccess EE
140. D SD amp LE Subnet 1 Subnet 2 PC DHCP Client Fig 8 35 Example of DHCP Relay Agent To activate deactivate the DHCP function in the system use the following command II e O service dhcp E Activates the DHCP function in the system lobal Deactivates the DHCP function in the system Before configuring DHCP server or relay you need to use the service dhcp command first to activate the DHCP function in the system no service dhcp DHCP Helper Address A DHCP client sends DHCP_DISCOVER message to a DHCP server DHCP_DISCOVER message is broadcasted within the network to which it is attached If the client is on a network that does not have any DHCP server the broadcast is not forwarded because the switch is configured to not forward broadcast traffic To solve this problem you can configure the interface that is receiving the broadcasts to forward certain classes of broadcast to a helper address 315 CLI 316 8 6 4 2 8 6 4 3 Management Guide TigerAccess EE To specify a DHCP helper address use the following command e me ees Specifies a DHCP helper address More than one ad ip dhcp helper address A B C D dress is possible Interface A B C D DHCP server address no ip dhcp helper address 8 Deletes a specified packet forwarding address A B C D all If a packet forwarding address is specified on an interface the switch will enable a DHCP relay agent You can also specify an org
141. DB If the McFDB has the information for the traffic the switch for wards it to the proper ports If the McFDB does not have the information for the traffic the switch learns the information on the McFDB and then floods it to all ports If the informa tion is not referred to forward another multicast traffic during the given aging time it is aged out from the McFDB SMC7824M VSW Management Guide TigerAccess EE 9 2 1 1 9 2 1 2 9 2 1 3 SMC7824M VSW CLI Blocking Unknown Multicast Traffic When certain multicast traffic comes to a port and the McFDB has no forwarding informa tion for the traffic the multicast traffic is flooded to all ports by default You can configure the switch not to flood unknown multicast traffic To configure the switch not to flood un known multicast traffic use the following command ee e ee ip unknown multicast Configures the switch not to flood unknown multicast port PORTS block traffic Global no ip unknown multicast port Configures the switch to flood unknown multicast traf PORTS block fic default This command should not be used for the ports to which a multicast router is attached Forwarding Entry Aging To specify the aging time for forwarding entries on the McFDB use the following com mand e me See Specifies the aging time for forwarding entries on the McFDB 10 10000000 aging time default 300 no ip mcfdb aging time Deletes the specified aging
142. Darton Configures the IGMP snooping version globally ip EEN snooping version lt 1 EEN i 1 3 IGMP snooping version default 3 Global Configures the IGMP snooping version on a VLAN ip igmp snooping vlan VLANS interface VLANS VLAN ID 1 4094 version lt 1 3 gt To delete the specified IGMP snooping version use the following command AO G e no ip no ip igmp snooping version snooping version ip igmp snooping vian Global Deletes the specified IGMP snooping version VLANS version 357 CLI 358 9 2 2 3 9 2 3 9 2 3 1 Management Guide TigerAccess EE IGMP Snooping Robustness Value The robustness variable allows tuning for the expected packet loss on a network If a network is expected to be lossy the robustness variable may be increased When receiv ing the query message that contains a certain robustness variable from an IGMP snoop ing querier a host returns the report message as many as the specified robustness vari able To configure the robustness variable use the eS command ip igmp snooping robustness Configures the robustness variable default 2 variable lt 1 7 gt Global ip E snooping vlan VLANS the robustness variable on a VLAN E lt 1 7 gt VLANS VLAN ID EE 4094 To delete a specified robustness variable use the following command e e een no ip igmp snooping robust ness variable E Deletes a specified robustness variable ip Fh tection Mga sno
143. E 335 8 6 9 6 Requesting Option 335 8 6 9 7 Forcing Release or Renewal of DHCP Lease 335 8 6 9 8 Displaying DHCP Client Contouraton 335 8 610 DHCP EINEN EE 336 asomo DACP Packet Fiten WE 336 8 6 10 2 DHCP Server Packet Filtering occccooococococnococononoconcnnocononcnnanononnns 336 96 11 Debugging DHG EE 337 0 7 Single IP Management siii EE 338 A El e EE 338 8 7 2 Designating Master and Slave Switch 339 8 7 3 Disabling StACKING ss 339 8 7 4 Displaying otacking Status aia 339 8 7 5 Accessing to Slave Switch from Master Switch ccccecceessseeeeeeeeeeeens 340 8 7 6 Sample GConniquration a A Ee 340 88 Jeer cis eee 342 0 97 FOOd GUA adan 343 89T MAC ee EE Te ia opa 343 8 9 2 CPU Flood E A A A 344 099 POreFlOOG 6UlArC a a o ct la 345 8 10 Storm Control SMC7824M VSW Management Guide CLI TigerAccess EE 0 11 JUMDO FFame Capac ant ieia AT aE 346 PA aelnas ta heiew van cules Me catectateueateet eieladd dh eceetuceeliitel 347 8 13 Maximum Transmission Unit MI 347 9 IFP MUNG E 348 9 1 Multicast Group Membership occooccccccccnconcconicociconoconoconoconononcnnncnnonons 349 GE E EEN 349 tt Clearing IGMP Eonia id 350 OTe E A Be WEE 350 AS A no O tae 351 EZT IGMP Static JOM BE 352 9 1 ele 353 diz Multicast FUNCION Sd adi Ee 304 9 2 1 Multicast Forwarding Database 354 9 2 1 1 Blocking Unknown Multicast TraffiC oooooccccccnnnccccconnnccnnconanccnnnonanccnnnnnno
144. EPLY 1 17 ICMP_ADDRESSREPLY 6 18 Tab 7 1 ICMP Message Type The following figure shows simple ICMP message structure 0 7 15 16 31 8 bit Type 8 bit Code 16 bit Checksum Contents Depend on Type and Code Fig 7 16 ICMP Message Structure It is possible to control ICMP message through user s configuration You can configure to block the echo reply message to the partner who is doing ping test to device and interval to transmit ICMP message 223 CLI 224 7 13 1 7 13 2 Management Guide TigerAccess EE Blocking Echo Reply Message It is possible to configure block echo reply message to the partner who is doing ping test to switch To block echo reply message use the ee command Blocks echo ae message to all partners who are ip icmp ignore echo all taking ping test to device Global Blocks echo aaa message to partner who is taking ip icmp 1P icmp ignore ocho broadeast 1P icmp ignore ocho broadeast broadcast aaa ping test to device To release the blocked echo reply message use the o command A blocked echo reply message to all partners no ip icmp ignore echo all who are taking ping test to device Global no ip icmp ee echo broad Releases blocked echo eremita ron message to partner who ee is eremita ron broadcast ping test to device Interval for Transmit ICMP Message User can configure the interval for transmit ICMP message After you configure the inter val ICMP messa
145. G Deletes specified option 82 information for IP assignment no relay information remote id text STRING circuit id hex HEXSTRING index lt 0 65535 gt text STRING SMC7824M VSW Management Guide CLI TigerAccess EE 8 6 2 4 8 6 2 5 8 6 3 8 6 3 1 SMC7824M VSW To delete specified option 82 information for IP assignment use the following command en e Deletes all specified option 82 informa no relay information remote id all DHCP tion that contains only a remote ID Class Deletes all MA option 82 informa no roman roman all MA ion Associating DHCP Class To associate a DHCP class with a current DHCP pool use the following command mana e Jn Associates a DHCP class with a DHCP pool and opens class CLASS DHCP Pool Class Configuration mode DHCP Pool CLASS DHCP class name Releases an associated DHCP class from a current DHCP pool Range of IP Address for DHCP Class no TS TS To specify a range of IP addresses for a DHCP class use the following command n See Specifies a range of IP addresses address range A B C D A B C D DHCP Pool A B C D start end IP address no address range A DCD Class D ADOD Deletes a specified range of IP addresses A range of IP addresses specified with the address range command is valid only for a current DHCP pool Even if you associate the DHCP class with another DHCP pool the specified range of IP addresses will not be applicable
146. Guide TigerAccess EE 8 2 2 5 8 2 2 6 SMC7824M VSW CLI To configure member port to aggregate to LACP use the following command Mode freie lacp port aggregation PORTS Configures the property of a specified member port for ridge aggregatable individual LACP default aggregatable To clear aggregated to LACP of configured member port use the following command Deletes the configured property of a specified member no lacp port aggregation PORTS Bridge port for LACP BPDU Transmission Rate Member port transmits BPDU with its information For the switch it is possible to config ure the BPDU transmission rate use the following command n ees Configures BPDU transmission rate lacp port timeout PORTS short PORTS select the port number long short short timeout 1 sec long long timeout 30 sec default To delete BPDU transmission rate use the following command Clears BPDU transmission rate of configured member no lacp port timeout PORTS Bridge port select the port number Administrational Key Member port of LACP has key value All member ports in one aggregator have same key values To make the aggregator consisted of specified member ports configure the differ ent key value with the key value of another port e e re Configures the key value of a member port PORTS select the port number 1 15 key value default 1 lacp port admin key PORTS lt 1 15 gt
147. HCP Option82 Sub option Entering DHCP Option Mode To enter the DHCP option mode use the following command Enters the DHCP option mode ip dhcp option format NAME Global l NAME DHCP option format name SMC7824M VSW Management Guide CLI TigerAccess EE 8 6 5 2 Configuring DHCP Option Format To configure a DHCP option format use the following command INTI a O attr lt 1 32 gt type lt 0 255 gt length Sets the type length and value of an attribute for a lt 1 64 gt variable value hex DHCP option index ip string VALUE attr They can be made in a DHCP option and are applied in order of attribute value 1 32 type The type of a value attr lt 1 32 gt type lt 0 255 gt length hidden lt 1 64 gt variable value hex index ip string VALUE length The length of a value It could be a fixed length by user input or a variable length according to the actual value length value The actual value of an option attr lt 1 32 gt length variable value DHCP hex index ip string VALUE Option Sets the length and value of an attribute for a DHCP attr lt 1 32 gt length lt 1 64 gt value option hex index ip string VALUE attr lt 1 32 gt length hidden vari able value hex index ip string VALUE Sets the value of an attribute for a DHCP option attr lt 1 32 gt length hidden lt 1 64 gt value hex index ip string VALUE DHCP l no attr lt 1 32
148. HH EE EH HEE EH HEE EH HEE EH HH OEE EE OEE EE OEE EH EE EE tt tH HE EH EH HE HE HE HH EE EE HH EE EEE EH EE E E E HH EE HE EH H H ttt EH HE HEH HH HE 226 Transfer complete 464228 bytes received in 0 secs 1600 Kbytes sec ftp gt 105 CLI 106 9 3 9 4 Management Guide TigerAccess EE Step 4 Exit from FTP server ftp gt bye 221 Goodbye SWITCH Step 5 After exiting from FTP change the name of system image file of CPE stored in this switch into the single file name To change into the single file name please use the following command e EC Se store cpe nos FILENAME Stores system image file in CPE The following is and example to change the name of CPE files into single file name after exiting from FTP ftp gt exit 221 Goodbye SWITCH store cpe nos CDe SWITCH Input the port number connected to CPE which is supposed to install system image Step 6 Install the system image file to the CPE e me rees Installs the system image file to a CPE which is con cpe nos download PORTS Bridge nected through a port Step 7 Reboot the CPE in which new system image file is installed Configuring AGC Auto Gain Control AGC is the function of lengthen the communication distance By using this function it is possible to communicate in 140m Therefore it is better to use this function in the case the distance from CPE to the user is over 100m To enable AGC in CPE use the following command
149. HO ee a diia 185 7 6 4 5 Marking and Remarking WEE 185 7 6 4 6 Attaching a Policy to an interface ocooonccccccccncccccnnononcnnnnonononnncnnononnnnnnaninnnns 190 7 6 4 7 Applying and Modifying Polen 190 COS DISDIAVING RUNG vai ee ee ee 190 OO AMIA RUI as is 192 7 6 6 1 Creating Admin Flow for packet classification ccccceeseeeeeeeeeeeeeeeeeesaees 192 16 6 2 gt Contiguring Admin FIOW pi 193 7 6 6 3 Applying and modifying Admin Flow 194 LOGA Class CIEN ii 194 LOL AUNAR AC EE 195 TO Admin Ge le lO ias 195 CLI 10 1 1 7 8 7 9 7 9 1 7 6 7 2 Admin Policy Priority 7 6 7 3 Admin Policy Action 7 6 7 4 Applying and Modifying Admin Policy 7 6 8 Displaying Admin Rule 7 6 9 Scheduling Algorithm 7 6 9 1 Scheduling Mode 7 6 9 2 Weght 7 6 9 3 Maximum and Minimum Bandwidth 7 6 9 4 Maximum Buffer numbers 7 6 9 5 Queue Status 7 6 9 6 Displaying QoS 7 6 9 7 Weighted Random Early Detection WRED NetBIOS Filtering Max New Hosts ccccseceeeeeeeeees POM e EE Port Security on Port 7 9 2 Port Security Aging 7 9 3 Displaying Port Security 7 10 MAC Table 7 11 MAC Filtering 7 11 1 Default Policy of MAC Filtering 7 11 2 Adding Policy of MAC Filter 7 11 3 Deleting MAC Filter Policy 7 11 4 Listing of MAC Filter Policy 7 12 Address Resolution Protocol ARP 7 12 1 ARP Table 7 12 1 1 Registering ARP Table 7 12 1 2 Displaying ARP Table 7 12 2 ARP Alias 7 12 3 ARP Inspection 7 12 3 1 ARP
150. KEY value no dotix radius server host Deletes a registered RADIUS server A B C D NAME You can designate up to 5 RADIUS servers as authentication server The key option is authentication information between the authenticator and RADIUS server The authenticator and RADIUS server must have a same key value and you can use alphabetic characters and numbers for the key value The space or special character is not allowed To set priority to a registered RADIUS server use the following command e e een dot1x radius server move A B C D NAME priority PRIOR Global Sets priority to a registered RADIUS server ITY Authentication Mode You can set the authentication mode from the port based to the MAC based To set the authentication mode use the following command a Y mn dot1x auth mode mac base oo Sets the authentication mode to the MAC based no dot1x auth mode mac base PORTS Restores the authentication mode to the port based Before setting the authentication mode to the MAC based you need to set a MAC filtering policy to deny for all the Ethernet ports To configure a MAC filtering policy see Section 7 11 1 SMC7824M VSW Management Guide TigerAccess EE 4 5 1 4 4 5 1 5 4 5 1 6 4 5 1 7 SMC7824M VSW CLI Authentication Port After configuring 802 1x authentication mode you should select the authentication port ee e ee dot1x nas port PORTS Designates 802 1x authenticat
151. KKKKKKKKKKKKKKKKKKKKKKKKK Boot Loader Version 5 43 X SMC Networks Inc x KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKEK Press s key to go to Boot Mode 0 Load Address 0x01000000 Image Size Ox00bac000 Start Address 0x01000000 Step 1 Step 2 console ttyS0 9600 root dev ram rw Step 3 NOS version 5 01 CPU MPC8245 at 264 MHz Total Memory Size 256 MB Calibrating delay loop 175 71 BogoMIPS INIT version 2 85 booting Extracting configuration password restore to default Step 4 Fri 03 Nov 2006 14 10 00 0000 INIT Entering runlevel 3 INIT Start UP Password SMC7824M VSW 39 CLI 40 4 1 6 4 1 6 1 4 1 6 2 Management Guide TigerAccess EE Management for System Account Creating System Account For the switch the administrator can create a system account And it is possible to set the security level from O to 15 to enhance the system security To create a system account use the A command SS MA a system account user add NAME DESCRIPTION NAME user name Global user peter NAME level lt 0 15 gt peter Creates a account with a security level user name The account of level O to level 14 without any configuring authority only can use exit and help in Privileged EXEC View mode and cannot access to Privileged EXEC Enable mode The account with the highest level 15 has a read write authorit
152. L Port In switch it is possible to check times of error from VDSL port every time interval More over itis possible to check the error duration time Checking Times of Errors You can check how many times CRC errors Frame loss and Signal loss are happened Error is counted every 15 minutes after booting After the time is over the number is reset to 0 and error is counted again In addition error is counted by each day It is also reset to 0 after the day Consequently you can check times of error Curr 15m at present 91 CLI 92 Management Guide TigerAccess EE time from beginning of the 15 minutes and time of error Prev 15m of previous 15 min utes Also you can check times of error Today at present time from starting Today times of error Yesterday of yesterday and total times of error from booting The following im age shows standard of error counting provided in switch Present Time 15min 15 min 1 A section 2 B section Yesterday 3 C section Today 4 D section Prev 15m 5 E section Curr 15m Fig 5 4 Counting Times of Error To display the number of errors in VDSL port use the following command Sen rs rem Shows the numbers of CRC errors that show Ire stat correctable crc PORTS can be correctable Shows the numbers of CRC errors that show Ire stat uncorrectable crc PORTS can be uncorrectable To reset data of CRC error Frame loss and Signal loss use the
153. LANS PORTS tagged VLANS VLAN ID 1 4094 PORTS port number VLAN Description To specify a VLAN description use the following command e e en Specifies a VLAN description vlan description VLANS DESC VLANS VLAN ID 1 4094 DESC description no vlan description VLANS Deletes a specified description 239 CLI 240 8 1 7 8 1 8 Management Guide TigerAccess EE To display a specified VLAN description use the following command a Y mn Enable show vlan description Global Shows a specified VLAN description Bridge VLAN Precedence To make precedence between MAC address and Subnet based VLAN you can choose one of both with below command e e een e Configure precedence between MAC based VLAN and vlan precedence mac subnet Bridge Subnet based VLAN Displaying VLAN Information User can display the VLAN information about Port based VLAN Protocol based VLAN MAC based VLAN Subnet based VLAN and QinQ a Y See show vlan Shows all VLAN configurations show vlan VLANS Shows a configuration for specific VLAN show vlan description Enable Shows a description for specific VLAN Global Shows QinQ configuration Bridge Shows VLAN based on protocol Shows VLAN based on MAC address Shows VLAN based on subnet SMC7824M VSW Management Guide CLI TigerAccess EE 8 1 9 QinQ QinQ or Double Tagging is one way for tunneling between several networks Customer A Customer A
154. M VSW 13 CLI 14 Management Guide TigerAccess EE 86594 DisplayingiDACP coria a ii 319 S6 6 DACP ODOM Sloan 320 8 6 6 1 Enabling DHCP Option Bi 321 8 6 6 2 Option SO EE EE 321 8 6 6 3 Option 82 Reforwarding Polen 322 9664 Optiom 62 Trust le 323 0 0 7 sDACP SMGO DING EE dE EE 323 867 1 Enabling DACP SNOOP Gar ica creed alee 324 90 1 2 DRACPTruStotalOsscsdcel rio iii eeu rene 324 80 9 DHCP Rate Elan EE 325 EEN DHCP Lease D E 325 8 6 7 5 Source MAC Address Verification ccccccseeceeceeeeeeeeeeeeeeeeeeeseeeeeeseneeesaees 326 8 6 7 6 Static DHCP Snooping Bumdumg uk 326 8 6 7 7 DHCP 8 6 7 8 DHCP Snooping Database Agent 326 o es ecu a ede eee ieee 327 AA A ia PP a te 328 8 6 7 10 DHCP Snooping With Opti0N8Z ooocccoccccconccconccnonncnonoconanonnnnccnnnconaninnnans 329 8 6 7 11 DHCP Snooping Option ooccccccccccccnccccnnccnnnconcnonncnnnnnnononnnonnnnnononononnnconenonos 329 9 06 12 DHCP User Class ID lil 330 8 6 7 13 Displaying DHCP Snooping Copnfguraton 331 9 050 IP Sousa doo 331 8 6 8 1 Enabling IP SOurce ET te cinto iO 332 3 0 6 2 Static IP Source Binding 400000 aa 332 8 6 8 3 Displaying IP Source Guard Configuration ccccconccccccncnconononononcnnnnancnnnnos 333 6 6 9 DHGP CNEM ee ests atin aati EE 334 90 91 Enabling DACP GIGI EE 334 320 72 DACP CID at iia 334 90 99 DACP Class ID ER 334 9694 HostName lbn Elias 334 0695 LIP ease TMC enee EE EE E
155. MC7824M VSW CLI To configure all ports as edge ports globally use the following command ICI EI Configures all ports as edge ports spanning tree edgeport default PORTS port number Bridge no spanning tree EE de i EE Deleted a ostende prot prs seut edge ports Petes conga ee prot prs seut all ports default au To configure a specified port as edge port use the following command nan eos Configures specified port as edge port spanning tree port PORTS edgeport enable PORTS port number Disables edge port for specified port spanning tree port PORTS edgeport disable PORTS port number BPDU Transmit hold count You can configure the BPDU burst size by changing the transmit hold count value To configure the transmit hold count use the following command e e een Sets the number of BPDUs that can be sent before spanning tree transmit hold t lt 0 20 gt pausing for 1 second coun 0 20 BPDU transmit hold count value default 6 no spanning tree transmit hold Deletes a configured transmit hold count value and count returns to the default setting If you change this parameter to a higher value can have a significant impact on CPU utili zation especially in Rapid PVST mode We recommend that you maintain the default set ting Port Priority When all conditions of two switches are same the last standard to decide route is port priority It is also possible to configure po
156. MP group address clear ip igmp group A B C D INTERFACE 9 1 1 2 IGMP Debug To enable debugging of all IGMP or a specific feature of IGMP use the following com mand e e re Enables IGMP debugging all all IGMP decode IGMP decoding debug igmp fall decode en EE encode IGMP encoding code events fsm tib Enable events IGMP events fsm IGMP Finite State Machine FSM tib IGMP Tree Information Base TIB no debug igmp all decode l Disables IGMP debugging encode events fsm tib EN Tree Information Base TIB is the collection of state at a router that has been created by receiving IGMP messages from local hosts 350 SMC7824M VSW Management Guide TigerAccess EE 9 1 2 SMC7824M VSW CLI IGMP Version 2 In IGMP version 2 the new extensions such as the leave process election of an IGMP querier and membership report suppression are added New IGMP messages the leave group and group specific query can be used by hosts to explicitly leave groups resulting in great reduction of the leave latency IGMPv2 Messages There are three types of IGMPv2 messages of concern to the host router interaction as shown below e Membership query A multicast router determines if any hosts are listening to a group by sending mem bership queries The membership queries have two subtypes General query This is used to determine if any hosts are listening to any group Gro
157. MPv3 has the same join leave allow block in the IGMPv3 terminology and query response mechanism as IGMPv2 s Due to the major revision of the membership report however leave group messages are not used for the explicit leave process any longer In IGMPv3 concept membership reports with state change records are used to al low or block multicast sources and those with current state records are used to respond to membership queries Membership report suppression feature has been removed for multicast routers to keep track of membership state per host Multicast Functions The switch provides various multicast functions including Layer 2 multicast forwarding which allow you to achieve the fully effective and flexible multicast deployment This section describes the following features e Multicast Forwarding Database e IGMP Snooping Basic e IGMPv2 Snooping e IGMPv3 Snooping e Displaying IGMP Snooping Information e Multicast VLAN Registration MVR e IGMP Filtering and Throttling Multicast Forwarding Database Internally the switch forwards the multicast traffic referred to the multicast forwarding da tabase McFDB The McFDB maintains multicast forwarding entries collected from multi cast protocols and features such as PIM IGMP etc The McFDB has the same behavior as the Layer 2 FDB When certain multicast traffic comes to a port the switch looks for the forwarding information the forwarding entry for the traffic in the McF
158. Management Guide TigerAccess EE Step 3 Download the new system software via TF TP using the following command e e re Downloads the system software load os1 os2 A B C D FILE os1 os2 the area where the system software is stored NAME A B C D TFTP server address FILENAME system software file name To verify the system software in the system use the following command e e een To upgrade the system software in the boot mode TFTP server must be set up first Us ing the load command the system will download the new system software from the serv er The following is an example of upgrading the system software stored in os1 in the boot mode Boot gt load est 10 27 41 82 V5924C R 5 01 x TFTP from server 10 27 41 82 our IP address is 10 27 41 83 Filename V5924C R 5 01 x Load address Oxffffe0 Loading FEE EE HT HEHEHE HE EEE EE EH HH EE EE EH HE EH EEE EE EE EE EE EH EH OH EEE EE EHEHEHEH H TH HE HH HEH HH EE EE EE HE EH EH HH EE OEE EE EE EE EE EE EO EEE EEE EEE EE EE EEE HTH Ht Ht HE EHH HE EE EE EH EH HH EE OEE EEE EEE EE EE EEE EEE EEE EE EE HEE HHH HEHE EE EE EE EE HE HE HH HH EE AA AAA THE HH HT HEHE HE EEE EE HE EE EH HH EE EEE EE EE HE EE EE EEE EEE EE EE EE Omitted THE HE HH HEH HE EEE EE HE HE HE EH HH EE EEE EE EE EE EE EE EE EEE EEE EE EEE HTH HEHE EH HE EEE EE EH HH EH HH HE EHH OEE EEE EE EE EE EH HE EE EEE EEE EE EEE HTH HT HH EHH HE EE EE EH HH HH EH HH EE EEE EE EE EE EE HH OE EEE EEE
159. Master RAM ze e See load ftp DESTINATION Connects to FTP of Master The following is an example of connecting to FTP of Master 127 1 0 1 SWITCH config terminal SWITCH config bridge SWITCH bridge load ftp 127 1 0 1 Connected to 127 1 0 1 220 FTP Server 1 2 4 FTPD Name 127 1 0 1 root root 331 Password required for root Password 230 User root logged in Remote system type is UNIX Using binary mode to transfer files ft gt Step 3 Store system image file as CPE of this switch by using the following command ee on get get FILENAME get FILENAME Ftp Store system image file as CPE of this switch To download as binary mode input bin command and input hash command to download as hash mark The following example shows how to store CPE file ftp gt cd ftp gt bin 200 Type set to I ftp gt hash Hash mark printing on 1024 bytes hash mark ftp gt get cpe 200 PORT command successful 150 Opening BINARY mode data connection for cpe 464228 bytes tH tH HE HE HE EH EE FE HH HE EH HH EE EE HEE EH HEE EH EEE EH HEE E E E OEE E E E OEE EE AA tH TH HE FE HE HE EH HE HE HH HH EEE HH EE EH FE FE EE EH OEE EH HEE E HE FE HEE EE OEE EH OEE EH dd tH tH HE HH EH HE HE EE HH EE EH HEE EH HH EE EH OEE EH EH OEE EE OEE EH HEE E E E OEE EE E E E E EEH tH tH HE HE HH HE HE FE FE FE HH EEE HH EE EE HEE EH HEE EH EE EH HEE EE HEE EH OEE E E E EEE tt tH HE HE HE HE HH HE HE HE HH HH EE EE
160. ORTS Deletes the configured DHCP snooping filter mode When the system is running in one of Permit and Bypass modes the authorized ARP function is not available 327 CLI 328 8 6 7 9 Management Guide TigerAccess EE To configure the automatic change from permit mode to filter mode right after the time ex ceeds configured time value use the following command e e re Configures an automatic change from bypass mode to ip dhcp snooping filter delay Global filter mode after filter delay time timer PORTS lt 1 2147483637 gt 1 2147483637 filter delay time value To configure the automatic change from bypass mode to filter mode when the numer of filter enteries exceeds configured counter value use the following command e e re Configures an automatic change from bypass mode to ip dhcp snooping filter delay counter PORTS lt 1 2147483637 gt Global filter mode when the filter enteries exceed the counter 1 2147483637 filter delay counter value To delete configured filter delay timer and counter use the following command SCC no ip dhcp snooping filter delay BORIS Global Deltes a configured filter delay timer and counter To display the status of DHCP snooping filtering use the following command eg me rees show ip dhcp snooping filter Shows a DHCP snooping filter Global show ip dhcp snooping filter entry Authorized ARP Shows DHCP snooping binding entries This fun
161. Packet Dump The switch provides network debugging function to prevent system overhead for unknown packet inflow Monitoring process checks CPU load per 5 seconds If there is more traffic than threshold user can capture packets using tcpdump and save it to file You can download the dump file with the name of file number dump after FTP connection to the system See the dumped packet contents with a packet analyze program To debug packet dump use the following command e e See Shows dump file according to a condition debug packet log COUNT Enabl COUNT packet counting nable VALUE TIME lt 1 10 gt VALUE CPU threshold 1 10 file number GEI Basically you can save a current configuration with the write memory command But the dump file will not be saved 228 SMC7824M VSW Management Guide CLI TigerAccess EE 7 16 sFlow Monitoring sFlow is a kind of monitoring functions using sFlow packet sampling algorithm It analyzes the traffic characteristics of network packet flow from end to end It also monitors the router and switch by collecting MIB information of interface Fig 7 17 shows sFlow structure sFlow Agent sFlow Collector sFlow Datagrams sFlow Agent IMD Ya Yo 4o Fig 7 17 sFlow Structure sFlow consists of sFlow collector and sFlow agent sFlow collector analyzes the packet transmission and sFlow agent collects packets in flow interface statistics and sends them to sFlow collector
162. RITY security name COMMUNITY community name Global Deletes a specified security name enter the security no snmp com2sec SECURITY name SECURITY security name Enable show snmp com2sec Global Shows a specified security name Bridge The following is an example of configuring SNMP com2sec SWITCH config snmp com2sec TEST 10 1 1 1 PUBLIC SWITCH config show snmp com2sec Com2Sec List SecName source Community TEST BER Ree PUBLIC SWITCH config SNMP Group You can create an SNMP group that can access SNMP agent and its community that be longs to a group To create an SNMP group use the following command n See Creates SNMP group enter the group name snmp group GROUP v1 v2c GROUP group name v3 SECURITY Global SECURITY security name no snmp group GROUP v1 Deletes SNMP group enter the group name v2c v3 SECURITY GROUP group name Enable show snmp group DER Shows a created SNMP group oba 137 CLI 138 7 1 5 7 1 6 Management Guide TigerAccess EE SNMP View Record You can create an SNMP view record to limit access to MIB objects with object identity OID by an SNMP manager To configure an SNMP view record use the following command e ees Creates an SNMP view record VIEW view record name snmp view VIEW included excluded O D MASK included includes a sub tree Global excluded excludes a sub tree OID OID number Deletes a
163. RT A B C D MAC ADDR Configures infinite binding on DHCP snooping table infinite clear ip dhcp snooping binding Deletes a specified static DHCP snooping binding PORT A B C D all all all DHCP snooping bindings DHCP Snooping Database Agent When DHCP snooping is enabled the system uses the DHCP snooping binding database to store information about untrusted interfaces Each database entry binding has an IP address associated MAC address lease time interface to which the binding applies and VLAN to which the interface belongs To maintain the binding when reload the system you must use DHCP snooping database agent If the agent is not used the DHCP snooping binding will be lost when the switch is rebooted The mechanism for the database agent saves the binding in a file at a remote location Upon reloading the switch reads the file to build the database for the binding The system keeps the current file by writing to the file as the database changes SMC7824M VSW Management Guide TigerAccess EE 8 6 7 8 i SMC7824M VSW CLI To specify a DHCP database agent and enable an automatic DHCP snooping database back up use the following command e e Se Specifies a DHCP snooping database agent and back ip dhcp snooping database up interval A B C D INTERVAL Global A B C D DHCP snooping database agent address INTERVAL 120 2147483637 unit second no ip dhcp snooping database Deletes a specified DHCP snooping d
164. RTS S PORTS omg port to be disabled When you configure Double tagging on the switch consider the below attention list e DT and HTLS cannot be configured at the same time If switch should operate as DT HTSL has to be disabled e TPID value of all ports on switch is same e Access Port should be configured as Untagged and Uplink port as Tagged e Ignore all tag information of port which comes from untagged port Access Port e Port with DT function should be able to configure Jumbo function also TPID Configuration TPID Tag Protocol Identifier is a kind of Tag protocol and it indicates the currently used tag information User can change the TPID By default the port which is configured as 802 1Q 0x8100 cannot work as VLAN mem ber Use the following command to set TPID on a QinQ port na m ees vlan dot1q tunnel tpid 7P D Configures TPID Layer 2 Isolation Private VLAN is a kind of LAN Security function using by Cisco products and it can be classified to Private VLAN and Private edge Until now there is no standard document of it Private VLAN Edge Private VLAN edge protected port is a function in local switch That is it cannot work on between two different switches with protected ports A protected port cannot transmit any traffic to other protected ports Private VLAN Private VLAN provides L2 isolation within the same Broadcast Domain ports That means another VLAN is created within a VLAN Ther
165. S port numbers 10 100 packet count actual value 1000 10000 SMC7824M VSW Management Guide TigerAccess EE 9 2 7 3 SMC7824M VSW CLI To disable the switch to generate a syslog message according to the number of the pack ets handled by CPU use the following command e e Se NC Disables the switch to generate a syslog message no cpu statistics limit unicast multicast broadcast PORTS all Enable Global according to the number of the packets handled by CPU for each packet type all all physical ports DEEN Disables the switch to generate a syslog message no cpu _ statistics limit all according to the number of the packets handled by PORTS all CPU for all packet types To display a configured value to generate a syslog message according to the number of the packets handled by CPU use the following command e me en Enable Shows a configured value to generate a syslog mes show cpu statistics limit Global sage according to the number of the packets handled Bridge by CPU Protocol Statistics To enables disables the system to collect the statistics of the protocols use the following command se e en protocol statistics enable dis Global Enables disables the system to collect the statistics of able arp icmp ip tcp udp Bridge the protocols ARP ICMP IP TCP UDP To display the statistics of the protocol use the following command e me See show protoco
166. S block blocked port will be changed back to normal after 10 timer lt 10 3600 gt seconds SS PORTS port number 1 2 3 10 3600 time unit second no pps control port PORTS Disables the blocking timer option block To show the configuration of pps control function use the following command n en Enable show pps control port PORTS Global Shows the configured of pps control Bridge 345 CLI 346 Management Guide TigerAccess EE 8 10 Storm Control 8 11 The switch provides a storm control feature for mass broadcast multicast and destina tion lookup failure DLF Generally wrong network configuration hardware malfunction virus and so on cause these kinds of mass packets Packet storm occupies most of the bandwidth of the network and that causes the network very unstable To enable disable the storm control use the following command e e See Enables broadcast or DLF storm control respectively in storm control broadcast dif multicast RATE PORTS a port with a user defined rate RATE 512 1024000kbps step 512kbps GE no storm control broadcast Disables broadcast multicast or DLF storm control PORTS multicast dlf respectively To display a configuration of the storm control use the following command es e See show storm control Enable Global Bridge Displays a configuration of the storm control Jumbo Frame Capacity The packet range that
167. SMC Networks TigerAccess Extended Ethernet Switch SMC7824M VSW Management Guide CLI TigerAccess EE Information furnished by SMC Networks Inc SMC is believed to be accurate and reliable However no responsibility is assumed by SMC for its use nor for any infringements of patents or other rights of third parties which may result from its use No license is granted by implication or otherwise under any patent or patent rights of SMC SMC reserves the right to change specifications at any time without notice Copyright C 2009 by SMC Networks Inc 20 Mason Irvine CA 92618 All rights reserved Printed in Taiwan Trademarks SMC is a registered trademark and EZ Switch TigerAccess TigerStack and TigerSwitch are trade marks of SMC Networks Inc Other product and company names are trademarks or registered trademarks of their respective holders SMC7824M VSW 1 CLI Management Guide TigerAccess EE Warranty and Product Registration To register SMC products and to review the detailed warranty statement please refer to the Support Section of the SMC Website at http www smc com 2 SMC7824M VSW Management Guide TigerAccess EE SMC7824M VSW CLI Reason for Update Summary Initial release Details Chapter Section Reason for Update All Initial release Issue History Issue Date of Issue Reason for Update Number 05 2009 Initial release nos 5 01 3001 CLI Management Gu
168. ST Bridge Sets the attribute of PBO Length K2 2 K2 3 The first value of Upstream in k1 and k2 comes under option band the second value comes under Upstream used for 3Band and the third value comes under the second Up stream used for 4band To display PBO Config use the following command e mee Enable show Ire pbo config Global Shows the attribute of PBO Length Bridge SMC7824M VSW Management Guide CLI TigerAccess EE 5 3 2 5 PSD Level Power Spectral Density PSD Level is configured according to the standard but PSD Level can be configured as the frequency by the administrator To configure PSD Level use the following command e e re Ire PORTS psd level 01 1 2 3 Configures PSD value and frequency vlaue in VDSL 14 5 6 7 8 9 10 11 12 line 13 14 15 PSD default off PSD 80dBm 40dBm Frequency kHz Frequency kHz roo aon 0 7008 8800 wom nao el e ooer ue Ps f owo oom lm SECO Pe oware oom u CTI O ares wom as REECH Tab 5 5 The frequency of PSD Level per band To display PSD level use the following command C ma me See Enable show Ire psd level PORTS Global Shows PSD level in VDSL line Bridge The following is an example of configuring PSD levle SWITCH bridge lre 1 psd level 10 60 SWITCH bridge show lre psd level 1 PORT 1 BAND Frequency kHz PSD dBm 0 2 S 138 default 1 143 256 default 2 261 640 default 3 64
169. STP a root switch is called as IST root switch Each switch has its own bridge ID and one of the switchs on same LAN is chosen as a root switch by comparing with their bridge IDs However you can configure the priority and make it more likely that the switch will be chosen as the root switch The switch having the lowest priority becomes the root switch To configure the priority for an MSTP instance number use the following command e me See Configures the priority of the switch spanning tree mst lt 0 64 gt prior 0 64 MSTP instance ID number ity lt 0 61440 gt 0 61440 priority value in increments of 4096 default 32768 no spanning tree mst lt 0 64 gt Clears the Priority of the switch enter the instance priority number If you configure a priority of STP or RSTP in the switch you should configure MSTP in stance ID number as 0 Path cost After deciding a root swich you need to decide to which route you will forward the packet To do this the standard is a path cost By the path cost of root port you can configure a route manually To configure the path cost value for specified instance number in MSTP use the following command mane a See Configures path cost for specified MSTP spanning tree mst lt 0 64 gt port PORTS cost lt 1 instance number 200000000 gt 0 64 MSTP instance ID number 1 200000000 the path cost value no spanning tree mst lt 0 64 gt port PORTS cost Deletes a configured path c
170. TCH interface 1 press the arrow key 1 SWITCH configure terminal press the arrow key T SWITCH show clock press the arrow key The switch also provides the command that shows the commands used before up to 100 lines e e re Enable show history Global Shows a command history Bridge SMC7824M VSW Management Guide CLI TigerAccess EE 3 3 3 3 3 4 3 3 5 SMC7824M VSW Using Abbreviation Several commands can be used in the abbreviated form The following table shows some examples of abbreviated commands lock S a configure terminal con te Tab 3 11 Command Abbreviation Using Command of Privileged EXEC Enable Mode You can execute the commands of Privileged EXEC Enable mode as show ping telnet traceroute and so on regardless of which mode you are located on To execute the commands of Privileged EXEC Enable mode on different mode use the following command Executes the commands of a EXEC Enable do COMMAND 4 mode Exit Current Command Mode To exit to the previous command mode use the following command men ra n et Exits to the previous command mode All 2 EH existo Privileged EXEC Enable mode If you use the exit command in Privileged EXEC Enable mode or Privileged EXEC View mode you will be logged out 35 CLI 36 4 1 Step 1 Step2 Step3 Management Guide TigerAccess EE System Connection and IP Address System Connection Af
171. TP function on the switch use the following command e e re To disable STP function from the system use the following command e e re SMC7824M VSW Management Guide TigerAccess EE 8 3 5 8 3 6 8 3 6 1 SMC7824M VSW CLI Configuring MSTP PVSTP Mode To select the spanning tree mode use the following command e e Se Configures a spanning tree mode spanning tree mode mst l l mst Multiple Spanning Tree Protocol default rapid pvst rapid pvst Per vlan Rapid STP To delete the configured spanning tree mode use the following command e e res no spanning tree mode Deleted a configured spanning tree mode STP Basic Configuration To configure STP use the following steps Step 1 Enable STP function using the spanning tree command Step 2 Configure detail options if specific commands are required Path cost Method After deciding a root switch you need to decide to which route you will forward the packet To do this the standard is a path cost Generally a path cost depends on the transmission speed of LAN interface in the switch The following table shows the path cost according to the transmit rate of LAN interface You can use same commands to configure STP and RSTP but their path costs are to tally different Please be careful not to make mistake Tab 8 2 STP Path cost short 269 CLI 270 8 3 6 2 Management Guide TigerAccess EE Transmi
172. TS RATE egress in can configure outgoing packet or incoming packet The gress unit is 64 Kbps RATE 64 1 000 000 Clears rate configuration of a specific port by transmit no rate PORTS egress ingress ting direction For the ingress rate limit the flow control should be enabled on a specified port For more information of the flow control see Section 5 2 5 To display a configured rate limit use the following command e mae Enable Global Shows a configured rate limit Bridge 342 SMC7824M VSW Management Guide TigerAccess EE 8 9 8 9 1 SMC7824M VSW CLI Flood Guard Flood guard limits number of packets how many packets can be transmitted in config ured bandwidth whereas Rate limit controls packets through configuring width of band width which packets pass through This function prevents receiving packets more than configured amount without enlarging bandwidth lt Flood Guard gt Configure Flood guard to allow packets as many as n per a second 1 lt Rate Limit gt Configure Rate Limit on port gt 2 3 Control bandwidth l n packets l allowed for in a second y n 1 Packets over thrown Wi n 2 away Bandwidth Fig 8 39 Rate Limit and Flood Guard MAC Flood Guard To configure the number of packets which can be transmitted in a second use the follow ing command ze
173. VLAN 200 VLAN 641 PVID 641 VLAN 200 U U T Tunnel Pol Tunnel Port Trunk Port Tunnel Pori Tunnel Port T U U T VLAN 201 VLAN 201 T Tagged Customer B Customer B U Untagged Ol Fig 8 3 Example of QinQ Configuration If QinQ is configured on the switch it transmits packets adding another Tag to original Tag Customer A group and customer B group can guarantee security because telecommuni cation is done between each VLANs at Double Tagging part Double tagging is implemented with another VLAN tag in Ethernet frame header TPID 8100 12 bit identifier VLAN Ethernet Frame TPID 8100 9100 12 bit identifier TPID 8100 12 bit identifier Ethernet Frame using 802 1Q Tunneling Fig 8 4 QinQ Frame Port which connected with Service Provider is Uplink port internal and which connected with customer is Access port external Tunnel Port By tunnel port we mean a LAN port that is configured to offer 802 1Q tunneling support A tunnel port is always connected to the end customer and the input traffic to a tunnel port is always 802 1Q tagged traffic SMC7824M VSW 241 CLI 242 8 1 9 1 8 1 9 2 Management Guide TigerAccess EE The different customer VLANs existing in the traffic to a tunnel port shall be preserved when the traffic is carried across the network Trunk Port By trunk port we mean a LAN port that is configured to operate as an inter switch link port able of carrying doubl
174. VSW CLI Enabling IGMP Snooping The switch supports forwarding tables for IGMP snooping on a VLAN basis You can en able IGMP snooping globally or on each VLAN respectively By default IGMP snooping is globally disabled To enable IGMP snooping use the following command E A ge ip ip igmp snooping snooping Enables Enables IGMP snooping globally snooping Enables IGMP snooping globally Global Enables IGMP snooping on a VLAN ip igmp snooping vlan VLANS VLANS VLAN ID 1 4094 To disable IGMP snooping use the following command ee fee ee no ip no ip igmp snooping snooping Disables Disables IGMP snooping globally snooping Disables IGMP snooping globally no ip igmp snooping vlan Global Disables IGMP snooping on a VLAN VLANS VLANS VLAN ID 1 4094 IGMP Snooping Version The membership reports sent to the multicast router are sent based on the IGMP snoop ing version of the interface If you statically specify the version on a certain interface the reports are always sent out only with the specified version If you do not statically specify the version and a version 1 query is received on the interface the interface dynamically sends out a version 1 report If no version 1 query is received on the interface for the ver sion 1 router present timeout period 400 seconds the interface version goes back to its default value 3 To specify the IGMP snooping version use the following command rem
175. W CLI Deficit Weighted Round Robin DWRR Deficit Weighted Round Robin DWRR combines the advantages of DRR and WRR scheduling algorithms Processing the packets that have higher priority is the same way as Strict priority queuing DWRR provides differentiated service because it processes packets as much as weight The specific packet length is assigned to each queue by dif ferent weight as the unit of byte Each queue transmits different packets within packet length up to 256 bytes x configured weight bytes in one round DWRR transmits from the queues without starving the low priority queue because each queue can be assigned with different weight DWRR scheduling algorithm keeps the re mainder of packet length from previous round and compensates for it in the next round If a queue is not able to send a packet because its packet size is larger than the available bytes then the unused bytes are credited to the next round The process in DWRR when packets having the Queue numbers i Q 1 SE lt Weight 1 Weight 3 gt Ei Deficit Weighted Round Robin Scheduler Lowest priority highest priority Q 4 Packet Length 256 byte x weight Ne Queue 1 Queue 4 Queue 7 256 x 2 512 bytes 256x1 256 bytes 256 x3 768 bytes EE KUER Queue 4 7 256 x 3 128 896 bytes Fig 7 12 Deficit Weighted Round Robin Different queues have different weights and the packet length assigne
176. ables the authorized ARP function You can verify the valid and invalid list for the authorized ARP The valid list includes the IP addresses currently in lease while the invalid list includes the IP addresses not in lease Both lists include IP addresses of a DHCP pool but the authorized ARP only al lows the ARP response of the IP addresses in the valid list To display a list of valid and invalid IP addresses use the following command Semer an show ip dhcp authorized arp it Enable Shows entries of the valid list valid Global show ip dhcp authorized arp Bri ce open lid ridge Shows entries of the invalid list invali To delete a list of invalid IP addresses use the following command a m en Enable Global Deletes entries of the invalid IP addresses clear ip dhcp authorized arp invalid Bridge Prohibition of 1 N IP Address Assignment The DHCP server may assign plural IP addresses to a single DHCP client in case of plu ral DHCP requests from the DHCP client which has the same hardware address Some network devices may need plural IP addresses but most DHCP clients like personal computers need only a single IP address In this case you can configure the switch to prohibit assigning plural IP addresses to a single DHCP client 309 CLI 310 8 6 1 15 8 6 1 16 Management Guide TigerAccess EE To prohibit assigning plural IP addresses to a DHCP client use the following command men el Som
177. ac BRIDGE PORTS Enable Shows MAC table Global BRIDGE bridge name Bridge PORTS port number show mac count PORTS The following is an example of displaying a current MAC table SWITCH config show mac 1 3 port mac addr permission status in use 1 00 qd0 cb 22 00 49 OK dynamic 0 02 2 BR ER e e EE Ee OK dynamic 4 95 3 00 0b 5d 51 3a a8 OK dynamic 6 05 SWITCH config Running Time of System To display running time of the system use the following command e e See Enable Global Shows running time of the system Bridge The following is an example of displaying running time of the system SWITCH show uptime 10 41am up 15 days 10 55 0 users load average 0 05 0 07 0 01 SWITCH System Information To display the system information use the following command n en Enable show system Global Shows the system information Bridge The following is an example of displaying the system information of the switch SWITCH show system 131 CLI 132 6 3 8 6 3 9 Management Guide TigerAccess EE SysInfo System Information Model Name SMC7824M VSW Main Memory Size 256 MB Flash Memory Size 8 MB SPANSION 29GLO64N 32 MB SPANSION 29GL256N S W Compatibility 7 7 H W Revision DS VD 23N B0 NOS Version i Sd B L Version 543 H W Address 2 QO sd0 eb100 25255 PLD Version 0x02 Serial Number RMK00981029384 Ikanos Firmware Ver 1 0 5r39IK00501
178. ach ERP domain should have one control VLAN To configure a control VLAN of an ERP domain use the following command e e Se control vian VLAN ERP Configures a control VLAN of ERP domain no control vlan Domain Deletes configured control VLAN of ERP domain ERP Ring Priority The Super Loop occurs because of a shared link s failure between two ERP rings A do main with higher priority one of the RM nodes is the only responsible for monitoring the ports of a shared link The control packets of a domain with lower ring priority can be transmitted to another domain with higher priority to prevent the super loop It means that the higher ring priority domain guarantees the detour path against a shared link of lower ring priority domain To specify ERP ring priority use the following command e e re l a ERP Specifies ERP ring priority ring priority lt 1 255 gt E Ee Domain 1 255 ERP ring priority value default 0 To return ERP ring priority as default use the command no ring priority Configures ERP ring priority as default value omain Displaying ERP Domian To display a configuration for specific ERP domain use the following command a a show aa Shows modified configurations of ERP domain Domain Shows updated configuration of ERP domain updated Shows updated configuration of ERP domain of ERP domain Shows all of configuration of ERP domain all of Shows all of configuration
179. acket classification can be configured for each flow e The flow name must be unique lts size is limited to 32 significant characters e The flow name cannot start with the alphabet a or A e The order in which the following configuration commands are entered is arbitrary e The configuration of a flow being configured can be changed as often as wanted until the apply command is entered e Use the show flow profile command to display the configuration entered up to now You cannot create the flow name which started with alphabet a If you try to make a flow name started with alphabet a the error message will display Configuring Flow The packet classification criteria needs to be defined You can classify the packets via MAC address IP address Ethernet type CoS DSCP etc 171 CLI 172 ip A B C D A B C D M any A B C D A B C D M any lt 0 255 gt ip 4 B C D A B C D M any A B C D A B C D M any icmp ip A B C D A B C D M any A B C D A B C D M any icmp lt 0 255 gt any lt 0 255 gt any ip 4 B C D A B C D M any A B C D A B C D M any tcp udp ip 4 B C D A B C D M any A B C D A B C D M any tcp udp lt 1 65535 gt any lt 1 65535 gt any ip A B C D A B C D M any A B C D A B C D M any tcp lt 1 65535 gt any lt 1 65535 gt any 7CP FLAG any mac SRC MAC ADDR SRC MAC ADDR M any
180. ackets of all IP addresses and MAC ad dresses To configure the range of IP address to deny ARP packets use the following command e me Se Discards all ARP packets of all IP addresses with all MAC addresses which have not learned before on ARP deny ip any mac any host inspection table or a specific MAC address MACADDR any ignores sender IP MAC address host sender host MACADDR sender MAC address deny ip host A B C D mac any Discards ARP packets from a specific host host MACADDR aay SA MACADDR MAC address Discards ARP packets of a given range of IP ad deny ip range A B C D A B C D mac any dresses A B C D start end IP address of sender Discards ARP packets of a sender IP network ad deny ip A B C D A mac any host MACADDR dresses A B C D A sender IP network address To delete the configured range of IP address for discarding ARP packets use the follow ing command e See no deny ip any mac any host MACADDR Deletes a configured range of IP address to discard ARP packets no deny ip host A B C D mac any ignores sender MAC address any host MACADDR ARP ACL host sender host MACADDR sender MAC address A B C D start end IP address of sender A B C D A sender IP network address no deny ip range A B C D A B C D mac any no deny ip A B C D A mac any host MACADDR SMC7824M VSW Management Guide TigerAccess EE SMC7824M VSW CLI To specify the range of IP
181. action between hosts and routers they are using IGMP messages to report or query the group membership IGMP has three versions that are supported by hosts and routers The followings are the simple definitions of each version e IGMP Version 1 The basic query response mechanism for the group membership management is in troduced Routers however should use the timeout based mechanism to discover members with no longer interests in the groups since there is no leave process e IGMP Version 2 IGMP messages such as leave group and specific group query are added for the explicit leave process This process greatly reduces the leave latency compared to IGMP version 1 Unwanted and unnecessary traffic can be constrained much faster e IGMP Version 3 The source filtering is supported That is hosts now can join a group with specifying including excluding a set of sources allowing supporting the source specific multi cast SSM It also increases the multicast address capability and enhances the se curity from unknown multicast sources 349 CLI Management Guide TigerAccess EE 9 1 1 1 Clearing IGMP Entry To clear IGMP entries use the following command ee ee clear ip omg ip clear ipigmp Deletes all IGMP entries Deletes the IGMP entries learned from a specified clear ip igmp interface INTER FACE interface INTERFACE interface name Deletes IGMP entries in a specified IGMP group all IGMP group A B C D IG
182. agement in that it provides some basic management functions at Layer 2 rather than using Layer 3 and above as required by SNMP over an IP infrastructure OAM provides single hop functionality in that it works only between two directly connected Ethernet stations SNMP can be used to manage the OAM interactions of one Ethernet station with another 7 2 1 OAM Loopback For OAM loopback function both the switch and the host should support OAM function OAM loopback function enables Loopback function from the user s device to the host which connected to the user s device and operates it To enable disable local OAM function use the following command e me ees oam local admin enable PORTS ges Enables local OAM ridge oam local admin disable PORTS Disables local OAM To configure loopback function of the host connected to the switch use the following command e me See oam remote loopback enable Enables loopback function of peer device PORTS oam remote loopback start PORTS Operates loopback oam remote loopback disable i i i SORTS Bridge Disables loopback function of peer device SMC7824M VSW 149 CLI 150 7 2 2 7 2 3 7 2 4 Management Guide TigerAccess EE Local OAM Mode To configure Local OAM use the oo command oam local mode active Bridge Configures the mode of local OAM passive PORTS Both request and loopback are possible for local OAM active However request or loop
183. ain lotp no snmp alarm severity erp domain multi rm Global Deletes configured severity of an alarm for ERP no snmp alarm severity erp domain reach fail no snmp alarm severity erp domain ulotp 7 1 9 7 STP Guard Alarm Severity To set severity of an alarm for STP guard use the following command e e Se snmp alarm severity stp bpdu guard critical major minor Sets severity of an alarm for BPDU guard disabled warning intermediate snmp alarm severity stp root guard critical major minor Sets severity of an alarm for root guard disabled warning intermediate SMC7824M VSW 147 CLI 148 7 1 9 8 7 1 10 7 1 11 Management Guide TigerAccess EE To delete configured severity of alarm for STP guard use the following command e me ee no snmp alarm severity stp bpdu guard Deletes configured severity of an alarm for STP guard no snmp A stp A uard Displaying SNMP Alarm Severity To display configured severity of alarm use the following command e mae Enable show snmp alarm severity Global Shows configured severity of alarm Bridge Displaying SNMP Configuration To display all configurations of SNMP use the following command e mae Enable Global Shows all configurations of SNMP Bridge To deletes a recorded alarm in the system use the following command mm mas pon snmp clear alarm history Global Deletes a recorded alarm in the system
184. al major minor warning intermediate snmp alarm severity power fail critical major minor warning intermediate snmp alarm severity power remove critical major minor warning intermediate snmp alarm severity rmon alarm rising criti cal major minor warning intermediate Description Sets severity of an alarm for system fan failure Sets severity of an alarm for system cold restart Sets severity of an alarm for too much broadcast Sets severity of an alarm for CPU load high Sets severity of an alarm for no more IP address left in the DHCP pool Sets severity of an alarm for illegal DHCP entry Sets severity of an alarm for system fan removed Sets severity of an alarm for IP address conflict Sets severity of an alarm for system memory usage high Sets severity of an alarm for MAC flood guard block Sets severity of an alarm for Ethernet port link down Sets severity of an alarm for Ethernet port removed Sets severity of an alarm for port thread over Sets severity of an alarm for system power failure Sets severity of an alarm for system power removed Sets severity of an alarm for RMON alarm rising SMC7824M VSW Management Guide CLI TigerAccess EE ana e ee snmp alarm severity rmon alarm falling criti Sets severity of an alarm for RMON cal major minor warning intermediate alarm falling snmp alarm severity sy
185. ame owner NAME RMON max 32 characters Object of Sample Inquiry To assign object used for sample inquiry use the following command a Y mn sample variable M B OBJECT RMON Assigns MIB object used for sample inquiry Absolute and Delta Comparison There are two ways to compare with the threshold absolute comparison and delta com parison e Absolute Comparison Comparing sample data with the threshold at configured interval if the data is more than the threshold or less than it alarm is occurred e Delta Comparison Comparing difference between current data and the latest data with the threshold if the data is more than the threshold or less than it alarm is occurred SMC7824M VSW Management Guide TigerAccess EE 7 4 2 4 7 4 2 5 SMC7824M VSW CLI To compare object selected as sample with the threshold use the following command e a See sample type absolute RMON Compares object with the threshold directly To configure delta comparison use the following command Compares difference between current data and the sample type delta RMON latest data with the threshold Upper Bound of Threshold If you need to occur alarm when object used for sample inquiry is more than upper bound of threshold you have to configure the upper bound of threshold To configure upper bound of threshold use the following command n See oe Configures upper bound of threshold rising threshold VALUE
186. an be from 1 to 10 000 000 Kbits This bandwidth is only valid for routing information implement and it does not concern any physical bandwidth To delete a configured bandwidth use the following command n mn Deletes configured bandwidth of interface enter the no bandwidth BANDWIDTH Interface value Maximum Transmission Unit MTU Maximum value for the length of the data payload can be transmitted You can set a maximum transmission unit MTU with below command na m See mtu lt 68 1500 gt Sets a MTU size Interface Returns to the default MTU size 347 CLI 348 Management Guide TigerAccess EE IP Multicast IP communication provides three types of packet transmission unicast broadcast and multicast Unicast is the communication for a single source host to a single destination host This is still the most common transmission form in the IP network Broadcast is the communication for a single source host to all destination hosts on a network segment This transmission is also widely used especially by network protocols but it sometimes may not be efficient for those hosts in the subnet who are not participating in the broad cast Multicast is the communication for a single or many source hosts to a specific group of destination hosts which is interested in the information from the sources This type of packet transmission can be deployed for a number of applications with more efficient utili zation of
187. anizationally unique identifier OUI when configuring a DHCP helper address The OUI is a 24 bit number assigned to a company or organization for use in various network hardware products which is a first 24 bits of a MAC address If an OUI is specified a DHCP relay agent will forward DHCP_DISCOVER message to a spe cific DHCP server according to a specified OUI To specify a DHCP helper address with an OUI use the following command e me ee Specifies a DHCP helper address with an OUI More than one address is possible XX XX XX OUI first 24 bits of a MAC address in the Interface form of hexadecimal A B C D DHCP server address no ip dhcp oui XX XX XX 8 Deletes a specified DHCP helper address helper address A DC OD Smart Relay Agent Forwarding ip dhcp oui XX XX XX helper address A B C D Normally a DHCP relay agent forwards DHCP_DISCOVER message to a DHCP server only with a primary IP address on an interface even if there is more than one IP address on the interface If the smart relay agent forwarding is enabled a DHCP relay agent will retry sending DHCP_DISCOVER message with a secondary IP address in case of no response from the DHCP server To enable the smart relay agent forwarding use the following command a en no ip dhcp smart relay ip dhcp smart relay Enables a smart relay nop dhcp smartrelay 1 7 Disables a smart relay DHCP Server ID Option In case that more than two DHCP servers a
188. ant to receive the traffic To configure a specified port as a multicast source trust port use the following command comment wate anton ip multicast source trust port 8 l Specifies multicast source trust ports PORTS Global no ip multicast source trust port i BORIC Deletes the configured multicast source trust ports SMC7824M VSW Management Guide TigerAccess EE 10 10 1 gt gt SMC7824M VSW CLI System Software Upgrade General Upgrade For the system enhancement and stability new system software may be released Using this software the switch can be upgraded without any hardware change You can simply upgrade your system software with the provided upgrade functionality via the CLI The switch supports the dual system software functionality which you can select applica ble system software stored in the system according to various reasons such as the sys tem compatibility or stability To upgrade the system software of the switch use the following command n See Upgrades the system software of the switch via FTP or CO ft tft os download py ftp tftp o os1 os2 os1 os2 the area where the system software is stored To upgrade the system software FTP or TF TP server must be set up first Using the copy command the system will download the new system software from the server To reflect the downloaded system software the system must restart using the reload command For m
189. are permitted When IP source guard is enabled in IP and MAC filtering mode the DHCP snooping option 82 must be enabled to ensure that the DHCP protocol works properly Without option 82 data the switch cannot locate the client host port to forward the DHCP server reply Instead the DHCP server reply is dropped and the client cannot obtain an IP address Enabling IP Source Guard After configuring DHCP snooping configure the IP source guard using the provided com mand When IP source guard is enabled with this option IP traffic is filtered based on the source IP address The switch forwards IP traffic when the source IP address matches an entry in the DHCP snooping binding database or a binding in the IP source binding table To enable IP source guard DHCP snooping needs to be enabled To enable IP source guard with a source IP address filtering on a port use the following command Enables IP source PS A with a source IP address ip dhcp verify source PORTS Global filtering on a port no ip dhcp no ip dhcp verify source PORTS source no ip dhcp verify source PORTS Disables IP source guard IP source Disables IP source guard To enable IP source guard with a source IP address and MAC address filtering on a port use the following command ip dhcp verify source port A ee IP source guard with a source IP address and security PORTS MAC address filtering on a port Global no i oe verify source port i is S E Dest
190. ase note that you must input one space between the command and question mark SWITCH write memory Write to NV memory terminal Write to terminal SWITCH write SMC7824M VSW 33 CLI 34 3 3 2 Management Guide TigerAccess EE The switch also provides the simple instruction of calling the help string with the help command You can see the instruction using the command regardless of the configuration mode To display the instruction of calling the help string for using CLI use the following com mand SO AAA Shows the instruction of calling the help string for using Calling Command History In case of installed command shell you do not have to enter the command you entered before When you need to reuse the commands you did use this arrow key lt f gt When you press the arrow key the commands will be displayed in the latest order The following is an example of calling command history after using several commands After using these commands in order show clock configure terminal interface 7 exit press the arrow key lt f gt and then you will see the commands from latest one exit interface 7 configure terminal show clock SWITCH config exit SWITCH show clock M n 5 Ja 1970 233502 1 2 0000 SWITCH configure terminal SWITCH config interface 1 SWITCH config if exit SWITCH config exit SWITCH press the arrow key 7 SWITCH exit press the arrow key 1 SWI
191. ass ID of DHCP option 77 per oba port PORT class id CLASS ID port SMC7824M VSW Management Guide TigerAccess EE 8 6 7 13 8 6 8 SMC7824M VSW CLI To configure the policy of DHCP option 77 on a specified port use the following command e me See Configures the policy of DHCP option 77 field for the DHCP Request packet default replace ip dhcp snooping user class id uns replace forwards DHCP packets with user class ID port replace keep according to DHCP option 77 field format keep forwards DHCP packets without any user class ID To delete the configured user class ID of DHCP option 77 field use the following com mand no ip dhcp snooping user class Deletes a configured user class ID of a port id port PORT class id CLASS D no ip dhcp snooping user class Deletes all configured user class IDs of a port id port PORT all Displaying DHCP Snooping Configuration To display DHCP snooping table use the following command a m See show ip dhcp snooping Enable Shows DHCP snooping configuration show ip dhcp snooping binding Global Shows DHCP snooping binding entries IP Source Guard IP source guard is similar to DHCP snooping This function is used on DHCP snooping untrusted Layer 2 port Basically except for DHCP packets that are allowed by DHCP snooping process all IP traffic comes into a port is blocked If an authorized IP address from the DHCP server is assigned to a DHCP clie
192. assification To classify packets by a specific admin flow for the switch you need to open Admin Flow Configuration mode first To open Admin Flow Configuration mode use the following command e e een Creates an admin flow and opens Admin Flow Configu flow admin NAME create Global ration mode NAME admin flow name After opening Admin Flow Configuration mode the prompt changes from SWITCH config to SWITCH config admin flow NAME To delete configured admin flow or all admin flows use the following command nan e es no flow admin NAME Deletes specified admin flow Global no flow admin all Deletes all admin flows After opening Admin Flow Configuration mode a flow can be configured by user The packet classification can be configured for each admin flow e The admin flow name must be unique lts size is limited to 32 significant characters e The admin flow name cannot start with the alphabet a or A e The order in which the following configuration commands are entered is arbitrary e The configuration of a flow being configured can be changed as often as wanted until the apply command is entered e Use the show flow profile admin command to display the configuration entered up to now SMC7824M VSW Management Guide TigerAccess EE 7 6 6 2 A SMC7824M VSW CLI Configuring Admin Flow You can classify the packets according to IP address ICMP TCP UDP and IP header length
193. atabase agent To request snooping binding entries from a DHCP snooping database agent use the fol lowing command e e en Requests snooping binding entries from a DHCP ip dhcp snooping database re new A B C D Global snooping database agent A B C D DHCP snooping database agent address The DHCP snooping database agent should be TFTP server DHCP Snooping Filtering If there are incoming packets to a port of switch enabled with DHCP snooping it refers to DHCP snooping binding table and filters these packets whether their information is regis tered in the table or not DHCP snooping filtering function supports three modes that are classified into filter bypass and permit Filter mode permits the registered packets only according to DHCP snooping binding table Both permit and bypass mode permits all packets irrespective of DHCP snooping binding table Both modes are written the filter en tries but they do not filter packets Permit mode uses a filter delay timer to be changed to filter mode Otherwise bypass mode uses a filter delay counter DHCP snooping filter mode is not available in the system that is enabled with IP source guard function To select one of DHCP snooping filter modes use the following command SCC ip dhcp snooping filter mode Selects DHCP snooping filter mode and specifies an PORTS permit bypass filter action by DHCP snooping binding table Global no ip dhcp snooping filter mode ae S
194. ation e DHCP Subnet e Range of IP Address e Default Gateway IP Lease Time s DNS Server e Manual Binding e Domain Name e DHCP Server Option e Static Mapping e Recognition of DHCP Client e IP Address Validation e Authorized ARP e Prohibition of 1 N IP Address Assignment e Ignoring BOOTP Request e DHCP Packet Statistics e Setting DHCP Pool Size e Displaying DHCP Pool Configuration To activate deactivate the DHCP function in the system use the following command e e See Activates the DHCP function in the system noservicedhop Deactivates the DHCP function in the system no service dhcp Before configuring DHCP server or relay you need to use the service dhcp command first to activate the DHCP function in the system 303 CLI 304 8 6 1 1 8 6 1 2 8 6 1 3 Management Guide TigerAccess EE DHCP Pool Creation The DHCP pool is a group of IP addresses that will be assigned to DHCP clients by DHCP server You can create various DHCP pools that can be configured with a different network default gateway and range of IP addresses This allows the network administra tors to effectively handle multiple DHCP environments To create a DHCP pool use the following command e See Creates a DHCP pool and opens DHCP Pool Configu ip dhcp pool POOL Global ration mode no ip dhcp pool POOL Deletes a created DHCP pool The following is an example of creating the DHCP pool as sample
195. ays correct and there won t be any subsequent time jumps after the initial correction Unlike NTP SNTP usually uses just one Ethernet Time Server to calculate the time and then it jumps the system time to the calculated time It can however have back up Ethernet Time Servers in case one is not available To configure the switch in SNTP use the following command e e re Specifies the IP address of the SNTP server lt is pos sntp SERVER1 SERVER 2 sible up to three number of servers SERVER3 SERVER server ID address Global no sntp SERVER1 SERVER 2 Disables specific SNTP server A Disables SNTP function SNTP function SMC7824M VSW Management Guide TigerAccess EE 6 1 6 6 1 7 SMC7824M VSW CLI You can configure up to 3 servers so that you use second and third servers as backup use in case the first server is down To display SNTP configuration use the following command n mn Enable Global Show SNTP configuration Bridge The following is to register SNTP server as 203 255 112 96 and enable it SWITCH config sntp 203 255 112 96 SWITCH config show sntp sntpd is running Time Servers Tst 2034 Zoo E SWITCH config Terminal Configuration By default the switch is configured to display 24 lines composed by 80 characters on console terminal You can change the number of displayed lines by using the command terminal length The maximum line
196. back is impossible for local OAM passive OAM Unidirection When RX is impossible in local OAM it is possible to send the information by using TX To enable disable the function use the Bee command oam local unidirection enable Sends the information by using TX PORTS Bridge oam unidirection disable Beste teat te maton y ug TX to transmit the information Beste teat te maton y ug TX using TX Remote OAM To configure remote OAM use the following command SCC oam remote oam admin lt 1 2 gt f Enables disable remote OAM enable disable PORTS Bridge oam remote oam mode lt 1 2 gt l l Selects remote OAM mode active passive PORTS To display the information of peer host using OAM function use the following command e e re oam remote alarm optical lt 1 3 gt lt 0 65535 gt PORTS oam remote alarm temperature lt 0 255 gt PORTS oam remote alarm voltage min Brid Shows the information of peer host using OAM func ridge max lt 0 65535 gt PORTS tion oam remote electrical mode full half PORTS oam remote general autoneg lt 1 4 gt enable disable PORTS SMC7824M VSW Management Guide CLI TigerAccess EE a m See oam remote general forwarding lt 3 4 gt enable disable PORTS oam remote general speed lt 1 4 gt lt 0 4294967295 gt PORTS oam remote general user lt 1 4 gt STRING PORTS oam remote system interface Shows the information of peer host
197. be automatically configured in Slave Although it is configured before stacking Masters con figuration will be configured in Slave by finding any difference However you have to save the configuration of Slave with using write memory Unless you do it the configuration will be deleted and the above procedure will be repeated With enabled stacking config profile of Master will be configured in Slave Apply Profile to port Use the following command se e See line config profile NAME add SC Applies Profile to specified port ridge PORTS S NAME line config profile name The following is an example of applying profile named TEST to port 1 SWITCH bridge line config profile TEST add 1 SWITCH bridge 97 CLI 98 9 3 4 2 Management Guide TigerAccess EE To disable the application of profile in specified port use the following command e me see line config profile NAME del i EM D Bridge Disables profile in specified port PORTS To delete configured profile use the following command e e ees no line config profile NAME Deletes Profile Alarm config profile Alarm config profile is a configured policy which Alarm service is provided to clients with using SNMP trap in case of system error It is convenient way because it is possible to configure standard of error checking which varies according to service type in each port Alarm config profile consists of Threshold of error which
198. be enabled on specific port to apply WRED profile to port To enable WRED function and apply it to a port use the following command e e es Enables WRED function on port qos wred enable PORTS PORTS port number Global qos wred bind PORTS allan Applies WRED profile to ports allan 3 gt 0 3 WRED profile number To disable WRED function use the GE command E WRED function qos wred disable PORTS Global PORTS port number SMC7824M VSW Management Guide TigerAccess EE 1 1 SMC7824M VSW CLI NetBIOS Filtering NetBIOS Network Basic Input Output System is a program that allows applications on different computers to communicate within a local area network LAN NetBIOS is used in Ethernet included as part of NetBIOS Extended User Interface NetBEUI Resource and information in the same network can be shared with this protocol But the more computers are used recently the more strong security is required To secure individual customer s information and prevent information leakages in the LAN environ men the switch provides NetBIOS filtering function Without NetBIOS filtering customer s data may be opened to each other even though the data should be kept To keep customer s information and prevent sharing information in the above case NetBIOS filtering is necessary LAN environment for Internet Service Es mp ees 86 Shared Needs to prevent sharing information between cu
199. ble remark by queue Uses a Queue based L2 table remark dscp cos remark dscp cos Policer Enables the remarking configuration by external CoS _ the Enables the remarking configuration by external CoS configuration by external CoS remake Enables the remarking configuration by traffic class remark queue queue To disable the remarking function according to its different parameter use the following command Y See no remark by dscp no remark by queue a Disables a configured remarking function by different olicer no remark dscp cos parameter no remark queue In this switch L3 table has a higher priority than L2 table in Traffic Policing based CoS Remarking status L2 table has a lower priority than L3 all the time except when user does not select L3 table It follows the configuration of L3 table when both L3 and L2 ta bles are selected by user If the remarking function is enabled in this switch it performs according to the policy of Traffic Policing based CoS Remarking To remark the colored packets with CoS parameters use the following command ana momen qos remark color green yellow red dscp lt 0 63 gt cos lt 0 7 gt Global qos remark color green yellow red dscp lt 0 63 gt dp lt 0 2 gt Remarks CoS parameters according qos remark color green yellow red dscp to DSCP value and metering configu lt 0 63 gt dscp lt 0 63 gt ration on system 0 63 DSCP fie
200. c E vette ot 62 4 5 2 1 Enabling 802 1x Re AuthenticatiON cccoocccconcccoccnconcnonncnnonanononcnconcnconcnnnnoos 62 4 5 2 2 Interval of HRe Autbentcaton 63 4 5 2 3 Interval of Requesting HRe Autbhentcaton 63 4 5 2 4 802 1xX Re Authentication ccooccccoonccconoccocncononcnnonocnannonannnonnconannnnanononons 63 4 5 3 Initializing Authentication Status oooocccccconccnccnoncnononcnnnnonnnncnnanonnononcnnnnns 64 SMC7824M VSW 5 CLI Management Guide TigerAccess EE 4 5 4 Restoring Default Value A 64 4 5 5 Displaying 802 1x Configuration cooonccconnnnnccnoncncononcnnononnnonnanonconanencnnnnons 64 4 5 6 802 1x User Authentication Statistics ccccccccccccsscecsseeeseeeeseeeeeseeeeeaes 64 4 5 7 Sample TEE ee 65 9 Port COMMOUN ATOR EEN 67 Beleg SE 67 5 2 Ethernet Port Configuration cccccccccseceseeeceeeeeeeeseeeseeeeseeesaeeeseeees 67 9241 Enabling Eternel e EE 67 5 22 AMO NOOO EE 67 A A A A A a re ee Re ne 68 OZ A O 69 D220 FIOW at EE 70 02 0 PO DESCHPUON ud da o 70 A AS A A 71 5 2 1 SA n cea le Ae ees ane 71 D202 SA en 72 EC o E 73 520 POR IAO MON ss coast 74 g9 MDL POr ele el EE 75 5 3 1 Modulation of VDSL Gonal 75 Sunat DMT Mou alo air oia 75 5 3 2 Configuring VDSL Rot 76 53 21 Displaying Status of VDSL Portu a see ene Ae 77 S 3 2 2 ENaDINO VDSL EE 77 S323 ett VO SL PO AA A 78 5 3 2 4 Controlling Power according to Connection Distance
201. can include only one either Flow or Class However a single flow or class can belong to mul tiple policies Otherwise only one policer can belong to one policy The switch supports approximately 1000 rules which are actually running in the system as many as policies SMC7824M VSW Management Guide TigerAccess EE 7 6 2 7 6 2 1 7 6 2 2 SMC7824M VSW CLI Packet Classification Packet classification features allow traffic to be partitioned into multiple priority levels or classes of service In Flow Configuration mode you can set packet classification criteria via flow which is with unique name If you specify the value of parameters this switch classifies the packets corresponding to the parameters Flow Creation The packet classification involves a traffic descriptor to categorize a packet within a spe cific flow for QoS handling in the network You need to open Flow Configuration mode first to classify the packets To open Flow Configuration mode use the following command e me See Creates a flow and opens Flow Configuration mode flow NAME create Global NAME flow name After opening Flow Configuration mode the prompt changes from SWITCH config to SWITCH config flow NAME To delete configured Flow or all Flows use the following command na e en no flow NAME Deletes specified flow Global Deletes all flows After opening Flow Configuration mode a flow can be configured by user The p
202. can be capable to accept is from 64 bytes to 1518 bytes Therefore packets not between these ranges will not be taken However the switch can accept jumbo frame larger than 1518 bytes through user s configuration To enable the jumbo frame capacity use the following command e e een jumbo frame enable Configures to accept jumbo frame up to 9188 bytes To disable the jumbo frame capacity use the following command IN em jumbo frame disable Disables configuration to accept jumbo frame default To display the configuration of jumbo frame use the following command e mae Enable show jumbo frame Global Shows a configuration of jumbo frame Bridge SMC7824M VSW Management Guide TigerAccess EE 8 12 8 13 SMC7824M VSW CLI The following is an example of enabling the jumbo frame capacity SWITCH bridge jumbo frame enable SWITCH bridge show jumbo frame Name Current Default portgl 91887 1518 port02 9188 1518 porto03 9188 1518 port04 9188 1518 portos 9188 1518 EE EE 9188 1518 port07 9188 1518 port08 91887 1518 port09 9188 1518 port10 9188 1518 SEET SWITCH bridge Bandwidth Routing protocol uses bandwidth information to measure routing distance value To con figure bandwidth of interface use the following command e me See Configures bandwidth of interface enter the value of bandwidth BANDWIDTH Interface bandwidth The bandwidth c
203. cast flood ing by forwarding the normally broadcasted DHCP response only on the circuit indicated in the circuit ID DHCP Address Exhaustion In general a DHCP server may be extended to maintain a DHCP lease database with an IP address hardware address and remote ID The DHCP server should implement poli cies that restrict the number of IP addresses to be assigned to a single remote ID Static Assignment A DHCP server may use the remote ID to select the IP address to be assigned It may permit static assignment of IP addresses to particular remote IDs and disallow an ad dress request from an unauthorized remote ID IP Spoofing A DHCP client may associate the IP address assigned by a DHCP server in a forwarded DHCP_ACK message with the circuit to which it was forwarded The circuit access device may prevent forwarding of IP packets with source IP addresses other than those it has associated with the receiving circuit This prevents simple IP spoofing attacks on the cen tral LAN and IP spoofing of other hosts MAC Address Spoofing By associating a MAC address with a remote ID a DHCP server can prevent offering an IP address to an attacker spoofing the same MAC address on a different remote ID Client Identifier Spoofing By using the agent supplied remote ID option the untrusted and as yet unstandardized client identifier field need not be used by the DHCP server SMC7824M VSW Management Guide CLI TigerAccess EE F
204. ch gt SWITCH A config show stack device default node ID 1 node MAC address status type name porte 1 O02 gtt cb Here HIEL ren active SWITCH 26 2 DE EE 200311 active SWITCH 26 SWITCH A config lt Switch B Slave Switch gt SWITCH B config show stack device default node ID 2 SWITCH B config Sample Configuration 2 Accessing from Master Switch to Slave Switch The following is an example of accessing to Slave switch from Master switch configured in Sample Configuration 1 If you show the configuration of Slave switch in Sample Con figuration 1 you can recognize node number is 2 SWITCH bridge rcommand 2 E GR EE Sie do Connected to 127 1 0 1 Escape character is SWITCH login admin Password SWITCH 341 CLI Management Guide TigerAccess EE To disconnect input as the below SWITCH exit Connection closed by foreign host SWITCH bridge 8 8 Rate Limit User can customize port bandwidth according to user s environment By this configuration you can prevent a certain port to monopolize whole bandwidth so that all ports can use bandwidth equally Egress and ingress can be configured both to be same and to be dif ferent The switch can apply the rate limit with 64 Kbps unit for GE port and support ingress po licing and egress shaping To set a port bandwidth use the following command e e Se Sets port bandwidth If you input egress or ingress you rate POR
205. cting packet you should disable the loop detection first using the loop detect disable command To display a current configuration of the loop detection use the following command ma ra n show loop detect Enable Shows the brief information of the loop detection Global Shows a current configuration of the loop detection per show loop detect all PORTS E Bridge port The loop detection cannot operate with LACP 301 CLI 302 8 6 Management Guide TigerAccess EE Dynamic Host Configuration Protocol DHCP Dynamic Host Configuration Protocol DHCP is a TCP IP standard for simplifying the administrative management of IP address configuration by automating address configura tion for network clients The DHCP standard provides for the use of DHCP servers as a way to manage dynamic allocation of IP addresses and other relevant configuration de tails to DHCP enabled clients on the network Every device on a TCP IP network must have a unique IP address in order to access the network and its resources The IP address together with its relevant subnet mask identi fies both the host computer and the subnet to which it is attached When you move a computer to a different subnet the IP address must be changed DHCP allows you to dy namically assign an IP address to a client from a DHCP server IP address database on the local network The DHCP provides the following benefits Saving Cost Numerous users can access th
206. ction log buffer logs lt 0 1024 gt interval lt 0 86400 gt 0 1024 the number of syslog messages per specified interval default 5 0 86400 interval value in second default 1 sec 219 CLI 220 7 12 3 6 7 12 4 Management Guide TigerAccess EE To delete the configured options of log buffer function use the following command a a mn no ip arp inspection log buffer Global Deletes the configured options of log buffer function entries logs To display the configured log buffer function and entries information use the following command e mae Enable show ip arp inspection log Global Displays the configured log buffer function Bridge To clear all of collected entries in the list use the following command e See Enable clear ip arp inspection log Global Clears all of collected entires in the log buffer list Bridge Displaying ARP Inspection To display a status of the ARP inspection use the following command ICI E OO o show ip arp inspection vlan Enable Shows a status of the ARP inspection VLANS Global show ip arp inspection statistics SS l l Bridge Shows collected statistics of the ARP inspection vlan VLANS To clear collected statistics of the ARP inspection use the following command e e re Enable clear ip arp inspection statistics vlan VLANS Global Clears collected statistics of the ARP inspection Bridge Gratuitous ARP G
207. ction sets the time before ARP inspection starts to run Before setting this ARP inspection should be enabled ARP inspection checks validity of incoming ARP packets by using DHCP snooping binding table and denies the ARP packets if they are not identified in the table However this switch may be rebooted with any reason then DHCP snooping bindinge enries which are dynamically learned from ARP packets back and forth switch would be lost Thus ARP inspection should be delayed to start during some time so that DHCP snooping table can build entries If no time given ARP inspection sees empty snooping table and drop every ARP packet To specify the ARP inspection delay time use the following command e e een l l l Configures the ARP inspection delay time If reboot ip dhcp snooping arp inspection start lt 1 2147483637 gt ARP inspection resumes after the time you configure Global 1 2147483637 delay time unit second no ip dhcp snooping arp i Delete the configured ARP inspection delay time inspection start SMC7824M VSW Management Guide TigerAccess EE 8 6 7 10 8 6 7 11 SMC7824M VSW CLI DHCP Snooping with Option82 In case of L2 environment when forwarding DHCP messages to a DHCP server a DHCP switch can insert or remove DHCP option82 data on the DHCP messages from the clients In case of a switch is enabled with DHCP snooping it floods DHCP packets with DHCP option82 field when the DHCP
208. d 0 as default To display a configured INP use the following command e e see Enable show Ire inp PORTS Global Shows the configured INP in VDSL line Bridge Trellis Coded Modulation TCM The trellis coded modulation TCM is a modulation scheme which allows highly efficient transmission of information over band limited channels such as telephone lines SMC7824M VSW Management Guide TigerAccess EE 9 3 2 10 A SMC7824M VSW CLI To enable disable TCM of VDSL line port use the following command ees e See Ire PORTS tem enable disable Configures TCM default enable To display configured TCM use the following command mana e en show Ire tem PORTS Enable Global Bridge Shows the configured TCM Ham band The bandwidth that VDSL port of switch includes Ham band lt causes interruption in VDSL line To prevent this interruption you can configure not to use Ham band in band width To disable specified Ham band for a port use the following command mane a ee Ire PORTS ham band band1 band2 band band4 band5 band6 band7 band band9 band10 band11 band12 band13 i Disables specified Ham band band14 band15 band16 band17 band18 band19 band20 band21 If you configure Ham band at VDSL port it is applied to all ports To enable Ham band of a port use the SE command no Ire PORTS ham band all Bridge Enables disabled Ham band
209. d m admin 151 0 0 0 2 1428 544 S Jan01 0 00 sbin klogd c 1 SMC7824M VSW Management Guide TigerAccess EE 6 3 10 6 3 11 6 3 12 6 3 13 SMC7824M VSW CLI admin 103 2 E Sech 20552 SL0Q S 20 12 0 53 usr sbin swchd Omitted SWITCH Displaying System Image To display a current system image version use the following command es e n Enable Global Bridge Shows a version of system image To display a size of the current system image use the following command men IS show os size Enable Global Bridge Shows size of system image Displaying Installed OS To display the current usage of the system flash memory use the followng command e e en Shows the current usage of the system Enable Global Bridge flash memory Default OS The switch supports the dual OS feature You can verify the running OS in the flash memory with the show flash command When two system OSs are installed you can set one of those as the default OS To set the default OS of the system use the following command e e en default os os1 os2 Sets the default OS of the system default os1 Switch Status To display the temperature of switch power status fan and external alarm status use the following command nn erem Enable Global Bridge show status temp show status connector show external alarm 133 CLI 134 6 3 14 6 3 15 Management Guide TigerAccess
210. d IP AddresSS occoocccncconccnconnconecanconcanccannones 36 dE System CONNECCION sita iaa 36 4 1 1 Connecting to the Console bot 36 EE EE 36 4 1 3 Password for Privileged EXEC Enable Mode nnnnnnnnnnnnnnnennensnnnnnnnnnennne 37 4 1 4 Changing Login PaSSword its idos 38 4 1 5 Login Password Recovery Process 39 4 1 6 Management for System Account 40 416 1 Creating SYSTEM Een EE 40 ef Secuela e ao ro Aa ee 40 4 1 7 Limiting Number of Ueers E 43 AO AUTO LODO ais 44 Ble o AM 44 4 1 10 System FREDOOUIAG EE 45 4 1 10 1 Manual System Reboo0tiNg cccoooccccccoconococnncocononoconcnononnnconanonononcnnonanenoss 45 4 SMC7824M VSW Management Guide CLI TigerAccess EE 4 1 10 2 Auto System ReEDOOTING A 46 42 EENHEETEN 47 4 210 AUMentication Method cites eee eee ote cai eae eles eee 47 4 2 2 Authentication Interface ccconcccconnccccnnnccconocononononocononnncnnnnonanononannonanones 47 4 2 3 Primary Authentication Method 47 42 4 RADIUS SV o e e e LoS 48 4 2 4 1 RADIUS Server for System Authentication ccccccceeseeeeeeeeeeeeseeeeeeseeeeeens 48 424A 2 RADIUS Server Pron EE 48 4 2 4 3 Timeout of Authentication Request ccccccecccceececeeeceeeeeeeceeeeseeeesaeeeeseeeeeees 48 4 2 4 4 Frequency of HRetransmm 48 M20 TAGACGOE SOU tai 49 4 2 5 1 TACACS Server for System Authentcaton 49 4202 TACACS Server Priority caia 49 4 2 5 3 Timeout of Authentication Request
211. d in bytes of IP packets per second PIR must be equal to or greater than CIR PBS and CBS are the maximum size for each token bucket P and C measured in bytes Both of them must be configured with the values equal to or greater than the size of the largest possible IP packet in the stream The token buckets P and C are initially full When a packet arrives if the tokens in the bucket P are smaller than the size of that packet the packet is marked red Else if the to kens in the bucket C are smaller than the size of that packet those are decremented by the size of that packet with the yellow color marking Else if the tokens in the bucket C are larger than the size of that packet those of both bucket P and C are decremented by the size of that packet with the green color marking Note that in the trTCM algorithm when a packet arrives the availability of tokens in the token bucket P is checked first contrary to the srTCM the order of color marking is red yellow green SMC7824M VSW Management Guide TigerAccess EE CLI The following figures show the behavior of the trTCM Tokens are regenerated based on PIR faster than CIR Y Bucket P oy a Tokens in both buckets are decremented by the size of the packet Fig 7 7 Tokens are regenerated based on PIR faster than CIR y Jaen P y PBS L Er gt Fig 7 8 Behavior of trTCM 2 SMC7824M VSW d De De Behavior of trTCM 1 Toke
212. d policer use the follow ing command n See Sets the bandwidth for classified packets belonging to rate limit BANDWIDTH Policer eS specified policer unit kbps Rate limiting is able to use a token bucket algorithm of metering If some traffic exceeds the rate limit because of its burst size you can control burst capability of incoming or out going traffic by the token bucket size The largest burst source can send into the network is roughly proportional to the size of the bucket Thus you can reduce the token bucket size manually to decrease the burst size of traffic To configure the size of a token bucket per port or queue of port use the following command e me See Sets the size of a token bucket to specified port by its qos max bucketSize port egress ingress PORTS lt 12 16380 gt direction unit kbps 12 16380 the range of token bucket size in steps of 4 default 16 kbps Global Sets the size of a token bucket to a queue of specified port unit kbps qos max bucketSize port queue 0 7 queue number PORTS queue lt 0 7 gt lt 12 16380 gt 12 16380 the range of token bucket size in steps of 4 default 16 kbps 177 CLI 178 7 6 3 5 7 6 4 7 6 4 1 D Management Guide TigerAccess EE To display configured size of a token bucket use the following command es me Se show qos max bucketSize port Shows the token bucket size of all ports show qos max bucke
213. d to each queue in its round is proportional to the relative weight of the queue among all the queues serviced by that scheduler The queue of number 7 has 3 weights handles the packet length of 768 bytes at once in its round If the queue of number 7 was not able to send all packets in its previous round because its last packet size was too large the remainder of 128 bytes from is added to the packet length for the next round Therefore the queue of number 7 can send the packets up to 896 bytes of length in its next round 199 CLI 200 7 6 9 1 7 6 9 2 7 6 9 3 Management Guide TigerAccess EE Scheduling Mode To select a packet scheduling mode use the following command a ee Selects SP packet scheduling mode for ports or CPU qos scheduling mode sp sp Strict priority queuing PORTS cpu lt 0 7 gt PORTS port numbers 0 7 queue number Global Selects DWRR packet scheduling mode for ports or qos scheduling mode dwrr CPU group0 group1 PORTS cpu dwrr deficit weighted round robin lt 0 7 gt PORTS port number eg 1 2 1 10 0 7 queue number The default scheduling mode is DWRR And it is possible to assign a different scheduling mode to each port Additionally switch assigns DWRR scheduling mode for a group If you select DWRR packet scheduling mode for one port as a group all queues of this port are treated exter nally and internally by DWRR However if you select SP packet scheduling m
214. delay time for all MST instances lt 4 30 gt 4 30 forward delay time value default 15 Sets the forward delay time of PVSTP per VLAN VLANS VLAN ID 1 4094 4 30 forward delay time value default 15 spanning tree vlan VLANS for ward time lt 4 30 gt To delete a configured forward delay time use the following command om Te aer no spanning tree mst forward Returns to the default value of MSTP time Bridge no EE vlan VLANS Returns to the Reunstote geiau value o1 PVSTP per VLAN value of PVSTP eegenen VLAN EE 283 CLI 284 8 3 12 3 8 3 12 4 Management Guide TigerAccess EE Max Age Maximum aging time is the number of seconds a switch waits without receiving spanning tree configuration messages before attempting a reconfiguration To configure the maximum aging time for deleting useless messages use the following command e e re Changes the maximum aging time of route message of MSTP 6 40 maximum aging time value default 20 sec spanning tree mst max age lt 6 40 gt Changes the maximum aging time of route message of spanning tree vlan VLANS max PVSTP per specified VLAN age lt 6 40 gt VLANS VLAN ID 1 4094 6 40 maximum aging time value default 20 sec We recommend that the maximum aging time is set less than twice of forward delay time and more than twice of hello time To delete a configured maximum aging time use the following command men E II Retur
215. dentify subject using various data from event To identify subject of RMON event use the following command e e Se Identifies subject of event You can use maximum 126 owner NAME RMON characters and this subject should be same with the subject of RMON event Event Type When RMON event is happened you need to configure event type to arrange where to send event To configure event type use the following command mr een i Configures event type as log type Event of log type is e lo Mee sent to the place where the log file is made RMON Configures event type as trap type Event of trap type etm e tra etm H is sent to SNMP administrator and PC aa type log and trap Configures event type as both log type and trap type npenone none Configures none event type Activating RMON Event After finishing all configurations you should activate RMON event To activate RMON event use the following command na e re active RMON Activates RMON event Deleting Configuration of RMON Event Before changing the configuration of RMON event you should delete RMON event of the number and configure it again To delete RMON event use the following command e Y Se no rmon event lt 1 65535 gt Global Delete RMON event of specified number SMC7824M VSW Management Guide TigerAccess EE 7 9 7 5 1 SMC7824M VSW CLI Syslog The syslog is a function that allows the network element to generate t
216. detail NAME show running config admin All Shows all configurations of admin rules flow admin policy 197 CLI 198 7 6 9 Management Guide TigerAccess EE Scheduling Algorithm For the switch it is possible to use Strict Priority Queuing and Deficit Weighted Round Robin for a packet scheduling mode The following sections explain how QoS can be configured e Scheduling Mode e Weight e Maximum and Minimum Bandwidth e Maximum Buffer numbers e Queue Status e Displaying QoS e Weighted Random Early Detection WRED To process incoming packets by the queue scheduler the switch provides the scheduling algorithm as Strict Priority Queuing SP and Deficit Weighted Round Robin DWRR Strict Priority Queuing SP SPQ processes first more important data than the others Since all data are processed by their priority data with high priority can be processed fast but data without low priority might be delayed and piled up This method has a strong point of providing the distin guished service with a simple way However if the packets having higher priority enter the packets having lower priority are not processed The processing order in Strict Priority Queuing in case of entering packets having the Queue numbers as below Lowest priority Output Scheduler highest priority Fig 7 11 Strict Priority Queuing SMC7824M VSW Management Guide TigerAccess EE SMC7824M VS
217. dge restore lt 1 720 gt j 1 720 Wait to restore time in second To return the configured Wait to Restore Time as Default use the EC command no erp domain DOMAIN ID wait Bridge Configures ERP wait to restore time as default value to restore Learning Disable Time To prevent wrong MAC learning due to the remaining packets of buffer a node does not learn MAC addresses during the learning disable time This parameter holds the time in milliseconds during which learning is disabled after FDB flushing and can be configured by the operator The learning is only disabled for the protected VLAN of the domain on the ERP ports To configure a Learning Disable Time use the following command naa m See erp domain DOMAIN ID learning Brid Configures ERP learning disable time ridge disable time lt 0 500 gt R 0 500 learning disabling time unit millisecond 297 CLI 298 8 4 10 8 4 11 Management Guide TigerAccess EE To return the configured learning disable time as default use the following command e See no erp domain DOMAIN ID learn Bridge Configures ERP learning disable time as default value ing disable time Test Packet Interval RM Node periodically sends RM Test Packet message to detect the loop To configure an interval to send Test Packet message of RM node use the following command e e een erp domain DOMAIN ID test Brid Specifies the interval of ERP test packet ridge packe
218. directly outband or through the access network inband It can even connect using a combination of the two for example a cascaded switch connects inband to the cascading switch and then from the cascading switch to the management network through the outband interface The switch also provides the RS232 console interface to simply access the system with a provided RJ45 to DB9 cable This chapter describes a basic instruction for using the command line interface CLI which is used for managing the system e Configuration Mode e Configuration Mode Overview e Useful Tips Configuration Mode You can configure and manage the switch with the CLI via a management network envi ronment or the console interface The CLI provides the following command modes e Privileged EXEC View Mode e Privileged EXEC Enable Mode e Global Configuration Mode e Bridge Configuration Mode e DHCP Pool Configuration Mode e DHCP Option 82 Configuration Mode e Interface Configuration Mode e Rule Configuration Mode e RMON Configuration Mode 25 CLI 26 3 1 1 3 1 2 Management Guide TigerAccess EE Privileged EXEC View Mode When you log in to the switch the CLI will start with Privileged EXEC View mode which is a read only mode In this mode you can see a system configuration and information with several commands Tab 3 1 shows main command of Privileged EXEC View mode Opens Privileged EXEC Enable mode eben Shows a sys
219. display information of error disable recovery function use the following command es e See show errdisable recovery Shows information of error disable recovery function SMC7824M VSW Management Guide CLI TigerAccess EE 8 3 13 Sample Configuration Backup Route When you design layer 2 network you must consider backup route for stable STP net work This is to prevent network corruption when just one additional path exits gt N Switch B lt witch C lt 111 gt Switch A Aggregation Switch witch D Switch E Fig 8 27 Example of Layer 2 Network Design in RSTP Environment In ordinary case data packets go to Root switch A through the blue path The black ar rows describe the routine path to the Aggregation Switch And the dot lines are in blocking state But if there is a broken between Switch A and Switch B the data from PC A should find another route at Switch D Switch D can send the data to Switch C and Switch E Be cause Switch E has shorter hop count than Switch B the data may go through the Switch E and A as the red line And we can assume Switch E is also failed at the same time In this case since Switch D can has the other route to Switch C the network can be stable than just one backup route network SMC7824M VSW 287 CLI 288 MSTP Configuration MST Region 1 Instance 1 VLAN 111 120 Instance 2 VLAN 12
220. displaying is 512 lines To set the number of the lines displaying on terminal screen use the following command e e re Sets the number of the lines displaying on a terminal terminal length lt 0 512 gt Enable screen enter the value no terminal length Restores a default line displaying Login Banner It is possible to set system login and log out banner Administrator can leave a message to other users with this banner To set system login and log out banner use the following command e e See Sets a banner before login the system banner login Global Sets a banner when successfully log in the system banner login fail Sets a banner when failing to login the system 115 CLI 116 6 1 8 Management Guide TigerAccess EE To restore a default banner use the following command men ra pon no no banner login no banner login Global Restores a default banner no no banner login fail no banner login fail To display a current login banner use the following command Command Mode Description Enable show banner Global Shows a current login banner Bridge DNS Server To set a DNS server use the following command Some om dns server A B C D Sets a DNS server Global no dns server A B C D Removes a DNS server To display a configured DNS server use the following command e See Enable Global Shows a configured DNS server Bridge If a specific domain name is
221. domain ERP Domain Name After ERP domain creation you can specify its name To specifiy ERP domain name use the following command ee en name NAME Configures ERP domain name noname Domain Deletes the configured ERP domain name Primary and Secondary Port To configure Primary Port and Secondary port of a specific domain ID use the following command een EE primary port PORT Configures primary port of an ERP domain secondary port PORT port secondary port PORT Domain Configures secondary port of an ERP domain Primary port and secondary port should be different To delete ERP domain ID s primary or secondary port use the following command Keel no primary no primary port RP Deletes primary port of an ERP domain no secondary port Domain Deletes secondary port of an ERP domain Protected VLAN ERP enabled switches within same ring send receive data packets to from each other us ing their protected VLAN To configure a protected VLAN of an ERP domain use the following command e e E no no protected vlan VLAN VLAN ege VLAN Configures a protected VLAN of ERP domain Domain Deletes configured protected VLAN of ERP domain SMC7824M VSW Management Guide TigerAccess EE 8 4 4 4 8 4 4 5 8 4 4 6 SMC7824M VSW CLI Control VLAN RM Node periodically sends RM Test Packet message to detect the loop RM Test packet message can be transmiited by control VLAN only E
222. e TYPE NUM Ethernet type field hex e g 0800 for ethtype 7YPE NUM arp any IPv4 arp address resolution protocol any any Ethertype ignore ip header error Classifies the IP header error Classifies the IP header length ip header length lt 1 15 gt 1 15 IP header length value ip header error command can be used only when specifying a source and destination IP address as a packet classifying pattern SMC7824M VSW 173 CLI 174 7 6 2 3 7 6 2 4 Management Guide TigerAccess EE To delete a specified packet classifying pattern use the following command mn no ip precedence no ethtype Deletes a specified packet classifying pattern for each no mac da not found no ip header length no ip header error Applying and modifying Flow After configuring a flow using the above commands apply it to the system with the follow ing command If you do not apply the flow to the system all specified configurations on Flow Configuration mode will be lost To save and apply a flow use the following command man Te Tengen apply Applies a flow to the system To modify a flow use the following command flow NAME modify Global Modifies a flow enter a flow name You should save and apply the flow to system whenever you modify or configure the flow Class Creation A class is a set of flows More than 2 flows can belong to one class You can simply han dle and configure the packets
223. e TigerAccess EE To configure the number of buffers per each port or queue use the following command e e See Sets the total number of buffers for a port qos max queue length port PORTS port number PORTS lt 16 4080 gt 16 4080 total buffer numbers in increments of 16 de fault 256 Sets the number of buffers for each queue of a port PORTS port number 0 7 queue number qos max queue length port PORTS queue lt 0 7 gt lt 16 4080 gt To display the total number of buffers for a port and queue use the Ge command show oos max queue length Global EE AU the total number of buffers for a port and queue O port PORTS PORTS port number 7 6 9 5 Queue Status To display a current queue status use the following command e e re Enable show queue status cpu Gaba Shows a current queue status oba PORTS lt 0 7 gt 0 7 queue number Bridge 7 6 9 6 Displaying QoS To display the configuration of QoS use the following command na e een Shows the configuration of QoS for all ports show qos PORTS Shows the configuration of QoS per each port 202 SMC7824M VSW Management Guide TigerAccess EE 7 6 9 7 SMC7824M VSW CLI Weighted Random Early Detection WRED The switch supports Weighted Random Early Detection WRED which can selectively discard lower priority traffic when the interface begins to get congested and provide dif ferentiated performance characteristics for d
224. e default 6 dB Son ame Bridge Ire PORTS snr min margin lt 0 Configures minimum SNR margin 31 gt up down 0 31 minimum SNR margin value default 5 dB 89 CLI Management Guide TigerAccess EE To display SNR margin use the following command es e eme show Ire snr PORTS Enable Global Bridge Shows the configuration of SNR margin The following is an example of configuring SNR margin of port 3 as 10dB SWITCH bridge lre 3 snr target margin 10 down SWITCH bridge show lre snr 1 5 Port Status Config SNR Target SNR Minimum ADM OPR Margin Margin UP DOWN UP DOWN 1 Up Down 6 6 oy ae 2 Up Down 6 6 by ZS 3 Up Down 6 10 OY ao 4 Up Down 6 6 Ge 5 Up Down 6 6 oy aap SWITCH bridge 5 3 2 12 Bitloading Per Tone The bitloading per tone command is used to fetch the table that shows bit loading SNR attenuation FEQ fine coeff noise margin and so on To display the table of each parameter in the range of tone use the following command nn Y m Y en show Ire pertoneinfo PORT rx bit ne tx bit ne Enabl Shows the table of each parameter bit nable snr ne noise margin ne atten ne feq ne SR loading SNR FEQ fine coeff noie oba tx pwr ne tx gi ne qln ne coarse feq ne Brid margin and so on in the range of tone ridge lt 0 4095 gt lt 0 4095 gt graph lt 1 4095 gt S 0 4095 start stop tone index To display the table of each parameter in the range of t
225. e port connected to root switch is named root port In the above picture port of SWITCH C con nected to SWITCH A as Root switch is root port There can be only one root port on equipment When root path costs are same bridge ID is compared Designated Port and Root Port A root port is the port in the active topology that provides connectivity from the designated switch toward the root A designated port is a port in the active topology used to forward traffic away from the root onto the link for which this switch is the designated switch That is except root port in each switch the selected port to communicate is a designated port Port Priority Meanwhile when the path cost of two paths are same port priority is compared As the below picture suppose that two switches are connected Since the path costs of two paths are 100 same their port priorities are compared and port with smaller port priority is selected to transmit packet All these functions are automatically performed by BPDU which is the bridge information exchanged between switches to activate or disable a specific port It is also possible to configure BPDU to change a root switch or path manually SMC7824M VSW Management Guide CLI TigerAccess EE Path cost 100 Port priority 7 Port 1 Path 1 l pan 2 Path cost 100 Port priority 8 Port 2 Root path cost of PATH 1 path cost of PATH 2 100 unable to compare PATH 1
226. e IP network with a small amount of IP resources in the environment that most users do not have to access the IP network at the same time all day long This allows the network administrators to save the cost and IP resources Efficient IP Management By deploying DHCP in a network this entire process is automated and centrally managed The DHCP server maintains a pool of IP addresses and leases an address to any DHCP enabled client when it logs on to the network Because the IP addresses are dynamic leased rather than static permanently assigned addresses no longer in use are auto matically returned to the pool for reallocation DHCP Packet J Unicast IP Packet Broadcast DHCP Server or Relay Agent Subnet Der ee ee eege E 8 ep ep ep ep ep ep ep ep ep ea ep o me ZS PC DHCP Client Fig 8 34 DHCP Service Structure SMC7824M VSW Management Guide TigerAccess EE 8 6 1 D SMC7824M VSW CLI The switch flexibly provides the functions as the DHCP server or DHCP relay agent ac cording to your DHCP configuration This chapter contains the following sections e DHCP Server e DHCP Address Allocation with Option 82 e DHCP Lease Database s DHCP Relay Agent e DHCP Option 82 e DHCP Snooping e IP Source Guard e DHCP Client e DHCP Filtering e Debugging DHCP DHCP Server This section describes the following DHCP server related features and configurations e DHCP Pool Cre
227. e are three type of VLAN mode e Promiscuous A promiscuous port can communicate with all interfaces including the isolated and community ports within a PVLAN e Isolated An isolated port has complete Layer 2 separation from the other ports within the same PVLAN but not from the promiscuous ports PVLANs block all traffic to iso lated ports except traffic from promiscuous ports Traffic from isolated port is for warded only to promiscuous ports 243 CLI default Fig 8 5 244 8 1 10 1 Outer Network Management Guide TigerAccess EE e Community Community ports communicate among themselves and with their pro miscuous ports These interfaces are separated at Layer 2 from all other interfaces in other communities or isolated ports within their PVLAN The difference between Private VLAN and Private VLAN edge is that PVLAN edge guar antees security for the ports in a VLAN using protected port and PVLAN guarantees port security by creating sub VLAN with the three types Promiscuous Isolation and Commu nity And because PVLAN edge can work on local switch the isolation between two switches is impossible The switch provides Private VLAN function like Private VLAN edge of Cisco product Be cause it does not create any sub VLAN port security is provided by port isolation If you want to configure Private VLAN on the switch switch refer to Port Isolation configuration Shared VLAN Thi
228. e configured by user Enable copy eee tftp os upload os1 Uploads a file to ftp or FTP server with a name of os1 eee or os2 copy E tftp os download Downloads a file from FTP or TFTP server with a name E acacia 0s2 of os1 or os2 To access FTP to back up the configuration or use the backup file you should know FTP user ID and the password To back up the configuration or use the file through FTP you can recognize the file transmission because hash function is automatically turned on SMC7824M VSW Management Guide CLI TigerAccess EE To delete a system configuration file use the following command e ma See Enable Deletes a specified configuration file erase config FILENAME l ep Global FILENAME configuration file name To display a system configuration file use the following command IC E re show startup config Enable Shows a current startup configuration Global show config list l Shows a list of configuration files Bridge 6 2 5 Restoring Default Configuration To restore a default configuration of the system use the following command e me See restore factory defaults to Restores a factory default configuration Enable restore layer2 defaults Restores an L2 default configuration D After restoring a default configuration you need to restart the system to initiate SMC7824M VSW 125 CLI 126 6 3 6 3 1 Management Guide TigerAccess EE System Management
229. e difference of between alternate port and backup port is that an alternate port can al ternate the path of packet when there is a problem between Root switch and SWITCH C but Backup port cannot provide stable connection in that case BPDU Policy In 802 1d only root switch can generate BPDU every hello time and other swithches can not They can create BPDU when receiving BPDU from the root switch However in 802 1w not only root switch but also all the other switches forward BPDU following Hello time BPDU is more frequently issued than the interval the root switch exchanges but with 802 1w conversion to the forwarding state become faster to keep up with changing network By the way when low BPDU is received from root switch or designated switch it is im mediately accepted For example suppose that root switch is disconnected to SWITCH B Then SWITCH B is considered to be root because of the disconnection and forwards BPDU However SWITCH C recognizes root existing so it transmits BPDU including information of root to Bridge B Thus SWITCH B configures a port connected to SWITCH C as new root port Switch A ROOT New Root Port Low BPDU gt Switch B Switch C BPDU including Root information Fig 8 16 Example of Receiving Low BPDU Rapid Network Convergence A new link is connected between SWITCH A and root Root and SWITCH A is not directly connected but indirectly through SWITCH D After SWITCH A
230. e me See i Configures the first RMON Alarm to occur when object startup type falling RMON l l is less than lower bound of threshold first To configure the first alarm to occur when object is firstly more than upper bound of threshold use the following command e e re ro Configures the first Alarm to occur when object is firstly startup type rising RMON more than upper bound of threshold To configure the first alarm to occur when object is firstly more than threshold or less than threshold use the following command e e re Seck l Configures the first Alarm to occur when object is firstly startup type rising and falling RMON more than threshold or less than threshold Interval of Sample Inquiry The interval of sample inquiry means time interval to compare selected sample data with upper bound of threshold or lower bound of threshold in terns of seconds To configure interval of sample inquiry for RMON alarm use the following command e e See i Configures interval of sample inquiry sample interval lt 0 65535 gt RMON l unit second Activating RMON Alarm After finishing all configurations you need to activate RMON alarm To activate RMON alarm use the following command CECR SMC7824M VSW Management Guide TigerAccess EE 7 4 2 9 7 4 3 7 4 3 1 7 4 3 2 SMC7824M VSW CLI Deleting Configuration of RMON Alarm When you need to change a configuration of RMON alarm you sh
231. e of configuring power consumption as 400m SWITCH bridge lre 1 5 pbo length 4 SWITCH bridge show lre psd 1 7 Port Status Up Stream PBO Length PSD MASK ADM OPR PBO 10 Custom Level Up Down Enable Up Down Enable Up Down Enable Up Down Enable Up Down Enable Up Down Enable ATO OO s W N PH Up Down Enable SWITCH bridge SMC7824M VSW 81 CLI 82 Management Guide TigerAccess EE The following is an example of configuring the power consumption per upstream band of port 1 as 100m to 400m SWITCH bridge lre 1 band pbo length u0 1 ul 2 u2 3 u3 4 SWITCH bridge show lre psd 1 7 Port Status Up Stream PBO Length PSD MASK ADM OPR PBO 10 Custom Level 1 Up Down Enable 1 2 Up Down Enable 4 4 4 4 1 3 Up Down Enable 4 4 4 4 1 4 Up Down Enable 4 4 4 4 1 5 Up Down Enable 4 4 4 4 1 6 Up Down Enable 2 2 2 2 1 7 Up Down Enable 2 2 2 2 E SWITCH bridge However even though inner value of PBO Length is already configured and user config ured the most appropriate PBO Length inner value could be unfit according to detailed environment To improve this point in switch it is possible that user configure the attribute of PBO Length The attribute of PBO Length is appointed as PBO Config user s default PBO Config is appointed as PBO Length 10 To configure PBO config use the following command ze e rees Ire pbo config K1 1 K1 2 K1 3 K2 1 e
232. e switch Privileged EXEC View SWITCH gt exit Back to previous mode enable Privileged EXEC Enable SWITCH configure terminal end Back to Privileged EXEC Enable mode Global Configuration mode SWITCH config ip dhcp pool POOL POOL pool name DHCP Pool Configuration mode SWITCH config dhcp POOL ip dhcp option82 Option 82 Configuration mode SWITCH config opt82 rmon alarm lt 1 65535 gt rmon event lt 1 65535 gt rmon history lt 1 65535 gt RMON Configuration mode SWITCH config rmonalarm N SWITCH config rmonevent N SWIT CH config rmonhistory N Fig 3 1 Overview of Configuration Mode SMC7824M VSW interface INTERFACE INTERFACE interface name Interface Configuration mode SWITCH config if bridge Bridge Configuration mode SWITCH bridge flow admin NAME create NAME flow name policer NAME create NAMEL policer name policy admin NAME create NAME policy name Rule Configuration mode SWITCH config flow NAME SWITCH config policer NAME J SWIT CH config policy NAME 31 CLI Management Guide TigerAccess EE 3 3 Useful Tips This section describes useful tips for operating the switch with a CLI e Listing Available Command e Calling Command History e Using Abbreviation e Using Command of Privileged EXEC Enable Mode e Exit Current Command Mode 3 3 1 Listing Available Command To list available commands input question mark lt gt
233. e tagged traffic A trunk port is always connected to another trunk port on a different switch Switching shall be performed between trunk ports and tunnels ports and between different trunk ports Double Tagging Operation Step 1 If there is no SPVLAN Tag on received packet SPVLAN Tag is added SPVLAN Tag TPID Configured TPID VID PVID of input port Step 2 If received packet is tagged with CVLAN the switch transmits it to uplink port changing to SPVLAN CVLAN When TPID value of received packet is same with TPID of port it recognizes as SPVLAN and if not as CVLAN Step 3 lf Egress port is Access port Access port is configured as Untagged remove SPVLAN If egress port is uplink port transmit as it is Step 4 The switch switch has 0x8100 TPID value as default and other values are used as hexa decimal number Double Tagging Configuration Step 1 Designate the QinQ port e e Se Configures a qinq port vlan dot1q tunnel enable PORTS Bridge PORTS qinq port to be enabled Step 2 Configure the same PVID with the VLAN of peer network on the designated qinq port e e Se Configures a qinq port vlan pvid PORTS lt 1 4094 gt PORTS qinq port to be enabled 1 4094 PVID SMC7824M VSW Management Guide TigerAccess EE 8 1 9 3 8 1 10 SMC7824M VSW CLI To disable double tagging use the following command e me See vlan dot1q tunnel disable Brid Configures a qinq port ridge PO
234. e the following command e e een passwd NAME Global Configures a password for created account The following is an example of changing the current password SWITCH config passwd Changing password for admin Enter the new password minimum of 5 maximum of 8 characters Please use a combination of upper and lower case letters and numbers Enter new password junior 95 Re enter new password junior 95 Password changed SWITCH config The password you are entering will not be shown in the screen so please be careful not to make a mistake SMC7824M VSW Management Guide CLI TigerAccess EE 4 1 5 Login Password Recovery Process To upgrade the system software in the boot mode perform the following step by step in struction Step 1 After the switch is manually restarted Start Address 0x010000000 will be shown up Step 2 Keep on pressing Space Bar key until console ttyS0 9600 root dev ram rw is shown up on the screen Step 3 Enter password next to console ttyS0 9600 root dev ram rw Step 4 Check password restore to default onthe booting messages It means that the current password returns to the default setting Step 4 Check password restore to default on the booting messages lt means that the current password returns to the default setting By default setting the password is configured as nsn switch KAKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK
235. ear the collected IGMP snooping statistics use the following command e Y See clear ip igmp snooping stats Enable Clears the collected IGMP snooping statistics port PORTS cpu Global PORTS port number SMC7824M VSW Management Guide TigerAccess EE 9 2 6 9 2 6 1 9 2 6 2 SMC7824M VSW CLI Multicast VLAN Registration MVR Multicast VLAN registration MVR is designed for applications using multicast traffic across an Ethernet network MVR allows a multicast VLAN to be shared among subscrib ers remaining in separate VLANs on the network It guarantees the Layer 2 multicast flooding instead of the forwarding via Layer 3 multicast allowing to flood multicast streams in the multicast VLAN but to isolate the streams from the subscriber VLANs for bandwidth and security reasons This improves bandwidth utilization and simplifies multi cast group management MVR also provides the fast convergence for topology changes in the Ethernet ring based service provider network with STP and IGMP snooping TCN guaranteeing stable multi cast services MVR implemented for the switch has the following restrictions so you must keep in mind those before configuring MVR e All receiver ports must belong to the both subscriber and multicast VLANs as un tagged e IGMP snooping must be enabled before enabling MVR e Asingle MVR group address cannot belong to more than two groups e MVR and multicast routing cannot be enabled t
236. eeeeeeeeeeeeeseeeeesseeeeesaeeeeesaaeeees 371 G en De Ae RING HING E 371 SA E ee eee ee 373 9 2 7 3 Displaying IGMP Filtering and Throttling o cccoooccncoonccncnoncnnonanoncnnos 373 9 2 8 Multicast Source Trust Hot 373 10 System Software Upgrade oocooocccncconcconcconccocccncccnnonccanncanonanonanonanos 375 10 1 General Beete EE 375 10 2 Boot ee EE ele EE 376 DIETA DOE sicario ata abia eens 379 TT ADDEOVIATIONS E 381 SMC7824M VSW 15 CLI 16 Management Guide TigerAccess EE Illustrations Fig 2 1 The fr nt view of SWITCH EE 22 Fig 3 1 Overview of Configuration Mode oooccccocccncccoccnccconcnnconacocononnnnnnnnconconanencononens 31 Fig 4 1 Process of 802 1x Authentication cocoooccoccccononoconnncoconnnnononnnncnnannnnnnnns 58 Fig 4 2 Multiple Authentication Servers A 59 Fig 5 1 Transmission in DSL System ooooccccccnccnnccnoccncononnnonnnnnnnnnnnnnnnnnncnnnnnnrnncnnanennss 75 Fig 9 2 DNT Modula ON EE 76 Fig 5 3 Deciding Transmit Rate according to SNR Marom 89 Fig 5 4 Counting Mon GR EN EE 92 Fig 5 5 AA O PO PE PE OE II dese 110 Fig 6 1 Ping Test tor Network Status aia o 128 Fig 6 2 IP Source ROUINO MES 129 Fig 7 1 Procedure Of QOS operaton 169 Fig 7 2 Structure O RUG eino ua a 170 Fig 7 3 Token BUCK EE IVIGION EE 180 Fig 7 4 Behavior Ol STTECM A KEE 181 Fig 7 5 Behavior o Srl ECK EE 181 Fig 7 6 Banavior or SEEC M EE 182 Fig 7 7 Benavior Of TOM Ke EE 183 Fig 7 8 Be
237. ef l INTERFACE interface name Bridge The following is the sample output of the show ip interface brief command SWITCH config show ip interface brief Interface IP Address Status PEOTOCOL lo unassigned up up mgmt 10 27 41 91 up up default unassigned up up SWITCH config 94 SMC7824M VSW Management Guide TigerAccess EE 4 4 4 4 1 4 4 1 1 4 4 1 2 4 4 1 3 SMC7824M VSW CLI Secure Shell SSH Network security is getting more important because the access network has been gener alized among numerous users However typical FTP and telnet service have big weak ness for their security Secure shell SSH is a network protocol that allows establishing a secure channel between a local and a remote computer It uses public key cryptography to authenticate the remote computer and to allow the remote computer to authenticate the user SSH Server The switch can be operated as SSH server You can configure the switch as SSH server with the following procedure e Enabling SSH Server e Displaying On line SSH Client e Disconnecting SSH Client e Assigning Specific Authentication Key e Displaying Connection History of SSH Client Enabling SSH Server To enable disable SSH server use the following command ss e re ssh server enable Enables SSH server SSH Enables SSH server Global ssh server disable Disables SSH server Displaying On line SSH Client To display SSH clients connected t
238. effective network composition since switch is not needed Enhanced Security When using a shared bandwidth LAN there is no inherent protection provided against unwanted eavesdropping In addition to eavesdropping a malicious user on a shared LAN can also induce problems by sending lots of traffic to specific targeted users or net work as a whole The only cure is to physically isolate the offending user By creating logical partitions with VLAN technology we further enhance the protections against both unwanted eavesdropping and spurious transmissions As depicted in Figure a properly implemented port based VLAN allows free communication among the members of a given VLAN but does not forward traffic among switch ports associated with members of different VLANs That is a VLAN configuration restricts traffic flow to a proper subnet comprising exactly those links connecting members of the VLAN Users can eavesdrop only on the multicast and unknown unicast traffic within their own VLAN presumably the configured VLAN comprises a set of logically related users User Mobility By defining a VLAN based on the addresses of the member stations we can define a workgroup independent of the physical location of its members Unicast and multicast traffic including server advertisements will propagate to all members of the VLAN so that they can communicate freely among themselves SMC7824M VSW Management Guide TigerAccess EE 8 1 1 SMC7824M
239. egion name re vision and a VLAN map To set the configuration ID use the following command on MSTP Configuration mode man Te eng Sets the MSTP region name name NAME NAME the name of MSTP region Maps the specified vlans to an MSTP instance instance lt 1 64 gt vlan VLANS MST config 1 64 select an instance ID number VLANS VLAN ID 1 4094 Specifies a revision number revision oss revision oss 65535 gt l l o 0 65535 the MSTP configuration revision number In case of configuring STP and RSTP you do not need to set the configuration ID If you try to set configuration ID on STP or RSTP an error message will be displayed SMC7824M VSW Management Guide TigerAccess EE LE SMC7824M VSW CLI You can create the MSTP regions without limit on the network But the instance id num bers of each region should not be over 64 To delete the configuration ID setting use the following command a ge Deletes the name of MSTP region Deletes part of vlan mapping select the instance ID number and vian id to remove from the specified in no instance lt 1 64 gt vlan VLANS MST config stance 1 64 instance ID number VLANS VLAN ID 1 4094 no revision Deletes the configured revision number After configuring the configuration ID in the switch you should apply the configuration to the switch After changing or deleting the configuration you must apply it to the switch If not it does not being
240. em occurs because the keepalive packet is looped back to the port that sent the keepalive Keepalives are sent on the switches in order to prevent loops in the network You see this problem on the device that detects and breaks the loop but not on the de vice that causes the loop To enable error disable detection for loop back cause use the following command See See Enables error disable detection for loop errdisable detect cause loopback back cause Bridge Disables error disable detection for loop no errdisable detect cause loopback back cause To display the status of error disable cause use the following command OO eom e O show errdisable detect cause Shows status of error disable causes To enable disable the error disable recovery function for loop back cause use the follow ing command ze a ee Enables the recovery function for loop Disables the recovery function for loop no errdisable recovery cause loopback back error disable cause errdisable recovery cause loopback l back error disable cause EEN B 281 CLI 282 8 3 12 i Management Guide TigerAccess EE To specify the time to recover from a specified error disable cause use the following command es e Se errdisable recovery interval Sets the interval of error disable recovery lt 30 86400 gt Ges 30 86400 the recovery interval default 300 sec ridge no errdisable recovery inter Deleted the con figured time for
241. ement Guide TigerAccess EE Default Alarm Severity To set default alarm severity use the following command a ee snmp alarm severity default AT i f Sets default alarm severity critical major minor warning Global l l default minor intermediate Generic Alarm Severity To set generic alarm severity use the following command DECI O snmp alarm severity fan fail critical major minor warning intermediate snmp alarm severity cold start critical major minor warning intermediate snmp alarm severity broadcast over critical major minor warning intermediate snmp alarm severity cpu load over critical major minor warning intermediate snmp alarm severity dhcp lease critical ma jor minor warning intermediate snmp alarm severity dhcp illegal critical major minor warning intermediate snmp alarm severity fan remove critical major minor warning intermediate snmp alarm severity ipconflict critical major minor warning intermediate snmp alarm severity memory over critical major minor warning intermediate snmp alarm severity mfgd block critical major minor warning intermediate snmp alarm severity port link down critical major minor warning intermediate snmp alarm severity port remove critical major minor warning intermediate snmp alarm severity port thread over critic
242. en EBS CBS Token E Tokens are decremented JL the si f th ket geet Petre Green Color Marking De Ile Fig 7 4 Behavior of srTCM 1 Tokens are regenerated Tokens are regenerated based on CIR based on CIR Bucket C Bucket E E e IESSE ENEE Token EBS CBS Empty If the bucket C is empty the tokens in the bucket E are decremented by the size of the packet 0a ME gt Yellow Color Marking Fig 7 5 Behavior of srTCM 2 181 CLI 182 Management Guide TigerAccess EE Tokens are regenerated Tokens are regenerated based on CIR based on CIR Bucket C Bucket E E S AN pre orem rn eee reer ee A Empty EBS CBS Empty _ y If both buckets are empty a packet is marked red ee gt gt Red Color Marking Fig 7 6 Bahavior of srTCM 3 Two Rate Three Color Marker trTCM The trTCM meters an IP packet stream and marks its packet the one among green yel low and red using Peak Information Rate PIR and its associated Peak Burst Size PBS and Committed Information Rate CIR and its associated Committed Burst Size CBS A packet is marked red if it exceeds the PIR Otherwise it is marked either yellow or green depending on whether it exceeds or does not exceed CIR The trTCM is useful for ingress policing of a service where a peak rate needs to be enforced separately from a commit ted rate PIR and CIR are the regenerating rate of tokens for PBS and CBS respectively which is measure
243. en a link is shared by two or more rings one RM node with the highest priority is responsible to protect failures of the shared link Two normal nodes of a shared link belong to both ERP domains The control packets TPs can be transmitted from the lower priority domain to higher priority domain only Fig 8 33 shows the example of ring interconnection using one shared link RM Node A Node 4 RM Node B LO ERP Ring A SS ERP Ring B Node 1 Node 2 Node 3 Fig 8 33 Shared Link ERP shared link environment has the following requirements so you should keep in mind them before configuring ERP ring topology with a shared link e A port adjacent to the shared link should not be blocked It means that a shared link that is used as the one of the secondary ports of a RM node e lf there are two ERP domains with a single shared link you should specify different priority of ERP domains e The higher priority domain should include all protected and control VLANs of the lower priority domain to protect and manage the lower priority ring more effectively 293 CLI 294 8 4 4 8 4 4 1 8 4 4 2 8 4 4 3 Management Guide TigerAccess EE Configuring ERP Domain To realize ERP you should fist create domain for ERP To create the domain use the fol lowing command e me See Creates ERP domain and opens ERP domain configu erp domain DOMAIN ID ration mode DOMAIN ID lt 1 64 gt no erp domain DOMAIN ID Deletes ERP
244. ens DHCP Option 82 Configuration mode to config ip dhcp option82 Global ure DHCP option 82 To open DHCP Option 82 Configuration mode use the service dhcp command in the Global Configuration mode first Tab 3 7 is the main commands of DHCP Option 82 Configuration mode C Tab 3 7 Mam Command of DHCP Option 82 Configuration Mode Interface Configuration Mode In nterface Configuration mode you can configure Ethernet interfaces To open Interface Configuration mode enter the interface command then the system prompt will be changed from SWITCH config to SWITCH config if na e een interface INTERFACE Global Opens Interface Configuration mode 29 CLI 30 3 1 9 3 1 10 Management Guide TigerAccess EE Tab 3 8 shows main commands of Interface Configuration mode description Specifies a description ip address Assigns IP address Deactivates an interface Sets MTU value Tab 3 8 Main Command of Interface Configuration Mode Rule Configuration Mode The switch modifies previous Rule Configuration mode to Flow Policer and Policy Con figuration modes Rule configuration mode is expanded into three different modes accord ing to its roles for Rule mechanism You can configure a rule for incoming or outgoing packets Using the function you can handle packets classified by the rule To open Rule Configuration mode enter the flow policer and policy commands then the system prompt will be cha
245. er vice password encryption command And to represent the string password is en crypted input 8 before the encrypted string When you use the password enable command with 8 and the string you will make into Privileged EXEC Enable mode with the encrypted string Therefore to log in the system you should do it with the encrypted string as password that you configured after 8 In short according to using the 8 option or not the next string is encrypted or not The following is an example of configuring the password in Privileged EXEC Enable mode as testpassword SWITCH configure terminal SWITCH config passwd enable testpassword SWITCH config The following is an example of accessing after configuring a password SWITCH login admin Password SWITCH gt enable 3 CLI 38 4 1 4 A Management Guide TigerAccess EE Password SWITCH To delete the configured password use the following command ee Y See no passwd enable Global Deletes the password The created password can be displayed with the show running config command To en crypt the password not to be displayed use the following command ICI anton service password encryption Global Encrypts the system password To disable password encryption use the following command mm mas pen no service password encryption Global Disables password encryption Changing Login Password To configure a password for created account us
246. eration type works as one of the followings e both sends and receive LLDP frame e tx_only only sends LLDP frame e rx_only only receives LLDP frame e disable does not process any LLDP frame To configure how to operate LLDP use the following command e e res lldp adminstatus PORTS both Brid Configures LLDP operation type ridge tx_only rx_only disable i default disable Basic TLV LLDP is transmitted through TLV There are mandatory TLV and optional TLV In optional TLV there are basic TLV and organizationally specific TLV Basic TLV must be in the switch where LLDP is realized specific TLV can be added according to the feature of the switch For the switch the administrator can enable and disable basic TLV by selecting it To en able basic TLV by selecting it use the following command a lldp PORTS portdescription sysname sysdescription Selects basic TLV that is sent in the port syscap no lldp PORTS portdescription sysname sysdescription Disables basic TLV configured to be sent in the port syscap LLDP Message For the switch it is possible to configure the interval time and times of sending LLDP message To configure the interval time and times of LLDP message use the following command n See Configures the interval of sending LLDP message The Configures the periodic times of LLDP message default 4 lldp msg txhold lt 2 10 gt lidp msg txinterval lt
247. erface and fixed 2 Port 10 100 1000Base T and 1 slot for option uplink module Note The uplink module is not used in the first re lease Managed switches as IP VDSL of Layer 2 switch supports VLAN Rate limit port trunk ing port mirroring IGMP snooping and packet filtering Fig 2 1 shows the front view of the switch Fig 2 1 The front view of switch SMC7824M VSW Management Guide TigerAccess EE 2 1 SMC7824M VSW CLI System Features The following introduces the main features of the VDSL2 system which provides Layer 2 switching Ethernet switching and related functions Virtual Local Area Network VLAN Virtual local area network VLAN is made by dividing one network into several logical networks Packet cannot be transmitted and received between different VLANs There fore it can prevent needless packets accumulating and strengthen security The switch recognizes 802 1Q tagged frame and supports maximum 4096 VLANs Port based Pro tocol based MAC based and Subnet based VLANs are supported in the switch Quality of Service QoS For the switch QoS based forwarding sorts traffic into a number of classes and marks the packets accordingly Thus different quality of service is provided to each class which the packets belong to The rich QoS capabilities enable network managers to protect mission critical applications and support differentiated level of bandwidth for managing traffic con gestion The
248. erleave process error correction will not be done well whereas transmit rate of data becomes faster You can skip Interleave process and configure it before transmitting data To skip Interleave process use the following command e e res Ire PORTS channel fast Skips Interleave process SMC7824M VSW Management Guide TigerAccess EE gt SMC7824M VSW CLI To enable Interleave process use the following command en wee rees Ire PORTS channel slow Enables Interleave process The default is Interleave enabled as slow The following is an example of displaying Interleave SWITCH bridge show lre interleave 1 5 Port Status Channel Inter Delay ADM OPR UP DOWN 1 Up Down Slow 2 2 2 Up Down Slow 2 2 3 Up Down Slow 2 2 4 Up Down Slow 2 2 5 Up Down Slow 2 2 SWITCH bridge In addition you can configure the interval of Interleave process during modulation This interval is called Interleave delay By configuring Interleave delay you can prevent trans mission delay caused of waiting data gathered To configure Interleave delay use the following command mane e en Configures Interleave delay Ire PORTS interleave delay PORTS VDSL port b E port number lt 1 100 gt Bridge 1 100 interleave delay value default 2 ms Ire PORTS interleave delay Configures Interleave delay with specifying Upstream lt 1 100 gt up down or Downstream The unit of Interleave delay is m
249. error disable recovery val and returns to the default setting To display information of error disable recovery function use the following command men een show errdisable recovery Shows information of error disable recovery function To enable disable the debugging function of error disable status caused by loop back use the following command nt en Enables the debugging for loop back error debug errdisable loopback enable l disable cause l Disables the debugging for loop back error debug errdisable loopback disable l disable cause E 8 BPDU Configuration BPDU is a transmission message in LAN in order to configure and maintain the configu ration for STP RSTP MSTP Switches that STP is configured exchange their information BPDU to find the best path MSTP BPDU is a general STP BPDU having additional MST data on its end MSTP part of BPDU does not rest when it is out of region e Hello Time Hello time is an interval of which a switch transmits BPDU It can be configured from 1 to 10 seconds The default is 2 seconds e Max Age Root switch transmits new information every time based on information from other switches However if there are many switches on network it takes lots of time to transmit BPDU And if network status is changed while transmitting BPDU this infor mation is useless To get rid of useless information max age should be identified each information e Forward Delay Switches find
250. ery from a multicast router To enable the IGMP snooping report suppression use the following command or on ip igmp snooping report Enables the IGMP snooping report suppression glob suppression ally Global Enables the IGMP snooping report suppression on a VLAN VLANS VLAN ID 1 4094 ip igmp snooping vlan VLANS report suppression To disable the IGMP snooping report suppression use the following command e Se no ip igmp snooping report suppression Disables the IGMP snooping report suppression no ip igmp snooping vlan VLANS report suppression The IGMP snooping report suppression is supported only IGMPv1 and IGMPv2 reports In case of an IGMPv3 report a single membership report can contain the information for all the groups which a host is interested in Thus there is no need for the report suppres sion since the number of reports would be generally equal to the number of hosts only IGMP Snooping S Query Report Agency lf IGMP snooping switch receives IGMP group specific query messages from the multi cast router it just floods them into all of its ports The hosts received the group specific queries send the report messages according to their IGMP membership status However this switch is enabled as IGMP snooping S Query report agency the group specific que ries are not sent downstream When the switch receives a group specific query the switch terminates the query and sends an IGMP report if there is
251. es a trusted remote ID trust remote id text STRING To delete a specified trusted remote ID use the following command nan eos no trust remote id hex HEXSTRING no trust remote id ip 4 B C D Option 82 Deletes a specified trusted remote ID no trust remote id text STRING Trusted Physical Port To specify a trusted physical port use the following command e me mn Specifies a trusted physical port trust port PORTS normal normal DHCP packet option82 all option82 DHCP option 82 packet Option 82 all DHCP option 82 packet no trust port all PORTS nor Se Deletes a specified trusted port mal option82 all DHCP Snooping For enhanced security the switch provides the DHCP snooping feature The DHCP snooping filters untrusted DHCP messages and builds maintains a DHCP snooping bind ing table The untrusted DHCP message is a message received from outside the network and an untrusted interface is an interface configured to receive DHCP messages from outside the network 323 CLI 324 8 6 7 1 8 6 7 2 Management Guide TigerAccess EE The DHCP snooping basically permits all the trusted messages received from within the network and filters untrusted messages In case of untrusted messages all the binding entries are recorded in a DHCP snooping binding table This table contains a hardware address IP address lease time VLAN ID interface etc It also gives you a way to different
252. ess EE To delete a registered IP address and MAC address or delete all the contents of ARP ta ble use the following command Teoma Mele O no arp A B C D Negates a command or set sets its default Global Negates a command or set sets its default enter the IP no arp A B C D INTERFACE address and enter the interface name Enable Deletes all the contents of ARP table Global Deletes all the contents of ARP table enter the inter clear arp INTERFACE Bridge face name Displaying ARP Table To display the ARP table registered in the system use the following command e e Se show arp Enable Shows ARP table Global Shows ARP table for specified interface enter the in show arp INTERFACE Bridge terface name default br2 ARP Alias Although clients are joined in the same client switch it may be impossible to communi cate between them for security reasons When you need to make them communicate each other the switch supports ARP alias which responses the ARP request from client net through the concentrating switch To register the address of client net range in ARP alias use the following command m en Registers the IP address range and MAC address in ARP alias to make user s device response ARP re arp alias A B C D1 A B C D2 quest MACADDR MACADDR MAC address A B C D1 start IP address A B C D2 end IP address Global Registers the IP address range on specified VLAN and specifies defau
253. et ring use the following command e e See erp domain DOMAIN ID manual Unblocks a primary port and blocks a secondary port of switch primary ERP domain as RM node default Bridge erp domain DOMAIN ID manual Blocks a primary port and unblocks a secondary port of switch secondary ERP domain as RM node SMC7824M VSW Management Guide TigerAccess EE 8 4 8 8 4 9 SMC7824M VSW CLI To delete the configuration of primay secondary port s role change use the following command e e re no erp domain DOMAIN ID man D s Deletes the configured primary and secondary port ridge ual switch S state Wait to Restore Time If a ports link failure is recovered on the normal node the blocked port should be changed to the forwarding status However the loop may occur when this port start to forward the traffic before a secondary port of RM node is blocked To prevent the loop the normal node waits for the time until it receives RM Link Up message Even if it does not receive RM Link Up message the port starts to forward the traffic The normal node waits for real waiting timeout to forward the traffic again The formula is simply shown as below Real Waiting timeout Wait to Restore Time 3Test Packet Interval e g 1 3 seconds 1 second 10 milliseconds x 3 To configure Wait to Restore Time use the following command e me ees erp domain DOMAIN ID wait to Brid Configures ERP wait to restore time ri
254. ets only for the IP addresses on the DHCP snooping binding table The ARP access list with the DHCP snooping allows IP communications to users authorized by the DHCP snooping To permit discard ARP packets for the users authorized by the DHCP snooping use the following command e me See i i Permits ARP packets of users authorized by the DHCP permit dhcp snoop inspection snooping ARP ACL no permit dhcp snoop Discards a configured ARP packets of users authorized inspection by the DHCP snooping 217 CLI Management Guide TigerAccess EE 218 7 12 3 2 7 12 3 3 To display the configured APR access lists use the following command ee e ees show arp access list NAME Global Displays existing ARP access list names Enabling ARP Inspection Filtering To enable disable the ARP inspection filtering of a certain range of IP addresses from the ARP access list use the following command e me See l Enables ARP inspection filtering with a configured ARP ip arp inspection filter NAME i D access list on specified VLAN Global NAME ARP access list name no ip arp inspection filter NAME Disables ARP inspection filtering with a configured ARP vlan VLANS access list on specified VLAN ARP inspection actually runs in the system after the configured ARP access list applies to specific VLAN using the ip arp inspection filter command vlan VLANS ARP Address Validation The switch also provides t
255. exchange their information The priority of SWITCH Ais 8 the priority of SWITCH B is 9 and the priority of SWITCH C is 10 In this case SWITCH A is automatically configured as root switch Designated Switch After deciding a root switch when SWITCH A transmits packet to SWITCH C SWITCH A compares the exchanged BPDU to decide a path The critical information to decide path is path cost Path cost depends on the transmit rate of LAN interface and path with lower path cost is selected The standard to decide a designated switch is total root path cost which is added with path cost to the root switch Path cost depends on transmit rate of switch LAN interface and switch with lower path cost is selected to be a designated switch 259 CLI 260 Management Guide TigerAccess EE Switch A Priority 8 Root Switch ra Path cost Path cost 50 S Designated Es yy 100 Switch Switch B dl E Priority riority 10 gt Path cost 100 Path cost 100 Path 1 Path 2 Switch D PATH 1 50 100 150 PATH 2 100 100 200 PATH 1 lt PATH 2 PATH 1 selected Fig 8 12 Designated Switch In case of the above picture showing SWITCH C sends packet path cost of PATH 1 is 150 and path cost of PATH 2 is total 200 100 100 path cost of SWITCH C to B path cost of SWITCH B to C Therefore lower path cost PATH 1 is chosen In this cas
256. ff Off Y 26 Ethernet 1 Up Down Auto Half 0 OLE Off X SWITCH config SMC7824M VSW Management Guide TigerAccess EE 9 3 9 3 1 9 3 1 1 SMC7824M VSW CLI VDSL Port Configuration Modulation of VDSL Signal The switch provides both Internet and telephone communication through existing tele phone line with using DSL technology DSL communication system requires technique to convert digital signal into analog signal and return the analog signal into the digital signal Fig 5 1 shows process of signal transmission in DSL system TTT E a Pritt tintin ttttttttttttttttttttttttttittttttntttittttttttttttttttttttttttttttitttttttttttittttttttttttttttiii itt ttc ttt ttc coco occ o once anna nanacananananacananacananananananananacacanas EN decenecensccessecscaesesacecsenscaessseeseeeanseessseeseeesseaeaesenereeeenenenDenEEOOEDOOSDEOPDDOODDDOSEDEOEDDDEDDDEAEDEOEDDEODEDEOEDOOEDDSOEDEEODESEEDESEEDEESEDOEEDESEEDSSEEDESDDSSEEDSSEDOESEDSOEEDSEEEDESEDSEDEDEOEESEEEDDEDDESEEDSESEDEEEDESEEDIESEDEEEDESEEDESEDEESEDEEEVUUUETUSYETEYERELUTINYETETEOTSULONYTTEUEUITTLTTEULTELUDINTETTSLITTETONYLISULTUTTELTEUEONUTTOVUNTIUNSSSIELESELESELIEISEEIECEECELAECCESE Fig 5 1 Transmission in DSL System In the above picture Modulator converts digital signal into analog signal to be sent over the channel Also the analog signal is returned into digital signal at the Demodulator DMT Modulation DMT builds on some of the ideas of QAM Imagine having more
257. fied packets A B C D A B C D In this switch redirect command cannot be configured when MAC filtering function is running in the system To delete a specified rule action use the following command e me See no action no action match permit no action match permit no action match redirect action no action match redirect redirect no action match mirror action no action match mirror mirror Policy Deletes a specified rule action no action match vian action no action match vian vlan no action no action match copy to cpu no action match copy to cpu no action no action match route next hop route next no action match route next hop Marking and Remarking This switch can use CoS values of packet marking or remarking to support QoS feature Packet marking allows you to partition your network into multiple priority levels or classes 185 CLI Management Guide TigerAccess EE of service Fig 7 10 shows that 4 steps of operations can affect packet marking or remarking using the 802 1p Class of service CoS bits in the Ethernet header Packet Ingress Bridge based CoS Marking InLIF based CoS Marking Ingress Processing lt Policy based CoS Marking Traffic Policing based CoS Remarking Fig 7 10 Marking and Remarking e Bridge based CoS Marking Generally Bridge based CoS Marking and InLIF based CoS Marking are internally im plemented without any
258. following command emma ra pon no port security PORTS Disables port security on the port no port security PORTS mac address MAC ADDR vlan Deletes a secure MAC address for the port NAME no port security PORTS maxi Returns to the default number of secure MAC ad mum dresses default 1 no port security PORTS viola Returns to the violation mode to the default tion default shutdown Port Security Aging Port security aging is to set the aging time for all secure addresses on a port Use this feature to remove and add PCs on a secure port without manually deleting the existing secure MAC addresses while still limiting the number of secure addresses on a port a Se port security PORTS aging l l tati Enables aging for configured secure addresses static port security PORTS aging time Brid Configures aging time in minutes for the port All the ridge lt 1 1440 gt S secure addresses age out exactly after the time port security PORTS aging type A B Configures aging type absolute inactivity e absolute all the secure addresses on this port age out exactly after the time min utes specified lapses and are removed from the secure address list e inactivity the secure addresses on this port age out only if there is no data traffic from the secure source addresses for the specified time period To disable the configuration of port secure aging use the following command e e Se no port security PORTS ag
259. following command ena ee clear Ire stat lol PORTS Global Resets data of error clear Ire stat lpr PORTS Bridge clear lre stat crc PORTS clear ire stat uncorrectable crc PORTS SMC7824M VSW Management Guide TigerAccess EE SMC7824M VSW CLI To check CRC error Frame losses and Signal loss of specific port at a time use the fol lowing command e e See Shows data of CRC error Frame loss and Signal loss show Ire stat count all PORTS at a time about Upstream Enable Shows data of CRC error Frame loss and Signal loss show cpe stat count all PORTS Global at a time about Downstream show Ire total error PORTS Bridge Shows the collected data of all errors clear stat error PORTS Reset error information about Upstream clear cpe stat error PORTS Reset error information about Downstream The following is an example of checking all errors of port 1 to port 5 at a time SWITCH bridge show lre stat count all 1 5 Port Status LOS LOF LOL CorrB1k UnCorrBlk CRE 1 Down 0 0 0 0 0 0 2 Down 0 0 0 0 0 0 3 Down 0 0 0 0 0 0 4 Down 0 0 0 0 0 0 5 Down 0 0 0 0 0 0 SWITCH bridge You can check how many times each port is disconnected and how long it is discon nected As the same way with counting times of CRC error and Frame loss of VDSL port it is counted every 15 minutes and each day To check how long have the errors in downstream of VDSL line been lasted use the fol lowing command men es Tom
260. function spanning tree vlan VLANS Bridge VLANS VLAN ID 1 4094 21 1 CLI 278 8 3 8 2 8 3 8 3 Management Guide TigerAccess EE PVSTP is activated after selecting PVSTP mode using spanning tree mode rapid pvst command In PVSTP you can configure the current VLAN only If you input VLAN that does not exist error message is displayed For the switches in LAN where dual path doesn t exist Loop does not generate even though STP function is not configured To disable a configured PVSTP use the SS command Disables a in VLAN no spanning tree vlan VLANS Bridge VLANS VLAN ID 1 4094 Root Switch To establish PVSTP function a root switch should be chosen first Each switch has its own bridge ID and one of the switchs on same LAN is chosen as a root switch by com paring with their bridge IDs A bridge ID consisting of the switch priority and the switch MAC address is associated with each instance However you can configure the priority and make it more likely that the switch will be chosen as the root switch The switch hav ing the lowest priority becomes the root switch for that VLAN To configure the switch priority for a VLAN use the following command e e ee Configures a priority for specified VLAN spanning tree vlan VLANS prior VLANS VLAN ID 1 4094 ity lt 0 61440 gt l 0 61440 priority value in increments of 4096 default 32768 no spanning tree vlan VLANS l P iorit Deletes a configured
261. g After some time learning address it is allowed to forward data frame This is the steady state for a switch port in the active spanning tree e Disabled When disabled a port will neither receive nor transmit data or BPDUs A port is in this state because it is broken or disabled by administrator 8 3 2 RSTP Operation STP or RSTP is configured on network where Loop can be created However RSTP is more rapidly progressed than STP at the stage of reaching to the last topology This sec tion describes how the RSTP more improved than STP works It contains the below sec tions e Port States e BPDU Policy e Rapid Network Convergence e Compatibility with 802 1d 8 3 2 1 Port States RSTP defines port states as discarding learning and forwarding Blocking of 802 1d and listening is combined into discarding Same as STP root port and designated port are de cided by port state But a port in blocking state is divided into alternate port and backup port An alternate port means a port blocking BPDUs of priority of high numerical value from other switches and a backup port means a port blocking BPDUs of priority of high numerical value from another port of same equipment Switch A ROOT Switch B Switch C Alternate Designated Y lt 4 Backup Port Port Switch D Fig 8 15 Alternate Port and Backup port 262 SMC7824M VSW Management Guide TigerAccess EE 8 3 2 2 8 3 2 3 SMC7824M VSW CLI Th
262. g above command minimum bandwidth is implemented per each queue of port Specifically this switch provides a minimum maximum bandwidth guarantee to the pack ets which match to a flow To set a minimum maximum bandwidth allocated for each flow belonging to a policer use the following command e me See Sets a minimum bandwidth for each flow min bandwidth BANDWIDTH e BANDWIDTH bandwidth in the unit of kbps Policer min bandwidth BANDWIDTH Sets a minimum maximum bandwidth for each flow max bandwidth BANDWIDTH BANDWIDTH bandwidth in the unit of kbps To reset a minimum and maximum bandwidth allocated for each flow use the following command e e een no min max bandwidth BAND Bai Resets a minimum maximum bandwidth for each flow olicer WIDTH BANDWIDTH bandwidth in the unit of MB The minimum and maximum bandwidth allocations for each flow support a traffic policing Traffic policing allows that you guarantee the minimum bandwidth of traffic to be transmit ted or received on an interface Traffic that falls within the minimum bandwidth is transmit ted whereas traffic that exceeds the maximum bandwidth is dropped by a policing mechanism Maximum Buffer numbers Each queue is assigned a certain amount of buffer space to store transit data Each queue has an upper limit on the allocated number of buffers based on the class band width assignment of the queue and the number of queues configured 201 CLI Management Guid
263. g and Modifying Policy After configuring a policy using the above commands apply it to the system with the fol lowing command If you do not apply the policy to the system all specified configurations from Policy Configuration mode will be lost To save and apply a policy use the following command eg AR _ apply Applies a policy to the system To modify a policy use the following command ICI annem policy NAME modify Global Modifies a policy enter a policy name Displaying Rule To show a rule profile configured by user use the follwing command mm Te Te show flow profile Shows a profile of flow show policer profile Shows a profile of policer show policy profile Shows a profile of policy SMC7824M VSW Management Guide CLI TigerAccess EE To dispaly a certain rule by its name or a specific rule of a certain type use the following command ee e Se show flow class policer Enable policy VAME ina Shows the information relating to each rule enter a oba show flow class policer rule name Bridge policy detail NAME show running config flow All Shows all configurations of each rule policer policy SMC7824M VSW 191 CLI 192 7 6 6 7 6 6 1 Management Guide TigerAccess EE Admin Rule For the switch it is possible to block a specific service connection like telnet FTP ICMP etc with an admin rule function Creating Admin Flow for packet cl
264. g option format on a port ip dhcp snooping port PORTS opt code DHCP option code opt code lt 1 254 gt format NAME NAME DHCP option format name Configures a policy against DHCP option belonging to a DHCP message default replace keep forwards a DHCP message to DHCP server ip dhcp snooping port PORTS Global without any modification opt code lt 1 254 gt policy keep lada replace deletes the DHCP message s option and adds replace E the snooping option if both of them are same However if they are different each other replace option just adds the snooping option no ip dhcp snooping port Removes the DHCP snooping option for a given port PORTS opt code lt 1 254 gt 329 CLI 330 8 6 7 12 Management Guide TigerAccess EE In case there is not a DHCP snooping option for a specific port DHCP snooping switch finds the snooping default option If it exists DHCP snooping switch sends a DHCP server DHCP messages Discover Request by replacing their options with the snooping default option To specify a DHCP server default option use the following command ee e ee ip dhcp snooping default option Specifies a snooping default option format for a switch code lt 1 254 gt format NAME NAME DHCP option format name Configures a policy against DHCP option belonging to a DHCP message default replace keep forwards a DHCP message to DHCP server ip dhcp snooping default option eee l
265. g will be automatically started and login prompt will be displayed SWITCH login SMC7824M VSW Management Guide TigerAccess EE SMC7824M VSW CLI Step 2 When you enter a login ID at the login prompt the password prompt will be displayed and then enter the proper password to log in the system By default setting the login ID is configured as admin with no password SWITCH login admin Password SWITCH gt Step 3 In Privileged EXEC View mode you can check only the configuration for the switch To configure and manage the switch you should begin Privileged EXEC Enable mode The following is an example of beginning Privileged EXEC Enable mode SWITCH gt enable SWITCH Password for Privileged EXEC Enable Mode You can configure a password to enhance the security for Privileged EXEC Enable mode To configure a password for Privileged EXEC Enable mode use the ror command ee ae a password to begin Privileged EXEC En passwd enable PASSWORD Global aaa mode passwd enable 8 PASSWORD passwd enable 8 PASSWORD 8 PASSWORD Configures an encrypted password an encrypted password password enable does not support encryption at default value Therefore it shows the string or password as it is when you use the show running config command In this case the user s password is shown to everyone and has unsecured environment To encrypt the password which will be shown at running config you should use the s
266. gc off 1 4 1 0 3r29IK105012 Yes 21 Down 10 Half Disable agc off 1 5 1 0 3r29IK105012 Yes 20 Down 10 Half Disable agc off SWITCH config show cpe info 1 5 No NOS Version Vendor ID Vendor STR Model Name Serial No 1 1 0 3r29IK105012 0x0000fee8 DSNW H335 OOODPW U0000346 20 Hee EZ LA OTE Ox0000fee8 DSNW H335 S ALS E LOS Oe Ox0000fee8 DSNW H335 4 1 0 3r29IK105012 0x0000fee8 DSNW H335 000DPW U0000348 O GE EE Ox0000fee8 DSNW H335 OOODPW U0000341 SWITCH config 108 SMC7824M VSW Management Guide TigerAccess EE D SMC7824M VSW CLI NOS Version means the current image It will be updated after resetting when you install new image In the above example NOS Download is indicated as the below INN NO NOS is not downloaded yet Done NOS has been successfully downloaded NOS downloading is failed Tab 5 9 NOS Download 109 CLI 110 9 4 Management Guide TigerAccess EE Port Mirroring Port mirroring is the function of monitoring a designated port Here one port to monitor is called monitor port and a port to be monitored is called mirrored port Traffic transmitted from mirrored port are copied and sent to monitor port so that user can monitor network traffic The following is a network structure to analyze the traffic by port mirroring lt analyzes traffic on the switch and network status by configuring Mirrored port and Monitor port connecting the computer that the watch program is in
267. ge will be blocked until the configured time based on the last message is up For example if you configure the interval as 1 second ICMP will not be sent within 1 second after the last message has been sent To configure interval to transmit ICMP message the administrator should configure the type of message and the interval time Use the following command to configure the interval for transmit ICMP message e me See Configures the interval for transmit ICMP message ip icmp interval rate mask MASK Global MASK user should input hexadecimal value until OxFFFFFFFF The default is 0x1818 If mask that is input as hexadecimal number is calculated as binary number 1 means Status ON 0 means Status OFF In binary number if the digit showed as 1 matches with the value of ICMP message It means ICMP Message is selected as Status ON Digit value starts from 0 For example if hexadecimal number 8 is changed as binary number it is 1000 In 1000 O digit is 0 and 1 digit is 0 2 digit is 0 and 3 digit is 1 The digit showed as 1 is S and ICMP_DEST_UNREACH means ICMP value is 3 Therefore ICMP_DEST_UNREACH is chosen the message of limiting the transmission time Default is 0x1818 If 1818 as hexadecimal number is changed as binary number it is 1100000011000 By calculating from O digit 3 digit 4 digit 11 digit 12 digit is 1 and it is STATUS ON
268. gh security because of mutual authentication system At a request of user Authentication from user s PC EAPOL Start type of packets are transmitted to authenticator and authenticator again requests identification After getting respond about identification request to approve access to RADIUS server and be au thenticated by checking access through user s information The following figure explains the process of 802 1x authentication EAPOL EAP over LAN EAP over RADIUS Q S Suppliant Authenticator Authentication Server RADIUS Server EAPOL Start EAP Request Identity EAP Response Identity i RADIUS Access Request EAP Request 7 RADIUS Access Challenge EAP Response RADIUS Access Request EAP Success RADIUS Access Accept Fig 4 1 Process of 802 1x Authentication SMC7824M VSW Management Guide TigerAccess EE 4 5 1 4 5 1 1 4 5 1 2 SMC7824M VSW CLI 802 1x Authentication Enabling 802 1x To configure 802 1x the user should enable 802 1x daemon first To enable 802 1x dae mon use the following command e e re dot1x system auth control Enables 802 1x daemon Global Disables 802 1x daemon no dot1x system auth control RADIUS Server As RADIUS server is registered in authenticator authenticator also can be registered in RADIUS server Here authenticator and RADIUS server need extra data authenticating each other be sides they register each ot
269. gins to SSH server ssh login DESTINATION PUB LIC KEY Enable DESTINATION IP address of SSH server PUBLIC KEY public key File Copy To copy a system configuration file from to SSH server use the following command e e en copy scp sftp config SET Downloads and uploads a file to through SSH server nable download upload FILENAME FILE destination file name SMC7824M VSW Management Guide TigerAccess EE 4 4 2 3 SMC7824M VSW CLI Authentication Key SSH client can access to server through authentication key after configuring authentica tion key and informing it to server It is safer to use authentication key than inputting password every time for login and it is also possible to connect to several SSH servers with using one authentication key To configure an authentication key in the switch use the following command Soen ra en ssh keygen rsa1 rsa dsa Global Configures an authentication key rsa1 SSH ver 1 authentication copy scp sftp key upload rsa SSH ver 2 authentication FILENAME Pie dsa SSH ver 2 authentication FILENAME key file name To configure authentication key and connect to SSH server with the authentication key perform the following procedure Step 1 Configure the authentication key in the switch SWITCH A config ssh keygen dsa Generating public private dsa key pair Enter file in which to save the key etc ssh id dsa Enter passphra
270. gt Deletes the given attribute Option The value should be within 64 bytes A hidden length variable should be set once in a single attribute The total length of an option format cannot exceed 254 bytes 8 6 5 3 Deleting DHCP Option Format To delete a specified DHCP option format use the following command III E est no ip dhcp option format NAME Global Deletes the given DHCP option format 8 6 5 4 Displaying DHCP option To print a specified DHCP option format use the following command e e een Enable show ip dhcp option format Global Prints the given option format and actual raw data in NAME port PORTS vlan VLANS DHCP the packet Option SMC7824M VSW 319 CLI 320 8 6 6 Management Guide TigerAccess EE DHCP Option 82 In some networks it is necessary to use additional information to further determine which IP addresses to allocate By using the DHCP option 82 a DHCP relay agent can include additional information about itself when forwarding client originated DHCP packets to a DHCP server The DHCP relay agent will automatically add the circuit ID and the remote ID to the option 82 field in the DHCP packets and forward them to the DHCP server The DHCP option 82 resolves the following issues in an environment in which untrusted hosts access the internet via a circuit based public network Broadcast Forwarding The DHCP option 82 allows a DHCP relay agent to reduce unnecessary broad
271. gt dscp no qos remark color green yellow red queue lt 0 7 gt queue To display the status of remarking based on different color marked packets use the fol lowing command conned ee show qos remark color green yellow red Shows the configured remarking of dscp Enable DSCP value show qos remark color green yellow red Global Shows the configured remarking of queue queue number SMC7824M VSW 189 CLI 190 7 6 4 6 7 6 4 7 7 6 5 Management Guide TigerAccess EE Attaching a Policy to an interface After you configure a rule including the packet classification policing and rule action you should attach a policy to an interface and to specify port or vlan in which the policy should be applied If you do not specify an interface for rule rule does not work properly To attach a policy to an interface use the following command e e re Attaches the policy to a specified ingress port or any interface binding port ingress port PORTS any PORTS port number interface binding vian VLANS Attaches the policy to a specified vlan or any vlan any VLANS VLAN ID 1 4094 To detach a policy from an interface use the eo command no interface binding port in Removes an attached policy from ingress port gress PORTS Policy no interface binding vlan Removes an attached policy from vian an attached Removes an attached policy from vian from vlan Applyin
272. gure Root Guard use the following command e e re spanning tree port PORTS Bridge Configures Root Guard on the network guard root To delete a configured Root Guard of specified port use the following command mm Te ages spanning tree port PORTS Disables Root Guard function guard none Bridge no spanning tree port PORTS Deletes a configured Root Guard returns to default guard configurations SMC7824M VSW Management Guide TigerAccess EE 8 3 10 8 3 11 SMC7824M VSW CLI Restarting Protocol Migration MSTP protocol has a backward compatibility MSTP is compatible with STP and RSTP If some other bridge runs on STP mode and sends the BPDU version of STP or RSTP MSTP automatically changes to STP mode But STP mode cannot be changed to MSTP mode automatically If administrator wants to change network topology to MSTP mode administrator has to clear the previously detected detected protocol manually To prevent this the switch provides the clear spanning tree detected protocols com mand If you enable this command the switch checks STP protocol packet once again To clear configured Restarting Protocol Migration use the following command men ra Som clear spanning tree detected SE l Restarts protocol migration function protocols Bridge clear spanning tree port PORTS Restarts protocol migration function of specified port detected protocols PORTS port number Loop Back Detection The probl
273. gured samping iena fron sampling interval of port a 231 CLI 232 7 16 7 7 16 7 1 7 16 7 2 7 16 7 3 7 16 7 4 Management Guide TigerAccess EE Configuring Receiver Receiver ID mode To open sFlow receiver mode and configure this receiver in detail use the following command e e re sflow receiver lt 1 65535 gt Opens a specific sFlow receiver mode Global no sflow receiver lt 1 65535 gt Deletes specified sFlow receiver Collect IP address and port To specify IP address of sFlow collector use the following command SSES Specifies IP address of sFlow collector collect ip A B C D Receiver A B C D IP address of collector default 0 0 0 0 no no collect ip no collect ip Deletes specified IP address of sFlow collector To specify UDP port of sFlow collector use the following command SCC Specifies UDP port of sFlow collector collect port lt 1 65535 gt Receiver 1 65535 UDP port number default 6343 no no collect port no collect port Deletes specified UDP port of sFlow collector Deletes specified UDP port of sFlow collector UDP port of sFlow collector Maximum Datagram Size To set the maximum datagram size of sampling packets which are transmitted through re ceiver use the following command e Se Sets the maximum datagram size of sampling packets max datagram size lt 256 1400 gt that are transmitted by this receiver eae 256 1400 maximum datagra
274. h SWITCH config show boot info POWERBOOT Say ye e SWITCH config The following is the sample output of the show boot info command after rebooting with the reload command SWITCH config show boot info SWREBOOT 2008 11 14 15 38 49 SWITCH config SMC7824M VSW Management Guide TigerAccess EE D 7 1 i SMC7824M VSW CLI Network Management Simple Network Management Protocol SNMP The simple network management protocol SNMP is an application layer protocol de signed to facilitate the exchange of management information between network devices SNMP consists of three parts an SNMP manager a managed device and an SNMP agent SNMP provides a message format for sending information between SNMP man ager and SNMP agent The agent and MIB reside on the switch In configuring SNMP on the switch you define the relationship between the manager and the agent According to community you can give right only to read or right to both read and write The SNMP agent has MIB variables to reply to requests from SNMP administrator And SNMP admin istrator can obtain data from the agent and save data in the agent The SNMP agent gets data from MIB which saves information on system and network SNMP agent sends a trap to administrator for specific cases Trap is a warning message to alert network status to SNMP administrator The switch enhances access management of SNMP agent and limits the range of OID opened
275. h determine the rule action or priority of packets 169 CLI 170 Management Guide TigerAccess EE mirror transmits the classified traffic to the monitor port redirect transmits the classified traffic to the specified port permit allows traffic matching given characteristics deny blocks traffic matching given characteristics copy to cpu duplicates the profile of classified packets and sends a copy to CPU CoS marking marks the incoming frame on port with CoS values CoS remarking enables DSCP based L3 table and Queue based L2 table packets filtering e Scheduling Algorithm To handle traffic you need to configure differently processing orders of traffic by using scheduling algorithms The switch provides Strict Priority Queuing SP Deficit Weighted Round Robin DWRR An already applied rule can not be modified It needs to be deleted and then created again with changed values Weight can be used to additionally adjust the scheduling mode per queue in DWRR mode Weight controls the scheduling precedence of the internal packet queues Fig 7 1 shows the relationship of Flow Class Policer and Policy on basic structure of Rule Interface Binding Fig 7 2 Structure of Rule You can simply manage more than 2 Flows through one Class Flow or Class and Policer can be implemented by one policy Both Flow and Class cannot belong to one policy together It means that one policy
276. h where an IGMP snooping is running will flood multicast traffic to all ports until receiving two general queries or during two general query intervals by default You can also configure the switch to stop multicast flooding according to a specified query count or query interval To specify a query count to stop multicast flooding use the following command mana on ip igmp snooping tcn flood Specifies a query count to stop multicast flooding query count lt 1 10 gt 1 10 query count value default 2 Global no ip igmp snooping tcn flood Deletes a specified query count to stop multicast flood query count ing SMC7824M VSW Management Guide TigerAccess EE 9 2 4 SMC7824M VSW CLI To specify a query interval to stop multicast flooding use the following command e me See Specifies a query interval to stop multicast flooding in ip igmp snooping tcn flood the unit of second An actual stop flooding interval is query interval lt 1 1800 gt calculated by query count x query interval Global 1 1800 query interval value default 125 no ip igmp snooping tcn flood Deletes a specified query interval to stop multicast query interval flooding TCN Flooding Query Solicitation Typically if a network topology change occurs the spanning tree root switch issues a query solicitation which is actually a global leave message with the group address 0 0 0 0 When a multicast router receives this solicitation it
277. havior e Ed RE RE EE 183 Fig 7 9 Seege TIEM Snape 184 Fig 7 10 Marking and IREMA rKING iria Ai 186 Fig 7 11 Strict Priority Oueumg E 198 Fig 7 12 Deficit Weighted Round RODIN cooccccccoccnccccocnnconoccnononcnncnnncnnconanenconancnnnnnos 199 Fig 7 13 WRED Packet Drop Probability coooooccooocccconcnccconononcncnoncncnnncnnnos 203 Fig 1 14 NetBIOS EVEN 205 IQs Or POV ARP EE 222 Fig 7 16 ICMP Message Structure E 223 IS AS A E E A A 229 Fig 7 18 SFlowAgent Diagram sesira a a RN 229 Fig 8 1 Pon Dase VEAN EE 235 Fig 8 2 subnet based VEAN ua iaa 238 Fig 8 3 Example Qin CONMIGO io 241 Fig 8 4 QQ PM a eebe 241 Fig 8 5 Outgoing Packets under Layer 2 Shared VLAN Environment 244 Fig 8 6 Incoming Packets under Layer 2 Shared VLAN Environment 1 245 Fig 8 7 Incoming Packets under Layer 2 Shared VLAN Environment 2 245 Fig 8 8 Bil FAG OREO ALON NEEN 251 Fig 8 9 Sun ei E on lee EE 257 Fig 8 10 Principle of Spanning Tree Protocol cccccccseeceeseeeeeeeeeeeeeeseeeeeeeeeeeeeenees 208 FIS e EE 259 FIGWO 12 Designated SWIC BEE 260 FIGS ei d e le EE 261 FINO ROMS a e addees a Oe adadcuivare Matec 261 Fig 8 15 Alternate Port and Backup port 262 Fig 8 16 Example of Receiving Low BULLE 263 Fig 8 17 Network Convergence Of OO 1Id 264 Fig 8 18 Network Convergence Of GUZ Iw 264 Fig 8 19 Network Convergence Of GU Z Iw 265 Fig 8 20 Network Con
278. he ARP validation feature Regardless of a static ARP table the ARP validation will discard ARP packets in the following cases e In case a sender MAC address of ARP packet does not match a source MAC address of Ethernet header e In case a target MAC address of ARP reply packet does not match a destination MAC address of Ethernet header e In case of a sender IP address of ARP packet or target IP address is 0 0 0 0 or 255 255 255 255 or one of multicast IP addresses To enable disable the ARP validation use the following command Y on Enables the ARP validation with the following options ip arp inspection validate src src mac source MAC address mac dst mac ip dst mac destination MAC address Global ip source destination IP address no ip arp inspection validate or Disables the ARP validation src mac dst mac ip The src mac dst mac and ip options can be configured together SMC7824M VSW Management Guide TigerAccess EE 7 12 3 4 7 12 3 5 SMC7824M VSW CLI ARP Inspection on Trust Port The ARP inspection defines 2 trust states trusted and untrusted Incoming packets via trusted ports bypass the ARP inspection process while those via untrusted ports go through the ARP inspection process Normally the ports connected to subscribers are configured as untrusted while the ports connected to an upper network are configured as trusted To set a trust state on a port for the ARP inspection
279. he event notification and forward it to the event message collector like a syslog server This function is enabled as default so even though you disable this function manually the syslog will be enabled again This section contains the following contents e Syslog Output Level e Facility Code e Syslog Bind Address e Debug Message for Remote Terminal e Disabling Syslog e Displaying Syslog Message e Displaying Syslog Configuration Syslog Output Level Syslog Output Level without a Priority To set a syslog output level use the following command e me See syslog output emerg alert crit i i i Generates a syslog message of selected level or err warning notice info higher and forwards it to the console debug console syslog output emerg alert crit Generates a syslog message of selected level or err warning notice info Global higher in the system memory oba debug local volatile non volatile deletes a syslog message after restart volatile non volatile reserves a syslog message syslog output emerg alert crit Generates a syslog message of selected level or err warning notice info higher and forwards it to a remote host debug remote A B C D To disable a specified syslog output use the following command e e Se no syslog output emerg alert crit err warning notice info debug console no syslog output emerg alert crit err warn
280. he following command e e Se no vlan VI ANS Deletes VLAN enter the VLAN ID to be deleted When you delete a VLAN all ports must be removed from the VLAN the VLAN must be empty SMC7824M VSW Management Guide TigerAccess EE 8 1 2 SMC7824M VSW CLI Protocol based VLAN User can use a VLAN mapping that associates a set of processes within stations to a VLAN rather than the stations themselves Consider a network comprising devices sup porting multiple protocol suites Each device may have an IP protocol stack an Apple Talk protocol stack an IPX protocol stack and so on If we configure VLAN aware switches such that they can associate a frame with a VLAN based on a combination of the station s MAC source address and the protocol stack in use we can create separate VLANs for each set of protocol specific applications To configure a protocol based VLAN follow these steps 1 Configure VLAN groups for the protocols you want to use 2 Create a protocol group for each of the protocols you want to assign to a VLAN 3 Then map the protocol for each interface to the appropriate VLAN e me See Adds a port with a protocol based VLAN vlan pvid PORTS ethertype PORTS port number ETHERTYPE VLANS ETHERTYPE Ethernet type e g 0x800 VLANS VLAN ID 1 4094 no vlan pvid PORTS ethertype Deletes a port from a protocol based VLAN ETHERTYPE Because Protocol Based VLAN and normal VLAN run at the same time P
281. he following command e e re no ip igmp snooping immediate leave no ip igmp snooping port R ee d EZE Global Disables the IGMP snooping immediate leave ee immediate leave no ip ines snooping vlan ines immediate leave Use this command with the explicit host tracking feature see Section 9 2 3 6 If you don t when there is more than one IGMP host belonging to a VLAN and a certain host sends a leave group message the switch will remove all host entries on the forwarding table from the VLAN The switch will lose contact with the hosts that should remain in the forwarding table until they send join requests in response to the switch s next general query message 361 CLI 362 9 2 3 4 9 2 3 5 Management Guide TigerAccess EE IGMP Snooping Report Suppression lf an IGMP querier sends general query messages and hosts are still interested in the multicast traffic the hosts should return membership report messages For a multicast router however it is sufficient to know that there is at least one interested member for a group on the network segment Responding a membership report per each of group members may unnecessarily increase the traffic on the network only one report per group is enough When the IGMP snooping report suppression is enabled a switch suppresses member ship reports from hosts other than the first one allowing the switch to forward only one membership report in response to a general qu
282. hed On the other hand if probability is little little amount of packets would be dropped Therefore complete dropping point is quickly reached If the probability value is 1 dropping packet would be none and the value is 15 all packets would be discarded from the point of start queue length value is reached Probbbility Start End Queue Length Fig 7 13 WRED Packet Drop Probability In creating WRED profile you can determine how to treat different types of traffic and as sign packets with certain values to specific threshold via queue numbers Additionally WRED profile is specified to each port 203 CLI 204 Management Guide TigerAccess EE To create and configure a WRED profile use the following command e me Se Creates and configures a WRED profile with default qos wred profile lt 0 3 gt default parameters 0 3 WRED profile number Creates and configures a WRED profile with specific parameters values 0 3 WRED profile number qos wred profile lt 0 3 gt threshold 0 7 queue number lt Q 7 gt lt 0 2 gt start lt 1 65535 gt end Global 0 2 drop precedence lt 1 65535 gt prob lt 1 15 gt 1 65535 start end queue length value unit of 256 bytes 1 15 drop probability Creates and configures a WRED profile with specific qos wred profile lt 0 3 gt weight queue number and weight lt 0 7 gt lt 1 15 gt 0 7 queue number 1 15 WRED queue weight default 9 WRED function needs to
283. her s IP address The data is key and should be the same value for each other For the key value every kinds of character can be used except the space or special character RADIUS 2 Server Suppliant Authenticator Authentication Server Authentication request RADIUS Servers in order Designate as default Response RADIUS server E J 100 1 1 1 Fig 4 2 Multiple Authentication Servers If you register in several servers the authentication server starts form RADIUS server registered as first one then requests the second RADIUS server in case there s no re sponse According to the order of registering the authentication request the authentica tion request is tried and the server which responds to it becomes the default server from the point of response time 99 CLI 60 4 5 1 3 Management Guide TigerAccess EE After default server is designated all requests start from the RADIUS server If there s no response from default server again the authentication request is tried for RADIUS server designated as next one To configure IP address of RADIUS server and key value use the following command e e e dot1x radius server host Registers RADIUS server with key value and UDP port A B C D NAME auth port lt 0 of radius server 65535 gt key KEY 0 65535 UDP port default 1812 dot1x radius server host Global Configures IP address of RADIUS server and key A B C D NAME key
284. ias To set the threshold of module use the following command e e See threshold module rxpower l Sets the Diagnostics threshold of SFP module by txpower alarm warning PORTS START VALUE STOP VALUE RX TX power and monitors the module The range of RX TX power 0 6 5535 mW threshold module temper alarm Sets the Diagnostics threshold of SFP module depend warning PORTS START TEMP ing on temperature and monitors the module STOP TEMP Global The range of temperature 128 127 99 C i Sets the Diagnostics threshold of SFP module depend threshold module txbias alarm ing on txbias and monitors the module warning PORTS The range of txbias 0 131 ml Sets the Diagnostics threshold of SFP module depend threshold module voltage alarm ing PORTS ing on voltage and monitors the module warning The range of voltage 0 6 5535 V To delete the threshld of module operation depending on specified monitoring type use the following command na m O no threshold module rxpower voltage txbias txpower tem Global Deletes the configured threshold of SFP module per alarm warning PORTS To display the configuration of SFP module of specific port use the following command e e Se show port module info PORTS Displays the status of SFP module If you insert an SFP module including Diagnostic Monitoring Interface DMI into ports you can see the real time information about the ports s
285. iate between untrusted interfaces connected to the end user and trusted interfaces connected to the DHCP server or another switch The DHCP snooping only filters the DHCP server message such as a DHCP_OFFER or DHCP_ACK which is received from untrusted interfaces Enabling DHCP Snooping To enable the DHCP snooping globally use the following command e e Se ip dhcp snooping e Enables the DHCP snooping globally lobal no ip dhcp snooping Disables the DHCP snooping globally default Upon enabling the DHCP snooping the DHCP_OFFER and DHCP_ACK messages from all the ports will be discarded before specifying a trusted port To enable the DHCP snooping on a VLAN use the following command e me ee ip dhcp snooping vlan VI ANS Enables the DHCP snooping on a specified VLAN no ip dhcp snooping vlan Global D VLANS Disables the DHCP snooping on a specified VLAN You must enable DHCP snooping globally before enabling DHCP snooping on a VLAN DHCP Trust State To define a state of a port as trusted or untrusted use the following command a E O ip dhcp snooping trust PORTS Defines a state of a specified port as trusted no ip dhcp snooping trust Global Defines a state of a specified port as untrusted PORTS default SMC7824M VSW Management Guide TigerAccess EE 8 6 7 3 8 6 7 4 SMC7824M VSW CLI To discard broadcast request packets of Egress traffic on specified trusted port use the following command
286. icy Configuration mode the prompt changes from SWITCH config to SWITCH config admin policy NAME To delete configured admin policy or all admin policies use the following command na me on no policy admin NAME Deletes specified admin policy Global no policy admin all Deletes all admin policies After opening Admin Policy Configuration mode an admin policy can be configured by user You can specify the rule action for the classified packets in each admin policy e The admin policy name must be unique Its size is limited to 32 significant characters e The admin policy name cannot start with the alphabet a or A e The order in which the following configuration commands are entered is arbitrary e The configuration of an admin policy being configured can be changed as often as wanted until the apply command is entered e Use the show policy profile admin command to display the configuration entered up to now If you create the admin policy already you need to include specified flow or class to spec ify the rule action for the packets matching configured classifying patterns on flow or class To include specific flow or class in an admin policy use the following command mana on Includes an admin flow in a specified policy include flow NAME l Admin NAME admin flow name i Policy Includes an admin class in a specified policy include class NAME l NAME admin class name One admin policy cannot inc
287. ide TigerAccess EE Contents T INTOQUCUON cen 19 A nein tadalNaswMastan anmnatlanseus 19 k2 Re Le ld et 19 keet Document Convent ON ici ai 20 14 IDOCUMENE Nola lO airada in aa 20 er e EE 21 1 6 CE Declaration Of CONO cados 21 2 ENEE ENEE 22 Z 1 System Features cad a e dad 23 3 Command Line Interface CLI ccssccsssccseccssenesnseneecssensanseansssnensanes 25 Ol Congar Nee EE 25 ET Privileged EXEC View Moda gege ege ege egen 26 3 1 2 Privileged EXEC Enable Mode ooccccccocccccccccncococcnncconconcnnononnnnonnnnonnanonoos 26 3 1 3 Global operatioun 27 3 1 4 Bridge Configuration Mode E 27 3 1 5 DHCP Pool Configuration Mode ccccooncccccocncncccocccononconocnanonnonanononnnannnonos 28 3 1 6 DHCP Option Configuration Mode occcoonnccccocccncccoccnnononcnnconccnnononcnnonnnnonnos 28 3 1 7 DHCP Option 82 Configuration Mode ooncccccocccncccoccnnccnnnnccnononcnnonnnnonnncnnnos 29 3 1 8 Interface Configuration Mode ccooooccncccoccncccnoconconononcononcnnconaronconanenononennnonos 29 3 1 9 Rule Configuration Mode coco 30 3 1 10 RMON Configuration Mode 30 3 2 Configuration Mode OvVervieW ocooocccoccccocnccccccocnccononncncnnnononnnnnnconnnnonnss 31 gJ Sel 9 EE 32 3 3 1 Listing Available Commande 32 33 2 Calling Gomimand el Ee e 34 299 USING ADOS VIA E 35 3 3 4 Using Command of Privileged EXEC Enable Mode aaannnnnnnnnnnnnnennnnnennnn 35 3 3 5 Exit Current Command Mode AE 35 4 System Connection an
288. ifferent classes of service It minimizes the impact of dropping high priority traffic WRED is based on the RED algorithm RED which utilizes end to end flow control of TCP is a random packet dropping function when traffic reaches the user designated threshold even before it reaches maximum buffer size If traffic usage reaches maximum buffer size all packets can be dropped which makes packet loss Therefore in order to prevent packet loss or unstable traffic transmission user can restrict excessive traffic over buffer size by setting up a threshold With RED function packet loss is reduced and stable packet transmission can be ac quired One of the drawbacks to implement RED function is that it randomly drops large numbers of packets and easy to drop high priority of packets Unlike RED WRED is not as ran dom when dropping packets WRED combines the capabilities of the RED algorithm with the IP precedence feature to provide for preferential traffic handling of high priority pack ets To utilize WRED function start queue length value end queue length value and drop probability are necessary Start queue length represents the starting point of random packet dropping and drop probability indicates the percentage of packet dropping from the starting point of random packet dropping to the point of complete dropping If probabil ity is large value large amount of packets would be dropped Therefore complete drop ping point is slowly reac
289. ig 8 36 shows how the DHCP relay agent with the DHCP option 82 operates DHCP Server 2 DHCP Request Option82 ml 3 DHCP Respond Option82 DHCP Relay Agent Option 82 1 DHCP Request rl DHCP Respond DHCP Client D gt Fig 8 36 DHCP Option 82 Operation 8 6 6 1 Enabling DHCP Option 82 To enable disable the DHCP option 82 use the following command e e Se no ip dhcp option82 ip dhcp option82 Enables the system to add the DHCP option 82 field lobal Disables the system to add the DHCP option 82 field 8 6 6 2 Option 82 Sub Option The DHCP option 82 enables a DHCP relay agent to include information about itself when forwarding client originated DHCP packets to a DHCP server The DHCP server can use this information to implement security and IP address assignment policies There are 2 sub options for the DHCP option 82 information as follows Remote ID This sub option may be added by DHCP relay agents which terminate switched or permanent circuits and have mechanisms to identify the remote host of the circuit Note that the remote ID must be globally unique e Circuit ID This sub option may be added by DHCP relay agents which terminate switched or permanent circuits It encodes an agent local identifier of the circuit from which a DHCP client to server packet was received It is intended for use by DHCP relay agents in forwarding DHCP responses back to the proper circuit SMC7824M VSW 321
290. il critical major minor warning intermediate snmp alarm severity adva if misconfig critical major minor warning intermediate snmp alarm severity adva if opt thres critical major minor warning intermediate snmp alarm severity adva if rcv fail critical major minor warning intermediate snmp alarm severity adva if trans fault criti cal major minor warning intermediate snmp alarm severity adva if sfp mismatch critical major minor warning intermedi ate snmp alarm severity adva psu fail critical major minor warning intermediate snmp alarm severity adva temperature critical major minor warning intermediate snmp alarm severity adva voltage high criti cal major minor warning intermediate snmp alarm severity adva voltage low critical major minor warning intermediate Global Sets ADVA severity of an alarm for sys tem temperature high Sets ADVA severity of an alarm for wrong configuration Sets ADVA severity of an alarm for traf fic threshold over for an Ethernet optical interface Sets ADVA severity of an alarm for fail ure to receive packets Sets ADVA severity of an alarm for fail ure to transmit packets Sets ADVA severity of an alarm for SFP module mismatched Sets ADVA severity of an alarm for PSU failure Sets ADVA severity of an alarm for sys tem temperature high Sets ADVA severity of
291. ilege Enable Shows a configured security level Global Bridge show privilege now Shows a security level of current mode The following is an example of creating the system account fest having a security level 10 and test having a security level 1 with no password SWITCH config user add test0 level 0 level0user Changing password for test0 Enter the new password minimum of 5 maximum of 8 characters Please use a combination of upper and lower case letters and numbers SMC7824M VSW Management Guide TigerAccess EE 4 1 7 SMC7824M VSW CLI Enter new password Enter Bad password too short Warning weak password continuing Re enter new password Enter Password changed SWITCH config user add testl level 1 levelluser Changing password for testl Enter the new password minimum of 5 maximum of 8 characters Please use a combination of upper and lower case letters and numbers Enter new password Enter Bad password too short Warning weak password continuing Re enter new password Enter Password changed SWITCH config show user User name Description Level testo level0user 0 testl levelluser 1 SWITCH config The following is an example of configuring an authority of the security level O and 1 SWITCH config privilege view level 0 enable SWITCH config privilege enable level 0 show SWITCH SWITCH config show privilege config
292. immediately sends out IGMP general queries to hosts allowing the fast convergence You can direct the switch where an IGMP snooping is running to send a query solicitation when TCN is received To enable disable the switch to send a query solicitation when TCN is received use the following command e e See SE y Enables the switch to send a query solicitation when ip igmp snooping tcn query solicit address A B C D TCN is received address source IP address for query solicitation no ip igmp snooping tcn query Disables the switch to send a query solicitation when solicit address TCN is received IGMPv3 Snooping Immediate Block IGMPv3 immediate block feature allows a host to block sources with the block latency O zero by referring to the explicit tracking database When receiving a membership report with the state change record from a host that is no longer interested in receiving multicast traffic from a certain source the switch compares the source list for the host in the explicit tracking database with the source list in the received membership report If both are matching the switch removes the source entry from the list in the database and stops forwarding the multicast traffic to the host a group source specific query message is not needed for the membership leave process To enable IGMPv3 immediate block use the following command men Som ip igmp snooping immediate block Enables immediate block globally
293. in an IP address from a DHCP server The configurable DHCP client functionality allows a DHCP client to use a user specified client ID class ID or suggested lease time when requesting an IP address from a DHCP server Once configured as a DHCP client the switch cannot be configured as a DHCP server or relay agent Enabling DHCP Client To configure an interface as a DHCP client use the following command mn ip address dhcp Enables a DHCP client on an interface Interface no ip noipaddressdhcp noipaddressdhcp Disables a DHCP client DHCP Client ID To specify a client ID use the following command mane tenet ip dhcp client client id hex HEXSTRING Specifies a client ID ip dhcp client client id text STRING Interface no ip dhcp client client id Deletes a specified client ID DHCP Class ID To specify a class ID use the following command O oe eos ip dhcp client class id hex HEXSTRING Specifies a class ID ip dhcp client class id text STRING Interface default system MAC address no ip dhcp client class id Deletes a specified class ID Host Name To specify a host name use the following command e me ee no ip no ip dhcp client hostname no ip dhcp client hostname host name ip dhcp client host name NAME Specifies a host name Interface Deletes a specified host name SMC7824M VSW Management Guide TigerAccess EE 8 6 9 5 8 6 9 6 8 6 9 7 8 6 9 8 SMC7824M VSW
294. in the current mode When you input the question mark lt gt you can see available commands used in this mode and variables following after the commands The following is the available commands on Privileged EXEC Enable mode of the switch SWITCH Exec commands 32 clear Reset functions clock Manually set the system clock configure Enter configuration mode copy Copy from one file to another debug Debugging functions default os Select default OS disconnect Disconnect user connection enable Turn on privileged mode command erase Erase saved configuration exit End current mode and down to previous mode halt Halt process help Description of the interactive help system no Negate a command or set its defaults ping Send echo messages quote Execute external command rcommand Management stacking node release Release the acquired address of the interface Omitted SWITCH Question mark lt gt will not be shown in the screen and you do not need to press lt ENTER gt key to display the command list If you need to find out the list of available commands of the current mode in detail use the following command e e Se Shows available commande of the current mode Shows available commands of the current mode with tree structure SMC7824M VSW Management Guide CLI TigerAccess EE The following is an example of displaying the list of available commands of Privileged EXEC Enable mode SWITCH
295. in the frame itself VLAN Tag A VLAN tag is a predefined field in a frame that carries the VLAN identifier for that frame VLAN tags are always applied by a VLAN aware device VLAN tagging provides a num ber of benefits but also carries some disadvantages Advantages Disadvantages VLAN association rules only need to be applied Tags can only be interpreted by VLAN aware devices once Only edge switches need to know the VLAN as Edge switches must strip tags before forwarding sociation rules frames to legacy devices or VLAN unaware domains Core switches can get higher performance by Insertion or removal of a tag requires recalculation of operating on an explicit VLAN identifier the FCS possibly compromising frame integrity VLAN aware end stations can further reduce the Tag insertion may increase the length of a frame be performance load of edge switches yond the maximum allowed by legacy equipment Tab 8 1 Advantages and Disadvantages of Tagged VLAN Mapping Frames to VLAN From the perspective the VLAN aware devices the distinguishing characteristic of a VLAN is the means used to map a given frame to that VLAN In the case of tagged frame the mapping is simple the tag contains the VLAN identifier for the frame and the frame is assumed to belong to the indicated VLAN That s all there is to it To configure the tagged VLAN use the following command e e Se Configures tagged VLAN on a port vlan add V
296. inbound port cos Enable show qos mark inbound port Bisbal Shows the bridge based CoS marking configuration of oba dscp specified parameter Bridge show qos mark inbound port queue e Policy based CoS Marking To configure Policy based CoS Marking with specified values use the command a the packets with queue number action match queue lt 0 7 gt Policy 0 7 GE number ae the packets with 802 1p class of service action match cos lt 0 7 gt 0 7 CoS value Policy Marks the packets with drop precedence action ation match dp 02 gt ation match dp 02 gt lt 0 2 gt 0 2 Drop precedence value Marks the packets with DSCP field action aeon match asop lt 060 gt aeon match asop lt 060 gt lt 0 63 gt 0 63 DSCP value To delete the policy based CoS marking use the following command e e Se no action match queue no action match cos Deletes the policy based marking configuration on no action match dp specified values no action match dscp 187 CLI 188 Management Guide TigerAccess EE e Traffic Policing based CoS Remarking Traffic Policing based CoS Remarking uses 2 types of table DSCP based L3 table and Queue cos based L2 table To configure Traffic Policing based CoS Remarking you need to select one type of table and parameter To select a table and enable the remarking configuration use the following command oer pon remark by dscp Uses a DSCP based L3 ta
297. ing notice info D Global Deletes a specified syslog output debug local volatile non volatile no syslog output emerg alert crit err warning notice info debug remote A B C D 163 CLI Management Guide TigerAccess EE Syslog Output Level with a Priority To set a user defined syslog output level with a priority use the following command eee Tae eee syslog output priority auth authpriv kern local0 local1 y local2 local3 local4 local5 Generates a user defined syslog message with a prior local6 local syslog user ity and forwards it to the console emerg alert crit err warning notice info console syslog output priority auth authpriv kern local0 local l i Generates a user defined syslog message with a prior local2 local3 local4 local5 S ity in the system memory local6 local syslog user Global l l volatile deletes a syslog message after restart emerg alert crit err warning l non volatile reserves a syslog message notice info local volatile non volatile syslog output priority auth authpriv kern local0 local local2 local3 local4 local5 Generates a user defined syslog message with a prior local6 local syslog user ity and forwards it to a remote host emerg alert crit err warning notice info remote A B C D To disable a user defined sys
298. ing Disables aging for only statistically configured secure static addresses no port security PORTS aging Brid Disables port secure aging for all secure addresses on ridge time j a port no port security PORTS aging Returns to the default condition absolute type SMC7824M VSW Management Guide TigerAccess EE 7 9 3 7 10 SMC7824M VSW CLI Displaying Port Security To display the information of the port security use the following command e e Se Enable show port security PORTS Global Shows the information of the port security Bridge MAC Table A dynamic MAC address is automatically registered in the MAC table and it is removed if there is no access to from the network element corresponding to the MAC address during the specified MAC aging time On the other hand a static MAC address is manually reg istered by user This will not be removed regardless of the MAC aging time before remov ing it manually To manage a MAC table in the system use the following command e e een Specifies a static MAC address in the MAC table NAME bridge name PORT port number MAC ADDR MAC address i i Specifies MAC aging time mac aging time lt 10 21474830 gt GER 10 21474830 aging time default 300 To remove the registered dynamic MAC addresses from the MAC table use the following command mane n mac NAME PORT MAC ADDR Clears dynamic MAC addresses clear mac NAME PORT PORT p
299. interval lt 100 10000 gt default 1000 milliseconds Global ip igmp snooping vlan VLANS Specifies a last member query interval VLANS VLAN ID 1 4094 last member query interval lt 100 10000 gt SMC7824M VSW Management Guide TigerAccess EE 9 2 3 3 SMC7824M VSW CLI To delete a specified an interval to send group specific or group source specific query messages use the following command e e See igmp snooping last ina no ip igmp snooping vlan Deletes a specified last member query interval VLANS last member query interval IGMP Snooping Immediate Leave Normally an IGMP snooping querier sends a group specific or group source specific query message upon receipt of a leave message from a host If you want to set a leave latency as 0 zero you can omit the querying procedure When the querying procedure is omitted the switch immediately removes the entry from the forwarding table for that VLAN and informs the multicast router To enable the IGMP snooping immediate leave use the following command er Fee igmp snooping immediate g Enables the IGMP snooping immediate leave globally eave ip igmp snooping hdr a a PORTS Enables the IGMP snooping immediate leave on a port hdr a a leave PORTS port number Enables the IGMP snooping immediate leave on a VLAN VLANS VLAN ID 1 4094 ip igmp snooping vlan VLANS immediate leave To disable the IGMP snooping immediate leave use t
300. ion of multicast services on each port IGMP filtering controls which multicast groups a host on a port can join by associating an IGMP profile that contains one or more IGMP groups and specifies whether an access to the group is permitted or denied with a port For this operation configuring the IGMP pro file is needed before configuring the IGMP filtering IGMP throttling limits the maximum number of IGMP groups that a host on a port can join Note that both IGMP filtering and throttling control only membership reports join mes sages from a host and do not control multicast streams IGMP Filtering Creating IGMP Profile You can configure an IGMP profile for IGMP filtering in IGMP Profile Configuration mode The system prompt will be changed from SWITCH config to SWITCH config igmp profile N To create modify an IGMP profile use the Yoo command a A an IGMP profile ip igmp profile lt 1 2147483647 gt ies 1 2147483647 IGMP profile number oba no ip igmp aa Deletes a created Sate acrened OM pone Sate acrened OM pone lt 1 aa IGMP Group Range To specify an IGMP group range to apply to IGMP filtering use the following command e me See Specifies a range of IGMP groups range A B C D A B C D IGMP A B C D low multicast address Profile A B C D high multicast address no range A B C D 4 B C D Deletes a specified range of IGMP groups A single IGMP group address is also possible IGMP Filtering Polic
301. ion port Global no dot1x nas port PORTS Disables 802 1x authentication port Force Authorization The switch can permit the users requesting the access regardless of the authentication from RADIUS server For example even though a client is authenticated from the server it is possible to configure not to be authenticated from the server To manage the approval for the designated port use the following command e e een Configures a state of the authentication port dot1x port control auto force EA i auto authorization up to RADIUS server default authorized force unauthorized force authorized force authorization PORTS Global force unauthorized force unauthorization no dot1x port control PORTS Deletes a configured authentication port state Interval for Retransmitting Request Identity Packet In the switch it is possible to specify how long the device waits for a client to send back a response identity packet after the device has sent a request identity packet If the client does not send back a response identity packet during this time the device retransmits the request identity packet To configure the number of seconds that the switch waits for a response to a re quest identity packet use the following command e me See i i Sets reattempt interval for requesting request identity dotix timeout tx period lt 1 Ges packe Global 1 65535 retransmit interval default 30 no dotix timeout tx pe
302. isplaying Status of VDSL Port You can check status of VDSL port and user s configuration It is also possible to view in formation of VDSL port To check status of VDSL port and information of DMT modulation use the following command show Ire PORTS Shows VDSL port show Ire detail info PORTS Shows detailed information of VDSL line show Ire profile PORTS Bridge Shows the VDSL profile show rate info PORTS Shows the rate information of VDSL line show Ire psd PORTS Shows PSD mask level Enable Shows MAC address of user connected show Ire user mac PORT Global to VDSL ports The above commands shows the following information Therefore you can choose com mand according to information you need Command Description bitload Shows Bitloading Per Tone Shows Electronic Wire Length ham band Shows HAM Band Shows Upstream Downstream Protection interleave Shows interleave delay pbo config Shows Power Back Off Length configuration Shows Profile Shows PSD Shows rate information Shows SNR Margin Tab 5 1 Information displayed by Command show Ire Enabling VDSL Port This configuration of enabling VDSL port has different way of using with the configuration described in Ethernet Port Configuration Enabling VDSL port is to configure Sync status of partner s equipment Therefore although you connect to cable with VDSL port down Sync is not configured To configure Sync status of VDSL port use the following com ma
303. join use the following command e e re Configures the IGMP static join A B C D IGMP group address VLANS VLAN ID 1 4094 reporter host address ip igmp static group A B C D vlan VLAN port PORT reporter A B C D no ip igmp static group no ip igmp static group A B C D vlan VLAN no ip igmp static group A B C D Deletes the configured IGMP static join vlan VLAN port PORT all addresses no ip igmp static group A B C D vlan VLAN port PORT reporter A B C D Global To configure the IGMP static join for a range of IGMP groups by access lists use the fol lowing command e e re Configures the IGMP static join for a range of IGMP od groups by access lists ip igmp static group list lt 1 99 gt lt 1300 1999 gt WORD vlan VLAN port PORT reporter A B C D 1 99 IP standard access list 1300 1999 IP standard access list expanded WORD access list name VLANS VLAN ID 1 4094 reporter host address no ip igmp static group list lt 1 99 gt lt 1300 1999 gt WORD no ip igmp static group list lt 1 99 gt lt 1300 1999 gt WORD vlan Deletes the configured IGMP static join for a range of VLAN port PORT IGMP groups all addresses no ip igmp static group list lt 1 99 gt lt 1300 1999 gt WORD vlan VLAN port PORT reporter A B C D 352 SMC7824M VSW Management Guide TigerAccess EE 9 1 3 SMC7824M VSW CLI To display the IGMP static join
304. ked port loop detect PORT timer lt 0 to NORMAL If you set the interval as O the state of the 86400 gt blocked port will not be changed automatically default 600 seconds no loop detect PORT block Disables the blocking option To set the interval of sending the R packet use the following command loop detect PORTS period lt 1 A the interval of sending the loop detecting packet Bridge 60 gt default 30 seconds 300 SMC7824M VSW Management Guide TigerAccess EE A SMC7824M VSW CLI You can also configure the source MAC address of the loop detecting packet Normally the system s MAC address will be the source MAC address of the loop detecting packet but if needed Locally Administered Address LAA can be the address as well If the switch is configured to use LAA as the source MAC address of the loop detecting packet the second bit of first byte of the packet will be set to 1 For example if the switch s MAC address is 00 d0 cb 00 00 01 the source MAC address will be changed to 02 d0 cb 00 00 01 To select the source MAC address type of the loop detecting packet use the following command n See Uses LAA as the source MAC address of the loop loop detect srcmac laa detecting packet Bridge Uses the system s MAC address as the source MAC loop detect srcmac system l address of the loop detecting packet default If you would like to change the source MAC address of the loop dete
305. l An IGMP snooping querier periodically sends general query messages to trigger mem bership report messages from a host that wants to receive IP multicast traffic To specify an interval to send general query messages use the following command e me eee SA Specifies an IGMP snooping query interval in the unit ip igmp snooping querier query interval lt 1 1800 gt of second 1 1800 query interval default 125 ip igmp snooping vlan VLANS Specifies an IGMP snooping query interval on a VLAN querier query interval lt 1 1800 gt VLANS VLAN ID 1 4094 To delete a specified interval to send general query messages use the following com mand e me See no ip igmp snooping querier query interval Disables a specified IGMP snooping query interval ip k nnen Deg snooping vlan k nnen Deg querier query interval IGMP Snooping Query Response Time Membership query messages include the maximum query response time field This field specifies the maximum time allowed before sending a responding report The maximum query response time allows a router to quickly detect that there are no more hosts inter ested in receiving multicast traffic 399 CLI 360 9 2 3 2 Management Guide TigerAccess EE To specify a maximum query response time advertised in general query messages use the following command e e re ip igmp snooping querier max Specifies a maximum query response time response time lt 1
306. l statistics avg pkt Shows the statistics of the protocol for average pack PORTS a Leem Global show protocol statistics total Bridge Shows the traffic statistics of the protocol for total PORTS packets To delete the collected statistics of the protocol use the following command e e een Global clear protocol statistics PORTS Deletes the collected statistics of the protocol ridge 73 CLI 9 2 8 A 14 Management Guide TigerAccess EE Port Information To display the port information use the following command ICI EC show port PORTS Shows a current port status enter a port number Enable show port description PORTS Global Bridge show port module info PORTS Shows a specified port description enter a port num ber Shows optical module SFP information The show port module info command is only valid for Ethernet optical port In case of using the command on the VDSL interface the system shows the state as Uninstalled The following is an example of displaying the port information for port 20 to 26 SWITCH config show port 20 26 NO LPR PVID STATUS MODE FLOWCTRL INSTALLED ADMIN OPER ADMIN OPER 20 VDSL 1 Up Down Force Full 100 On On Y SE VDSL 1 Up Down Force Full 100 On On Y 22S VDSL 1 Up Down Force Full 100 On On Y 238 VDSL 1 Up Down Force Full 100 On On Y 24 VDSL 1 Up Down Force Full 100 On On Y LN Ethernet 1 Up Down Auto Half 0 O
307. larm and make the alarm be shown only in case of selected se verity or higher This enhanced alarm notification allows system administrators to manage the system efficiently Alarm Notify Activity Normally the switch is supposed to generate an alarm only when a pre defined event has occurred such as the fan fail system restart temperature high etc However you can additionally configure the system to generate an alarm when any configuration parameter has been changed via CLI To enable disable the alarm notify activity use the command snmp notify activity enable Global A a a the alarm notify activity O disable default disable If you manage the system via the ACI E the alarm notify activity should be enabled Alarm Severity Criterion You can set an alarm severity criterion to make an alarm be shown only in case of se lected severity or higher For example if an alarm severity criterion has been set to major you will see only an alarm whose severity is major or critical To set an alarm severity criterion use the following command es e Se snmp alarm severity criteria l ae Sets an alarm severity criterion critical major minor warning Global default warning intermediate The order of alarm severity is critical gt major gt minor gt warning gt intermediate The configured alarm severity criterion is valid only in ACI E 143 CLI 144 7 1 9 3 7 1 9 4 Manag
308. ld value 0 7 CoS value 0 2 drop precedence qos remark color green yellow red queue 0 7 queue number lt 0 7 gt cos lt 0 7 gt qos remark color green yellow red dscp lt 0 63 gt queue lt 0 7 gt qos remark color green yellow red queue lt 0 7 gt dp lt 0 2 gt SMC7824M VSW Management Guide CLI TigerAccess EE qos remark color green yellow red queue Remarks CoS parameters according lt 0 7 gt dscp lt 0 63 gt to queue number CoS value and metering function configured on sys tem qos remark color green yellow red queue 0 7 CoS value or queue nunmber lt 0 7 gt queue lt 0 7 gt 0 2 drop precedence 0 63 DSCP field value To delete a configured Traffic Policing based CoS Remarking use the following command commend meee ee no qos remark color green yellow red dscp 0 63 no qos remark color yellow red lt 0 63 gt cos no qos remark color ino E yellow red ino E lt 0 63 gt dp no qos remark color ee yellow red EE lt 0 63 gt dscp no qos remark color green yellow red dscp lt 0 63 gt queue Deletes the configured Traffic Policing no qos remark color green yellow red based CoS Remarking queue lt 0 7 gt no qos remark color green yellow red queue lt 0 7 gt cos no qos remark color green yellow red queue lt 0 7 gt dp no qos remark color green yellow red queue lt 0 7
309. le of disconnecting a user connected from a remote place SWITCH where admin at ttys0 from console for 4 days 22 hours 15 minutes 24 88 seconds admin at ttyp0 from 10 0 1 4 1670 for 4 days 17 hours 53 minutes 28 76 seconds admin at ttypl from 147 54 140 133 49538 for 6 minutes 34 12 seconds SWITCH disconnect ttyp0 SWITCH where admin at ttys0 from console for 4 days 22 hours 15 minutes 34 88 seconds admin at ttypl from 147 54 140 133 49538 for 6 minutes 44 12 seconds SWITCH System Rebooting Manual System Rebooting When installing or maintaining the system some tasks require rebooting the system by various reasons Then you can reboot the system with a selected system OS To restart the system manually use the following command es See reload os1 os2 Restarts the system If you reboot the system without saving new configuration new configuration will be de leted So you have to save the configuration before rebooting Not to make that mistake the switch reconfirms that by displying the following message to ask if user really wants to reboot and save configuration If you want to save the system configuration press lt Y gt key at first question if you want to continue to reboot the system press lt Y gt key at second question The following is an example of restarting the system with the reload command SWITCH reload Do you want to save the system configuration y n Do you want to reload the
310. led in DMT modula tion This chapter describes the following lists e Modem Port Reset e Installing System Image of CPE e Installing CPE System Image File in Slave e Configuring AGC Auto Gain Control e Checking Length of Cable between CPE and CO e Auto negotiation of CPE e Transmit Rate of CPE e Duplex mode of CPE e Auto Upgrade of CPE Image e Displaying CPE Status Modem Port Reset When connection state of this switch and network is not normal there may be some prob lem in modem port connection of CPE In this case you can reset modem port of CPE To reset modem port of CPE use the following command mane n cpe modem reset PORTS Resets modem port of CPE The following is an example of resetting modem port of CPE connected to port 1 SWITCH bridge cpe modem reset 1 SWITCH bridge Installing System Image of CPE You can install system image of CPE using command in this switch After changing the name of system image file into that of single file which is configured in internal system install system image file in CPE Perform the below steps to install system image file in CPE Step 1 Connect to FTP to store the CPE system image file in this switch SMC7824M VSW Management Guide TigerAccess EE SMC7824M VSW CLI To connect to FTP please use the following command es a O Connects to FTP to store system image file in the sys load ftp DESTINATION Enable tem flash memory SWIT
311. lized If it happens you d better to reconfigure the interval longer 802 1x Re Authentication In the switch it is possible to update the authentication status on the port periodically To enable re authentication on the port you should perform the below procedure Step 1 Enable 802 1x re authentication Step 2 Configure the interval of re authentication Step 3 Configure the interval of requesting re authentication in case of re authentication fails Step 4 Execute 802 1x re authenticating regardless of the interval Enabling 802 1x Re Authentication To enable 802 1x re authentication using the following command man Te ages dot1x reauth enable PORTS Enables 802 1x re authentication Global Disables 802 1x re authentication no dot1x reauth enable PORTS SMC7824M VSW Management Guide TigerAccess EE 4 5 2 2 4 5 2 3 4 5 2 4 SMC7824M VSW CLI Interval of Re Authentication RAIDIUS server contains the database about the user who has access right The data base is real time upgraded so it is possible for user to lose the access right by updated database even though he is once authenticated In this case even though the user is ac cessible to network he should be authenticated once again so that the changed database is applied to Besides because of various reasons for managing RADIUS server and 802 1x authentication port the user is supposed to be re authenticated every regular time The administ
312. llowing command e e een i Specifies a DHCP option format for a DHCP server option code lt 1 254 gt format code DHCP option code NAME DHCP Pool NAME DHCP option format name no option code lt 1 254 gt format Removes a specified DHCP option for a DHCP server DHCP server may not have any DHCP option that is configured in the DHCP pool mode Then DHCP server finds the DHCP default option If it exists DHCP server sends DHCP clients a DHCP reply packet Offer ACK with the default option information To specify a DHCP server default option use the following command e me O Specifies a DHCP default option format for a DHCP ip dhcp default option code lt 1 server 254 gt format NAME code DHCP option code SE NAME DHCP option format name no ip dhcp default option code Removes a specified DHCP default option for a DHCP lt 1 254 gt server Static Mapping The switch provides a static mapping function that enables to assign a static IP address without manually specifying static IP assignment by using a DHCP lease database in the DHCP database agent To perform a static mapping use the following command na a O Performs a static mapping origin file A B C D FILE A B C D DHCP database agent address DHCP Pool FILE file name of DHCP lease database no origin file Cancels a static mapping 307 CLI 308 D 8 6 1 11 8 6 1 12 Management Guide TigerAccess EE For more information
313. log output level use the following command ee e See no syslog output priority auth authpriv kern local0 local local2 local3 local4 local5 local6 local syslog user emerg alert crit err warning notice info console no syslog output priority auth authpriv kern local0 local local2 local3 local4 local5 z Deletes a specified user defined syslog output level local6 local7 syslog user Global Se with a priority emerg alert crit err warning notice info local volatile non volatile no syslog output priority auth authpriv kern local0 local local2 local3 local4 local5 local6 local7 syslog user emerg alert crit err warning notice info remote A B C D 164 SMC7824M VSW Management Guide TigerAccess EE LE 7 5 2 SMC7824M VSW CLI The order of priority is emergency gt alert gt critical gt error gt warning gt notice gt info gt debug If you set a specific level of syslog output you will receive only a syslog message for selected level or higher If you want receive a syslog message for all the levels you need to set the level to debug The following is an example of configuring syslog message to send all logs higher than notice to remote host 10 1 1 1 and configuring local1 info to transmit to console SWITCH config syslog output notice remote 10 1 1 1 SWITCH
314. lowing command ICI wenn clock DATETIME Sets system time and date Enable Global Shows system time and date Bridge SMC7824M VSW Management Guide TigerAccess EE 6 1 3 6 1 4 SMC7824M VSW CLI Time Zone The switch provides three kinds of time zone GMT UCT and UTC The time zone of the switch is predefined as GMT Greenwich Mean Time Also you can set the time zone where the network element belongs To set the time zone use the following command refer to the below table e e ees time zone TIME ZONE Sets the time zone Global clear time zone Resets the time zone To display the time zone use the following command refer to the below table mana TO aten Enable Global Bridge Shows the world time zone map Tab 6 1 shows the world time zone ae BE ows we oms SS ae NN Tab 6 1 World Time Zone To see a configured time zone use the show clock command Network Time Protocol NTP The network time protocol NTP provides a mechanism to synchronize time on com puters across an internet The specification for NTP is defined in RFC 1119 To en able disable the NTP function use the following command e e een ntp server SERVER1 SERVER 2 Enables NTP function with a specified NTP server SERVER3 SERVER server IP address maximum 3 servers Disables the NTP function no ntp server SERVER1 Global Deletes a specified NTP server SERVER2 SERVER3 SERVER se
315. lt gateqay IP address arp alias 4 B C D1 A B C D2 vlan VLANS VLAN ID 1 4094 VLANS gateway GATEWAY A B C D1 start IP address A B C D2 end IP address GATEWAY gateway IP address no arp alias 4 B C D1 A B C D2 Deletes the registered IP address range of ARP alias SMC7824M VSW Management Guide TigerAccess EE 7 12 3 7 12 3 1 SMC7824M VSW CLI To set the aging time of gateway address in ARP alias use the following command e me See Changes the aging time of registered gateway address arp alias aging time lt 5 in ARP alias 2147483647 gt 5 2147483647 ARP alias gateway aging time default Global 300 sec Deleted the configured aging time and returns to the arp alias aging time default settings Unless you input a MAC address the MAC address of user s device will be used for ARP response To display a registered ARP alias use the following command e a O Enable show arp alias Global Shows a registered ARP alias Bridge ARP Inspection ARP provides IP communication by mapping an IP address to a MAC address However a malicious user can attack ARP caches of systems by intercepting the traffic intended for other hosts on the subnet For example Host B generates a broadcast message for all hosts within the broadcast domain to obtain the MAC address associated with the IP ad dress of Host A If Host C responses with an IP address of Host A or B and a MAC ad dress of Host C
316. lude both flow and class at the same time Either admin flow or admin class can belong to one policy 195 CLI 196 7 6 7 2 7 6 7 3 Management Guide TigerAccess EE To remove flow or class from the policy use the following command e e See no include flow Admin Removes the admin flow from this policy no include class Policy Removes the admin class from this policy Admin Policy Priority If rules that are more than two match the same packet then the rule having a higher prior ity will be processed first To set a priority for an admin access rule use the eS command priority highest high medium Admin EE a priority for an admin policy low Policy default medium Admin Policy Action To specify the rule action action match for the packets matching configured classifying patterns use the following command Soen E O action match deny Admin Denies a packet action match permit Policy Permits a packet To delete a specified rule action action match use the following command e e een no action match deny Deletes a specified rule action no action match permit To specify a rule action no action match for the packets not matching configured clas sifying patterns use the following command e e een no action match deny Admin Denies a packet a Denies a packet no action match permit Policy Permits a packet To delete a specified rule action no action match u
317. m sam sam TCH config service dhcp dhcp pool sam sam sam sam ple le oO 0 0 D D sample network 100 1 1 0 24 default router 100 1 1 254 range 100 1 1 1 100 1 1 100 lease time default 5000 lease time max 10000 dns server 200 1 1 1 200 1 1 2 200 1 1 3 If you want to specify a DNS server for all the DHCP pools use the dns server command For more information see Section 6 1 8 Manual Binding To manually assign a static IP address to a DHCP client who has a specified MAC ad dress use the following command e e Se fixed address A DCD MAC ADDRESS no fixed address A DCD Assigns a static IP address to a DHCP client A B C D static IP address MAC ADDRESS MAC address Deletes a specified static IP assignment DHCP Pool SMC7824M VSW Management Guide TigerAccess EE 8 6 1 8 8 6 1 9 8 6 1 10 SMC7824M VSW CLI Domain Name To set a domain name use the following command ee e ee domain name DOMAIN Sets a domain name Sets a domain name domain name An gem Deletes a specified domain name DHCP Server Option The switch operating DHCP server can include DHCP option information in the DHCP communication Before using this function a global DHCP option format should be cre ated For details of setting the DHCP option format refer to the 8 6 5 DHCP Option To specify a DHCP server option use the fo
318. m size default 1400 Deletes the configured maximum datagram size Owner Name of sFlow Receiver Owner name of specific receiver represents who is the user of this receiver If you delete existing owner name of receiver all configurations including collect IP collect port and timeout of receiver would be also deleted SMC7824M VSW Management Guide TigerAccess EE 7 16 7 5 7 16 8 7 16 9 SMC7824M VSW CLI To give an owner name of receiver use the following command n See owner NAME l Gives an owner name of specific receiver Receiver Timeout To set a timeout of receiver use the following command SCC i Sets a timeout of receiver timeout lt 1 2147483647 gt l Receiver 1 2147483647 timeout value default 0 Deletes configured timeout of receiver Receiver Index If you configure one receiver when sFlow function of specific port was already enabled in the system you should assign the configured receiver index of that port for transmitting sampling packets to sFlow collector To specify configured receiver index to port use the following command e e See l Specifies a receiver index of port to transmit sampling sflow port PORTS receiver index lt 1 65535 gt packets to sFlow collector index lt 1 Global 1 65535 receiver ID no sflow port PORTS receiver ee Se Deletes specified receiver index of port index Displaying sFlow To display the current status of sFlow se
319. mand e e Se active Alarm Enables this profile no active config Disables this profile SMC7824M VSW 99 CLI 100 Fi S Management Guide TigerAccess EE The following is an example of enabling configuration SWITCH bridge alarm config profile TEST active SWITCH bridge alarm config profile TEST show running config omitted alarm config profile TEST thresh 15min lofs 300 thresh 15min loss 300 thresh 15min lols 300 thresh 15min ess 300 thresh 15min sess 300 thresh 15min uass 300 active omitted SWITCH bridge line config profile TEST Unless you enable configured profiles they will not be applied although you apply them to ports After you configure and enable profile if you change the configuration then it will be automatically disabled Therefore you have to enable it with active whenever you change configurations Step 4 Save Profile after going back to Global configuration mode or Enable mode SWITCH config write memory Building configuration OK SWITCH config Besides when switch is been stacking Alarm config profile configured in Master will be automatically configured in Slave Although it is configured before stacking Masters con figuration will be configured in Slave by finding any difference However you have to save the configuration of Slave with using write memory Unless you do it the configuration will be deleted and the above pr
320. mber of IGMP groups for the system use the following com mand e me See Specifies the maximum number of IGMP groups for the ip igmp max groups system system count lt 1 2147483647 gt y 1 2147483647 number of IGMP groups no ip igmp max groups system Deletes a specified maximum number of IGMP groups Displaying IGMP Filtering and Throttling To display a configuration for IGMP filtering and throttling use the following command e e en Enable show ip igmp filter port PORTS Global Bridge Shows a configuration for IGMP filtering and throttling PORTS port number To display existing IGMP profiles use the following command e e Se Enable show ip igmp profile lala Shows existing IGMP profiles oba lt 1 2147483647 gt Be 1 2147483647 IGMP profile number ridge Multicast Source Trust Port Any port of this switch can be specified as a multicast source trust port which is regis tered in the multicast forwarding table Only multicast source trust ports can be received the multicast traffic However the reserved multicast packets should be sent to CPU even if these packets pass through a multicast source trust port This feature helps the switch to distinguish be 373 CLI 374 Management Guide TigerAccess EE tween general traffic receivers and multicast traffic receivers and is a more efficient use of system resources because it sends the multicast traffic to specic hosts which w
321. mmand e e See Specifies IP address of sFlow agent sflow agent ip A B C D Global A B C D agent IP address default 127 0 0 1 no sflow agent ip Deletes specified IP address of sFlow agent Enabling sFlow on Port To enable or disable sFlow function on a port use the following command SCC sflow port PORT enable Enables sFlow function on specified port Global sflow port PORT disable Disables sFlow function on specified port Maximum IP Header Size To set the maximum IP header size of sampling packets on a port use the following command e me See Configures the maximum header size of incoming sflow port PORTS max header ize lt 16 256 gt sample packets to specific port size Global 16 256 maximum IP header size value default 128 no sflow port PORTS max Deletes configured maximum header size of sample header size packets Counter Interval To set the interval to send interface counter information to sFlow poller use the following command sflow port PORTS counter Sets the interval of interface counter for port interval lt 1 1000 gt Global no sflow PORTS counter i EEN EEN interval of interface counter for port interva Sample Rate To set sampling interval of port use the SS S command sflow port PORTS sample rate E sampling interval of port for incoming pack lt 1 2000 gt Global no sflow port PORTS a Oates contgured samping iena fron Oates cont
322. modify an admin flow use the following command e e een flow admin NAME modify Global Modifies a flow enter an admin flow name You should save and apply the admin flow to system using apply command whenever you modify any configuration of the admin flow Class Creation One class can include several flows You can simply handle and configure the packets on several flows at once To create a class including more than 2 flows use the following command e e een Creates an admin class including at least 2 admin class admin NAME flow FLOW1 flows FLOW2 FLOWS3 NAME admin class name FLOW admin flow name To delete configured admin class or all admin classes use the following command e e een no class admin all Deletes all admin classes l Deletes specified admin class no class admin NAME l NAME admin class name Global Removes specified admin flows from class no class admin NAME flow FLOW1 FLOW2 FLOW3 NAME admin class name FLOW admin flow name SMC7824M VSW Management Guide TigerAccess EE 7 6 7 7 6 7 1 A SMC7824M VSW CLI Admin Rule Action Admin Policy Creation For the switch you need to open Admin Policy Configuration mode first To open Policy Configuration mode use the following command e e See Creates an admin policy and opens Admin Policy Con policy admin NAME create Global figuration mode NAME admin policy name After opening Admin Pol
323. mp trap snmp trap host A B C D COMMUNITY A B C D snmp trap host A B C D COMMUNITY Specifies an SNMP trap v1 host snmp inform trap host A B C D COMMUNITY Specifies an SNMP inform trap host snmp trap2 host A B C D COMMUNITY Global Specifies an SNMP trap v2 host To delete a specified SNMP trap host use the following command no snmp trap host A B C D Deletes a specified SNMP trap v1 host no snmp no snmp trap2 host A B C D no snmp trap2 host A B C D A B C D Deletes a specified SNMP trap v2 host Global no snmp inform trap host We l ABCD Deletes a specified SNMP inform trap host If you manage the system via the ACI E you should specify an SNMP trap v2 host with the snmp trap2 host command You can set maximum 16 SNMP trap hosts with inputting one by one The following is an example of setting an SNMP trap host SWITCH SWITCH config SNMP Trap in Event Mode The system provides various kind of SNMP trap but it may inefficiently work if all these trap messages are sent very frequently Therefore you can select each SNMP trap sent to an SNMP trap host e auth fail is shown to inform wrong community is input when user trying to access to SNMP inputs wrong community e cold start is shown when SNMP agent is turned off and restarts again e link up down is shown when network of port specified by user is disconnected or when the network is connected again e mem threshold is shown
324. namic routing protocol static routes are not automatically updated and must be manually reconfigured if the network topology changes Static route includes destina tion address neighbor address and etc To configure a static route use the following command To configure a static route use the following command e e re ip route A B C D SUBNET MASK Configures a static route GATEWAY null lt 1 255 gt A B C D destination IP prefix Global A B C D M destination IP prefix with mask ip route A B C D M GATEWAY GATEWAY gateway address null lt 1 255 gt sre A B C D 1 255 distance value src binding source IP address SMC7824M VSW Management Guide TigerAccess EE 4 3 4 SMC7824M VSW CLI To delete a configured static route use the following command men rs rem no ip route A B C D SUBNET MASK GATEWAY null lt 1 255 gt Global Deletes a configured static route no ip route A B C D M GD null lt 1 GD To configure a default gateway use the Sos command ip route default GATEWAY Global Configures a default gateway null lt 1 255 gt To delete a configure default gateway use the following command Teena e Daten no ip route default GATEWAY Global Deletes a default gateway null lt 1 255 gt To display a configured static route use the following command es ee show route A B C D BEE Global l Shows configured routing information with IP routing show ip
325. nd e e ee Creates a policer and opens Policer Configuration policer NAME create Global mode NAME policer name After opening Policer Configuration mode the prompt changes from SWITCH config to SWITCH config policer NAME After opening Policer Configuration mode a policer can be configured by user The rate limit meter and packet count can be configured for each policer e The policer name must be unique Its size is limited to 32 significant characters e The policer name cannot start with the alphabet a or A e The order in which the following configuration commands are entered is arbitrary e The configuration of a polcer being configured can be changed as often as wanted until the apply command is entered e Use the show policer profile command to display the configuration entered up to now To delete configured policer or all policers use the following command e me ees no policer NAME Deletes a policer enter a policer name Global no policer all Deletes all policers 175 CLI 176 7 6 3 2 7 6 3 3 Management Guide TigerAccess EE Packet Counter The packet counter function provides information on the total number of packets that the rule received and analyzed This feature allows you to know the type of packets transmit ted in the system according to rule configuration To count the number of packets matching to corresponding policer use the following command SS
326. nd e me see Configures Sync with partner s equipment or resets Ire PORTS u P Bridge VDSL port Ire PORTS down Disables Sync with partner s equipment Sync with the connected equipment is basically configured for VDSL port 17 CLI 78 9 3 2 3 Management Guide TigerAccess EE This command is used not only to enable VDSL port but also to reset it when is on unsta ble status Profile of VDSL Port It is possible to configure bandwidth of up down stream of VDSL port To configure the profile use the following command OO oo ee Ire PORTS profile vdsl1 asym100_998 sym100_100_998 normal isdn adsl adsl safe tlan Ire PORTS profile vdsl1 asym50_998 asym50_998 4b sym25_997 isdn adsl adsl safe tlan Ire PORTS profile vdsl1 asym50_998 asym50_998 4b i Configures profile of VDSL sym25_997 normal annex m annex a annex b exclude Bridge i port Ire PORTS profile vdsl2 12b 12b_997 normal isdn adsl adsI2 Ire PORTS profile vdsl2 12a 12a_997 17a 17a_8k 30a 8a 8b 8c 8d normal isdn adsl adsl2 annex m annex a annex b exclude Each profile provides the following bandwidth Type PLAN 998 Asymmetric for 6Band DMT 50 100M not support option b and PLAN 998 Asymmetric for DMT 50M PLAN 998 Asymmetric for 4Band DMT 50M Ok tone asym100_ 998 asym50_998 VDSL 1 asym50_ 998 4b PLAN 998 Symmetric for 6Band DMT 100 100M not
327. nfiguration e Auto Saving e System Configuration File e Restoring Default Configuration Displaying System Configuration To display the current running configuration of the system use the following command ee show running config Shows a configuration of the system show running config admin flow admin policy flow arp bridge dns full host Shows a configuration of the system with name login qos rmon alarm rmon event 7 the specific option rmon history policer policy snmp syslog time out time zone The following is an example to display the configuration of the syslog SWITCH show running config syslog l syslog start syslog output info local volatile syslog output info local non volatile SWITCH Writing System Configuration If you change the configuration of the system you need to save the changes in the sys tem flash memory To write a current running configuration use the following command IC male neon Writes a current running configuration in the system write memory All a ash memory i i Shows a current running configuration on the terminal write terminal Enable alias to the show running config command When you use the write memory command make sure there is no key input until OK message appears 123 CLI 124 6 2 3 6 2 4 Management Guide TigerAccess EE Auto Saving The switch supports the auto saving feature
328. nfigures transmit rate of Maximum Downstream The unit is kbps 1000 1Mbps Configures transmit rate of Minimum Downstream The unit is kbps 1000 1Mbps Configures SNR margin of Downstream The unit is 0 25dBm 4 1dBm Configures minimum SNR margin of Downstream The unit is 0 25dBm 4 1dBm Configures Interleave delay of Upstream Configures transmit rate of Maximum Upstream The unit is kbps 1000 1Mbps Configures transmit rate of Minimum Upstream The unit is kbps 1000 1Mbps Configures SNR margin of Upstream The unit is up target snr mgn lt 0 124 gt 0 25dBm 4 1dBm Configures minimum SNR margin of Upstream The up snr min mgn lt 0 124 gt GC unit is 0 25dBm 4 1dBm The default of Interleave delay is 2ms and speed of service is not configured by default setting The default of SNR margin is 24 6dBm in case of Downstream and 32 8dBm in case of Upstream Transmit rate should be configured using the unit of Mbps Therefore you can input in terms of 10000 in actual configuration The following is an example of configuring Interleave of profile named TEST as 20ms and transmit rate as 8M in case of Upstream and 10M in case of Downstream and SNT mar gin as 10dBm SWITCH bridge line config profile TEST down max inter delay 20 SWITCH bridge line config profile TEST SWITCH up max inter delay 20 SWITCH bridge line config profile TEST bridge line config p
329. nged from SWITCH config to SWITCH config flow NAME SWITCH config policer NAME and SWIT CH config policy NAME os rem flow NAME create Opens Flow Configuration mode policer NAME create Global Opens Policer Configuration mode policy NAME create Opens Policy Configuration mode Tab 3 9 shows the commands of Rule Configuration mode ees Classifies an IEEE 802 1p priority maes Classifies a MAC address action matth Configures a rule action for classified packets rate limit Comfigures a rate limit of classified packets Configures a rule priority of specified policy Tab 3 9 The Commands of Rule Configuration Mode RMON Configuration Mode In RMON Configuration mode you can configure RMON alarm RMON event and RMON history The switch provides three different configuration modes to configure each type of RMON Teoma rs rem rmon alarm lt 1 65535 gt Opens RMON Configuration mode Global rmon event lt 1 65535 gt event lt 1 rmon event lt 1 65535 gt 1 65535 index number rmon rmon history lt 1 65535 gt lt 1 rmon history lt 1 65535 gt SMC7824M VSW Management Guide TigerAccess EE CLI Tab 3 10 shows main commands of RMON Configuration mode Shows the subject which configures each RMON and uses relevant information Tab 3 10 Main Command of RMON Configuration Mode 3 2 Configuration Mode Overview Fig 3 1 shows the overview of the configuration mode for th
330. nooping vlan VLANS mrouter learn pim Multicast Router Port Forwarding The multicast traffic should be forwarded to IGMP snooping membership ports and multi cast router ports because the multicast router needs to receive muticast source informa tion To enable the switch to forward the traffic to multicast router ports use the following command C m en ip multicast mrouter pass Enables to forward multicast traffic to the multicast through router ports no ip li mrouter pass Disables to forward multicast traffic to the multicast li router ports To disable the switch to learn multicast router ports through PIM hello packets use the following command a me See no ip igmp snooping mrouter learn pim Disables to learn multicast router ports through PIM ip E snooping vlan hello packets licen mrouter learn pim Displaying Multicast Router Port To display a current multicast router port for IGMP snooping use the following command e me See Shows a current multicast router port for IGMP snoop show ip igmp snooping mrouter l Enable ing globally Global Shows a current multicast router port for IGMP snoop Bridge ing on a specified VLAN VLANS VLAN ID 1 4094 show ip igmp snooping vlan VLANS mrouter 365 CLI 366 9 2 3 8 Management Guide TigerAccess EE TCN Multicast Flooding When a network topology change occurs the protocols for a link layer topology such as spanning tree
331. ns are regenerated based on CIR Bucket C CIN e ng 7 CBS de Green Color Marking Tokens are regenerated based on CIR Bucket C CON A A SO ea 4 If the bucket C is empty the tokens in the bucket P are decremented by the size of the packet IC gt Yellow Color Marking 183 CLI 184 Management Guide TigerAccess EE Tokens are regenerated Tokens are regenerated based on PIR faster than CIR based on CIR Bucket P Bucket C RS IN NA E Empty CBS PBS Empty If the bucket P is empty a packet is marked red II ren gt IC gt Red Color Marking Fig 7 9 Behavior of trT CM 3 To set the metering mode use the following command e e See Sets the metering mode color mode srtcm trtcm blind blind color blind mode aware Policer aware color aware mode In the color blind mode the meter assumes that the packet stream is uncolored In the color aware mode the meter assumes that some preceding entity has pre colored the in coming packet stream so that each packet is the one among green yellow and red To specify the value for metering parameters use the following command e e Se Specifies CIR and CBS BANDWIDTH regenerating rate of token unit Kbps BURST maximum size of token bucket unit byte Policer color pir BANDWIDTH Specifies PIR and PBS trTCM only pbs BURST color ebs BURST ebe BURST Specifies Specifies EBS sTCMonlyy srTCM
332. ns to the default maximum aging time value of no spanning tree mst max age MSTP Bridge Returns to the default maximum aging time value of PVSTP VLANS VLAN ID 1 4094 no spanning tree vlan VLANS max age BPDU Hop Count In MSTP it is possible to configure the number of hops in order to prevent BPDU from wandering BPDU passes the switches as the number of hops by this function To configure the number of hops of BPDU in MSTP use the following command e e re Configures the number of hops for BPDU set the spanning tree mst max hops lt 1 40 gt number of possible hops in MSTP region 1 40 the number of hops for BPDU default 20 no spanning tree mst max hops Deletes the number of hops for BPDU in MSTP SMC7824M VSW Management Guide TigerAccess EE 8 3 12 5 8 3 12 6 SMC7824M VSW CLI BPDU Filtering BPDU filtering allows you to avoid transmitting on the ports that are connected to an end system If the BPDU Filter feature is enabled on the port then incoming BPDUs will be fil tered and BPDUs will not be sent out of the port To enable or disable the BPDU filtering function on the port use the following command mana mete en spanning tree port PORTS ar 8 Enables a BPDU filtering fuction on specific port bpdufilter enable spanning tree port PORTS Bridge bpdufilter disable Disables a BPDU filtering fuction on specific port no spanning tree port PORTS bpdufilter
333. nt or if a static IP source binding is con figured the IP source guard restricts the IP traffic of client to those source IP addresses configured in the binding any IP traffic with a source IP address other than that in the IP source binding will be filtered out This filtering limits a host s ability to attack the network by claiming a neighbor host s IP address IP source guard supports the Layer 2 port only including both access and trunk For each untrusted Layer 2 port there are two levels of IP traffic security filtering e Source IP Address Filter IP traffic is filtered based on its source IP address Only IP traffic with a source IP address that matches the IP source binding entry is permitted An IP source address filter is changed when a new IP source entry binding is created or deleted on the port which will be recalculated and reapplied in the hardware to reflect the IP source bind ing change By default if the IP filter is enabled without any IP source binding on the port a default policy that denies all IP traffic is applied to the port Similarly when the IP filter is disabled any IP source filter policy will be removed from the interface 331 CLI 332 8 6 8 1 A 8 6 8 2 Management Guide TigerAccess EE e Source IP and MAC Address Filter IP traffic is filtered based on its source IP address as well as its MAC address only IP traffic with source IP and MAC addresses matching the IP source binding entry
334. o SSH server use the following command e e Se Enable Global Shows SSH clients connected to SSH server Bridge Disconnecting SSH Client To disconnect an SSH client connected to SSH server use the ee command A E SSH clients connected to SSH server ssh disconnect PID Global PID SSH client number 99 CLI 96 4 4 1 4 4 4 1 5 4 4 2 4 4 2 1 4 4 2 2 Management Guide TigerAccess EE Assigning Specific Authentication Key After enabling SSH server each client will upload its own generated authentication key The SSH server can assign the specific key among the uploaded keys from several cli ents To verify an authentication key use the following command e e re ssh key verify FILENAME Global Verifies a generated authentication key If the SSH server verify the key for specific client other clients must download the key file from SSH server to login Displaying Connection History of SSH Client To display the connection history of SSH client use the following command e mee Enable Shows the connection history of SSH clients who are show ssh history Global connected to SSH server up to now Bridge SSH Client The switch can be used as SSH client with the following procedure e Login to SSH Server e File Copy e Authentication Key Login to SSH Server To login to SSH server after configuring the switch as SSH client use the following com mand e e re Lo
335. o a defined priority level the user has different authority to access the system This priority should be defined in the TACACS server in the same way To define the pri ority level of user use the following command login tacacs priority level min eS ee the priority level of user see the below infor user max root Global mation for the order of priority no login tacacs priority level Deletes a defined priority level a defined Deletes a defined priority level level The order of priority is root max gt user gt min Accounting Mode The switch provides the accounting function of AAA Authentication Authorization and Accounting Accounting is the process of measuring the resources a user has consumed Typically accounting measures the amount of system time a user has used or the amount of data a user has sent and received To set an accounting mode use the following command e e een Sets an accounting mode login accounting mode none start measures start point only start stop both Global stop measures stop point only both measures start and stop point both no login accounting mode Deletes a configured accounting mode Displaying System Authentication To display a configured system authentication use the following command na e een Enable Global Shows a configured system authentication Bridge SMC7824M VSW Management Guide TigerAccess EE 4 3 4 3 1 SMC
336. o check network status with relative Source IP address which other side should make a response Numeric display n Hop is displayed the number instead of indications or statistics l It is considered as successful ping test if reply returns within the con Timeout in seconds 2 fe i figured time interval Default is 2 seconds Probe count 3 Set the frequency of probing UDP packets The TTL field is reduced by one on every hop Set the time to trace Maximum time to live 30 hop transmission The number of maximum hops Default is 30 sec onds Selects general UDP port to be used for performing to trace the Port Number 33434 routes The default is 33434 Tab 6 4 Options for Tracing Packet Route The following is an example of tracing packet route sent to 10 1 158 158 SWITCH traceroute 10 27 41 81 traceroute to 10 27 41 81 10 27 41 81 30 hops max 40 byte packets 1 10 27 41 81 10 27 41 81 0 623 ms 0 295 ms 0 254 ms SWITCH Displaying User Connecting to System To display current users connecting to the system from a remote place or via console in terface use the following command e e re Enabl Shows current users connecting to the system from a nable remote place or via console interface SMC7824M VSW Management Guide TigerAccess EE 6 3 5 6 3 6 6 3 7 SMC7824M VSW CLI MAC Table To display MAC table recorded in specific port use the following command e e re show m
337. o ip dhcp snooping limit lease eye Deletes a DHCP lease limit PORTS You can limit the number of entry registrations only for untrusted interfaces because the DHCP snooping binding table only contains the information for DHCP messages from un trusted interfaces 325 CLI 326 8 6 7 5 8 6 7 6 8 6 7 7 Management Guide TigerAccess EE Source MAC Address Verification The switch can verify that the source MAC address in a DHCP packet that is received on untrusted ports matches the client hardware address in the packet To enable the source MAC address verification use the following command Enables the source MAC address veri ip dhcp snooping verify mac address fication Global Disables the source A address veri no ip dhcp snooping nein dhep snooping very macs mac nein dhep snooping very macs A ication Static DHCP Snooping Binding The DHCP snooping binding table contains a hardware address IP address lease time VLAN ID and port information that correspond to the untrusted interfaces of the system To manually specify a DHCP snooping binding entry use the following command e e See Configures binding on DHCP snooping table 1 4094 VLAN ID PORT port number A B C D IP address MAC ADDR MAC address ip dhcp snooping binding lt 1 4094 gt PORT A B C D MAC ADDR lt 120 2147483637 gt Global 120 2147483637 lease time unit second ip dhcp snooping binding lt 1 4094 gt PO
338. o not operate with MSTP have instance 0 so that they can also join BPUD exchanges The op eration of deciding CST root is CIST Common amp Internal Spanning Tree Legacy 802 1d CST Switch A Region B feu a ae ia ie Legacy 802 1d CST Root amp IST Root E oo Switch C IST Root l Region A IST Switch B Switch D Switch E Fig 8 23 CST and IST of MSTP 1 267 CLI 268 8 3 4 Management Guide TigerAccess EE In CST SWITCH A and B are operating with STP and SWITCH C D and E are operating with MSTP First in CST CIST is established to decide a CST root After the CST root is decided the closest switch to the CST root is decided as IST root of the region Here CST root in IST is an IST root Legacy 802 1d CST Switch A Region C IST Region B IST e WEE IST Root Instance 2 H ST Root Region A IST Instance 3 Switch D Switch E Fig 8 24 CST and IST of MSTP 2 In the above situation if SWITCH B operates with MSTP it will send its BPDU to the CST root and IST root in order to request itself to be a CST root However if any BPDU having higher priority than that of SWITCH B is sent SWITCH B cannot be a CST root Enabling STP Function Required First of all you need to enable STP function You cannot configure any parameters re lated to Spanning Tree Protocol without this command To enable S
339. ocedure will be repeated With enabled stacking config profile of Master will be configured in Slave it is impossible to configure alarm config profile in Slave Step 5 Apply Profile to port Use the following command mane l a O pm alarm config profile NAME add PORTS Applies Profile to port The following is an example of applying Profile named TEST to port 1 SWITCH bridge alarm config profile TEST add 1 SWITCH bridge SMC7824M VSW Management Guide CLI TigerAccess EE With enabled stacking Master s configuration is same configured in Slave However Master can make application to port of Slave You should configure it in Slave Please save the configuration after applying to port To disable the application of profile use the following command e e See alarm config profile NAME del PORTS Disables Profile applied to port Step 6 save the configuration SWITCH config write memory Building configuration OK SWITCH config To delete Profile use the following command na ee no alarm config profile NAME Bridge Deletes Profile SMC7824M VSW 101 CLI 102 9 3 9 gt z 5 3 5 1 5 3 5 2 Management Guide TigerAccess EE Configuring CPE You can reset CPE used when switch and check state of CPE PORTS at CPE configuration command is VDSL port number connected specified CPE The below description is only for this switch in which module is instal
340. ode sends RM Link UP message that informs other nodes the blocking status of secondary port If the nodes receives RM Link Up message they unblocks the ports which are de tected a Link Failure recovery The Ethernet ring is back to normal state Fig 8 32 shows an example of a Ring Recovery operation Node A 2 Unblock the port Node B recovered from Link Failure RM Link Up opges RM Link Up al 1 Sends RM Link Up Ack to both ports and blocks secondary port Fig 8 32 Ring Recovery SMC7824M VSW Management Guide TigerAccess EE 8 4 2 8 4 3 A SMC7824M VSW CLI Loss of Test Packet LOTP ERP recognizes the Link Failure using Loss of Test Packet LOTP mechanism RM Node periodically sends periodic RM Test Packet message The state of LOTP means that RM Test Packet message does not return three consecutive times to RM node through Ethernet Ring If RM node receives its RM Test Packet message through Ethernet Ring it continues to block its secondary port You can configure the interval for sending RM Test Packet message ERP Shared Link Sharing a link between two ERP rings allows the two nodes adjacent to the link to be common to the two rings Sharing one link between two rings would create a super loop if that link failed To prevent the super loop two ERP domains should have different priori ties This concept is called ERP ring priority Wh
341. ode for one port and make one group include several queues on DWRR packet scheduling mode this group implements as if it is one single queue The scheduling mode of all queues is SP but a group including several queues operates in DWRR Weight To set a weight for DWRR scheduling mode use the following command e e ee Sets a weight for each port and queue qos weight PORTS cpu lt 0 7 gt PORTS port numbers lt 1 255 gt 0 7 queue number Global 1 255 weight value default 6 Sets a ratio among all queues according to configured qos base weight PORTS lt 1 255 gt weight 1 255 base weight value default 6 Maximum and Minimum Bandwidth To set a maximum bandwidth use the following command e e een Sets a maximum bandwidth for each port and queue PORTS port numbers Global 0 7 queue number BANDWIDTH bandwidth in the unit of MB qos max bandwidth PORTS lt 0 7 gt BANDWIDTH unlimited unlimited unlimited bandwidth default SMC7824M VSW Management Guide TigerAccess EE 7 6 9 4 SMC7824M VSW CLI To set a minimum bandwidth use the following command n See Sets a minimum bandwidth for each port and queue S i PORTS port numbers qos min bandwidth PORTS lt 0 T gt BANDWIDTH unlimited Global 0 7 queue number BANDWIDTH bandwidth in the unit of MB default 0 unlimited unlimited bandwidth A minimum bandwidth can be set only in DWRR scheduling mode By usin
342. of ERP domain of ERP domain 295 CLI 296 8 4 5 8 4 6 8 4 7 Management Guide TigerAccess EE Selecting the Node To configure an ERP domain as RM Node use the following command e e re erp domain DOMAIN ID mode rm Configures ERP node mode as RM node To configure an ERP domain as normal node use the following command INC rr erp domain DOMAIN ID mode Bridge Configures ERP node mode as normal node norma Protected Activation When you finish configuring specific ERP domain with Domain ID domain name primary port and secondary port you should activate the ERP domain to apply to the system To activate an ERP domain use the following command a Y mn erp domain DOMAIN ID Bridge Configures ERP Protected Activation activation activate To deactivate an ERP domain use the following command Je erp domain DOMAIN ID activation erp ira DOMAIN ID activa tion ira Bridge Deactivates an ERP domain default Manual Switch to Secondary A secondary port is supposed to be blocked as unused link for traffic while ERP runs without any link failure While a primary port forwards the traffic to other nodes But you can configure a primary port to be blocked as a secondary port role A secondary port is automatically changed to forward the traffic To manually configure a primary or secondary port as an unused link that should be blocked for traffic in normal condition of Ethern
343. of the file naming of a DHCP lease database see Section 8 6 3 1 Recognition of DHCP Client Normally a DHCP server recognizes DHCP clients with a client ID However some DHCP clients may not have their own client ID In this case you can select the recogni tion method as a hardware address instead of a client ID To select a recognition method of DHCP clients use the following command e e een ip dhcp database key client id 7 Global Selects a recognition method of DHCP clients hardware address IP Address Validation Before assigning an IP address to a DHCP client a DHCP server will validate if the IP address is used by another DHCP client with a ping or ARP If the IP address does not re spond to a requested ping or ARP the DHCP server will realize that the IP address is not used then will assign the IP address to the DHCP client To select an IP address validation method use the following command ee e re ip dhcp validate arp ping Global Selects an IP address validation method You can also set a validation value of how many responses and how long waiting time out for the responses from an IP address for a requested ping or ARP when a DHCP server validates an IP address To set a validation value of how many responses from an IP address for a requested ping or ARP use the following command e e Se ip dhcp arp ping packet lt 0 Sida Sets a validation value of how many responses oba 20
344. ofile first If you try to configure interleave delay of the port which is included as Line config profile member the error message will be displayed SWITCH bridge lre 5 interleave delay 50 6VDSL Port 5 is line config profile DEFVAL member SWITCH bridge To configure Line config profile in detail you need to open Line config Profile mode Use the following command e me See Opens line config profile configuration mode line config profile NAME Bridge NAME Line config profile name The following is an example of entering into Line config Profile mode to configure line config profile named as TEST SWITCH config terminal SWITCH config bridge SWITCH bridge line config profile TEST SWITCH bridge line config profile TEST Meanwhile use the following command to exit from Line config Profile mode e e ees et Line config Exits from line config profile configuration mode 95 CLI Management Guide TigerAccess EE To configure the detail of Profile Use the following command Command Description down max inter delay lt 1 100 gt down slow max datarate lt 0 100000 gt down slow min datarate lt 0 100000 gt down target snr mgn lt 0 124 gt down snr min mgn lt 0 124 gt Line config up max inter delay lt 1 100 gt up slow max datarate 100000 gt up slow min datarate 100000 gt Configures Interleave delay of Downstream The unit is MSEC Co
345. ogether e MVR only supports IGMPv2 Enabling MVR To enable MVR on the system use the following command A TA E Enables MVR Global MVR Group To configure MVR you need to specify an MVR group and group address If you specify several MVR groups IGMP packets from the receiver ports are sent to the source ports belonging to the corresponding MVR group according to the group address specified in the packets To specify an MVR group and group address use the following command e e en Specifies an MVR group and group address mvr vlan VLAN group A B C D VLAN VLAN ID 1 4094 Ge A B C D IGMP group address no mvr vlan VLAN group A B C D Deletes a specified MVR group and group address 369 CLI 370 9 2 6 3 9 2 6 4 9 2 6 5 Management Guide TigerAccess EE Source Receiver Port You need to specify the source and receiver ports for MVR The followings are the defini tions for the ports e Source Port This is connected to multicast routers or sources as an uplink port which receives and sends the multicast traffic Subscribers cannot be directly connected to source ports All source ports belong to the multicast VLAN as tagged e Receiver Port This is directly connected to subscribers as a subscriber port which should only re ceive the multicast traffic All receiver ports must belong to the both subscriber and multicast VLANs as untagged for implementation reasons To specify a port a
346. on a specified port nego PORTS on off Bridge port enter a port number default on Auto negotiation operates only on 10 100 1000Base TX interface You cannot enable this function on 1000Base X optical interface The following is an example of disabling the auto negotiation on the Ethernet port 25 and 26 SWITCH bridge show port 25 26 NO TYPE PVID STATUS MODE FLOWCTRL INSTALLED ADMIN OPER 25 Ethernet 1 Up Up Auto Full1 1000 Off Y 26 Ethernet 1 Up Up Auto Full1 1000 OLF Y SWITCH bridge port nego 25 26 off SWITCH bridge show port 25 26 NO TYPE PVID STATUS MODE FLOWCTRL INSTALLED ADMIN OPER 25 Ethernet 1 Up Up Force Full 1000 Off 26 Ethernet 1 Up Up Force Full 1000 OTE SWITCH bridge Transmit Rate To set the transmit rate of an Ethernet port use the following command nan eos Sets the transmit rate of a specified port port speed PORTS 10 100 1000 to 10 100 1000Mbps enter a port num ber Transmit rate is configurable only on 10 100 1000Base TX interface You cannot set transmit rate on 1000Base X optical interface SMC7824M VSW Management Guide TigerAccess EE 9 2 4 SMC7824M VSW CLI The following is an example of setting transmit rate on the Ethernet port 25 to 10 Mbps SWITCH bridge show port 25 NO TYPE PVID STATUS MODE FLOWCTRL INSTALLED ADMIN OPER ADMIN OPER 25 Ethernet 2 Up Up Auto Full1f1000 Off Off Y SWITCH bridge port speed 25 10 SWIT
347. on several flows at once To create a class including more than 2 flows use the following command e Se Creates a class including more than 2 flows class NAME flow FLOW1 FLOW2 FLOW3 Global NAME class name FLOW flow name SMC7824M VSW Management Guide TigerAccess EE 7 6 3 7 6 3 1 SMC7824M VSW CLI To delete configured class or all classes use the following command e me See Deletes all classes no class NAME flow FLOW1 FLOW2 FLOW3 Removes specified flows from class no class NAME Global Deletes specified class enter the class name Removes cs tons tomase Packet Conditioning After defining traffic classification criteria in Flow Configuration mode then configure how to process the packets The classified traffic from flow or class is being treated according to the policer configuration On Policer Configuration mode a policer enforces a rate limiting and the packet counter as well as the metering for traffic The traffic is identified via policers which are used to define traffic conditions including rate limit metering and counter And the policy actions for the identified traffic are created with policy One policer can belong to one policy Policer Creation To configure how to handle the classified packets according to the policer settings you need to create a policer and open Policer Configuration mode To open Policer Configuration mode use the following comma
348. onanoss 91 NOS DO Wil OA BEEN 109 World TIME ZOMG EE 113 ODTIOMS TOP PING csias a ed a tees 126 Options for Ping for Multiple IP Addresees 127 Options for Tracing Packet Route n nannnannnennnnannnnnnnnnnnnnrnnnrnsnrrnnrrnenrrnnnee 130 ICMP Message Type cui ic ina 223 Mask Calculation of Default Value cc cccccccccceeecceeececeeeeeseeeeseeeesseeeeaees 225 Options for Packet DUMP incas as 227 Advantages and Disadvantages of Tagged VI AN 239 SIP aun COSE SNOT NEE 269 Rod Ps Path COSt lO EE 270 SMC7824M VSW Management Guide CLI TigerAccess EE 1 Introduction 1 1 Audience This manual is intended for Ethernet IP DSLAM operators and maintenance personnel for providers of Digital Subscriber Line DSL and Ethernet services This manual assumes that you are familiar with the following e Ethernet networking technology and standards e Internet topologies and protocols e DSL technology and standards e Usage and functions of graphical user interfaces 1 2 Document Structure Tab 1 1 briefly describes the structure of this document 1 Introduction Introduces the overall information of the document 2 System Overview Introduces the switch system It also lists the features of the system 3 Command Line Interface CLI Describes how to use the Command Line Interface CLI 4 System Connection and IP Address Describes how to manage the system account and IP address 5 Port Configuration Describes how to configure the Etherne
349. oncern to the host router interaction as shown below e Membership query A multicast router determines if any hosts are listening to a group by sending mem bership queries There are three variants of the membership queries General query This is used to determine if any hosts are listening to any group Group specific query This is used to determine if any hosts are listening to a par ticular group Group source specific query This is used to determine if any hosts are listening to a particular group and source e Version 3 membership report This is used by hosts to report the current multicast reception state or changes in the multicast reception state of their interfaces IGMPv3 membership reports contain a group record that is a block of fields containing information of the host s membership in a single multicast group on the interface from which the report is sent A single re port may also contain multiple group records Each group record has one of the fol lowing information 353 CLI 354 9 2 9 2 1 Management Guide TigerAccess EE Current state This indicates the current filter mode including excluding the speci fied multicast address Filter mode change This indicates a change from the current filter mode to the other mode Source list change This indicates a change allowing blocking a list of the multi cast sources specified in the record IGMPv3 Operation Basically IG
350. one use the following command e me See Shows the table of each parameter bitloading SNR show Ire pertoneinfo PORT Enable block hlog ne hlin ne hlin Global scale ne lt 0 511 gt lt 0 511 gt Bridge FEQ fine coeff noie margin and so on in the range of tone 0 511 start stop tone index 90 SMC7824M VSW Management Guide TigerAccess EE 9 3 2 13 9 3 3 SMC7824M VSW CLI The following table lists the sub commands in the Bitloading per tone command COI EVEN CO oaremoarn an ne Get Rx Per Tone Quiet Line Noise Near End Rx Per Tone Coarse FEQ Near End Get Param Block Read Far End valid for ADSL2 2 VDSL2 only lane Get Per Tone HLOG Info Near End valid for ADSL2 2 only Get Per Tone HLIN Info Near End Get Per Tone HLIN Scale Near End Tab 5 8 Sub commands in Bitloading Per Tone G handshake Tone To configure G handshake tone of each port use the following command man e re Ire PORTS ghs a43 143 v43 Configures G hs tone carrier of each port Ire PORTS ghs b43 i43 v43 Bridge a43 b43 i143 v43 A43 B43 143 V43 Carrier Set Ire PORTS ghs none none None G hs Carrier mode You can not configure A43 G hs carrier with B43 at the same time To display the G hs Carrier configuration of each port use the following command e e res Enable show Ire ghs PORTS Global Shows G hs carrier configuration of each port Bridge VDSL Checking Errors of VDS
351. onnect to equipments at remote place by assigning IP address to MGMT interface Since MGMT interface is operated regardless of status of service port it is still possible to configure and manage equipment at remote place RADIUS and TACACS The switch supports client authentication protocol that is RADIUS Remote Authentica tion Dial In User Service and TACACS Terminal Access Controller Access Control Sys tem Plus Not only user IP and password registered in switch but also authentication through RADIUS server and TACACS server are required to access So security of sys tem and network management is strengthened Secure Shell SSH Network security is getting more important because the access network has been gener alized among numerous users Secure shell SSH is a network protocol that allows es tablishing a secure channel between a local and a remote computer It uses public key cryptography to authenticate the remote computer and to allow the remote computer to authenticate the user SMC7824M VSW Management Guide TigerAccess EE 3 3 1 SMC7824M VSW CLI Command Line Interface CLI The switch enables system administrators to manage the switch by providing the com mand line interface CLI This user friendly CLI provides you with a more convenient management environment To manage the system with the CLI a management network environment is required The switch can connect to the management network either
352. oping vlan besen A robustness variable IGMPv2 Snooping IGMP Snooping Querier Configuration IGMP snooping querier should be used to support IGMP snooping in a VLAN where PIM and IGMP are not configured When the IGMP snooping querier is enabled the IGMP snooping querier sends out peri odic general queries that trigger membership report messages from a host that wants to receive multicast traffic The IGMP snooping querier listens to these membership reports to establish appropriate forwarding Enabling IGMP Snooping Querier To enable the IGMP snooping querier use the following command es mee ip igmp snooping querier ad Enables the IGMP snooping querier globally dress A B C D E A B C D source address of IGMP snooping query lobal ip igmp snooping vlan VLANS Enables the IGMP snooping querier on a VLAN querier address A B C D VLANS VLAN ID 1 4094 SMC7824M VSW Management Guide TigerAccess EE SMC7824M VSW CLI To disable the IGMP snooping querier use the following command e me See no ip igmp snooping querier address Disables the IGMP snooping querier ip Lomp snooping uae address source address of IGMP snooping query VLANS querier uae If you do not specify a source address of an IGMP snooping query the IP address config ured on the VLAN is used as the source address by default If no IP address is configured on the VLAN 0 0 0 0 is then used IGMP Snooping Query Interva
353. ore information see Section 4 1 10 1 The following is an example of upgrading the system software stored in os1 SWITCH copy ftp os download osl To exit press Ctrl D IP address or name of remote host FTP 10 100 158 144 Download File Name V5924C R 5 01 x User Name admin Password Hash mark printing on 1024 bytes hash mark Downloading NOS tH HH HH EEE EH HH EE EE EE HE EE EH HH HE HO EEE EE EE HE EE EE OE EEE EEE EE EE EE EE EH EHH HH HH HH HE EEE HH EEE EE EH HE EE HH HH EH EEE EEE EE EE EE HH EH OEE EEE EE EE EH HH EHH tH HH HH EEE EH HH EEE EE EE HH EE EH HH HH EEE EE EE EE EE EE EH EE OE EEE EE EE EE EE EH EHH dde dde TEETH HH HH TH HHH HH HH HE EEE HE HH HH HH EE EE EE OHH OO EEE OO EOE EEE Omitted dde dde HH HH Ht HEHEHE HEH HH EEE EE EE HH HE EE HH HH EH EEE EE EE HE EE EE HH EE OEE EEE EE EE EE EH HH HH HH HH HE EE EH HH EEE EE EH HH EE EE HH HH EH EEE EE EE EE EE EH HE EH OEE EEE EE EE EE EE HH HEHH dd HH HH THEE HEH HEE EEE EE HE HH HH HE EE HH HH EH EE EE EE EE EE EH HE EOE EEE EE EE EE HE EH HEHH HHH HH THEE EH HH EEE EE EE HH HEE EH HH HE HH OH EEE EEE EE EE EE EH EE OEE EEE EE HE EEE EE EE HH EHH HH HH HH HE EHH HHH EEE EE EE HE EE EH HH HE EH EEE EE EE EE EE EE HE HH HF 13661792 bytes download OK 375 CLI Management Guide TigerAccess EE SWITCH show flash Flash Information Bytes Area total used free OS1 default running 16777216 13661822 3115394 5 01 3001 OS2 16777216 13661428 3
354. oring Port Basic The switch provides 24 VDSL ports for the subscriber interface and 2 fixed ports of 10 100 1000Base T Gigabit Ethernet and 1 optional module of 2 uplink ports 2 port SFP or 1 port GE PON amp 1 port SFP supporting 100 1000Base X interface Ethernet Port Configuration Enabling Ethernet Port To enable disable the Ethernet port use the following command n Seees Enables disables a port enter a port number port enable disable PORTS Bridge default enable The following is an example of disabling the Ethernet port 25 SWITCH bridge port disable 25 SWITCH bridge show port 25 NO TYPE PVID STATUS MODE FLOWCTRL INSTALLED ADMIN OPER 25 Ethernet 2 Down been Auto Fully 0 Off Y SWITCH bridge Auto Negotiation Auto negotiation is a mechanism that takes control of the cable when a connection is es tablished to a network device Auto negotiation detects the various modes that exist in the network device on the other end of the wire and advertises it own abilities to automatically configure the highest performance mode of interoperation As a standard technology this allows simple automatic connection of devices that support a variety of modes from a va 67 CLI 68 9 2 3 Management Guide TigerAccess EE riety of manufacturers To enable disable the auto negotiation on an Ethernet port use the following command e e re Enables disables the auto negotiation
355. ort Traffic To set the threshold of port traffic use the following command e e een Sets the threshold of port traffic PORTS port number THRESHOLD threshold value unit kbps 5 60 600 time interval unit second no threshold port PORTS rx tx Deletes the configured threshold of port traffic x The threshold of the port is set to the maximum rate of the port as a default threshold port PORTS THRESHOLD 5 60 600 rx Global To set a timer to block incoming traffic through specific port use the following command n See Set a timer to block the traffic which goes over its threshold port PORTS block threshold timer lt 10 3600 gt Global 10 3600 expire timer unit second no threshold port PORTS block Deletes the configured threshold of port traffic To show the ARK threshold of port traffic use the Ss command Command Description A E MU the configured threshold of port show port threshold Enable Global Bridge Ese raffic Fan Operation The system fan will operate depending on measured system temperature To set the threshold of fan operation use the following command e e een Sets the threshold of fan operation in the unit of Cel threshold fan START TEMP sius C STOP TEMP Global START TEMP starts fan operation default 30 STOP TEMP stops fan operation default 0 no threshold fan Deletes a configured threshold of fan operation 119 CLI 1
356. ort Trunk To display a configuration of port trunk use the following command na e een Enable Global Shows a configuration for trunk Bridge Link Aggregation Control Protocol LACP Link aggregation control protocol LACP is the function of using wider bandwidth by ag gregating more than two ports as a logical port as previously stated port trunk function If the aggregated port by port trunk is in different VLAN from the VLAN where the existing member port originally belongs to it should be moved to VLAN where the existing mem ber port belongs to However the integrated port configured by LACH is automatically added to appropriate VLAN SMC7824M VSW Management Guide TigerAccess EE H 8 2 2 1 SMC7824M VSW CLI LACP can generate up to 5 aggregators whose number value could be O to 4 The group ID of trunk port and the aggregator number of LACP cannot be configured with the same value The following explains how to configure LACH e Configuring LACP e Operation Mode e Priority of Switch e Manual Aggregation e BPDU Transmission Rate e Administrational Key e Port Priority e Displaying LACP Configuration Configuring LACP Step 1 Activate LACP function using the following command n en Enables LACP of designated Aggregator number lacp aggregator AGGREGA AGGREGATIONS select aggregator ID that should be TIONS enabled for LACP valid value from 0 to 4 Step 2 Configure
357. ort number Clears dynamic MAC addresses clear mac NAME PORT MAC ADDR MAC ADDR MAC address 209 CLI 210 7 11 7 11 1 Management Guide TigerAccess EE To remove the static MAC addresses manually registered by user from the MAC table use the following command RS ge Deletes static MAC addresses no mac eg Deletes static MAC addresses enter the bridge name Bridge Deletes static MAC addresses NAME bridge name PORT port number no mac NAME PORT Deletes a specified static MAC address NAME bridge name PORT port number MACADDR MAC address no mac NAME PORT MACADDR To display the MAC table in the switch use the following command e Y Se Shows switch MAC address selection by port number Enable show mac NAME PORT Global Bridge subscriber port only NAME bridge name PORT port number There are more than a thousand of MAC addresses in MAC table And it is difficult to find information you need at one sight So the system shows a certain amount of addresses displaying more on standby status Press any key to search more After you find the in formation you can go back to the system prompt without displaying the other table by pressing lt q gt MAC Filtering It is possible to forward frame to MAC address of destination Without specific perform ance degradation maximum 4096 MAC addresses can be registered Default Policy of MAC Filtering The basic policy of filtering
358. os e guera IP source Destos e guera EE PORTS Note that the IP source guard is only enabled on DHCP snooping untrusted Layer 2 port If you try to enable this function on a trusted port the error message will be shown up You cannot configure IP source guard with the ip dhcp verify source and ip dhcp verify source port security commands together Static IP Source Binding The IP source binding table has bindings that are learned by DHCP snooping or manually specified with the ip dhcp verify source binding command The switch uses the IP source binding table only when IP source guard is enabled SMC7824M VSW Management Guide CLI TigerAccess EE To specify a static IP source binding entry use the following command e me See Specifies a static IP source binding entry 1 4094 VLAN ID A B C D IP address MAC ADDR MAC address no ip dhcp verify source binding ae aioe Deletes a specified static IP source binding A B C D all 8 6 8 3 Displaying IP Source Guard Configuration ip dhcp verify source binding lt 1 4094 gt PORT A B C D MAC ADDR Global To display IP source binding table use the SEE command show ip dhcp verify source Enable ee Shows IP source binding entries binding Global SMC7824M VSW 333 CLI 334 8 6 9 8 6 9 1 8 6 9 2 8 6 9 3 8 6 9 4 Management Guide TigerAccess EE DHCP Client An interface of the switch can be configured as a DHCP client which can obta
359. ost 2 3 CLI 274 8 3 7 3 8 3 7 4 EN Management Guide TigerAccess EE Port Priority When all conditions of two routes of switch are same the last standard to decide a route is port priority You can configure port priority and select a route manually To configure a port priority for MSTP instance use the following command e e Se Configures the port priority of MSTP instance spanning tree mst lt 0 64 gt port 0 64 MSTP instance ID number PORTS port priority lt 0 240 gt PORTS port number 0 240 port priority in increments of 16 default 128 no spanning tree mst lt 0 64 gt Acs hone Deletes a configured port priority of MSTP instance port PORTS port priority MST Region To set the configuration ID of MST region in detail you need to open MSTP Configuration mode first To open MSTP Configuration mode use the following command ron ra pon spanning tree mst configuation Opens MSTP Configuration mode After opening MSTP Configuration mode the prompt changes from SWITCH bridge to SWITCH config mst To delete all configations from MSTP Configuration mode use the following command nn e netos no spanning tree mst Deletes all configurations on MSTP Configuration Bridge configuation mode returns to the default values If MSTP is established in the switch decide a MSTP region the switch is going to belong to by configuring the MST configuration ID Configuration ID contains a r
360. ot be done Therefore SNT must not be minus or 0 And if there is this situation you have to increase signal strength or decrease noise strength Transmit rate of VDSL line depends of SNR But environment of line cannot be always same So you need to configure transmit rate of VDSL line can be decided according to changing line environment If noise is suddenly increased SNR is decreased and com munication becomes unstable Therefore you should configure transmit rate for decreased SNR when noise is suddenly increased Then there will not be problem with communication although noise is suddenly increased LA SNR 24 24 6 18 Transmit Rate SNR Margin 6 Applied to Transmit Rate B Fig 5 3 Deciding Transmit Rate according to SNR Margin When you configure estimate SNR the difference between estimate SNR and current SNR is call SNR Margin The switch applies the SNR margin to transmit rate In other word if you configure SNR margin as 6 the difference that subtracts 6 from current SNR will be applied to transmit rate as the above picture In you think there will be big change of noise configure big SNR margin However if you configure too big SNR margin transmit rate will be slow down whereas communication is stable To configure SNR margin use the following command e e res Ire PORTS snr target margin lt 0 Configures SNR margin of Downstream or Upstream 31 gt up down 0 31 SNR margin valu
361. ot displayed on each output line Display more information Reduce output quantity of protocol information Therefore output line is shorter Tab 7 3 Options for Packet Dump 227 CLI Management Guide TigerAccess EE F FILE Receive file as filter expression All additional expressions on command line are ig nored Designate the interface where the intended packets are transmitted If not designated i INTERFACE it automatically select a interface which has the lowest number within the system interfaces Loopback is excepted r FILE Read packets from the file which created by w option This is used to configure sample packet except the 68 byte default value The 68 byte is appropriate value for IP ICMP TCP and UDP but it can truncate protocol informa tion of Name server or NFS packets If sample size is long the system should take S SNAPLEN l l l more time to inspect and packets can be dropped for small buffer size On the con trary if the sample size is small information can be leaked as the amount Therefore user should adjust the size as header size of protocol Display the selected packets by conditional expression as the intended type rpc Remote Procedure Call rtp Real time Transport Protocol rtcp Real time Transport Control Protocol vat Visual Audio Tool wb distributed White Board EXPRESSION Conditional expression Tab 7 3 Options for Packet Dump Cont 7 15 3 Debug
362. ou should configure it with the authentication key To create delete an SNMP version 3 user use the following command snmp user USER md5 sha Creates an SNMP version 3 user AUTH_KEY des PRIVATE _ KEY Global no no shmp user USER user no shmp user USER Deletes a registered SNMP version 3 user a Deletes a registered SNMP version 3 user SNMP version 3 user To display a current SNMP version 3 user use the following command e e een Enable Global Displays an SNMP version 3 user Bridge SNMP Trap SNMP trap is an alert message that SNMP agent notifies SNMP manager about certain problems If you configure the SNMP trap the system transmits pertinent information to network management program In this case trap message receivers are called a trap host SNMP Trap Mode To select the SNMP trap mode use the following command e e een Selects the SNMP trap mode snmp trap mode falarm report j S Global alarm report alarm report based trap event event event based trap default e event trap mode is set by default It generates event based traps e alarm report trap mode generates alarm report based traps If you manage the system via the ACI E you should set the SNMP trap mode to the alarm report 139 CLI 140 7 1 8 2 s 7 1 8 3 Management Guide TigerAccess EE SNMP Trap Host To set an SNMP trap host use the following command ma Tae on sn
363. ould delete an existing RMON alarm To delete RMON alarm use the Ee command A RMON history of specified number enter the no rmon alarm lt 1 65535 gt Global value for deleting RMON Event RMON event identifies all operations such as RMON alarm in the switch You can config ure event or trap message to be sent to SNMP management server when sending RMON alarm You need to open RMON Event Configuration mode to configure RMON event e me See Opens RMON Event Configuration mode rmon event lt 1 65535 gt Global 1 65535 index number Event Community When RMON event is happened you need to input community to transmit SNMP trap message to host Community means a password to give message transmission right To configure community for trap message transmission use the following command e e Se Configures password for trap message transmission community NAME right NAME community name Event Description It is possible to describe event briefly when event is happened However the description will not be automatically made Thus administrator should make the description To specify a description about the current RMON event use the following command e e en description DESCRIPTION RMON Specifies the description of the current RMON event 161 CLI 162 7 4 3 3 7 4 3 4 7 4 3 5 7 4 3 6 Management Guide TigerAccess EE Subject of RMON Event You need to configure event and i
364. own identity To set the basic information of the SNMP agent use the following command e e Se snmp contact NAME Sets the name of the administrator snmp location LOCATION Sets the location of the SNMP agent snmp agent address A DCD Sets an IP address of the SNMP agent Global no snmp contact no snmp location Deletes the specified basic information for each item no snmp agent address The following is an example of specifying basic information of SNMP agent SWITCH config snmp contact Brad SWITCH config snmp location Germany SWITCH config To display the basic information of the SNMP agent use the following command ren fede Tome show snmp contact Enable Shows the name of the administrator show snmp location Global Shows the location of the SNMP agent show snmp agent address Bridge Shows the IP address of the SNMP agent SMC7824M VSW Management Guide TigerAccess EE 7 1 3 7 1 4 SMC7824M VSW CLI SNMP Com2sec SNMP v2 authorizes the host to access the agent according to the identity of the host and community name The com2sec command specifies the mapping from the identity of the host and community name to security name To configure an SNMP security name use the following command e e ees Specifies the mapping from the identity of the host and snmp com2sec SECURITY community name to security name enter security and A B C D A B C D M COMMU community name NITY SECU
365. pecified interface Configures MVR Configures NTP Sets a system password Configures QoS Opens RMON Configuration mode to configure RMON alarm Configures SNMP emi Coes CO ETT COC ENT Tab 3 3 Main Command of Global Configuration Mode Bridge Configuration Mode In Bridge Configuration mode you can configure various Layer 2 functions such as VLAN STP LACP EFM OAM etc To open Bridge Configuration mode enter the bridge command then the system prompt will be changed from SWITCH config to SWITCH bridge e e een bridge Global Opens Bridge Configuration mode 217 CLI 28 Management Guide TigerAccess EE Tab 3 4 shows main commands of Bridge Configuration mode SECHER me L meneneen e L nsen CO ECN CO ET Configures Spanning Tree Protocol STP em eres apo CI Tab 3 4 Main Command of Bridge Configuration Mode DHCP Pool Configuration Mode In DHCP Pool Configuration mode you can configure general functions of DHCP per each DHCP pool The switch supports multiple DHCP environments with this pool based DHCP configuration To open DHCP Pool Configuration mode enter the ip dhcp pool command then the sys tem prompt will be changed from SWITCH config to SWITCH config dhcp POOL e e en Opens DHCP Pool Configuration mode to configure ip dhcp pool POOL Global DHCP To open DHCP Pool Configuration mode use the service dhcp command in the Global Configuration mode first
366. policy counter a collected Shows a collected policy counter counter Average Packet Counter After this switch is running on octet counter mode using counter octet command you can collect and analyze the statistics of packets measured in bits per second To enable disable the system to display the statistics of packets measured during current 5 seconds 1 minute and 10 minutes in bits per second use the following command SMC7824M VSW Management Guide TigerAccess EE 7 6 3 4 SMC7824M VSW CLI n See Enables the system to display the statistics of packets average packet counter octet measured in bps Policer Disables the system to display the statistics of packets no average o average mengen o average mengen measured in bps To display average packet counter configuration on policy use the following command e me See Shows the name of policies that are enabled average show policy average packet RANGE packet counter function RANGE index of average packet counter 1 50 Enable Shows specified policy that is enabled average packet show policy average packet name NAME Global counter function NAME policy name Shows the names of all policies that are enabled aver show policy average packet age packet counter function Rate limit You can configure the rate limit in kbps unit for the classified packets and control the bandwidth To set the bandwidth of classified packets in specifie
367. port is assured the full bandwidth of the port Port Security on Port Step 1 Enable port security on the port e e See port security PORTS Enables port security on the port Step 2 Set the maximum number of secure MAC addresses for the port na e en port security PORTS maximum Brid Sets the maximum number of secure MAC addresses ridge lt 1 16384 gt S for the port default 1 Step 3 Set the violation mode and the action to be taken na m en port security PORTS violation Brid Selects a violation mode ridge shutdown protect restrict gt default shutdown When configuring port security note that the following information about port security vio lation modes e protect drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value e restrict drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value and causes the Security Violation counter to increment e shutdown puts the interface into the error disabled state immediately and sends an SNMP trap notification 207 CLI 208 7 9 2 Management Guide TigerAccess EE Step 4 Enter a secure MAC address for the port e e re port security PORTS mac Bridge Sets a secure MAC address for the port address MAC ADDR vlan NAME To disable the configuration of port secure use the
368. privilege enable level 1 configure terminal Command Privilege Level Configuration Node All Level Command EXEC ENABLE 1 configure terminal EXEC VIEW 0 enable EXEC ENABLE 0 show 3 entry s found SWITCH config In the above configuration as level O it is possible to use only show command in Privi leged EXEC Enable mode however as level 1 it is possible to use not only the com mands in level 1 but also time configuration commands in Privileged EXEC Enable mode and accessing commands to Global Configuration mode Limiting Number of Users For the switch you can limit the number of users accessing the switch through both con sole interface and telnet In case of using the system authentication with RADIUS or TA CACS a configured number includes the number of users accessing the switch via the authentication server 43 CLI 44 4 1 8 4 1 9 Management Guide TigerAccess EE To set the number of users accessing the switch use the following command e me ees Sets the number of users accessing the switch login connect lt 1 8 gt Global Default 8 no no login connect no login connect Deletes a configured value i a Deletes a configured value i value Auto Log out For security reasons of the switch if no command is entered within the configured inactiv ity time the user is automatically logged out of the system Administrator can configure the inactivity
369. profile In this event a meter might be used to trigger real time traffic conditioning actions e g marking policing or shaping Typical parameters of a traffic profile are e Committed Information Rate CIR e Peak Information Rate PIR e Committed Burst Size CBS e Excess Burst Size EBS e Peak Burst Size PBS 179 CLI 180 Management Guide TigerAccess EE A typical meter measures the rate at which traffic stream passes it Its rate estimation de pends upon the flow state kept by the meter There is a time constraint during which if the flow state is transferred from the old switch to the new switch then it is effective in esti mating the rate at the new switch as if though no transfer of flow has happened The switch provides Token Bucket srT CM and trTCM meters Token Bucket The token bucket is a control mechanism that transmits traffic by tokens in the bucket The tokens are consumed by transmitting traffic and regenerated at the given rate If all tokens in the bucket are consumed out traffic cannot be transmitted any more a flow can transmit traffic up to its peak burst rate The transmitting cost and regenerating rate of to kens are configurable Tokens are regenerated at a given rate CIR PIR CBS EBS Token PBS Packet consumes tokens in the bucket JL Forwarding GE ES Dee Fig 7 3 Token Bucket Meter Single Rate Three Color Marker srTCM The srTCM meters an IP packet stream and ma
370. r admin Password 230 User admin logged in ftp gt bin 200 Type set to I ftp gt hash Hash mark printing On ftp 2048 bytes hash mark ftp gt put V5924C R 5 01 x esl 200 PORT command successful 150 Opening BINARY mode data connection for osl HHH EH HE HHH HH EE HE HE HH EE EEE EH EE EEE HH EEE EE HEE HE HH EE EEE HH EE EE EH HEE EE EH EEE EEE EE HE tH tH HE EH HH EE HE EE HH EE EE EH EE EE HH EE EEE EH EE EE HH EE EE HEE EEE HH EE EE EH EEE EEE EE HE tH TH HE HH HH EE EE HH EE EEE EH EE EEE HH EE EEE HH EE EE HH EE EEE HH EE EE HH OEE EEE EH EEE EEE EE HE Ht H EH HE THE EH EE EEE HH EE EEE EH EE EEE HH EE EE EH EE EE HH EE EEE HH EE EE EH HEE EE EH EEE EEE EEE tH tH HE HH HEH EE HE HEE HH EE EEE EH EE EE HH EE EEE HH EE EE HH EE EEE HH EE EE HH EE EE EH EE EE EE EE HE HHH TEE HEE HH EH HEH HEE HOE HOE HOE dd dd EE E E HE HE E E E E E E E E dd dd EE dt d Omitted tH tH HE HH HH EE HE HH EE EE EH EE EEE HH EE EEE EH EE HE HH EE EEE HH EE EE HH EE EEE HH EEE EEE EEE tH TH HE EE HH EE HE HE HH EE EEE HEE EEE HH EE EEE EH EE EE HH EE EEE HH EE EE HH EE EEE EH EEE EEE EEE tH tH HE HH HH EE HE HH EE EE EH EE EEE HH EE EEE EH EE EEE HH EE EE HH EE EE EH HEE EEE EH EEE EEE EEE tH EH HEE HEE HH EE HE EE HH EE EEE HH EE EEE HH EE HE HH EE EE HH EE EEE HH EE EEE HH OEE EEE EE EEE EEE EEE tt H EH HE HEH HH EE HE EE HH EE EE EH EE EEE HH EE EE EH EE EE HH EE EEE HH EE EEE HH EE EEE HE EEE EEE EEE Hit it it Ht tt eH tt HO HH ooo EE HE EE a a a Eee
371. rator of the switch can configure a term of re authentication To configure a term of re authentication use the following command man Te ares dot1x timeout reauth period lt 1 Sets the period between re authentication attempts 4294967295 gt PORTS Global no dot1x timeout reauth e EEN the EEN between re authentication attempts e Interval of Requesting Re Authentication When the authenticator sends request identity packet for re authentication and no re sponse is received from the suppliant for the number of seconds the authenticator re transmits the request to the suppliant In the switch you can set the number of seconds that the authenticator should wait for a response to request identity packet from the sup pliant before retransmitting the request To set reattempt interval for requesting request identity packet use the following com mand e e Se i i i Sets reattempt interval for requesting request identity dot1x timeout quiet period lt 1 packet 65535 gt PORTS Global 1 65535 reattempt interval default 30 no dotix timeout quiet period Disables the interval for requesting identity PORTS 802 1x Re Authentication In Section 4 5 2 2 it is described even though the user is accessible to network he should be authenticated so that the changed database is applied to Besides because of various reasons managing RADIUS server and 802 1x authentication port the user is supposed to be re
372. ratuitous ARP is a broadcast packet like an ARP request It containing IP address and MAC address of gateway and the network is accessible even though IP addresses of specific host s gateway are repeatedly assigned to the other Configure Gratuitous ARP interval and transmission count using following commands And configure transmission delivery start in order to transmit Gratuitous ARP after ARP reply SMC7824M VSW Management Guide TigerAccess EE SMC7824M VSW CLI Gratuitous ARP is transmitted after some time from transmitting ARP reply e me See Configures a gratuitous ARP arp patrol TIME COUNT TIME TIME transmit interval Se COUNT transmit count no arp patrol Disables a gratuitous ARP The following is an example of configuring the transmission interval as 10 sec and trans mission times as 4 and showing it SWITCH config arp patrol 10 4 SWITCH config show running config Building configuration Current configuration hostname SWITCH Omitted arp patrol 10 4 no snmp SWITCH config 221 CLI 222 7 12 5 Management Guide TigerAccess EE Proxy ARP The switch supports Proxy Address Resolution Protocol Proxy ARP is the technique in which one host usually a router answers ARP requests intended for another machine By faking its identity the router accepts responsibility for routing packets to the real desti nation Proxy ARP can help the switche
373. rd Profile Tone disable Option ADM OPR mode Band 1 Up Down VDSL2 17A NORMAL ANNEX A 2 Up Down VDSL2 17A NORMAL ANNEX A 3 Up Down VDSL2 17A NORMAL ANNEX A 4 Up Down VDSL2 17A NORMAL ANNEX A 5 Up Down VDSL2 17A NORMAL ANNEX A 5 3 2 4 Controlling Power according to Connection Distance The distance of connection from switch to VDSL line may vary according to each VDSL port If same power is supplied to different connection distance the power is larger than power supplied to line connected to CPE far from switch It may cause interruption in the line connected to CPE far from the switch You can control supplied power according to distance to prevent too large power supplied to VDSL line SMC7824M VSW 79 CLI Management Guide TigerAccess EE To control supplied power according to VDSL line use the following command e e rees Controls supplied power according to distance of VDSL Ire PORTS upbo enable Bridge i ine i You should control supplied power of VDSL port according to distance of VDSL line To disable power control according to distance of VDSL line use the following command O em EC O o Disables power control according to distance of VDSL Ire PORTS upbo disable Bridge i ine The following is an example of disabling power control according to distance of VDSL line SWITCH bridge lre 1 3 upbo disable SWITCH bridge show lre psd 1 5 Port Status Up Stream PBO Length PSD MASK
374. re mac flood guard PORTS Description Limits the number of packets which can be transmitted lt 1 6000 gt no mac flood guard PORTS to the port for 1 second Disables a configured flood guard To display a configuration of flood guard use the following command mana To on show mac flood guard Enable Shows a configured flood guard Global show mac flood guard macs Bridge Bridge Shows a blocked MAC address 343 CLI Management Guide TigerAccess EE 8 9 2 CPU Flood Guard To specify the number of broadcast packets which are transmitted in CPU use the follow ing command Command Mode Description cpu flood guard PORTS Limits the number of broadcast packets which are lt 1 6000 gt Bridge transmitted to CPU for 1 second no cpu flood guard PORTS Disables a configured cpu flood guard To set the timer of limiting packet numbers that are incoming to CPU use the following command e e See Sets the time for protecting from incoming broadcast cpu flood guard PORTS timer lt 10 3600 gt packets 10 3600 time value default 60 seconds To allow a specified port to be received the broadcast packet flooding manually use the following command e e een Limits the number of packets which can be transmitted cpu flood guard PORTS unblock Bridge to the port for 1 second To enable or disable CPU flood guard function use the following command SCC cpu flood guard enable
375. re connected to one DHCP relay agent if the relay agent is supposed to broadcast the DHCP_DISCOVER message sent from a DHCP client to all connected DHCP servers and then the servers will return DHCP_OFFER SMC7824M VSW Management Guide TigerAccess EE 8 6 4 4 SMC7824M VSW CLI message The relay agent however will forward only one DHCP_OFFER message of the responses from the servers to the DHCP client The DHCP client will try to respond to the server which sent the DHCP_OFFER with DHCP_REQUEST message but the relay agent broadcasts it to all the DHCP servers again To prevent the unnecessary broadcast like this you can configure a DHCP relay agent to aware the server ID This will allow the DHCP relay agent to forward DHCP_REQUEST message to only one DHCP server with the unicast form under the multiple server envi ronment To enable disable a DHCP relay agent to recognize the DHCP server ID option in the for warded DHCP_REQUEST message use the command no ip dhcp no ip dhcp relay aware server id_ aware server no ip dhcp relay aware server id_ Disables the Disables the DHCP server ID recognition option server ID Disables the DHCP server ID recognition option option Enables the system to recognize the a A server ID ip dhcp relay aware server id Global in the DHCP_REQUEST message DHCP Relay Statistics To display DHCP relay statistics use the following command ess e Se show ip dhcp relay
376. resses in a single DHCP pool e g 100 1 1 1 to 100 1 1 62 and 100 1 1 129 to 100 1 1 190 When specifying a range of IP address the start IP address must be prior to the end IP address 8 6 1 4 Default Gateway To specify a default gateway of the DHCP pool use the following command mana on default router 4 B C D1 Specifies a default gateway of the DHCP pool A B C D2 4 B C D8 A B C D default gateway IP address DHCP Pool no default router 4 B C D1 A B C D2 4 B C D8 no default router all The following is an example of specifying the default gateway 100 1 1 254 Deletes a Ones a peca efe Ones a peca efe gateway Deletes all the Deletes all the specified default gateways Deletes all the specified default gateways gateways SWITCH config service dhcp SWITCH config ip dhcp pool sample SWITCH config dhcp sample network 100 1 1 0 24 SWITCH config dhcp sample default router 100 1 1 254 SWITCH config dhcp sample 8 6 1 5 IP Lease Time Basically the DHCP server leases an IP address in the DHCP pool to DHCP clients which will be automatically returned to the DHCP pool when it is no longer in use or ex pired by IP lease time To specify IP lease time use the following command nan eos Sets default IP lease time in the unit of second default 3600 lease time default lt 120 2147483637 gt DHCP Pool Sets maximum IP lease time in the unit
377. revent that hackers can find impossible connections To configure not to send the message that informs TCP connection cannot be done use the following command e e Se Configures to block the message that informs TCP ip tcp ignore rst unknown l Global connection cannot be done no ip tcp ignore rst unknown Disables the unknown RST ignoring SYN Configuration SYN sets up TCP connection The switch transmits cookies with SYN to a person who tries to make TCP connection And only when transmitted cookies are returned it is pos sible to permit TCP connection This function prevents connection overcrowding because of accessed users who are not using and helps the other users use service To permit connection only when transmitted cookies are returned after sending cookies with SYN use the following command e e See Permits only when transmitted cookies are returned Disables configuration to permit only when transmitted no ip tcp syncookies ip tcp syncookies l l l after sending cookies with SYN ern cookies are returned after sending cookies with SYN Packet Dump Failures in network can be occurred by certain symptom Each symptom can be traced to one or more problems by using specific troubleshooting tools The switch switch provides the debug command to dump packet Use debug commands only for problem isolation Do not use it to monitor normal network operation The debug commands produce a large amount of p
378. riod Disables the interval for requesting identity PORTS Number of Requests to RADIUS Server 65535 gt PORTS After 802 1x authentication configured as explained above and the user tries to connect with the port the process of authentication is progressed among user s PC and the equipment as authenticator and RADIUS server It is possible to configure how many times the device which will be authenticator requests for authentication to RADIUS server 61 CLI 62 4 5 1 8 4 5 2 4 5 2 1 Management Guide TigerAccess EE To configure times of authentication request in the switch please use the command in Global mode e e Se Configure times of authentication request to RADIUS dot1x radius server retries lt 1 10 gt Global server 1 10 retry number default 3 Interval of Request to RADIUS Server For the switch it is possible to set the time for the retransmission of packets to check RADIUS server If there s a response from other packets the switch waits for a response from RADIUS server during the configured time before resending the request e e re dot1x radius server timeout lt 1 Global Configures the interval of request to RADIUS server O 120 gt 1 120 interval default 1 You should consider the distance from the server for configuring the interval of requesting the authentication to RADIUS server If you configure the interval too short the authenti cation couldn t be rea
379. rks its packet the one among green yel low and red using Committed Information Rate CIR and two associated burst sizes Committed Burst Size CBS and Excess Burst Size EBS A packet is marked green if it does not exceed the CBS yellow if it exceeds the CBS but not the EBS and red other wise The srTCM is useful for ingress policing of a service where only the length not the peak rate of the burst determines service eligibility CIR is the regenerating rate of tokens measured in bytes of IP packets per second CBS and EBS are the maximum size for each token bucket C and E measured in bytes Both token buckets share the common rate CIR At least one of them CBS and EBS must be configured and it is recommended that the value is larger than or equal to the size of the largest possible IP packet in the stream The token buckets C and E are initially full When a packet arrives the tokens in the bucket C are decremented by the size of that packet with the green color marking If no SMC7824M VSW Management Guide TigerAccess EE SMC7824M VSW CLI more tokens to transmit a packet remain in the bucket C then the tokens in the bucket E are decremented by the size of that packet with the yellow color marking If both buckets are empty a packet is marked red The following figures show the behavior of the srTCM Tokens are regenerated Tokens are regenerated based on CIR based on CIR CA Mama C Bucket E CON E E SE St Tok
380. rned on max new hosts system VALUE the system for a second VALUE maximum MAC number lt 1 2147483646 gt To delete configured max new hosts use the command A A the number of MAC addresses that can be no max new hosts PORTS rene Se earned on the po Bridge EE the number of MAC addresses that can be no max new amarres atom amarres atom learned on the EE To display configured max new hosts use the following command e mae Enable show max new hosts Global Shows the configured Max new hosts Bridge SMC7824M VSW Management Guide TigerAccess EE 7 9 7 9 1 SMC7824M VSW CLI If MAC that already counted disappears before passing 1 second and starts learning again it is not counted In case the same MAC is detected on the other port also it is not counted again For example if MAC that was learned on port 1 is detected on port 2 it is supposed that MAC moved to the port 2 So it is deleted from the port 1 and learned on the port 2 but it is not counted Port Security You can use the port security feature to restrict input to an interface by limiting and identi fying MAC addresses of the PCs that are allowed to access the port When you assign secure MAC addresses to a secure port the port does not forward packets with source addresses outside the group of defined addresses If you limit the number of secure MAC addresses to one and assign a single secure MAC address the PC attached to that
381. rnet network It is a unique robustness functionality which runs on every network element involved in the ring configurations It means that each system is active part of the ring protection mechanism Therefore it guarantees to switch over towards a new topology after link or system failure within 50 milliseconds ERP Mechanism The purpose of Ethernet Ring Protection ERP is to prevent the Loop by performing the Redundancy Manager Node RM Node to detect a link failure and recover from it An Ethernet ring consists of one or more ERP domains ERP domain is an identifier of a sin gle ring topology to be controlled by ERP mechanism A node is one of the switches on the ERP ring Each switch is configured as either RM node or normal node RM node is responsible for keeping an open loop whenever all nodes and links are operating correctly One ERP domain should have one RM node Normal nodes are responsible to inform RM node of Link failures recovery Both RM node and normal node have a primary and secondary port You need to specify primary and secondary port which is directly connected to the node within an Ethernet ring A secondary port of RM node is blocked as unused link for traffic while it runs without the link failure detection ERP Operation If a link failure occurs the normal nodes adjacent to the failure block their ports that de tecting the link failure and send Link Down message to RM node After RM node receives Link Down me
382. rnet port of CPE use the command EE full duplex or half duplex mode on Ethernet port of cpe duplex PORTS full half Bridge 107 CLI Management Guide TigerAccess EE 5 3 5 9 Auto Upgrade of CPE Image To upgrade the CPE image automatically use the following command ee ee Enables the auto upgrading of CPE image for specific cpe auto upgrade enable h310 target model h320 h330 h335 VERSION Bridge VERSION source cpe version ex 0 0 0r0 cpe auto upgrade disable Disables the auto upgrading of CPE image 5 3 5 10 Displaying CPE Status You can check state of CPE connected to VDSL port To display status of CPE use the following command Sen os show cpe PORTS Shows state of CPE show cpe ethernet PORTS Show the configurations of CPE Ethernet ports Enable show cpe info PORTS Siobal Shows detailed H W information of CPE oba show cpe version PORTS Bridge Shows the version and active software image of CPE show cpe auto upgrade Shows the status of auto upgrading of CPE PORTS The following is an example of checking state of CPE connected to port 1 5 SWITCH config show cpe 1 5 No NOS Version NOS Ethernet Status Download Link Speed Duplex Loopback Agc 1 1 0 3r29IK105012 Yes 21 Down 10 Half Disable agc off 1 2 1 0 3r29IK105012 Yes 21 Down 10 Half Disable age ott 3 1 0 3r29IK105012 Yes 21 Down 10 Half Disable a
383. rocessor overhead SMC7824M VSW Management Guide TigerAccess EE 7 15 1 7 15 2 SMC7824M VSW CLI Packet Dump by Protocol You can see packets about BOOTPS DHCP ARP and ICMP using the following com mand se ee debug packet interface INTERFACE port PORTS protocol bootps dhcp arp icmp Shows packet dump by protocol src ip A B C D dest ip A B C D debug packet interface NTERFACE port PORTS host src ip A B C D dest ip A B C D Shows host packet dump src port lt 1 65535 gt dest port lt 1 65535 gt debug packet interface NTERFACE port PORTS host src port lt 1 65535 gt dest port Shows host packet dump lt 1 65535 gt debug packet interface INTERFACE port PORTS multicast src ip A B C D dest ip Shows multicast packet dump A B C D Enable Packet Dump with Option You can verify packets with tcpdump options using the following command Some re re debug packet OPTION Shows packet dump using options Tab 7 3 shows the options for packet dump Buffer output data in line This is useful when other application tries to receive data from tcpdump em Do not translate all address e g port host address NO When output host name do not print domain Do not run packet matching code optimizer This option is used to find bug in opti mizer Interface is not remained in promiscuous mode Output TCP sequence number not relative but absolute Time is n
384. rofile TEST down slow max datarate 8000 up slow max datarate 10000 SWITCH bridge line config profile TEST down target snr mgn 40 SWITCH bridge line config profile TEST up target snr mgn 40 Se Ho SHE HEHE SH SHR SWITCH bridge line config profile TEST SNR margin should be configured with the form of NdBm N integer Therefore you have to input multiple numbers of 4 to form NdBm H 96 SMC7824M VSW Management Guide TigerAccess EE A SMC7824M VSW CLI To display the configuration use the following command e e ee show Ire line config profile e Shows the configuration of all line config Enable Global Bridge PORTS profiles To enable configuration of this line config profile use the following command na e ees no active active Enables the profile Line config Disables this profile Unless you enable configured profiles they will not be applied although you apply them to ports After you configure and enable profile if you change the configuration then it will be automatically disabled Therefore you have to enable it with active whenever you change configurations The following is an example of saving Profile after going back to Global configuration mode or Enable mode SWITCH config write memory Building configuration OK SWITCH config Besides when switch has been stacking Line config profile configured in Master will
385. rotocol Based VLAN operates only matched situation comparing below two cases 1 When Untagged Frame comes in and matches with Protocol VLAN Table tags PVID which configured on Protocol VLAN But in no matched situation tags PVID which configured on and operates VLAN 2 When Tagged Frame comes in and VID is 0 it switches by Protocol VLAN Table But if VID is not O it switches by normal VLAN Table MAC based VLAN The switch can assign a frame to a VLAN based on the source MAC address in the re ceived frames Using this all frames emitted by a given end station will be assigned to the same VLAN regardless of the port on which the frame arrives This is useful for mo bility application To configure a MAC based VLAN follow these steps 1 Create VLAN groups for the MAC addresses you want to use 2 Map the MAC address to the appropriate VLAN e a See Adds a specified MAC address to a MAC based VLAN MAC ADDR MAC address of end station Bridge VLANS VLAN ID 1 4094 Deletes a specified MAC address from a specified no vlan macbase MAC ADDR MAC address 237 vlan macbase MAC ADDR VLANS CLI 238 8 1 4 8 1 5 Management Guide TigerAccess EE Subnet based VLAN An IP address contains two parts a subnet identifier and a station identifier The switch performs two operations to create IP subnet based VLANs e Parse the protocol type to determine if the frame encapsulates an IP datagram e Examine and
386. rt as Edge port edgeport enable 285 CLI 286 Management Guide TigerAccess EE Step 2 Enable BPDU guard function on edge port or specific port use the following command e e re spanning tree edgeport Enables BPDU Guard function on edge ports bpduguard default Bridge spanning tree port PORTS a Enables BPDU Guard function on specified port bpduguard enable To disable BPDU guard function on edge port or specific port use the following command ee an no spanning tree edgeport Disables BPDU Guard function of edge ports default bpduguard default spanning tree port PORTS Brid ridge bpduguard disable Disables BPDU Guard function of specified port de no spanning tree port PORTS fault bpduguard However BPDU Guard can be corrupted by unexpected cause In this case the edge port is blocked immediately and remains at this state until user recovers it To prevent this problem the switch provides error disable recovery function for BPDU guard cause When an edge port is down for BPDU packet which came from other switch the port is recovered automatically after configured time To enable the recovery function for BPDU guard error disable cause use the following command e e Se errdisable recovery cause Enables the recovery function for BPDU guard error bpduguard disable cause Bridge no errdisable recovery cause Disables the recovery function for BPDU guard error bpduguard disable cause To
387. rt or the other subscriber s port and DHCP reply which enters to the subscriber s port In the Fig 8 37 server A has the IP area from 192 168 10 1 to 192 168 10 10 Suppose a user connects with client 3 that can be DHCP server to A in order to share IP address from 10 1 1 1 to 10 1 1 10 Here if client 1 and client 2 are not blocked from client 3 of DHCP server client 1 and cli ent 2 will request and receive IP from client 3 so that communication blockage will be oc curred Therefore the filtering function should be configured between client 1 and client 3 client 2 and client 3 in order to make client 1 and client 2 receive ID without difficulty from DHCP server A SMC7824M VSW Management Guide CLI TigerAccess EE DHCP Server A 192 168 10 1 192 1 68 10 10 IP assigned Client 3 i Request Fom The equipment that can Client 1 2 is be a DHCP server transmitted to Client 3 IP assigned by Client 3 not by DHCP sever A To prevent IP assignment from Client 3 DHCP filtering is needed for the port 10 1 1 1 10 1 1 10 IP assigned Client 1 Client 2 Fig 8 37 DHCP Server Packet Filtering To enable the DHCP server packet filtering use the following command e me O dhcp server filter PORTS Enables the DHCP server packet filtering Bridge no no dhep server filter PORTS no dhcp server filter PORTS Disables the DHCP server packet filtering
388. rt priority so that user can configure route manu ally To configure the port priority use the following command e e Se Configures port priority spanning tree port PORTS port PORTS port number priority lt 0 240 gt Bridge 0 240 port priority in increments of 16 default 128 no spanning tree port PORTS SC S Deleted a configured port priority port priority 2 1 CLI Management Guide TigerAccess EE 8 3 6 5 Link Type A port that operates in full duplex is assumed to be point to point link type while a half duplex is considered as a shared port To configure the link type of port use the following command a Y mn Specifies a link type for a designated port spanning tree port PORTS link PORTS port number type point to point shared point to point full duplex shared half duplex To delete a configured link type of port use the following command INC E O no spanning tree port PORTS link type Deletes a configured link type a Deletes a configured link type link type 8 3 6 6 Displaying Configuration To display the configurations of STP use the following command ana e on Enable show spanning tree Global Shows all configurations of STP Bridge Shows STP information on active inter h ing tree active detail ee show spanning tree active detai j a detail detailed STP information as option show spanning tree blockedport Shows information of the blocked port
389. rt so that you can get enlarged bandwidth Bandwidth with 1 port Enlarged bandwidth with many ports ke A logical port that can be made by aggregating a number of the ports Fig 8 8 Link Aggregation The switch supports two kinds of link aggregation as port trunk and LACP There s a little difference in these two ways In case of port trunking it is quite troublesome to set the configuration manually and the rate to adjust to the network environment changes when connecting to the switch using logical port On the other hand in case of LACP once you specify LACP member ports between the switches the ports will be automatically aggre gated by LACP without manually configuring the aggregated ports Port Trunk Port trunking enables you to dynamically group the similarly configured interfaces into a single logical link aggregate port to increase bandwidth while reducing the traffic con gestion Configuring Port Trunk To create a logical port by aggregating the ports use the following command gr n Adds a port to the aggregation group trunk lt 0 4 gt PORTS H ggreg group 0 4 trunk group ID Selects the distribution mode for a specified aggrega tion group trunk distmode srcdstip srcdstmac refers to source MAC address and destina srcdstmac srcdstl4 tion MAC address srcdstip refers to source and destination IP address srcdstl4 refers to source and destination TCP UDP
390. rtant implementation of the multicast is the group membership manage ment The multicast group membership allows a router to know which host is interested in receiving the traffic from a certain multicast group and to forward the multicast traffic cor responding to the group to that host Even if there is more than one host interested in the group the router forwards only one copy of the traffic stream to minimize the use of net work bandwidth Internet Group Management Protocol IGMP is a protocol used by routers and hosts to manage the multicast group membership Using IGMP hosts express an interest in a cer tain multicast group and routers maintain the multicast group membership database by collecting the interests from the hosts IGMP Basic Internet Group Management Protocol IGMP manages the host membership in multicast groups The hosts inform a neighboring multicast router that they are interested in receiv ing the traffic from a certain multicast group by sending the membership report join a group The router then forwards the multicast traffic corresponding to the report to the hosts A multicast router called as a querier is responsible for keeping track of the membership state of the multicast groups by sending periodic general query messages to current in terested hosts If there are no responses to the query from the hosts for a given time leave a group the router then stops forwarding the traffic During the above trans
391. rval and 50 statistical data stored in one port It also allows you to configure the time interval to take the sample and the number of samples you want to save To open RMON Configuration mode use the following command e me See Opens RMON Configuration mode rmon history lt 1 65535 gt Global i 1 65535 index number The following is an example of opening RMON Configuration mode with index number 5 SWITCH config rmon history 5 SWITCH config rmonhistory 5 155 CLI 156 7 4 1 1 7 4 1 2 7 4 1 3 Management Guide TigerAccess EE Input a question mark lt gt at the system prompt in RMON Configuration mode if you want to list available commands The following is an example of listing available commands in RMON Configuration mode SWITCH config rmonhistory 5 RMON history configuration commands active Activate the history data source Set data source name for the ethernet port do To run exec commands in config mode exit End current mode and down to previous mode help Description of the interactive help system interval Define the time interval for the history owner Assign the owner who define and is using the history resources requested buckets Define the bucket count for the interval show Show running system information write Write running configuration to memory or terminal SWITCH config rmonhistory 5 Source Port of Statistical Data To specify a source port of
392. rver IP address 113 CLI 114 6 1 5 Management Guide TigerAccess EE To display a configured NTP use the following command a a mn Enable Global Shows a configured NTP function Bridge To synchronize the system clock the system periodically sends the NTP message to the NTP server You can configure the system to bind the IP address to the message which allows the NTP server to recognize your system To bind the IP address to the NTP message use the following command e mee Specifies the IP address to be bound to the NTP mes Global Sage no ntp bind address Deletes a specified IP address Simple Network Time Protocol SNTP ntp bind address A B C D NTP Network Time Protocol and SNTP Simple Network Time Protocol are the same TCP IP protocol in that they use the same UDP time packet from the Ethernet Time Server message to compute accurate time The basic difference in the two protocols is the algorithms being used by the client in the client server relationship The NTP algorithm is much more complicated than the SNTP algorithm NTP normally uses multiple time servers to verify the time and then controls the rate of adjustment or slew rate of the PC which provides a very high degree of accuracy The algorithm deter mines if the values are accurate by identifying time server that doesn t agree with other time servers It then speeds up or slows down the PC s drift rate so that the PC s time is alw
393. rvice agent IP address receiver ID and so on use the following command e me See Enable Shows the information of sFlow Global 233 CLI 234 8 1 Management Guide TigerAccess EE System Main Functions Virtual Local Area Network VLAN The first step in setting up your bridging network is to define VLAN on your switch VLAN is a bridged network that is logically segmented by customer or function Each VLAN con tains a group of ports called VLAN members On the VLAN network packets received on a port are forwarded only to the ports that belong to the same VLAN as the receiving port Network devices in different VLANs cannot communicate with one another without a Layer 3 switching device to route traffic between the VLANs VLAN reduces the amount of broadcast traffic so that flow control could be realized It also has security benefits by completely separating traffics between different VLANs Enlarged Network Bandwidth Users belonged in each different VLAN can use more enlarged bandwidth than no VLAN composition because they do not receive unnecessary Broadcast information A properly implemented VLAN will restrict multicast and unknown unicast traffic to only those links necessary to only those links necessary to reach members of the VLAN associated with that multicast or unknown unicast traffic Cost Effective Way When you use VLAN to prevent unnecessary traffic loading because of broadcast you can get cost
394. s show spanning tree detail active spanning tree detail show spanning tree detail active Shows detailed information of STP Shows information of root inconsistency show spanning tree inconsistentports en state show spanning tree bridge address detail l l l Shows information of the bridge status forward time hello time id max age proto l l Wie and configuration col priority system id show spanning tree root address cost l l i i i i Shows the status and configuration for detail forward time hello time id max age l K the root bridge port priority system id show spanning tree port PORTS active de Se l l Shows STP information of specified tail cost detail active edgeport inconsis S port tency rootcost state priority Shows a summary of STP show spanning tree summary totals totals the total lines of STP 272 SMC7824M VSW Management Guide TigerAccess EE 8 3 7 8 3 7 1 8 3 7 2 SMC7824M VSW CLI Configuring MSTP To configure MSTP use the following steps Step 1 Enable STP function using the spanning tree command Step 2 Select a MSTP mode using the spanning tree mode mst command Step 3 Configure detail options if specific commands are required Step 4 Enable a MSTP daemon using the spanning tree mst command Root Switch To establish MSTP function a root switch should be chosen first In M
395. s While the existing STP is a protocol to prevent a loop in a LAN domain MSTP establishes STP per VLAN in order to realize routing suitable to VLAN environment It does not need to calculate all STPs for several VLANs so that traffic overload could be reduced By re ducing unnecessary overload and providing multiple transmission routes for data forward ing it realizes load balancing and provides many VLANs through Instances MSTP In MSTP VLAN is classified to groups with same configuration ID Configuration ID is composed of revision name region name and VLAN instance mapping Therefore to have same configuration ID all of these tree conditions should be the same VLAN classi fied with same configuration ID is called an MST region In a region there is only one STP so that it is possible to reduce the number of STP comparing to PVSTP There s no limitation for region in a network environment but it is possible to generate Instances up to 64 Therefore instances can be generated from 1 to 64 Spanning tree which operates in each region is IST Internal Spanning Tree CST is applied by connecting each span ning tree of region Instance O means that there is not any Instance generated from grouping VLAN that is it does not operate as MSTP Therefore Instance O exists on all the ports of the equipment After starting MSTP all the switches in CST exchange BPDU and CST root which is decided by comparing their BPDU Here the switches that d
396. s EE gt gt 7 6 4 2 SMC7824M VSW CLI e The policy name cannot start with the alphabet a or A e The order in which the following configuration commands are entered is arbitrary e The configuration of a policy being configured can be changed as often as wanted until the apply command is entered e Use the show policy profile command to display the configuration entered up to now lf you already create the policy you need to include specified flow or class and policer to specify the rule action for the packets matching configured classifying patterns on flow or class and policer To include specific flow or class and policer in policy use the following command EC Includes specified flow in policy include flow NAME NAME flow name i Includes specified class in policy include class NAME Policy NAME class name i Includes specified policer in policy include policer NAME l NAME policer name One policy is not able to include both flow and class at the same time Either flow or class can belong to one policy Only one policer can belong to one policy To remove flow or class policer from the policy use the following command e me See no include flow Removes the flow from policy no include class Policy Removes the class from policy no include policer Removes the policer from policy Metering Meters measure the temporal state of a flow or a set of flows against a traffic
397. s and the default is 2ms In switch all VDSL ports are contained in one Line config profile For the ports contained as the member port of Line config profile it is not possible to change Interleave delay or SNR margin To change it independently erase the member of Line config profile first refer to 5 3 4 1 Line config profile If you try to configure interleave delay of the port which is contained as Line config profile member the error message will be displayed 85 CLI 86 9 3 2 8 9 3 2 9 Management Guide TigerAccess EE To display configured interleave delay use the following command ICI O O o Enable show Ire interleave PORTS Global Shows the configuration of interleave delay Bridge The following is an example of configuring Interleave delay of port 50 as 50ms SWITCH bridge lre 5 interleave delay 50 SWITCH bridge show lre interleave 1 5 Port Status Channel Inter Delay ADM OPR UP DOWN 1 Up Down Slow 2 2 2 Up Down Slow 2 2 3 Up Down Slow 2 2 4 Up Down Slow 2 2 5 Up Down Slow 507 30 SWITCH bridge Impulse Noise Protection Use the following command to configure minimum protection value of port provision mm Te eg Configures INP Ire PORTS inp lt 0 255 gt 0 255 INP value default 0 Bridge Ire PORTS inp lt 0 255 gt AS up down AS A academe INP with specifying Upstream or Down A academe The unit of value is 125 usec and configure
398. s 355 9 2 1 2 Forwarding Entry AGING E 355 9 2 1 3 Displaying McFDB Intormmaton nn 355 92 2 IGMP eeler 356 922 1 Enabling 1SMP S5RO0OPNO 3d is 357 9 2 2 2 IGMP Snooping Version neeneneenensenensrrensrrersrrensrrersrrersrrersrrensnrersrrersrrerne 357 9 2 2 3 IGMP Snooping Robustness Value AAA 358 9 2 3 IGMPV2 SNOODING siria a A EA 358 9 2 3 1 IGMP Snooping Querier Confguraton 358 9 2 3 2 IGMP Snooping Last Member Query Intenval reren 360 9 2 3 3 IGMP Snooping Immediate Leave ooccccconccnccccccncnoccnnonononcnnnnonononcnnnnnncnnnnns 361 9 2 3 4 IGMP Snooping Report Suppression occcccccncccccncoccnconcnonocnnnoncnonncnonononnnons 362 9 2 3 5 IGMP Snooping S Query Report Agency oocccccoccccccoccnccnnccnccnnconononcnnnnnncnnnnas 362 230 IEXPIGICFIOST tee ee mein tat 363 9 2 3 7 Multicast Router Port Configuration cccooccccconccnccocnncononononnncnnononcnnonnononnos 364 9 2 3 8 TEN Multicast FIOOGING aeur eaan eege ege ee 366 O24 IGMPVS SAOOPING EE 367 9 2 5 Displaying IGMP Snooping Information oooccccooccnccconcnnoconnnncnnnoncnnonons 368 9 2 6 Multicast VLAN Registration MV 369 SSC eben eege 369 J202 A Rec ce ere ee ee RO arn ree eee 369 9 263 DOUE REC NE POM ee ee ee eee 370 9 2 60A MYR e ee e elle EE 370 9 2 6 5 Displaying MVR Configuration occccooncccccccnccnoconononnnnononononnnnonononnncnnarnnnnnoos 370 9 2 7 IGMP Filtering and Throttling cc ccecceccs
399. s an interface The following is an example of enabling the interface 1 SWITCH configure terminal SWITCH config interface 1 SWITCH config if no shutdown SWITCH config if 51 CLI 92 4 3 2 4 3 3 Management Guide TigerAccess EE To display if an interface is enabled use the show running config command Assigning IP Address to Network Interface After enabling an interface assign an IP address To assign an IP address to a network interface use the following command nd es en ip address A B C D M secondary no no ip address A B C D M_ no ip address A B C D M A B C D M Interface Clears an IP address assigned to an interface an IP address Clears an IP address assigned to an interface to an interface no ip address A B C D M secon Clears a secondary IP address assigned to an inter dary face no ip no ip address dhcp no ip address dhcp Stops assigning an IP address from a DHCP server _ assigning an IP Stops assigning an IP address from a DHCP server _ from a DHCP server The ip address dhcp command is for configuring an interface as a DHCP client For the detail of configuring a DHCP client see Section 8 6 9 To display an assigned IP address use the following command ee Shows an IP address assigned to an interface Static Route and Default Gateway The static route is a predefined route to a specific network and or device such as a host Unlike a dy
400. s chapter is only for Layer 2 switch operation Because there is no routing information in Layer 2 switch each VLAN cannot communicate Especially the uplink port should re ceive packets from all VLANs Therefore when you configure the switch as Layer 2 switch the uplink ports must be included in all VLANs SWITCH bridge show vlan u untagged port t tagged port default 1 1 lu uUuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu HE2 2 2 is da a ck Me o ao o ao ee BEI eg 3 LA Mle a es d RI e AA br4 4 4 a ar rata EE Be seve ice ee e ie Te eee ee See BESA 5 5 lar a a aaae ke e G Be ege od RS e eg SWITCH bridge Outgoing Packets under Layer 2 Shared VLAN Environment As above configuration with untagged packet if an untagged packet comes into port 1 it is added with tag 1 for PVID 1 And the uplink port 24 is also included in the default VLAN it can transmit to port 24 However a problem can be occurred for coming down untagged packets to uplink ports If an untagged packet comes to uplink ports from outer network the system does not know which PVID it has and where should it forward SMC7824M VSW Management Guide CLI Outer Network 4 TigerAccess EE Untagged packets comes from the uplink ports The packets should be forwarded to br3 but the system cannot know which PVID added to the packet default lt x Fig 8 6 Incoming Packets under Layer 2 Shared VLAN
401. s its ARP table From now on Host A will forward all the packets that it wants to reach Host D to the MAC address of switch Since the switch knows how to reach Host D the router forwards the packet to Host D The ARP cache on the hosts in Subnet A is populated with the MAC address of the switch for all the hosts on Subnet B Hence all packets destined to Subnet B are sent to the router The switch forwards those packets to the hosts in Subnet B SMC7824M VSW Management Guide TigerAccess EE 7 13 SMC7824M VSW CLI To enable or disable Proxy ARP on Interface configuration mode use the following com mand e e Se ip proxy arp Enables proxy ARP at specified interface nterface no ip proxy arp Disables the configured proxy ARP from the interface ICMP Message Control ICMP stands for Internet Control Message Protocol When it is impossible to transmit data or configure route for data IC MP sends error message about it to host The first 4 bytes of all ICMP messages are same but the other parts are different ac cording to type field value and code field value There are fifteen values of field to distinguish each different ICMP message and code field value helps to distinguish each type in detail The following table shows explanation for fifteen values of IC MP message type SS Type ICMP_ECHOREPLY ICMP_SOURCE_QUENCH ICMP_ECHO ICMP_PARAMETERPROB ICMP_TIMESTAMPREPLY 3 4 5 11 12 13 14 15 ICMP_INFO_R
402. s on a subnet reach remote subnets without con figuring routing or a default gateway aa H LL AAA 114 A os Host A Host B 172 16 10 100 16 br1 172 16 10 99 24 172 16 10 200 24 br2 172 16 20 99 24 pn m a Sg ee 1 4 eee ee Host C Host D 172 16 20 100 24 172 16 20 200 24 Fig 7 15 Proxy ARP As shown in the diagram above Host A has a 16 subnet mask What this means is that Host A believes that it is directly connected to all of network 172 16 0 0 When Host A needs to communicate with any switches if believes are directly connected it will send an ARP request to the destination Therefore when Host A needs to send a packet to Host D Host A believes that Host D is directly connected so it sends an ARP request to Host D Host A needs the MAC address of Host D to reach Host D Therefore Host A broadcasts an ARP request on Subnet A including the switch s Br1 interface but does not reah Host D This switch does not forward broadcasts by default Since the switch knows that the target address Host D s IP address is on another subnet and can reach Host D it will reply with its own MAC address to Host A The Proxy ARP reply that switch sends to Host A The proxy ARP reply packet is encap sulated in an Ethernet frame with its MAC address as the source address and Host A s MAC address as the destination address The ARP replies are always unicast to the original requester On receiving this ARP reply Host A update
403. s the source or receiver port use the following command a Y ee mvr port PORTS type receiver Specifies an MVR port source Global PORTS port number no mvr port PORTS Deletes a specified MVR port MVR Helper Address When being in a different network from an MVR group s a multicast router sends the mul ticast traffic to each MVR group In such an environment when an IGMP packet from a subscriber is transmitted to the multicast router via the MVR group multicast VLAN inter face the source address of the IGMP packet may not match the network address of the MVR group In this case the multicast router normally discards the IGMP packet To avoid this behavior you can configure the switch to replace the source address with a specified helper address The helper address must belong to the MVR group s network To specify an MVR helper address to replace a source address of an IGMP packet use the following command e e ee Specifies an MVR helper address mvr vlan VLAN helper A GC VLAN VLAN ID 1 4094 Ge A B C D helper address no mvr vlan VLAN helper Deletes a specified MVR helper address Displaying MVR Configuration To display an MVR configuration use the following command na e en Enable l Global show mvr vlan VLANS SMC7824M VSW Management Guide TigerAccess EE 9 2 7 9 2 7 1 SMC7824M VSW CLI IGMP Filtering and Throttling IGMP filtering and throttling control the distribut
404. se empty for no passphrase networks Enter same passphrase again networks Your identification has been saved in etc ssh id dsa Your public key has been saved in etc ssh id_dsa pub The key fingerprint is d9 26 8e 3d fa 06 31 95 f8 fe f0 59 24 42 47 7e root switch SWITCH A config Step 2 Copy the generated authentication key to SSH server Step 3 Connect to SSH server with the authentication key SWITCH A contfig ssh login 172 16 209 10 Enter passphrase for key etc ssh id dsa networks SWITCH B 57 CLI 98 4 5 Management Guide TigerAccess EE 802 1x Authentication To enhance security and portability of network management there are two ways of au thentication based on MAC address and port based authentication which restrict clients attempting to access to port Port based authentication 802 1x is used to authenticate the port self to access without users count to access the network 802 1x authentication adopts EAP Extensible Authentication Protocol structure In EAP system there are EAP MD5 Message Digest 5 EAP TLS Transport Level Security EAP SRP Secure Remote Password EAP TTLS Tunneled TLS and the switch sup ports EAP MD5 and EAP TLS Accessing with user s ID and password EAP MD5 is 1 way Authentication based on the password EAP TLS accesses through the mutual au thentication system of server authentication and personal authentication and it is possible to guarantee hi
405. se the following command e een no no action match deny Deletes a specified rule action no no action match permit SMC7824M VSW Management Guide TigerAccess EE 7 6 7 4 7 6 8 SMC7824M VSW CLI Applying and Modifying Admin Policy After configuring an admin policy using the above commands apply it to the system with the following command If you do not apply this policy to the system all specified configu rations from Admin Policy Configuration mode will be lost To save and apply an admin policy use the S command Admin apply Applies an admin policy to the system Policy To modify an admin policy use the GT command E E an admin policy policy admin NAME modify Global NAME admin policy name Displaying Admin Rule To show an admin rule profile configured by user use the follwing command na me See show flow profile admin flow show flow profile admin admin Admin Flow Flow Shows a profile of admin flow a Shows a profile ofadminflow of admin flow aa show policy profile admin Shows a profile of admin policy olicy The following command can be used to show a certain rule by its name all rules of a cer tain type or all rules at once sorted by a rule type e me See show flow class policy Enable admin NAME ae Shows the information relating to each rule enter an oba show flow class policy admin rule name Bridge admin
406. show Ire stat crc sec PORTS Shows how long CRC error has been happening Shows how long CRC LOF and LOS error has been show Ire stat es sec PORTS happening show Ire stat lof sec PORTS Shows how long Frame loss has been happened show Ire stat lol sec PORTS Shows how long Link has been disconnected Enable show Ire stat los sec PORTS Global Shows how long Signal loss has been happening oba Shows how long RX power of port has being lower than show Ire stat Ipr sec PORTS Bridge S g RX p p g specific voltage show Ire stat ses sec PORTS Shows how long server error has been happening show Ire stat uas sec PORTS Shows how long UAS has been happening show Ire stat service error Shows how long Link has been disconnected because PORTS of CPE turned off by user 93 CLI 94 Management Guide TigerAccess EE To display all errors that are counted during 15 minutes or one day use the following show Ire pre 15m error PORTS Shows the error status in previous 15 minutes command show Ire cur 15m error PORTS enable Shows the error status in current 15 minutes Global show Ire pre day error PORTS Bridge Shows the error status in previous day show Ire cur day error PORTS Shows the error status in current day To reset data of CRC error Frame loss and Signal loss use the following command mana e on clear Ire stat crc sec PORTS clear Ire stat los sec PORTS Global Resets the data of error coun
407. show list clear arp lear arp IFNAME lear cpe stat error PORTS lear ip arp inspection statistics vlan VLAN NAME lear ip dhcp authorized arp invalid lear ip dhcp leasedb A B C D M lear ip dhcp leasedb all lear ip dhcp leasedb pool POOL lear ip dhcp relay statistics lear ip dhcp statistics lear ip igm lear ip igmp group lear ip igmp group A B C D group A B C D IFNAME interface IFNAME lear ip igm 5 D mm ro lear ip igm lear ip igmp snooping stats port PORTS cpul lear ip kernel route lear ip mcfdb vlan VLAN lear ip mcfdb vlan VLAN group A B C D source A B C D lear ip route kernel lear lacp statistic lldp statistics PORTES lear lre error stat all PORTS O Vu B QQ 4 tz 0 00 000 Et 0 GD Et ft ELL Er Et E JE SC HERE gt i Press the lt ENTER gt key to skip to the next list In case that the switch installed command shell you can find out commands starting with a specific alphabet Input the first letter and question mark without space The following is an example of finding out the commands starting s in Privileged EXEC Enable mode of the switch SWITCH s show Show running system information ssh Configure secure shell SWITCH s Also it is possible to view variables you should input following after commands After in putting the command you need make one space and input a question mark The follow ing is an example of viewing variables after the write command Ple
408. ss EE 8 3 SMC7824M VSW CLI Spanning Tree Protocol STP The local area network LAN which is composed of double paths like token ring has the advantage that it is possible to access in case of disconnection with one path However there is another problem called a loop when you always use the double paths The loop may occur when double paths are used for the link redundancy between switches and one sends unknown unicast or multicast packet that causes endless packet floating on the LAN like loop topology That superfluous traffic eventually can result in network fault It causes superfluous data transmission and network fault Switch A Fig 8 9 Example of Loop The spanning tree protocol STP is the function to prevent the loop in LAN with more than two paths and to utilize the double paths efficiently It is defined in IEEE 802 1d If the STP is configured in the system there is no loop since it chooses more efficient path of them and blocks the other path In other words when SWITCH C in the below figure sends packet to SWITCH B path 1 is chosen and path 2 is blocked 257 CLI 258 8 3 1 Management Guide TigerAccess EE Q PC B VLAN 1 Kik Qo Switch D Path 2 witch C Fig 8 10 Principle of Spanning Tree Protocol Meanwhile the rapid spanning tree protocol RSTP defined in IEEE 802 1w dramatically reduces the time of network convergence on the spanning tree protocol
409. ssages from the normal nodes it unblocks its secondary port for traffic transmission RM node responds to those messages using RM Link Down message which informs the other nodes that its secondary port has been unblocked If the link failure is recovered the normal nodes send Link Up message to RM node And they keep the blocking status of those failed ports If the blocked ports of the normal nodes start to forward right after a Link Failure is recovered a temporary loop can occur If RM node receives Link Up message it blocks its own secondary port and sends RM Link UP message which informs the nodes of the secondary port s blocking status If the nodes receive RM Link Up message they unblocks the ports which are detected a Link Failure recovery The Ethernet ring is back to normal state 289 CLI 290 Management Guide TigerAccess EE ERP Messages There are five types of ERP messages of concern to the RM node Normal node interac tion in ERP ring as shown below e Normal Node messages The following messages are sent by the normal nodes to inform RM node of their link changes Link Down A normal node sends Link Down messages detecting its link failure Link Up A normal node sends Link Up messages detecting its link recovery e RM Node messages A RM node is in charge of protecting the Ethernet ring It sends periodic Test Packet messages to normal nodes and receives Link Down Up message from those nodes to detect
410. stalled to the port configured as Monitor port Mirrored Ports 1 2 3 Monitor Port lt Monitoring Fig 5 5 Port Mirroring To configure port mirroring designate mirrored ports and monitor port Then enable port mirroring function Monitor port should be connected to the watch program installed PC You can designate only one monitor port but many mirrored ports for one switch Step 1 Activate the port mirroring using the following command Y mn Step 2 Designate the monitor port use the following command e e een mirror monitor PORTS cpu Designates the monitor port SMC7824M VSW Management Guide TigerAccess EE SMC7824M VSW CLI Step 3 Designate the mirrored ports use the following command e e re Designates the mirrored ports mirror add PORTS ingress ingress ingress traffic egress egress egress traffic Step 4 To delete and modify the configuration use the following command ren ECO rem no mirror monitor mirror no mirror monitor Deletes a designated monitor port a Deletes a designated monitor port monitor port mirror del PORTS ingress Bridge Deletes a port from the mirrored port egress Step 5 To disable monitoring function use the following command e e See To display a configured port mirroring use the following command n mn Enable Global Shows a configured port mirroring Bridge
411. statistics all Enable Shows DHCP relay statistics for all the interfaces DHCP Shows DHCP relay statistics for all the interfaces statistics for all the interfaces show ip dhcp relay statistics Global Shows DHCP relay statistics for a specified VLAN vlan VLANS Bridge To delete collected DHCP relay statistics use the following command e e en Enable clear ip dhcp relay statistics Global Deletes collected DHCP relay statistics Bridge 317 CLI 318 8 6 5 8 6 5 1 Management Guide TigerAccess EE DHCP Option This function enables administrators to define DHCP options that are carried in the DHCP communication between DHCP server and client or relay agent The following indicates the format of the DHCP options field DHCP Option Format 1 byte 1 byte or variable 64 bytes A code identifies each DHCP option It can be expressed in value O to 255 by user con figuration and some of them are predefined in the standards 128 254 is site specific A length can be variable according to value or can be fixed A value contains actual informa tion such an IP address string or index which is inserted into the DHCP packet Administrators can configure a DHCP option format in DHCP Option mode which is glob ally used over the DHCP functions The DHCP option format can be applied in other DHCP software modules and the following figure indicates it DHCP Server Option DHCP Snooping Option D
412. stem restart critical Sets severity of an alarm for system major minor warning intermediate restart snmp alarm severity module remove critical Sets severity of an alarm for module major minor warning intermediate removed snmp alarm severity temperature high critical Sets severity of an alarm for system major minor warning intermediate temperature high To delete configured alarm severity use the following command mane a ee no snmp alarm severity fan fail no snmp alarm severity cold start no snmp alarm severity broadcast over no snmp alarm severity cpu load over no snmp alarm severity dhcp lease no snmp alarm severity dhcp illegal no snmp alarm severity fan remove no snmp alarm severity ipconflict no snmp alarm severity memory over no snmp alarm severity mfgd block Global Deletes configured alarm severity no snmp alarm severity port link down no snmp alarm severity port remove no snmp alarm severity port thread over no snmp alarm severity power fail no snmp alarm severity power remove no snmp alarm severity rmon alarm rising no snmp alarm severity rmon alarm falling no snmp alarm severity system restart no snmp alarm severity module remove no snmp alarm severity temperature high SMC7824M VSW 145 CLI Management Guide TigerAccess EE 7 1 9 5 ADVA Alarm Severity To set ADVA alarm severity use the following command eene ee snmp alarm severity adva fan fa
413. stomers Fig 7 14 NetBIOS Filtering To enable disable NetBIOS filtering use the following command netbios filter PORTS AS Configures NetBIOS filtering to a specified port Bridge no netbios filter PORTS netbios filter PORTS Disables NetBIOS filtering from a specified port To display a configuration of NetBIOS filtering use the following command e e Se Enable show netbios filter Global Shows a configuration of NetBIOS filtering Bridge 205 CLI 206 Management Guide TigerAccess EE The following is an example of configuring NetBIOS filtering in port 1 2 and showing it SWITCH bridge netbios filter 1 2 SWITCH bridge show netbios filter o enable disable SWITCH bridge 7 8 Max New Hosts For the switch you have to lock the port like MAC filtering before configuring max hosts In case of ISPs it is possible to arrange a billing plan for each user by using this configu ration Max new host is to limit the number of users by configuring the number of MAC ad dresses that can be learned on the system and on the port for a second The number of MAC addresses that can be learned on the system has the priority To configure max new hosts use the following command e e Se The number of MAC addresses that can be learned on max new hosts PORTS VALUE the port for a second VALUE maximum MAC number lt 1 2147483646 gt The number of MAC addresses that can be lea
414. support option b and PLAN 997 Symmetric for DMT 50M sym100 100 998 sym25_997 N Di PLAN 998 Asymmetric for 4Band 12a 12a_997 PLAN 997 Asymmetric for 5Band 12a 17a PLAN 998 Asymmetric for 5Band 17a 17a_8k PLAN 998 Asymmetric for 5Band 17a tone space 8k 30a PLAN 998 Asymmetric for 6Band 30a VDSL 2 12b PLAN 998 Asymmetric for 4Band 12b not support option band 12b 997 PLAN 997 Asymmetric for 4Band 12b not support option band PLAN 998 Asymmetric for 3Band 8a PLAN 998 Asymmetric for 3Band 8b not support option band PLAN 998 Asymmetric for 3Band 8c PLAN 998 Asymmetric for 3Band 8d Tab 5 2 Profile of VDSL Port O SMC7824M VSW Management Guide CLI TigerAccess EE i The default pofile of VDSL port is 30a h Configuration for Profile of VDSL port is applied to all the ports The following table shows the option band types of VDSL port Uses 6 to 32 tone in annex A environment in the direction of upstream Option Uses 32 to 64 tone in annex B environment in the direction of upstream Band Uses 6 to 64 tone in annex M environment in the direction of upstream Excludes option band Tab 5 3 Option band of VDSL Port To display the configured Ire profile use the following command es e e show Ire profile Enable Global Bridge Displays the configured Ire profile The following is an example of displaying the configured Ire profile SWITCH bridge show lre profile 1 8 Port Status Standa
415. switch supports ingress and egress shaping rate limiting and different scheduling type such as SP Strict Priority and DWRR Weighted Deficit Round Robin IP Multicast Because broadcasting in a LAN is restricted if possible multicasting could be used in stead of broadcasting by forwarding multicast packets only to the member hosts who joined multicast group The switch provides IGMPv2 and IGMP snooping for host mem bership management SNMP Simple network management protocol SNMP is to manage Network Elements using TCP IP protocol The switch supports SNMP version 1 2 3 and Remote Monitoring RMON Network operator can use MIB also to monitor and manage the switch Dynamic Host Configuration Protocol DHCP The switch supports Dynamic Host Configuration Protocol DHCP server that automati cally assigns IP address to clients accessed to network That means it has IP address pool and operator can effectively utilize limited IP source by leasing temporary IP ad dress In layer 3 network DHCP request packet can be sent to DHCP server via DHCP relay and option 82 Spanning Tree Protocol STP To prevent loop and preserve backup route in Layer 2 network the switch supports span ning tree protocol STP defined in IEEE 802 1D Between STP enabled switches a root bridge is automatically selected and the network remains in tree topology But the recov ery time in STP is very slow about 30 seconds rapid spanning tree protocol
416. t clear Ire stat lol sec PORTS Bridge clear Ire stat lpr sec PORTS clear Ire stat uncorrectable crc PORTS SES Severely Errored Seconds means how long server error has been happening and UAS Unavailable Seconds means error which SES is more than 10 seconds In addition you can check how many minutes is passed after beginning 15 minutes 15 Min Elapse or day Day Elapse based on the present time of checking how many times each port is disconnected and how long it is disconnected SMC7824M VSW Management Guide TigerAccess EE 9 3 4 9 3 4 1 SMC7824M VSW CLI Config Profile You can make a policy configured in service port a Profile to apply to port There are two kinds of profiles one applied to VDSL line and the other one configured for Alarm of SNMP trap in case error is happened This chapter describes the following lists e Line config profile e Alarm config profile Line config profile Line config profile is a policy which configures transmit rate of VDSL line SNR margin and Interleave delay This is very useful when ISPs apply graded services They do not have to configure all ports according to client s grade but just apply profile to ports In switch all VDSL ports are contained in one Line config profile For the ports contained as the member port of Line config profile it is not possible to change Interleave delay or SNR margin To change it you should delete the member of Line config pr
417. t Rate bps Tab 8 3 RSTP Path cost long To decide the path cost calculation method use the following command e e res spanning tree pathcost method Selects the method for calculating a RSTP path cost long long 32 bits of RSTP path cost IEEE 802 1D 2004 Bridge spanning tree pathcost method Selects the method for calculating a STP path cost short short 16bits of STP path cost IEEE 802 1D 1998 To delete a configured method for caculating the path cost and return the configuration to the default use the following command e e See spanning tree pathcost Deletes the configured method of path cost default Bridge method short When the route decided by path cost gets overloading you would better take another route Considering these situations it is possible to configure the path cost of root port so that user can configure a route manually To configure the path cost use the following command e e een Configures path cost to configure route PORTS port number 1 200000000 the path cost value spanning tree port PORTS cost lt 1 200000000 gt no spanning tree port PORTS Deletes the configured path cost enter the port num cost ber Edge Ports Edge ports are defined that the ports are connected to a nonbridging device There are no switches or spanning tree bridges directly connected to the edge port SMC7824M VSW Management Guide TigerAccess EE 8 3 6 3 8 3 6 4 S
418. t interval lt 10 500 gt S 10 500 packet interval unit millisecond To delete the specified interval of ERP test packet interval use the Ge command no erp domain DOMAIN ID test Bridge Deletes the specified interval of ERP test packet packet interval LOTP Hold Off Time It is necessary to prevent lower priority rings to trigger protection because of loss of test packets before the protection of the higher priority ring and transmission of test packets over this ring LOTP hold off time determines the hold off time for ERP switching in case of detection of LOTP This parameter provides independence between ERP rings Hold off time for LOTP triggered ERP delays ERP switching if a ring protection of this domain is also provided by other higher priority rings LOTP Hold Off Time value depends on the ring priority of ERP rings To specify LOTP hold off time use the following command e e re Configures LOTP hold off time erp domain DOMAIN ID hold off ti lt 1 20000 gt 1 20000 ERP hold off time default O ms unit milli ime lt 1 second To configure LOTP hold off time as default use the following command e e See no erp domain DOMAIN ID hold i SH Bridge Configures LOTP hold off time as default value off time SMC7824M VSW Management Guide TigerAccess EE 8 4 12 8 4 13 SMC7824M VSW CLI ERP Trap To enable the system to generate ERP trap message use the following command
419. t or VDSL ports Describes how to configure the system environment and manage 6 System Environment ment functions 7 Network Management Describes how to configure the network management functions 8 System Main Functions Describes how to configure the system main functions 9 IP Multicast Describes how to configure the IP multicast functions 10 System Software Upgrade Describes how to upgrade the system software KE Lists all abbreviations and acronyms which appear in this docu 11 Abbreviations ment Tab 1 1 Overview of Chapters SMC7824M VSW 19 CLI 20 1 3 1 4 Management Guide TigerAccess EE Document Convention This guide uses the following conventions to convey instructions and information Information This information symbol provides useful information when using commands to configure and means reader take note Notes contain helpful suggestions or references Warning This warning symbol means danger You are in a situation that could cause bodily injury or broke the equipment Before you work on any equipment be aware of the hazards in volved with electrical circuitry and be familiar with standard practices for preventing acci dents by making quick guide based on this guide Document Notation The following table shows commands used in guide book Please be aware of each command to use them correctly Notation scription O DREES Commands or variables that appear within square brackets
420. tSize port Global Shows the token bucket size of each queue for port queue PORTS Applying and modifying Policer After configuring a policer using the above commands apply it to the system with the fol lowing command If you do not apply the policer to the system all specified configurations on Policer Configuration mode will be lost To save and apply a policer use the following command mana on apply Applies a policer to the system To modify a policer use the following command na e een policer NAME modify Global Modifies a policer enter a policer name Rule Action Policy Creation To configure a policy you need to open Policy Configuration mode first To open Policy Configuration mode use the following command e e Se f Creates a policy and opens Policy Configuration mode policy NAME create Global l NAME policy name After opening Policy Configuration mode the prompt changes from SWITCH config to SWITCH config policy NAME To delete configured policy or all policies use the following command e e re no policy all no policy NAME Deletes a policy enter a policy name Global Deletes all policies After opening Policy Configuration mode a policy can be configured by user The rule priority and rule action s can be configured for each policy e The policy name must be unique lts size is limited to 32 significant characters SMC7824M VSW Management Guide TigerAcces
421. tTLVs 1 disable Tx lt gt RX none 2 disable Tx lt gt RX none SWITCH config SMC7824M VSW Management Guide TigerAccess EE 7 4 7 4 1 SMC7824M VSW CLI Remote Monitoring RMON Remote Monitoring RMON is a function to monitor communication status of devices connected to Ethernet at remote place While SNMP can give information only about the device mounting an SNMP agent RMON gives network status information about overall segments including devices Thus user can manage network more effectively For in stance in case of SNMP it is possible to be informed traffic about certain ports but through RMON you can monitor traffics occurred in overall network traffics of each host connected to segment and the current status of traffic between hosts Since RMON processes quite lots of data its processor share is very high Therefore administrator should take intensive care to prevent performance degradation and not to overload network transmission caused by RMON There are nine RMON MIB groups de fined in RFC 1757 Statistics History Alarm Host Host Top N Matrix Filter Packet Cap ture and Event The switch supports two MIB groups of them most basic ones Statistics only for uplink ports and History RMON History RMON history is periodical sample inquiry of statistical data about each traffic occurred in Ethernet port Statistical data of all ports are pre configured to be monitored at 30 minute inte
422. tagrams over the network to the sFlow collector There are three parts of sFlow agent as shown below s sFlow Agent One agent can hold multiple samplers and pollers but each sampler and poller points to only one receiver Sampler This is used to collect packet samples for each interface Poller This is used to collect counter samples for each interface Receiver This is used to encode the flow and counter samples into UDP data grams sFlow implementation of the switch has the following restrictions so you should keep in mind those before configuring sFlow e sFlow service must be enabled by service sflow command before enabling sFlow function e sFlow sampling of specified port would not be perfomed unless you enable sFlow function for each port using sflow port PORTS enable command e sFlow sampling would not be performed when sample rate or counter interval or re ceiver index is 0 sFlow Service After you enable sFlow service using the following command the sampling and polling of sFlow interface just start to run in the system Enable or disable sFlow service globally use the following command na e een service sflow Enables sFlow service globally Global no service sflow Disables sFlow service globally Agent IP Address SMC7824M VSW Management Guide TigerAccess EE 7 16 3 7 16 4 7 16 5 7 16 6 SMC7824M VSW CLI To specify IP address of sFlow agent use the following co
423. tch registered in Master Switch as Slave Switch To des ignate Slave switch use the following command e e See oe Seis the ewitch as a slave switch Disabling Stacking To disable stacking use the following command e e en Displaying Stacking Status To display the status of stacking use the following command mana een Enable Global Shows a configuration of stacking Bridge 339 CLI 340 8 7 5 8 7 6 Management Guide TigerAccess EE Accessing to Slave Switch from Master Switch After configuring all stacking configurations it is possible to configure and mange by ac cessing to Slave switch from Master switch To access to Slave switch from Master switch use the following command in Bridge Con figuration mode es res Accesses to a slave switch rcommand NODE Enable NODE node number NODE means node ID from configuring stacking in Slave switch If you input the above command in Master switch Telnet connected to Slave switch is displayed and it is possi ble to configure Slave switch using DSH command If you use the exit command in Telnet the connection to Slave switch is down Sample Configuration Sample Configuration 1 Configuring Stacking The following is a stacking configuration by designating SWITCH A as a master and SWITCH B as a slave Switch A Master Switch Manages with the same IP address Switch B Slave Switch Step 1 Assign IP address
424. te of port listening and learning are not needed These negotiations use BPDU Compatibility with 802 1d RSTP internally includes STP so it has compatibility with 802 1d Therefore RSTP can recognize BPDU of STP But STP cannot recognize BPDU of RSTP For example as sume that SWITCH A and SWITCH B are operated as RSTP and SWITCH A is connected to SWITCH C as designated switch Since SWITCH C which is 802 1d ignores RSTP BPDU it is interpreted that switch C is not connected to any switch or segment Switch A Switch C Switch B Fig 8 21 Compatibility with 802 1d 1 However SWITCH A converts a port received BPDU into RSTP of 802 1d because it can read BPDU of SWITCH C Then SWITCH C can read BPDU of SWITCH A and accepts SWITCH A as designated switch Switch A Switch B Switch C 802 1w 802 1w 802 1d STP BPDU Fig 8 22 Compatibility with 802 1d 2 MSTP Operation To operate the network more efficiently the switch uses MSTP Multiple Spanning Tree Protocol It constitutes the network with VLAN subdividing existing LAN domain logically and configure the route by VLAN or VLAN group instead of existing routing protocol SMC7824M VSW Management Guide TigerAccess EE 8 3 3 1 SMC7824M VSW CLI Here explains how MSTP PVSTP differently operates on the LAN Suppose to configure 100 VLANs from SWITCH A to B and C In case of STP there is only one STP on all the VLANs and it does not provide multiple instance
425. tem Power is Ok Aug 28 03 33 39 system Power is Fault Aug 28 03 36 01 system Power is Ok Aug 28 03 36 02 system Power is Fault A A A A Aug 28 03 43 09 system Power A is Ok Aug 28 03 43 10 system Power A is Fault Aug 28 04 09 36 system Power A is Ok Aug 28 04 09 37 system Power A is Fault Aug 28 04 10 55 system Power A is Ok Aug 28 04 10 55 system Power A is Fault Aug 28 04 11 03 system Power A is Ok Aug 28 04 11 03 system Power A is Fault Aug 28 04 16 21 system Power A is Ok Aug 28 04 16 21 system Power A is Fault Aug 28 04 16 27 system Power A is Ok Aug 28 04 16 34 system Power A is Fault Aug 28 04 19 14 system Power A is Ok Aug 28 04 19 15 system Power A is Fault Aug 28 06 14 12 system Power A is Ok Aug 28 06 14 13 system Power A is Fault Aug 28 11 52 03 login 222 admin login on ttyp0 from 10 100 158 158 Aug 28 11 54 21 proftpd 234 localhost 10 100 158 158 10 100 158 158 USER admin Login successful Aug 28 11 54 23 proftpd 234 localhost 10 100 158 158 10 100 158 158 Logout successful Aug 28 11 54 42 proftpd 235 localhost 10 100 158 158 10 100 158 158 Logout successful SWITCH 7 5 7 Displaying Syslog Configuration To display the configuration of the syslog use the following command O ma wa O Enable show syslog Global Shows the configuration of the syslog Bridge SMC7824M VSW 167 CLI 168 7 6 Management Guide TigerAccess
426. tem configuration and information Tab 3 1 Main Command of Privileged EXEC View Mode Privileged EXEC Enable Mode To configure the switch you need to open Privileged EXEC Enable mode with the enable command then the system prompt will changes from SWITCH gt to SWITCH e e es enable View Opens Privileged EXEC Enable mode You can set a password to Privileged EXEC Enable mode to enhance security Once set ting a password you should enter a configured password when you open Privileged EX EC Enable mode Tab 3 2 shows main commands of Privileged EXEC Enable mode terminal length Configures the number of lines of the current terminal traceroute Traces a packet route Displays users accessing the system via telnet or console Tab 3 2 Main Command of Privileged EXEC Enable Mode SMC7824M VSW Management Guide TigerAccess EE 3 1 3 3 1 4 SMC7824M VSW CLI Global Configuration Mode In Global Configuration mode you can configure general functions of the system You can also open another configuration mode from this mode To open Global Configuration mode enter the configure terminal command and then the system prompt will be changed from SWITCH to SWITCH config es e ees configure terminal Opens Global Configuration mode Tab 3 3 shows main commands of Global Configuration mode CO ENT CO ESTACA COM ELOTE CAT ENT Frase interface Opens Interface Configuration mode to configure a s
427. ter installing the system the switch is supposed to examine that each port is rightly connected to network and management PC You can connect to the system to configure and manage the switch This section provides instructions how to change password for system connection and how to connect to the system through telnet as the following order e Connecting to the Console Port e System Login e Password for Privileged EXEC Enable Mode e Changing Login Password e Login Password Recovery Process e Management for System Account e Limiting Number of Users e Auto Log out e Telnet Access System Rebooting Connecting to the Console Port To begin setup you must connect the Console to the RJ45 Console port To connect the cable perform the following steps Attach the RJ45 connector on the cable to the RJ45 connector on the console port of the switch Connect the other end of the cable to one of the serial ports on your workstation Open your terminal emulation software and configure the COM port settings to which you have connected the cable The settings should be set to match the default settings for the switch which are e 9600 bps e 8 data bits e 1 stop bit e No parity e No flow control System Login After installing the switch finally make sure that each port is correctly connected to PC for network and management And then turn on the power and boot the system as follows Step 1 When you turn on the switch bootin
428. the entry to IGMP snooping table when it exists dhcp snoop binding eee on the DHCP snooping binding table oba no ip igmp filter port PORTS Adds the entry to IGMP snooping table irrespective of permit dhcp snoop binding DHCP snooping binding table To allow or discard IGMP messages by message type on a port use the following com mand e e See ip igmp filter port PORTS packet type reportv1 reportv2 re Filters the specified IGMP messages on a port portv3 query leave all Global no ip igmp filter port PORTS packet type reportv1 reportv2 Disables filtering the specified IGMP messages on a port reportv3 query leave all SMC7824M VSW Management Guide TigerAccess EE 9 2 7 2 9 2 7 3 9 2 8 SMC7824M VSW CLI IGMP Throttling You can configure the maximum number of multicast groups that a host on a port can join To specify the maximum number of IGMP groups per port use the following command C ma See Specifies the maximum number of IGMP groups that ip igmp max groups port PORTS hosts on specific port can join count lt 1 2147483647 gt PORTS port number 1 2147483647 number of IGMP groups Global ip igmp max groups port all Specifies the maximum number of IGMP groups that count lt 1 2147483647 gt hosts on all ports can join no ip igmp max groups port 8 i Deletes a specified maximum number of IGMP groups PORTS all To specify the maximum nu
429. the link failure or recovery Test Packet TP This is used to determine if any loops occur in the Ethernet ring RM Link Down This is used to inform the normal nodes of unblocking status of its secondary port caused by link failure RM Link Up This is used to inform the normal nodes of re blocking status of its secondary port caused by link recovery ERP implementation of the switch has the following restrictions so you should keep in mind those before configuring ERP e ERP can not be configured with STP If ERP is enabled in the system STP is automatically disabled e Aprimary and secondary port number should not be same e ERP mechanism should be used for Ethernet Ring topology only If the link failure occurs the nodes adjacent Node A 4 B to the failure detect their state and send Link Down message to RM node If an intermediate node Node C between RM node and a node adjacent to link failure receives Link Down message it starts to per form Forwarding Database FDB Flushing FDB Flushing consists in erasing in the for warding database of the switch all MAC entries of the protected VLANs that are for warded to the ring ports The Flushing of FDB is always followed by a period with learning disabled To prevent wrong MAC learning due to the remaining packets in the buffer a node does not learn MAC addresses during a configured learning disable time SMC7824M VSW Management Guide TigerAccess EE SMC7824M VSW
430. the other switches managed by Master switch are named as Slave switch Regardless of installed place or connection state Master switch can check and manage all Slave switches It is possible to configure stacking function for switches from 2 to 16 Switch Group You should configure all the switches configured with stacking function to be in the same VLAN To configure the switches as a switch group which belongs in the same VLAN use the following command e e Se stack device NAME Global Configures device name or VID SMC7824M VSW Management Guide TigerAccess EE LE 8 7 2 8 7 3 8 7 4 SMC7824M VSW CLI For managing the stacking function the port connecting Master switch and Slave switch must be in the same VLAN Designating Master and Slave Switch Designate Master switch using the following command e e res stack master Global Sets the switch as a master switch After designating Master switch register Slave switch for Master switch To register Slave switch or delete the registered Slave switch use the following command na m en stack add MACADDR DE Registers slave switch SCRIPTION Global MACADDR MAC address stack del MAC ADDR del MAC ADDR Deletes slave swith slave switch To make stacking operate well it is required to enable the interface of Slave switch The switches in different VLANs cannot be added to the same switch group You should designate Slave swi
431. the physical port that is a member of aggregated port To configure the member port use the following command IC EC O Configures physical port that is member port of aggre lacp port PORTS Bridge gator select the port number s that should be enabled for LACP To disable LACP and delete the configuration of LACP use the following command e e een Disables LACP for designated Aggregator number no lacp aggregator AGGREGA l select the aggregator ID that should be disabled for Bridge LACH Deletes member port of Aggregator select the port no lacp port PORTS number s that should be disabled for LACP TIONS 253 CLI 254 8 2 2 2 8 2 2 3 8 2 2 4 Management Guide TigerAccess EE Operation Mode After configuring the member port configure the LACP operation mode of the member port This defines the operation way for starting LACP operation You can select the op eration mode between the active and passive mode The active mode allows the system to start LACP operation regardless of other con nected devices On the other hand the passive mode allows the system to start LACP operation only when receiving LACP messages from other connected devices In case of an LACP connection between 2 switches if the member ports of both switches are configured as the passive mode the link between the switches cannot be established To configure the operation mode of the member port use the following command
432. the route of A E D C e Reply Request yl Sc PING test to C Gester N EL D O Fig 6 2 IP Source Routing To perform ping test as the route which the manager designated use the following steps Step 1 Enable IP source routing function from the equipment connected to PC which the PING test is going to be performed To enable disable IP source routing in the switch use the following command e e Se Enable IP source routing function Global no ip icmp source route Disable IP source routing function Step 2 Perform the ping test from PC as the designate route with the ping command Tracing Packet Route You can discover the routes that packets will actually take when traveling to their destina tions To do this the traceroute command sends probe datagrams and displays the round trip time for each node 129 CLI 130 6 3 4 Management Guide TigerAccess EE If the timer goes off before a response comes in an asterisk is printed on the screen Semer pon traceroute DESTINATION Traces packet routes through the network Enable traceroute ip DESTINATION traceroute icmp DESTINATION The followings are the configurable options to trace the routes DESTINATION IP address or host name Items Description Protocol ip Supports ping test Default is IP Sends ICMP echo message by inputting IP address or host name of Target IP address BN i destination in order t
433. thentication method use the following command e e Se Sets a system authentication method local console access login local remote radius Global remote telnet SSH access oba tacacs host primary radius RADIUS authentication tacacs TACACS authentication host nominal system authentication default 47 CLI 48 4 2 4 4 2 4 1 4 2 4 2 4 2 4 3 4 2 4 4 Management Guide TigerAccess EE RADIUS Server RADIUS Server for System Authentication To add delete a RADIUS server for system authentication use the following command e e Se Adds a RADIUS server with its information login radius server A DCD A B C D IP address KEY auth_port PORT acct_port KEY authentication key value PORT ES auth_port authentication port optional acct_port accounting port optional no login radius server 4 B C D Deletes an added RADIUS server You can add up to 5 RADIUS servers RADIUS Server Priority To specify the priority of a registered RADIUS server use the following command e See Specifies a priority of RADIUS server Global A B C D IP address 1 5 priority of RADIUS server login radius server move A B C D lt 1 5 gt Timeout of Authentication Request After an authentication request the switch waits for a response from a RADIUS server for specified time To specify a timeout value use the following command e e Se Specifies a timeout value login radius timeo
434. ticipat ing in the VLANs accept packets bearing VLAN tags and transmit them to the port VLAN ID The below functions are explained e Creating VLAN e Specifying PVID e Assigning Port to VLAN e Deleting VLAN 235 CLI 8 1 1 1 8 1 1 2 8 1 1 3 8 1 1 4 236 Management Guide TigerAccess EE Creating VLAN To configure VLAN on user s network use the following command ee ee Creates new VLAN by assigning VLAN ID vlan create VLANS Bridge i i i VLANS VLAN ID 1 4094 multiple entries possible The variable VLANS is a particular set of bridged interfaces The frames are bridged only among interfaces in the same VLAN Specifying PVID By default PVID 1 is specified to all ports You can also configure a PVID To configure a PVID in a port use the following command e e re Configures a PVID vlan pvid PORTS PVIDS PORTS port numbers PVIDS PVID 1 4094 multiple entries possible Assigning Port to VLAN To assign a port to VLAN use the following command e mee Assigns a port to VLAN VLANS VLAN ID 1 4094 PORTS port number vlan add VLANS PORTS tagged untagged Deletes associated ports from specified VLAN vlan del VLANS PORTS VLANS VLAN ID 1 4094 PORTS port number to be deleted When you assign several ports to VLAN you have to enter each port separated by a comma without space or use dash mark to arrange port range Deleting VLAN To delete VLAN use t
435. time for forwarding entries To specify the maximum number of forwarding entries on the McFDB use the following command e me See Specifies the maximum number of forwarding entries on the McFDB Global 256 65535 number of entries default 5000 SR Deletes the specified maximum number of forwarding no ip mcfdb aging limit S entries Displaying McFDB Information ip mcfdb aging time lt 10 10000000 gt Global ip mcfdb aging limit lt 256 65535 gt To display McFDB information use the following command n See Shows the current aging time and maximum number of show ip mcfdb forwarding entries Enable Shows the current forwarding entries VLAN VLAN ID 1 4094 A B C D multicast group address show ip mcfdb aging entry vlan Global VLAN group A B C D mac Bridge based detail mac based lists entries on a MAC address basis 355 CLI 356 9 2 2 Management Guide TigerAccess EE To clear multicast forwarding entries use the following command e e See Clears multicast forwarding entries clear ip mcfdb vlan VLAN all forwarding entries Enable VLAN VLAN ID 1 4094 Global Clears a specified forwarding entry clear ip mcfdb vlan VLAN group roup multicast grou A B C D source A B C D JOU group source multicast source IGMP Snooping Basic Layer 2 switches normally flood multicast traffic within the broadcast domain since it has no entry in the Layer
436. timer To enable auto log out function use the following command e e een Enables auto log out exec timeout lt 1 35791 gt lt 0 59 gt 1 35791 time unit in minutes by default 10 minutes Global 0 59 time unit in seconds exec timeout 0 Disables auto log out To display a configuration of auto logout function use the following command e mae show exec timeout Shows a configuration of auto logout function The following is an example of configuring auto log out function as 60 seconds and view ing the configuration SWITCH config exec timeout 60 SWITCH config show exec timeout Log out time 60 seconds SWITCH config Telnet Access To connect to a remote host via telnet use the following command e e Se Connects to a remote host telnet DESTINATION TCP PORT Enable DESTINATION IP address or host name In case of telnet connection you need to wait for the OK message when you save a system configuration Otherwise all changes will be lost when the telnet session is dis connected SMC7824M VSW Management Guide TigerAccess EE 4 1 10 4 1 10 1 SMC7824M VSW CLI SWITCH write memory OK SWITCH The system administrator can disconnect users connected from remote place To discon nect a user connected through telnet use the following command ss e ees disconnect 77 Y NUMBER Disconnects a user connected through telnet The following is an examp
437. tion you need to delete the RMON history and configure it again Deleting Configuration of RMON History When you need to change a configuration of RMON history you should delete an existing RMON history To delete an RMON history use the following command n en Deletes the RMON history of specified number enter no rmon history lt 1 65535 gt Global the value for deleting Displaying RMON History To display an RMON history use the following command e e See show running config rmon i All Shows a configured RMON history history Always the last values will be displayed but no more than the number of the granted buckets 157 CLI 158 7 4 2 7 4 2 1 7 4 2 2 7 4 2 3 Management Guide TigerAccess EE The following is an example of displaying RMON history SWITCH config rmonhistory 5 show running config rmon history l rmon history y owner test data source ifindex hdlcl interval 60 requested buckets 25 active SWITCH config rmonhistory 5 RMON Alarm You need to open RMON Alarm Configuration mode first to configure RMON alarm e e Se Opens RMON Alarm Configuration mode rmon alarm lt 1 65535 gt Global 1 65535 index number Subject of RMON Alarm You need to configure RMON alarm and identify subject using many kinds of data from alarm To identify subject of alarm use the following command e e een Identifies subject using relevant data enter the n
438. ty VLAN 8 3 8 5 Displaying Configuration To display the configuration after configuring PVSTP use the following command en re eme Enable l l 8 l l Shows all configurations of a specific vlan id show spanning tree vlan VLANS Global l VLANS VLAN ID 1 4094 Bridge S Shows information of a specific vlan id on active inter show spanning tree vlan VLANS f ace active detail l l l l l detail detailed PVSTP information as option show spanning tree vlan VLANS Shows information of the blocked ports blockedport show spanning tree vlan VLANS Shows detailed information of the specific vlan id detail active VLANS VLAN ID 1 4094 show spanning tree vlan VLANS Shows information of root inconsistency state inconsistentports VLANS VLAN ID 1 4094 show spanning tree vlan VLANS bridge address detail for Shows information of the bridge status and configura ward time hello time id max tion of a specific vlan id age protocol priority system VLANS VLAN ID 1 4094 id show spanning tree vlan VLANS root address cost detail Shows the status and configuration for the root bridge forward time hello time id of a specifiec vlan id max age port priority system VLANS VLAN ID 1 4094 id show spanning tree vlan VLANS port PORTS active detail i l D i f Shows information of vlan id for specified port cost detail active edgeport l VLANS VLAN ID 1 4094 inconsistency rootcost
439. ual Local Area Network Video on Demand Virtual Path Identifier Virtual Private Network Any form of DSL 383 CLI Management Guide TigerAccess EE 384 SMC7824M VSW FOR TECHNICAL SUPPORT CALL From U S A and Canada 24 hours a day 7 days a week 800 SMC 4 YOU 949 679 8000 Fax 949 679 1481 From Europe Contact details can be found on www smc com INTERNET E mail addresses techsu Driver updates ort smc com http www smc com index cfm action tech support drivers downloads World Wide Web http www smc com FOR LITERATURE OR ADVERTISING RESPONSE CALL U S A and Canada Spain UK France Italy Benelux Central Europe Nordic Eastern Europe Sub Saharian Africa North West Africa CIS PRC Taiwan Asia Pacific Korea Japan Australia India 800 SMC 4 YOU 34 91 352 00 40 44 0 1932 866553 33 0 41 38 32 32 39 0 335 5708602 31 33 455 72 88 49 0 89 92861 0 46 0 868 70700 34 93 477 4920 216 712 36616 34 93 477 4920 7 095 7893573 86 10 6235 4958 886 2 8797 8006 65 6 238 6556 82 2 553 0860 81 45 224 2332 61 2 8875 7887 91 22 8204437 Fax 949 679 1481 Fax 34 93 477 3774 Fax 44 0 118 974 8701 Fax 33 0 41 38 01 58 Fax 39 02 739 14 17 Fax 31 33 455 73 30 Fax 49 0 89 92861 230 Fax 46 0 887 62 62 Fax 34 93 477 3774 Fax 216 71751415 Fax 34 93 477 3774 Fax 7 095 789 35 73 Fax 86 10 6235 4962 Fax 886 2
440. uch as transceiver type length connector type and vendor information of the SFP However you might not want to see DMI polling information because it may result in CPU overload to collect DMI data via VC interface To enable or disable collecting DMI information from SFP mouldes use the following command e e een i i Specifies whether to collect DMI information from SFP module dmi enable disable Global ae modules 121 CLI 122 Management Guide TigerAccess EE This module DMI command is enabled by default Thus if you don t want to get DMI in formation configure this setting as disable If disabled the switch does not show DMI information of the SFP ports when using the show port module info command To display the configuration of DMI module use the following command CECR Enable show module dmi Global Displays the configuration result of DMI module Bridge This is an example of disabling the DMI module and displaying the setting result SWITCH config module dmi disable SWITCH config show module dmi module diagnotics monitor dmi disable SWITCH config SMC7824M VSW Management Guide TigerAccess EE 6 2 6 2 1 6 2 2 A SMC7824M VSW CLI Configuration Management You can verify if the system configurations are correct and save them in the system This section contains the following functions e Displaying System Configuration e Writing System Co
441. up specific query This is used to determine if any hosts are listening to a par ticular group e Version 2 membership report This is used by hosts to join a group unsolicited or to respond to membership que ries solicited Leave group This is used to explicitly leave a group IGMPv2 Operation An IGMP querier is the only router that sends membership query messages for a network segment In IGMP version 2 the querier is a router with the lowest IP address on the subnet If the router hears no queries during the timeout period it becomes the querier A host joins multicast groups by sending unsolicited membership report messages indi cating its wish to receive multicast traffic for those groups indicating that the host wants to become a member of the groups The querier sends general query messages periodically to discover which multicast groups have members on the attached networks of the router The messages are ad dressed to the all hosts multicast group which has the address of 224 0 0 1 with a time to live TTL value of 1 If hosts do not respond to the received query messages for the maximum response time advertised in the messages a multicast router discovers that no local hosts are members of a multicast group and then stops forwarding multicast traffic onto the local network from the source for the group When hosts respond to membership queries from an IGMP querier membership reports from the hosts other than the
442. ut lt 1 100 gt Global 1 100 timeout value for a response default 5 no no login radius timeout no login radius timeout timeout Deletes a specified timeout value a Deletes a specified timeout value timeout value Frequency of Retransmit In case of no response from a RADIUS server the switch is supposed to retransmit an authentication request To set the frequency of retransmitting an authentication request use the following command e e een Sets the frequency of retransmit login radius retransmit lt 1 10 gt Global 1 10 frequency count default 3 no no login radius retransmit no login radius retransmit retransmit Deletes a specified frequency count a specified Deletes a specified frequency count count SMC7824M VSW Management Guide TigerAccess EE 4 2 5 4 2 5 1 4 2 5 2 4 2 5 3 4 2 5 4 SMC7824M VSW CLI TACACS Server TACACS Server for System Authentication To add delete the TACACS server for system authentication use the following command e me See Adds a TACACS server with its information login tacacs server A B C D KEY A B C D IP address Sie KEY authentication key value no login tacacs server A B C D Deletes an added TACACS server You can add up to 5 TACACS servers TACACS Server Priority To specify the priority of a registered TACACS server use the following command e e Se Specifies the priority of TACACS server
443. vergence of GU Z Iw 265 SMC7824M VSW Management Guide TigerAccess EE SMC7824M VSW Fig Fig Fig Fig Fig Fig Fig Fig Fig Fig Fig Fig Fig Fig Fig Fig Fig Fig Fig Fig Fig 8 21 8 22 8 23 8 24 8 25 8 26 8 27 8 28 8 29 8 30 8 31 8 32 8 33 8 34 8 35 8 36 8 37 8 38 8 39 9 1 9 2 CLI Compatibility with 602 10 isis 266 Compatibility with G02 V4 2 EE 266 Co anes To SW By EE 267 CSrandISTO MSTP Z EE 268 A en ao oe een ee 217 ROO Sad o as ce 280 Example of Layer 2 Network Design in RSTP Environment 287 Example of Layer 2 Network Design in MSTP Emronment 288 ERP Operation in case of Linnk Failure ooccccoccncccccncccncnconnnononcncnononos 291 FRING PROTO e DEE 291 Link Failure Recovery KENNEN ENEE 292 RNO RECOVE EE 292 A EEN 293 DHCP t 302 Example of DHCP Relay Agent 315 DACP Option 2 Opera sia A tenes 321 DHCP Server Packet klterng 337 Example of Single IP Management cooocnccncccnccccccnnccnoconcnnnconononcnncnnanencnnonens 338 Rate Limit and Flood Guard 343 IGMP Snooping in the L2 network ooooncccoccncccccccnconoccncnoncononnnnoncnnanoncnnonons 348 IGMP SNOODIN riada 356 CLI 18 Tables Tab Tab Tab Tab Tab Tab Tab Tab Tab Tab Tab Tab Tab Tab Tab Tab Tab Tab Tab Tab Tab Tab Tab Tab Tab Tab Tab Tab Tab Tab Tab Tab 1 1 1 2 3 1 3 2 3 3 3 4 3 5 3 6 3 3 8 3 9 3
444. vian fid VLANS FID Configures FID VLAN Translation VLAN Translation is simply an action of Rule This function is to translate the value of specific VLAN ID which classified by Rule The switch makes Tag adding PVID on Untagged packets and use Tagged Packet as it is That is all packets are tagged in the Switch and VLAN Translation is to change the VLAN ID value of Tagged Packet in the Switch This function is to adjust traffic flow by changing the VLAN ID of packet Step 1 Open Rule Configuration mode using the flow NAME create command See Section 7 6 2 1 Step 2 Classify the packet that VLAN Translation will be applied by flow See Section 7 6 2 2 Step 3 Designate the VLAN ID that will be changed in the first step by the match vlan lt 1 4094 gt command Step 4 Open Bridge Configuration mode using the bridge command Step 5 Add the classified packet to VLAN members of the VLAN ID that will be changed Sample Configuration Sample Configuration 1 Configuring Port based VLAN The following is assigning br2 br3 and br4 to port 2 port 3 and port 4 SWITCH bridge vlan create br2 SWITCH bridge vlan create br SWITCH bridge vlan create br4 SWITCH bridge vlan del default 2 4 SWITCH bridge vlan add br2 2 untagged SWITCH bridge vlan add br3 3 untagged SWITCH bridge vlan add br3 3 untagged SMC7824M VSW Management Guide TigerAccess EE SMC7824M VSW CLI vlan pvid
445. when memory usage exceeds the threshold specified by user Also when memory usage falls below the threshold the trap message will be shown to notify it e cpu threshold is shown when CPU utilization exceeds the threshold specified by user Also when CPU load falls below the threshold trap message will be shown to notify it e port threshold is shown when the port traffic exceeds the threshold configured by user Also when port traffic falls below the threshold trap message will be shown e temp threshold is shown when the system temperature exceeds the thresh old con SMC7824M VSW Management Guide CLI TigerAccess EE figured by user Also when system temperature falls below the threshold trap mes sage will be shown e dhcp lease is shown when no more IP address is left in the DHCP pool Even if this occurs only in one DHCP pool of several pools this trap message will be shown e Tan module is shown when there is any status change of fan and module il The system is configured to send all the SNMP traps by default To enable the SNMP trap use the following command e e Se i Configures the system to send SNMP trap when SNMP snmp trap auth fail O A authentication is fail Configures the system to send SNMP trap when SNMP snmp trap cold start agent restarts snmp trap link up PORTS Configures the system to send SNMP trap when a port NODE is connected to network snmp trap link down PORTS Configures the system to
446. will be fulfilled if the construction and cabling is under taken in accordance with the manual and the documents listed there in e g mounting in structions cable lists where necessary account should be taken of project specific docu ments Deviations from the specifications or unstipulated changes during construction e g the use of cable types with lower screening values can lead to violation of the CE require ments In such case the conformity declaration is invalidated and the responsibility passes to those who have caused the deviations This is a class A product In a domestic environment this product may cause radio refer ence in which case the user may be required to take adequate measures 21 CLI 22 Management Guide TigerAccess EE System Overview The switch which is IP VDSL uses VDSL Very high data rate Digital Subscriber Line technologies so that users can be served voice communication and data communication at the same time through existing telephone line Since VDSL technology takes the tele phone line you do not need to install LAN line newly Therefore you can save the cost and provide advanced service for users in apartments buildings and hotels The switch supports maximum 100Mbps of upload and 100Mbps down load in case of Symmetric and up to 50 Mbps of upload and 100 Mbps of download or 10VLR Mbps of upload 50VLR Mbps of download in case of Asymmetric The switch offers 24 Port VDSL2 service int
447. will not be created because SWITCH A is blocked to 264 SMC7824M VSW Management Guide CLI TigerAccess EE SWITCH Band C In this state BPDU form root is transmitted to SWITCH B and C through SWITCH A To configure forwarding state of SWITCH A SWITCH A negotiates with SWITCH B and SWITCH C ROOT 3 Forwarding Switch A 7 wem _ 3 Negotiate between e Switch A and Switch B Sy Traffic Blocking Fig 8 19 Network Convergence of 802 1w 2 emm 3 Negotiate between Switch A and Switch C Switch B Switch C Switch D SWITCH B has only edge designated port Edge designated does not cause loop so it is defined in 802 1w to be changed to forwarding state Therefore SWITCH B does not need to block specific port to forwarding state of SWITCH A However since SWITCH C has a port connected to SWITCH D you should make blocking state of the port ROOT Switch A 4 Forwarding state 4 Forwarding stat Switch B Switch C a 4 Block to make Forwarding state of Switch A Switch D Fig 8 20 Network Convergence of 802 1w 3 SMC7824M VSW 265 CLI 266 8 3 2 4 8 3 3 Management Guide TigerAccess EE It is same with 802 1d to block the connection of SWITCH D and SWITCH C However 802 1w does not need any configured time to negotiate between switches to make for warding state of specific port So it is very fast progressed During progress to forwarding sta
448. x mdev 0 058 0 581 1 632 0 542 ms SWITCH When multiple IP addresses are assigned to the switch sometimes you need to verify the connection status between the specific IP address and network status In this case use the same process as ping test and then input the followings after ex tended commands It is possible to verify the connection between specific IP address and network using the following command The following is the information to use ping test for multiple IP addresses nn A ee Designates the address where the relative device should respond in Source address or interface l source ip address T f ice 0 The service filed of QoS Quality Of Service in Layer 3 application It e of service 0 is possible to designate the priority for IP Packet Decides whether Don t Fragment DB bit is applied to Ping packet or not Default is no If the user choose yes when the packets pass Set DF bit in IP header no through the segment compromised with the smaller data unit it pre vents the packet to be Fragment Therefore there could be error mes sage Data pattern 0xABCD Configures data pattern Default is OxABCD Tab 6 3 Options for Ping for Multiple IP Addresses 127 CLI 128 6 3 2 Management Guide TigerAccess EE SWITCH ping Protocol ip Target IP address 172 16 1 254 Repeat count 5 5 Datagram size 100 100 Timeout in seconds 2 2 Extended commands n
449. y To delete the created account use the following command ICI e O user del NAME Global Delete the created account To display a created account use the following command e e re Enable Global Shows a created account Bridge Security Level For the switch it is possible to configure the security level from O to 15 for a system ac count The level 15 as the highest level has a read write authority The administrator can configure from level O to level 14 The administrator decides which level user uses which commands in which level As the basic right from level O to level 14 it is possible to use exit and help command in Privileged EXEC View mode and it is not possible to access to Privileged EXEC Enable mode SMC7824M VSW Management Guide CLI TigerAccess EE To define the security level and its authority use the following command Command Description privilege view level lt 0 15 gt COMMAND all privilege enable level lt 0 15 gt COMMAND all privilege configure level lt 0 15 gt COMMAND all privilege interface level lt 0 15 gt COMMAND all privilege flow policer policy level lt 0 15 gt COMMAND all privilege bridge level lt 0 15 gt COMMAND all privilege rmon alarm level lt 0 15 gt COMMAND all privilege rmon event level lt 0 15 gt COMMAND all privilege rmon history level lt 0 15 gt COMMAND all privilege dhcp pool level lt 0 15 gt
450. y To specify an action to permit or deny an access to an IGMP group range use the follow ing command e e re IGMP permit deny Specifies an action for an IGMP group range rofile 371 CLI 372 Management Guide TigerAccess EE Enabling IGMP Filtering To enable IGMP filtering for a port a configured IGMP profile needs to be applied to the port To apply an IGMP profile to ports to enable IGMP filtering use the following command e e ees Applies an IGMP profile to ports PORTS port number 1 2147483647 IGMP profile number no ip igmp filter port PORTS Releases an applied IGMP profile ip igmp filter port PORTS profile lt 1 2147483647 gt Before enabling IGMP filtering please keep in mind the following restrictions e Plural IGMP profiles cannot be applied to a single port e IGMP snooping must be enabled before enabling IGMP filtering e To delete a created IGMP profile all ports where the profile applied must be released e IGMP filtering only supports IGMPv2 By the following command this switch can permit or deny the IGMP packets by referring to its DHCP snooping binding table This reference enables the system to permit IGMP messages only when the source IP address and MAC address of host have identified from the DHCP snooping binding table To permit discard IGMP packets for the hosts authorized by the DHCP snooping use the following command ip igmp filter port PORTS permit Adds
451. y to go to Boot Mode 0 Boots Step 2 To enable the MGMT interface to communicate with TFTP server you need to configure a proper IP address subnet mask and gateway on the interface 376 SMC7824M VSW Management Guide TigerAccess EE SMC7824M VSW CLI To configure an IP address use the following command e e See ip A B C D B Configures an IP address oot ip Shows a currently configured IP address To configure a subnet mask use the following command ze me See netmask A DCD Configures a subnet mask e g 255 255 255 0 Boot netmask Shows a currently configured subnet mask To configure a default gateway use the following command Sen re en gateway A DCD E Configures a default gateway oot gateway Shows a currently configured default gateway To display a configured IP address subnet mask and gateway use the following com mand ae a a currently configured IP address subnet mask 00 and gateway The configured IP address subnet mask and gateway on the MGMT interface are limited to the boot mode only The following is an example of configuring an IP address subnet mask and gateway on the MGMT interface in the boot mode Boot ip 10 27 41 83 Boot gt netmask 255 255 255 0 Boot gt gateway 10 27 41 254 Boot gt show IP 10 27 41 83 GATEWAY 110 27 41 254 NETMASK 12557255725590 MAC 00 dqd0 cb 00 0d 83 MAC1 ffef fef fefie RE EE Boot gt 377 CLI 378
Download Pdf Manuals
Related Search