Page 1
Page 2
Page 3
8+1 Managed Ethernet Switch
User's Manual
Release v1.13
Page 4
Table of Contents
CAUTION----------------------------------------------------------------------------------------------------------------------- VII
E
LECTRONIC EMISSION NOTICES ------------------------------------------------------------------------------------------ VII
CHAPTER 1. INTRODUCTION --------------------------------------------------------------------------------------------2
OVERVIEW OF 8+1 MANAGED ETHERNET SWITCH ------------------------------------------------------------------2
1-1.
CHECKLIST ----------------------------------------------------------------------------------------------------------------4
1-2.
1-3.
FEATURES -----------------------------------------------------------------------------------------------------------------4
VIEW OF 8+1 MANAGED ETHERNET SWITCH ------------------------------------------------------------------------5
1-4.
1-4-1. User Interfaces on the Front Panel (Button, LEDs and Plugs) --------------------------------------5
1-4-2. User Interfaces on the Rear Panel -------------------------------------------------------------------------7
1-5.
VIEW OF THE OPTIONAL MODULES ------------------------------------------------------------------------------------7
CHAPTER 2. INSTALLATION-------------------------------------------------------------------------------------------- 10
STAR TI NG 8+1 MANAGED ETHERNET SWITCH UP----------------------------------------------------------------- 10
2-1.
2-1-1. Hardware and Cable Installation --------------------------------------------------------------------------10
2-1-2. Cabling Requirements --------------------------------------------------------------------------------------- 11
2-1-2-1. Cabling Requirements for TP Ports---------------------------------------------------------------- 12
2-1-2-2. Cabling Requirements for 1000SX/1000LX/100FX Module --------------------------------- 12
2-1-2-3. Switch Cascading in Topology ---------------------------------------------------------------------- 14
2-1-3. Configuring the Management Agent of 8+1 Managed Ethernet Switch ------------------------ 18
2-1-3-1. Configuring the Management Agent of Switch through the Serial RS-232 Port ------- 19
2-1-3-2. Configuring Management Agent of Switch through Ethernet Port ------------------------- 21
2-1-4. IP Address Assignment -------------------------------------------------------------------------------------- 22
2-2.
TYPICAL APPLICATIONS ------------------------------------------------------------------------------------------------ 27
CHAPTER 3. BASIC CONCEPT AND MANAGEMENT-------------------------------------------------------- 29
WHAT’S THE ETHERNET ----------------------------------------------------------------------------------------------- 29
3-1.
MEDIA ACCESS CONTROL (MAC)------------------------------------------------------------------------------------ 32
3-2.
3-3.
FLOW CONTROL --------------------------------------------------------------------------------------------------------38
HOW DOES A SWITCH WORK?----------------------------------------------------------------------------------------- 41
3-4.
3-5.
SNMP ------------------------------------------------------------------------------------------------------------------- 44
SPANNING TREE PROTOCOL------------------------------------------------------------------------------------------ 53
3-6.
3-7.
VIRTUAL LAN----------------------------------------------------------------------------------------------------------- 65
GARP VLAN REGISTRATION PROTOCOL (GVRP) ---------------------------------------------------------------71
3-8.
LINK AGGREGATION ----------------------------------------------------------------------------------------------------76
3-9.
3-10.
IGMP SNOOPING----------------------------------------------------------------------------------------------------- 84
DYNAMIC HOST CONFIGURATION PROTOCOL (DHCP)---------------------------------------------------------- 89
3-11.
CHAPTER 4. OPERATION OF WEB-BASED MANAGEMENT ----------------------------------------------95
4-1.
WEB MANAGEMENT HOME OVERVIEW ------------------------------------------------------------------------------ 96
4-2.
PORT STATUS AND COUNTERS ------------------------------------------------------------------------------------- 100
4-2-1.Port Current Status ------------------------------------------------------------------------------------------ 100
4-2-2. Port Counters ------------------------------------------------------------------------------------------------ 104
4-2-3. Port Configuration------------------------------------------------------------------------------------------- 107
4-2-4. Port Mirror----------------------------------------------------------------------------------------------------- 109
4-2-5. Port Quality Statistic-----------------------------------------------------------------------------------------110
4-2-6. Port Quality Rule Setting ----------------------------------------------------------------------------------- 111
CONFIGURATION-------------------------------------------------------------------------------------------------------113
4-3.
4-3-1. System Configuration ---------------------------------------------------------------------------------------113
ii
Page 5
4-3-1-1. Username / Password Setting ---------------------------------------------------------------------114
4-3-1-2. IP Configuration----------------------------------------------------------------------------------------115
4-3-1-3. System Time Setting----------------------------------------------------------------------------------117
4-3-1-4. Location/Contact Setting---------------------------------------------------------------------------- 120
4-3-2. SNMP Configuration---------------------------------------------------------------------------------------- 122
4-3-3. Max. Packet Length Setting ------------------------------------------------------------------------------ 124
4-3-4. Broadcasting Suppression -------------------------------------------------------------------------------- 125
4-3-5. IGMP Snooping---------------------------------------------------------------------------------------------- 126
4-3-6. Misc. Feature Configuration ------------------------------------------------------------------------------ 128
4-3-7. Spanning Tree Configuration ----------------------------------------------------------------------------- 131
4-3-7-1. STP Status --------------------------------------------------------------------------------------------- 131
4-3-7-2. STP Configuration------------------------------------------------------------------------------------ 133
4-3-8. Port Trunking Configuration ------------------------------------------------------------------------------ 137
4-3-9. Filtering Configuration ------------------------------------------------------------------------------------- 144
4-3-10. VLAN Configuration--------------------------------------------------------------------------------------- 151
4-3-11. GVRP Configuration -------------------------------------------------------------------------------------- 160
4-3-12. 802.1x Configuration ------------------------------------------------------------------------------------- 167
4-3-13. Failover Configuration ------------------------------------------------------------------------------------ 185
4-3-14. Trap/Alarm Configuration-------------------------------------------------------------------------------- 187
4-3-15. Save Configuration---------------------------------------------------------------------------------------- 190
4-4. DIAGNOSTICS --------------------------------------------------------------------------------------------------------- 192
SHOW LOG DATA ----------------------------------------------------------------------------------------------------- 196
4-5.
4-6.
SOFTWARE UPGRADE ----------------------------------------------------------------------------------------------- 201
REBOOT --------------------------------------------------------------------------------------------------------------- 202
4-7.
4-8.
LOGOUT --------------------------------------------------------------------------------------------------------------- 203
CHAPTER 5. OPERATION OF MENU-DRIVEN CONSOLE -------------------------------------------------- 204
TEXT-BASED MENU-DRIVEN MANAGEMENT OVERVIEW --------------------------------------------------------- 205
5-1.
PORT STATUS AND COUNTER --------------------------------------------------------------------------------------- 208
5-2.
5-2-1.Port Current Status ------------------------------------------------------------------------------------------ 208
5-2-2. Port Counters ------------------------------------------------------------------------------------------------ 213
5-2-3. Port Configuration------------------------------------------------------------------------------------------- 216
5-2-4. Port Mirror----------------------------------------------------------------------------------------------------- 218
5-2-5. Port Quality Statistic---------------------------------------------------------------------------------------- 219
5-2-6. Port Quality Rule Setting ---------------------------------------------------------------------------------- 220
5-3.
CONFIGURATION------------------------------------------------------------------------------------------------------ 222
5-3-1. System Configuration -------------------------------------------------------------------------------------- 222
5-3-1-1. Create Username / Password --------------------------------------------------------------------- 223
5-3-1-2. Username / Password Setting -------------------------------------------------------------------- 224
5-3-1-3. IP Configuration--------------------------------------------------------------------------------------- 225
5-3-1-4. System Time Setting--------------------------------------------------------------------------------- 227
5-3-1-5. Location/Contact Setting---------------------------------------------------------------------------- 232
5-3-2. SNMP Configuration---------------------------------------------------------------------------------------- 234
5-3-3. Packet Length------------------------------------------------------------------------------------------------ 238
5-3-4. Broadcasting Suppression -------------------------------------------------------------------------------- 239
5-3-5. IGMP Snooping---------------------------------------------------------------------------------------------- 240
5-3-6. Spanning Tree Configuration ----------------------------------------------------------------------------- 242
5-3-6-1. STP State Setting------------------------------------------------------------------------------------- 242
5-3-6-2. STP Status --------------------------------------------------------------------------------------------- 243
5-3-6-3. STP Configuration------------------------------------------------------------------------------------ 245
iii
Page 6
5-3-7. Misc. Feature Configuration ------------------------------------------------------------------------------ 249
5-3-8. Port Trunking Configuration ------------------------------------------------------------------------------ 253
5-3-9. Filtering Configuration ------------------------------------------------------------------------------------- 261
5-3-10. VLAN Configuration--------------------------------------------------------------------------------------- 271
5-3-11. GVRP Configuration -------------------------------------------------------------------------------------- 281
5-3-12. 802.1x Configuration ------------------------------------------------------------------------------------- 288
5-3-13. Failover Configuration ------------------------------------------------------------------------------------ 303
5-3-14. Trap/Alarm Configuration-------------------------------------------------------------------------------- 305
5-3-15. Save Configuration---------------------------------------------------------------------------------------- 309
DIAGNOSTICS ----------------------------------------------------------------------------------------------------------311
5-4.
5-5.
SHOW LOG DATA ----------------------------------------------------------------------------------------------------- 315
SOFTWARE UPGRADE ----------------------------------------------------------------------------------------------- 320
5-6.
5-7.
REBOOT --------------------------------------------------------------------------------------------------------------- 321
LOGOUT --------------------------------------------------------------------------------------------------------------- 322
5-8.
6. MAINTENANCE --------------------------------------------------------------------------------------------------------- 323
6-1.
RESOLVING NO LINK CONDITION ----------------------------------------------------------------------------------- 323
6-2.
Q&A ------------------------------------------------------------------------------------------------------------------- 323
APPENDIX A TECHNICAL SPECIFICATIONS--------------------------------------------------------------------- 324
APPENDIX B NULL MODEM CABLE SPECIFICATIONS ------------------------------------------------------ 329
APPENDIX C MIB SPECIFICATIONS --------------------------------------------------------------------------------- 330
iv
Page 7
Revision History
Release Date Revision
1.13 09/01/2004 A1
v
Page 8
vi
Page 9
Caution
Circuit devices are sensitive to static electricity, which can damage their delicate electronics.
Dry weather conditions or walking across a carpeted floor may cause you to acquire a static
electrical charge.
To protect your device, always:
• Touch the metal chassis of your computer to ground the static electrical charge before
you pick up the circuit device.
• Pick up the device by holding it on the left and right edges only.
Electronic Emission Notices
Federal Communications Commission (FCC) Statement
This equipment has been tested and found to comply with the limits for a class A computing
device pursuant to Subpart J of part 15 of FCC Rules, which are designed to provide
reasonable protection against such interference when operated in a commercial environment.
European Community (CE) Electromagnetic Compatibility Directive
This equipment has been tested and found to comply with the protection requirements of
European Emission Standard EN55022/EN60555-2 and the Generic European Immunity
Standard EN50082-1.
EMC:
EN55022(1988)/CISPR-22(1985) class A
EN60555-2(1995) class A
EN60555-3
IEC1000-4-2(1995) 4K V CD, 8KV, AD
IEC1000-4-3(1995) 3V/m
IEC1000-4-4(1995) 1KV – (power line), 0.5KV – (signal line)
vii
Page 10
Page 11
About this user’s manual
In this user’s manual, it will not only tell you how to install and connect your network
system but also configure and monitor the 8+1 MANAGED ETHERNET SWITCH
through the built-in console and web by RS-232 serial interface and Ethernet ports
step-by-step. Many explanations in detail of hardware and software functions are
shown as well as the examples of the operation for web-based interface and textbased menu-driven console interface.
Overview of this user’s manual
Chapter 1 “Introduction” describes the features of 8+1 Managed
Ethernet Switch
Chapter 2 “Installation”
Chapter 3 “Operating Concept and Management”
Chapter 4 “Operation of Web-based Management”
Chapter 5 “Operation of Menu-driven Console”
Chapter 6 “Maintenance”
Publication date: September, 2004
Revision A1
1
Page 12
User Manual
1. Introduction
1-1. Overview of 8+1 Managed Ethernet Switch
8+1 MANAGED ETHERNET SWITCH, implemented 8 10/100Mbps TP+ 1
module slot supporting Gigabit and Fast Ethernet modules, is a standard switch that
meets all IEEE 802.3/u/x/z Gigabit, Fast Ethernet and Ethernet specifications. The
switch can be managed through RS-232 serial port via directly connection, or
through Ethernet port using Telnet or Web-based management unit, associated with
SNMP agent. With the SNMP agent, the network administrator can logon the switch
to monitor, configure and control each port’s activity in a friendly way. The overall
network management is enhanced and the network efficiency is also improved to
accommodate high bandwidth applications. In addition, 8+1 MANAGED
ETHERNET SWITCH features comprehensive and useful function such as QoS
(Quality of Service), Spanning Tree, VLAN, Port Trunking, Port Security,
SNMP/RMON and IGMP Snooping capability, Failover and Illegal Access Report via
the intelligent software. It is suitable for both metro-LAN and office application.
•
Key Features in the Device
QoS:
Support Quality of Service by the IEEE 802.1P standard. There are two
priority queue and packet transmission schedule using Weighted Round
Robin (WRR). User-defined weight classification of packet priority can be
based on Either a VLAN tag on packet or a user-defined port priority
Spanning Tree:
Support IEEE 802.1D, IEEE 802.1w (RSTP: Rapid Spanning Tree
Protocol) and IEEE 802.1s (MSTP: Multiple Spanning Tree Protocol)
standards.
VLAN:
Support Port-based VLAN, IEEE802.1Q Tag VLAN and IEEE802.1v
Protocol-based VLAN. Support 64 active VLANs and VLAN ID 1~4094.
Port Trunking:
Support static port trunking and port trunking with IEEE 802.3ad LACP.
Port Security:
Support allowed, denied forwarding and port security with MAC address.
SNMP/RMON
SNMP Agent: MIB-2 (RFC 1213)
Bridge MIB (RFC 1493)
RMON MIB (RFC 1757)-statistics Group 1,2,3,9
VLAN MIB (802.1Q)
Publication date: September, 2004
Revision A1
2
Page 13
User Manual
IGMP Snooping:
Support IGMP version 2 (RFC 2236): The function IGMP snooping is used
to establish the multicast groups to forward the multicast packet to the
member ports, and, in nature, avoid wasting the bandwidth while IP
multicast packets are running over the network.
Failover:
Support failover function to provide a backup link for an existed link. This
function is different from Link Aggregation (Trunking) and LACP. 8+1
MANAGED ETHERNET SWITCH provides up to 2 failover pairs.
Illegal Access Report:
Support Illegal Access Report function to display the unauthorized users
accessing the switch. If Allowed forwarding or Denied forwarding was
configured, Illegal Access Report starts recording which illegal user(s) try to
access.
There is one slot used for high-speed connection expansion; six optional
module types provided for the switch are listed below:
10/100/1000Base-T Gigabit Copper Module
1000Base-SX Gigabit Fiber Module
1000Base-LX/LHX/XD/ZX Gigabit Fiber Module, up to 70Km
100Base-FX 100Mbps Fiber Module, up to 100Km
100Base-FX Single Fiber WDM Module
1000Base-LX Single Fiber WDM Module
10/100/1000Base-T Gigabit Copper Module fully complies with IEEE
802.3/u/x/z Gigabit, Fast Ethernet specifications. 1000Base-SX/LX/LHX/XD/ZX
Gigabit Fiber Module is a Gigabit Ethernet port that fully complies with all IEEE
802.3z and 1000Base-SX/LX/LHX/XD/ZX standards. 100Base-FX Fiber Module is a
100Mbps Ethernet port that fully complies with all IEEE 802.3u and 100Base-FX
standards.
100Base-FX/1000Base-LX Single Fiber WDM Module is designed with an
optic Wavelength Division Multiplexing (WDM) technology that transports bidirectional full duplex signal over a single-strand fiber.
For upgrading firmware, please refer to the Section 4-6 or Section 5-6 for
more details. The switch will not stop operating while upgrading firmware and after
that, the configuration keeps unchanged.
Publication date: September, 2004
Revision A1
3
Page 14
User Manual
1-2. Checklist
Before you start installing the switch, verify that the package contains the following:
8 10/100Mbps TP+1 Slot Ethernet Switch
Module (optional)
Mounting Accessory (for 19" Rack Shelf)
This User's Manual in CD-ROM
AC Power Cord
RS-232 Cable
Please notify your sales representative immediately if any of the aforementioned
items is missing or damaged.
1-3. Features
The 8+1 MANAGED ETHERNET SWITCH, a standalone off-the-shelf switch,
provides the comprehensive features listed below for users to perform system
network administration and efficiently and securely serve your network.
Management
• Port Status, Counter and Configuration.
• Display the basic System Information on user interface.
• System configuration which includes administrator, guest users and IP address
relative to parameters and SNMP basic parameters.
• Maximal packet length can be up to 1536 bytes.
• Support Broadcasting Suppression to avoid power lost and recovery while a
bunch of converter boxes register to NMS simultaneously.
• The trap events/alarm can be sent via e-mail and mobile phone short message.
• A configured setting can be saved into the on-board flash memory. And the
current setting can be recovered from the default setting or the previous
configured setting via Restore User Configuration.
• On-board diagnostics function can let administrator know the hardware status.
• On-board firmware can be updated via TFTP function.
• The Advanced Managed Ethernet Switch allows administrator to reboot system
from management station.
• The Advanced Managed Ethernet Switch will log the last 60 records in the main
memory and display on the local console. And the converter will send out the
record message while fiber connection recovered.
Publication date: September, 2004
Revision A1
4
Page 15
1-4. View of 8+1 Managed Ethernet Switch
User Manual
Fig. 1-1 Full View of 8 +1 Managed Ethernet Switch
1-4-1. User Interfaces on the Front Panel (Button, LEDs and Plugs)
There are 8 TP Fast Ethernet ports and 1 optional module on the front panel
of 8+1 MANAGED ETHERNET SWITCH. LED displays, locating on the left side of
the panel, contains a Power LED which indicates the status of 8+1 MANAGED
ETHERNET SWITCH power and 8 sets of port status LED.
TP Port Status
Indication LEDs
Optional Slot
RESET Button:
RESET button is used to reset the whole system
Power Indication LED TP Cable Plug
Fig. 1-2 Front View of 8 +1 Managed Ethernet Switch
Publication date: September, 2004
5
Revision A1
Page 16
User Manual
• LED Indicators
LED Color Function
System LED
POWER Green Lit when AC power is on and good
10/100Mbps Ethernet TP Port 1 to 8 LED
Lit when connection with remote device is good
LNK/ACT Green
100Mbps Green
FDX/COL Amber
10/100/1000Mbps Gigabit TP Module LED
LNK Green
1000 Green
ACT Green
FDX Green
100FX 100Mbps Fiber/Single Fiber WDM Module LED
LNK/ACT Green
100Mbps Green Lit when 100Mbps speed is active
FDX Amber
1000SX/1000LX Gigabit Fiber/Single Fiber WDM Module LED
LNK/ACT Green
Blinks when any traffic is present
Off when cable connection is not good
Lit when 100Mbps speed is active
Off when 10Mbps speed is active
Lit when full-duplex mode is active
Blinks when any collision is present
Lit when connection with remote device is good
Off when cable connection is not good
Lit green when 1000Mbps speed is active
Off when 10Mbps/100Mbps speed is active
Blinks when any traffic is present
Off when any traffic is not present
Lit when full-duplex mode is active
Off when half-duplex mode is active
Blinks when any collision is present
Lit when connection with remote device is good
Off when cable connection is not good
Blinks when any traffic is present
Lit when full-duplex mode is active
Off when half-duplex mode is active
Blinks when collision is present
Lit when connection with the remote device is good
Off when module and cable connection is not good
Blinks when any traffic is present
Publication date: September, 2004
Revision A1
Table1-1
6
Page 17
User Manual
1-4-2. User Interfaces on the Rear Panel
There is one fan on the left side for cooling, one 100-240V 50-60 Hz AC Plug
and a RS-232 DB-9 interface for configuration or management.
RS-232 DB-9
Fig. 1-3 Rear View of 8 +1 Managed Ethernet Switch
1-5. View of the Optional Modules
There are many types of module supported in 8+1 MANAGED ETHERNET
SWITCH. For TP type, only Gigabit port is supported. For fiber type, the switch
supports both 100Mbps fiber module and Gigabit fiber module with different meters,
including multi-mode fiber and single-mode fiber, and connection types, such as SC,
ST, LC, BiDi-LC, BiDi-SC and so on.
AC Line 100-240V 50-60 Hz
Fig. 1-4 Front View of 10/100/1000Base-T Gigabit Copper Module
Supports one Gigabit TP port
•
• Supports 10/100/1000Mbps with full duplex for 1000Mbps, full/half for 100Mbps
and 10Mbps
• Supports category 5e or higher grade cable up to 100 meters
Publication date: September, 2004
Revision A1
7
Page 18
User Manual
•
Supports one Gigabit Fiber SC port
• Supports full duplex for 1000Mbps
• Supports Single/Multi-mode Fiber Cable
• Supports one 100Base-FX Fiber SC port
• Supports full/half duplex for 100Mbps
• Supports Single-mode Fiber Cable
Fig. 1-5 Front View of 1000Base-SX/LX/LHX/XD/ZX Gigabit Fiber Module
Fig. 1-6 Front View of 100Base-FX 100Mbps Fiber Module
Fig. 1-7 Front View of 100Base-FX Single Fiber WDM Module
• Supports one 100Base-FX Fiber SC port
• Supports full/half duplex for 100Mbps
• Supports Single-mode and Single wire Fiber Cable
Publication date: September, 2004
Revision A1
8
Page 19
Fig. 1-8 Front View of 1000Base-LX Single Fiber WDM Module
• Supports one Gigabit Fiber SC port
• Supports full duplex for 1000Mbps
• Supports Single-mode and Single wire Fiber Cable
User Manual
Publication date: September, 2004
Revision A1
9
Page 20
User Manual
2. Installation
2-1. Starting 8+1 Managed Ethernet Switch Up
This section will give users a quick start for:
- Hardware and Cable Installation
- Management Station Installation
- Software booting and configuration
2-1-1. Hardware and Cable Installation
At the beginning, please do first:
⇒ Wear a grounding device to avoid the damage from electrostatic discharge
⇒ Verify that the AC-DC adapter conforms to your country AC power requirement
and then insert the power plug
• Installing Optional Modules to the 8+1 Managed Ethernet Switch
Note: If you have no modules, please skip this section.
• Connecting the Module to the Chassis:
The optional modules are hot-swappable, so you can plug or unplug it before or
after powering on.
1. Unscrew and remove the vacant slot dummy panel
Fig. 2-1 Installation of Optional Modules
2. Verify that the module is the right model and conforms to the chassis
3. Slide the module along two guides in the slot and fasten the thumb knob.
Also be sure that the module is properly seated against the slot socket/
connector
Publication date: September, 2004
Revision A1
10
Page 21
User Manual
4. Install the media cable for network connection
5. Repeat the above steps, as needed, for each module to be installed into
slot(s)
• TP Port and Cable Installation
⇒ In 8+1 MANAGED ETHERNET SWITCH, TP port supports MDI/MDI-X auto-
crossover, so both types of cable, straight-through (Cable pin-outs for RJ-45
jack 1, 2, 3, 6 to 1, 2, 3, 6 in 10/100M TP; 1, 2, 3, 4, 5, 6, 7, 8 to 1, 2, 3, 4, 5, 6,
7, 8 in Gigabit TP) and crossed-over (Cable pin-outs for RJ-45 jack 1, 2, 3, 6 to
3, 6, 1, 2) can be used. It means you do not have to tell from them, just plug it.
⇒ Use Cat. 5 grade RJ-45 TP cable to connect to a TP port of the switch and the
other end is connected to a network-aware device such as a workstation or a
server.
⇒ Repeat the above steps, as needed, for each RJ-45 port to be connected to a
10/100Base-TX, or Gigabit 10/100/1000 TP device.
Now, you can start having 8+1 MANAGED ETHERNET SWITCH in operation.
• Power On
The switch supports 100-240 VAC, 50-60 Hz power supply. The power
supply will automatically convert the local AC power source to DC power. It does not
matter whether any connection plugged into the switch or not when power on, even
modules as well. After the power is on, all LED indicators will light up immediately
and then all off except for the power LED still keeps on. This represents a reset of
the system.
• Firmware Loading
After resetting, the bootloader will load the firmware into the memory. It will
take about 30 seconds, after that, the switch will flash all the LED once and
automatically performs self-test and is in ready state.
2-1-2. Cabling Requirements
To help ensure a successful installation and keep the network performance
good, please take a care on the cabling requirement. Cables with worse
specification will render the LAN to work poorly.
Publication date: September, 2004
Revision A1
11
Page 22
User Manual
2-1-2-1. Cabling Requirements for TP Ports
⇒ For Fast Ethernet TP network connection
The grade of the cable must be Cat. 5 or Cat. 5e with a maximum length of
100 meters.
⇒ Gigabit Ethernet TP network connection
The grade of the cable must be Cat. 5 or Cat. 5e with a maximum length of
100 meters. Cat. 5e is recommended.
2-1-2-2. Cabling Requirements for 1000SX/1000LX/100FX Module
It is more complex and comprehensive contrast to TP cabling in the fiber
media. Basically, there are two categories of fiber, including multi mode (MM) and
single mode (SM). The later is categorized into several classes by the distance it
supports. They are SX, LX, LHX, XD and ZX. From the viewpoint of connector type,
there mainly are SC, ST, LC and VF45.
Module Description
Gigabit TP module
Gigabit Fiber with multi-mode SC module
Gigabit Fiber with single-mode SC module
100Base-FX Fiber with multi-mode SC module
100Base-FX Fiber with single-mode SC module
100Base-FX Fiber with WDM SC 1310nm module
100Base-FX Fiber with WDM SC 1550nm module
Gigabit Fiber with WDM SC 1310nm module
Gigabit Fiber with WDM SC 1550nm module
Table2-1
Publication date: September, 2004
Revision A1
12
Page 23
The following table lists the types of fiber that we supports and those else not
listed here are available upon request.
Multi-mode Fiber Cable and Modal Bandwidth
User Manual
1000Base-SX
850nm
1000BaseLX/LHX/XD/ZX
100Base-FX
1310nm Fiber
Module Models
100Base-FX
Single Fiber
WDM Module
Multi-mode 62.5/125µm Multi-mode 50/125µm
Modal
Bandwidth
160MHz-Km 220m 400MHz-Km 500m
200MHz-Km 275m 500MHz-Km 550m
0SC.212.10/30/50Km
Single-mode Fiber 9/125µm
Single-mode transceiver 1310nm 10Km
Single-mode transceiver 1550nm 30, 50Km
0SC.211.20/40/60/80Km single mode
ST/SC multi-mode 2Km
VF-45 multi-mode 2Km
MT-RJ multi-mode 2Km, single-mode 15Km
Single-Mode
Single-Mode
Distance
*20Km
*20Km
Modal
Bandwidth
TX(Transmit) 1310nm
RX(Receive) 1550nm
TX(Transmit) 1550nm
RX(Receive) 1310nm
Distance
Single-Mode
1000Base-LX
Single Fiber
WDM Module
* : Default Module
*20Km
Single-Mode
*20Km
Table2-2
13
TX(Transmit) 1310nm
RX(Receive) 1550nm
TX(Transmit) 1550nm
RX(Receive) 1310nm
Publication date: September, 2004
Revision A1
Page 24
User Manual
2-1-2-3. Switch Cascading in Topology
• Takes the Delay Time into Account
Theoretically, the switch partitions the collision domain for each port in switch
cascading that you may up-link the switches unlimitedly. In practice, the network
extension (cascading levels & overall diameter) must follow the constraint of the
IEEE 802.3/802.3u/802.3z and other 802.1 series protocol specifications, in which
the limitations are the timing requirement from physical signals defined by 802.3
series specification of Media Access Control (MAC) and PHY, and timer from some
OSI layer 2 protocols such as 802.1d, 802.1q, LACP and so on.
The fiber, TP cables and devices’ bit-time delay (round trip) are as follows:
1000Base-X TP, Fiber 100Base-TX TP 100Base-FX Fiber
Round trip Delay: 4096 Round trip Delay: 512
Cat. 5 TP Wire: 11.12/m
Fiber Cable : 10.10/m
Bit Time unit : 1ns (1sec./1000 Mega bit)
Cat. 5 TP Wire: 1.12/m Fiber Cable: 1.0/m
TP to fiber Converter: 56
Bit Time unit: 0.01µs (1sec./100 Mega bit)
Table 2-3
Sum up all elements’ bit-time delay and the overall bit-time delay of wires/devices
must be within Round Trip Delay (bit times) in a half-duplex network segment
(collision domain). For full-duplex operation, this will not be applied. You may use
the TP-Fiber module to extend the TP node distance over fiber optic and provide the
long haul connection.
100Base-FX Fiber module: Single-mode up to 20Km
1000Base-SX Fiber module: Multi-mode up to 220/275/500/550m by fiber
type option
1000Base-LX Fiber module: Single-mode up to 10Km
1000Base-LHX Fiber module: Single-mode up to 30Km
1000Base-ZX Fiber module: Single-mode up to 50Km
Publication date: September, 2004
Revision A1
14
Page 25
User Manual
• Typical Network Topology in Deployment
A hierarchical network with minimum levels of switch may reduce the timing
delay between server and client station. Basically, with this approach, it will
minimize the number of switches in any one path; will lower the possibility of
network loop and will improve network efficiency. If more than two switches are
connected in the same network, select one switch as Level 1 switch and connect all
other switches to it at Level 2. Server/Host is recommended to connect to the Level
1 switch. This is general if no VLAN or other special requirements are applied.
Case1: All switch ports are in the same local area network. Every port can access
each other (See Fig. 2-2).
Fig. 2-2 No VLAN Configuration Diagram
If VLAN is enabled and configured, each node in the network that can
communicate each other directly is bounded in the same VLAN area. Here VLAN
area is defined by what VLAN, port-based VLAN or tag-based VLAN, you are using.
They are different in practical deployment, especially in physical location. The
following diagrams show how they work and the difference between them.
Case2a: Port-based VLAN (See Fig.2-3).
Fig. 2-3 Port-based VLAN Diagram
1. The same VLAN members could not be in different switches.
2. Every VLAN members could not access VLAN members each other.
3. The switch manager has to assign different names for each VLAN groups
at one switch.
15
Publication date: September, 2004
Revision A1
Page 26
User Manual
Case 2b: Port-based VLAN (See Fig.2-4).
Fig. 2-4 Port-based VLAN Diagram
1. VLAN1 members could not access VLAN2, VLAN3 and VLAN4 members.
2. VLAN2 members could not access VLAN1 and VLAN3 members, but they could
access VLAN4 members.
3. VLAN3 members could not access VLAN1, VLAN2 and VLAN4.
4. VLAN4 members could not access VLAN1 and VLAN3 members, but they could
access VLAN2 members.
Case 2c: Use Port-based VLAN to centralize all ports for uplinking to Internet
(See Fig.2-5).
Switch 1 Switch 2
1. Port 1~8 are individually independent VLANs with different VLAN group names
defined by network manager on the same switch.
2. Uplink Port 9 belongs to all VLANs on a switch at the same time. For example,
VLAN1: (Port1, Port9), VLAN2: (Port2, Port9).
3. Use Port 9 as Uplink port to connect with the Internet.
Publication date: September, 2004
Revision A1
Fig. 2-5 Port-based VLAN Diagram
16
Page 27
User Manual
Case3a: The same VLAN members can be at different switches with the same VID
(See Fig. 2-6).
Fig. 2-6 Tag -based VLAN Diagram
Case 3b: Use attribute-based VLAN to centralize all ports for uplinking to Internet
(See Fig.2-7).
Fig. 2-7 Tag-based VLAN Diagram
1. Port 1~8 are individually independent VLANs with different VLAN group names
defined by network manager on the same switch.
2. Uplink Port 9 belongs to all VLANs on a switch at the same time. For example,
VLAN1: (Port1, Port9), VLAN2: (Port2, Port9).
3. Use Port 9 as Uplink port to connect with the Internet.
17
Publication date: September, 2004
Revision A1
Page 28
User Manual
2-1-3. Configuring the Management Agent of 8+1 Managed Ethernet
Switch
We offer you three ways to startup the 8+1 MANAGED ETHERNET SWITCH
management function. They are RS-232 console, Telnet console, and Web. Users
can use any one of them to monitor and configure the switch. You can touch them
through the following procedures.
Section 2-1-3-1: Configuring Management agent through RS-232 Port of the switch
Section 2-1-3-2: Configuring Management agent through Ethernet Port of the switch
Note: Please first modify the IP address, Subnet mask, Default gateway and DNS
through RS-232 console, and then do the next.
Publication date: September, 2004
Revision A1
18
Page 29
User Manual
r
2-1-3-1. Configuring the Management Agent of Switch through the Serial
RS-232 Port
To perform the configuration through RS-232 console port, the switch’s serial
port must be directly connected to a DCE device, for example, a PC, through
RS-232 cable with DB-9 connector. Next, run a terminal emulator with the default
setting of the switch’s serial port. With this, you can communicate with the switch.
In the switch, RS-232 interface only supports baud rate 57.6k bps with 8 data
bits, 1 stop bit, no parity check and no flow control.
RS-232 DB-9 Connector
AC Line 100-240V 50/60 Hz
RS-232 cable with female
DB-9 connector at both ends
To configure the switch, please follow the procedures below:
1. Find the RS-232 DB-9 cable with female DB-9 connector bundled.
Normally, it just uses pins 2, 3 and 7. See also Appendix B for more
details on Null Modem Cable Specifications.
2. Attaches the DB-9 female cable connector to the male serial RS-232
DB-9 connector on the Advanced Managed Ethernet Switch.
3. Attaches the other end of the serial RS-232 DB-9 cable to PC’s serial
port, running a terminal emulator supporting VT100/ANSI terminal with
the switch’s serial port default settings. For example,
Windows98/2000/XP HyperTerminal utility.
Note: The switch’s serial port default settings are listed as follows:
Baud rate 57600
Stop bits 1
Data bits 8
Parity N
Flow control none
4. When you complete the connection, then press <Enter> key. The login
prompt will be shown on the screen. The default username and
password are shown as below:
RS-232
8+1 MANAGED ETHERNET SWITCH
Default IP Setting:
IP address = 192.168.1.1
Subnet Mask = 255.255.255.0
Default Gateway = 192.168.1.254
Terminal or Terminal Emulato
Fig. 2-8
Username = admin Password = admin
19
Publication date: September, 2004
Revision A1
Page 30
User Manual
• Set IP Address, Subnet Mask and Default Gateway IP Address.
Please refer to Fig. 2-8 Console Management for details about ex-factory
setting. They are default setting of IP address. You can first either configure your PC
IP address or change IP address of the switch, next to change the IP address of
default gateway and subnet mask.
For example, your network address is 10.1.1.1, and subnet mask is
255.255.255.0. You can change the switch’s default IP address 192.168.1.1 to
10.1.1.1 and set the subnet mask to be 255.255.255.0. Then, choose your default
gateway, may be it is 10.1.1.254.
8+1 MANAGED ETHERNET SWITCH Your Network Setting
IP Address
Subnet
Default Gateway
After completing these settings in the switch, it will reboot to have the
configuration taken effect. After this step, you can operate the management through
the network, no matter it is from a web browser or Network Management System
(NMS).
192.168.1.1 10.1.1.1
255.255.255.0 255.255.255.0
192.168.1.254 10.1.1.254
Table 2-4
Publication date: September, 2004
Revision A1
Fig. 2-9 the Login Screen for Console
20
Page 31
User Manual
2-1-3-2. Configuring Management Agent of Switch through Ethernet Port
There are three ways to configure and monitor the switch through the
switch’s Ethernet port. They are Telnet, Web browser and SNMP manager. The user
interface for the last one is NMS dependent and does not cover here. We just
introduce the first two types of management interface.
Telnet console for the switch is a text-based menu-driven interface in a highly
friendly way, and web-based UI as well.
Fig. 2-10
• Managing the switch through Ethernet port
Before you communicate with the Switch, you have to finish first the
configuration of the IP address or to know the IP address of the switch. Then, follow
the procedures listed below.
1. Set up a physical path between the configured the switch and a PC by a
qualified UTP Cat. 5 cable with RJ-45 connector.
8+1 Managed Ethernet Switch
Default IP Setting:
IP = 192.168.1.1
Subnet Mask = 255.255.255.0
Default Gateway = 192.168.1.254
Assign a reasonable IP address,
Ethernet LAN
For example:
IP = 192.168.1.100
Subnet Mask = 255.255.255.0
Default Gateway = 192.168.1.254
Note: If PC directly connects to the switch, you have to setup the same
subnet mask between them. But, subnet mask may be different for
the PC in the remote site. Please refer to Fig. 2-10 about the
Managed Switch default IP address information.
2. Run telnet or web browser and follow the menu. Please refer to Chapter 4
and Chapter 5.
21
Publication date: September, 2004
Revision A1
Page 32
User Manual
Fig. 2-11 the Login Screen for Web
2-1-4. IP Address Assignment
For IP address configuration, there are three parameters needed to be filled
in. They are IP address, Subnet Mask, Default Gateway and DNS.
IP address:
The address of the network device in the network is used for internetworking
communication. Its address structure looks is shown in the Fig. 2-12. It is “classful”
because it is split into predefined address classes or categories.
Each class has its own network range between the network identifier and
host identifier in the 32 bits address. Each IP address comprises two parts: network
identifier (address) and host identifier (address). The former indicates the network
where the addressed host resides, and the latter indicates the individual host in the
network which the address of host refers to. And the host identifier must be unique
in the same LAN. Here the term of IP address we used is version 4, known as IPv4.
32 bits
Network identifier Host identifier
Fig. 2-12 IP address structure
Publication date: September, 2004
Revision A1
22
Page 33
User Manual
With the classful addressing, it divides IP address into three classes, class A,
class B and class C. The rest of IP addresses are for multicast and broadcast. The
bit length of the network prefix is the same as that of the subnet mask and is
denoted as IP address/X, for example, 192.168.1.0/24. Each class has its address
range described below.
Class A:
Address is less than 126.255.255.255. There are a total of 126 networks can
be defined because the address 0.0.0.0 is reserved for default route and
127.0.0.0/8 is reserved for loopback function.
Bit # 0 1 7 8 31
0
Network address Host address
Class B:
IP address range between 128.0.0.0 and 191.255.255.255. Each class B
network has a 16-bit network prefix followed 16-bit host address. There are 16,384
(2^14)/16 networks able to be defined with a maximum of 65534 (2^16 –2) hosts
per network.
Bit # 01 2 15 16 31
10
Network address Host address
Class C:
IP address range between 192.0.0.0 and 223.255.255.255. Each class C
network has a 24-bit network prefix followed 8-bit host address. There are
2,097,152 (2^21)/24 networks able to be defined with a maximum of 254 (2^8 –2)
hosts per network.
Bit # 0 1 2 3 23 24 31
110
Network address Host address
Publication date: September, 2004
23
Revision A1
Page 34
User Manual
t
N
k
Class D and E:
Class D is a class with first 4 MSB (Most significance bit) set to 1-1-1-0 and
is used for IP Multicast. See also RFC 1112. Class E is a class with first 4 MSB set
to 1-1-1-1 and is used for IP broadcast.
According to IANA (Internet Assigned Numbers Authority), there are three
specific IP address blocks reserved and able to be used for extending internal
network. We call it Private IP address and list below:
Class A 10.0.0.0 --- 10.255.255.255
Class B 172.16.0.0 --- 172.31.255.255
Class C 192.168.0.0 --- 192.168.255.255
Please refer to RFC 1597 and RFC 1466 for more information.
Subnet mask:
It means the sub-division of a class-based network or a CIDR block. The
subnet is used to determine how to split an IP address to the network prefix and the
host address in bitwise basis. It is designed to utilize IP address more efficiently and
ease to manage IP network.
For a class B network, 128.1.2.3, it may have a subnet mask 255.255.0.0 in
default, in which the first two bytes is with all 1s. This means more than 60
thousands of nodes in flat IP address will be at the same network. It’s too large to
manage practically. Now if we divide it into smaller network by extending network
prefix from 16 bits to, say 24 bits, that’s using its third byte to subnet this class B
network. Now it has a subnet mask 255.255.255.0, in which each bit of the first
three bytes is 1. It’s now clear that the first two bytes is used to identify the class B
network, the third byte is used to identify the subnet within this class B network and,
of course, the last byte is the host number.
Not all IP address is available in the sub-netted network. Two special
addresses are reserved. They are the addresses with all zero’s and all one’s host
number. For example, an IP address 128.1.2.128, what IP address reserved will be
looked like? All 0s mean the network itself, and all 1s mean IP broadcast.
10000000.00000001.00000010.1 0000000
Publication date: September, 2004
Revision A1
etwor
25 bits
All 0s = 128.1.2.128
All 1s= 128.1.2.255
24
Subne
1 0000000
1 1111111
Page 35
User Manual
In this diagram, you can see the subnet mask with 25-bit long,
255.255.255.128, contains 126 members in the sub-netted network. Another is that
the length of network prefix equals the number of the bit with 1s in that subnet mask.
With this, you can easily count the number of IP addresses matched. The following
table shows the result.
Prefix Length No. of IP matched No. of Addressable IP
/32
1 -
/31
/30
/29
/28
/27
/26
/25
/24
/23
/22
/21
/20
/19
/18
/17
2 -
4 2
8 6
16 14
32 30
64 62
128 126
256 254
512 510
1024 1022
2048 2046
4096 4094
8192 8190
16384 16382
32768 32766
/16
65536 65534
Table 2-5
According to the scheme above, a subnet mask 255.255.255.0 will partition a
network with the class C. It means there will have a maximum of 254 effective
nodes existed in this sub-netted network and is considered a physical network in an
autonomous network. So it owns a network IP address which may looks like
168.1.2.0.
With the subnet mask, a bigger network can be cut into small pieces of
network. If we want to have more than two independent networks in a working net, a
partition to the network must be performed. In this case, subnet mask must be
applied.
Publication date: September, 2004
Revision A1
25
Page 36
User Manual
For different network applications, the subnet mask may look like
255.255.255.240. This means it is a small network accommodating a maximum of
15 nodes in the network.
Default gateway:
For the routed packet, if the destination is not in the routing table, all the
traffic is put into the device with the designated IP address, known as default router.
Basically, it is a routing policy.
For assigning an IP address to the switch, you just have to check what the IP
address of the network will be connected with the switch. Use the same network
address and append your host address to it.
Fig. 2-13
First, IP Address: as shown in the Fig. 2-13, enter “192.168.1.1”, for instance.
For sure, an IP address such as 192.168.1.x must be set on your PC.
Second, Subnet Mask: as shown in the Fig. 2-13, enter “255.255.255.0”. Any
subnet mask such as 255.255.255.x is allowable in this case.
DNS:
The Domain Name Server translates human readable machine name to IP
address. Every machine on the Internet has a unique IP address. A server generally
has a static IP address. To connect to a server, the client needs to know the IP of
the server. However, user generally uses the name to connect to the server. Thus,
the RC-2201 DNS client program (such as a browser) will ask the DNS to resolve
the IP address of the named server.
Publication date: September, 2004
Revision A1
26
Page 37
User Manual
2-2. Typical Applications
8+1 Managed Ethernet Switch implements 8 Fast Ethernet TP ports with
auto MDIX,
module supported comprehensive fiber types of connection, including SC/ST, MTRJ, VF-45, LC, BiDi-LC and BiDi-SC as well as Gigabit TP module. For more details
on the specification of the switch, please refer to Appendix A.
Remote site application is used in carrier or ISP (See Fig. 2-14)
Peer-to-peer application is used in two remote offices (See Fig. 2-15)
Office network(See Fig. 2-16)
1 module slot supporting Gigabit and Fast Ethernet slot for removable
8+1 MANAGED ETHERNET SWITCH is suitable for the following applications.
Central Site
Fig. 2-14 Network Connection between Remote Site and Central Site
Fig. 2-14 is a system wide basic reference connection diagram. This diagram
demonstrates how this switch connects with other network devices and hosts.
27
Publication date: September, 2004
Revision A1
Page 38
User Manual
Fig. 2-15 Peer-to-peer Network Connection
Publication date: September, 2004
Revision A1
Fig. 2-16 Office Network Connection
28
Page 39
User Manual
3. Basic Concept and
Management
This chapter will tell you the basic concept of features to manage this switch
and how they work.
3-1. What’s the Ethernet
Ethernet originated and was implemented at Xerox in Palo Alto, CA in 1973
and was successfully commercialized by Digital Equipment Corporation (DEC), Intel
and Xerox (DIX) in 1980. In 1992, Grand Junction Networks unveiled a new high
speed Ethernet with the same characteristic of the original Ethernet but operated at
100Mbps, called Fast Ethernet now. This means Fast Ethernet inherits the same
frame format, CSMA/CD, software interface. In 1998, Gigabit Ethernet was rolled
out and provided 1000Mbps. Now 10G/s Ethernet is under approving. Although
these Ethernet have different speed, they still use the same basic functions. So they
are compatible in software and can connect each other almost without limitation.
The transmission media may be the only problem.
Fig. 3-1 IEEE 802.3 reference model vs. OSI reference mode
In Fig. 3-1, we can see that Ethernet locates at the Data Link layer and
Physical layer and comprises three portions, including logical link control (LLC),
media access control (MAC), and physical layer. The first two comprises Data link
layer, which performs splitting data into frame for transmitting, receiving
acknowledge frame, error checking and re-transmitting when not received correctly
as well as provides an error-free channel upward to network layer.
29
Publication date: September, 2004
Revision A1
Page 40
User Manual
Data
Link
Layer
IEEE802.3 CSMA/CD MAC
IEEE 802.2 LLC
Physical
Layer
IEEE 802.3 PLS
IEEE 802.3
MAU
ANSI X3T9.5 PMD
CS
MII
Coaxial/STP/UTP
Fiber
This above diagram shows the Ethernet architecture, LLC sub-layer and
MAC sub-layer, which are responded to the Data Link layer, and transceivers, which
are responded to the Physical layer in OSI model. In this section, we are mainly
describing the MAC sub-layer.
Logical Link Control (LLC)
Data link layer is composed of both the sub-layers of MAC and MAC-client.
Here MAC client may be logical link control or bridge relay entity.
Logical link control supports the interface between the Ethernet MAC and
upper layers in the protocol stack, usually Network layer, which is nothing to do with
the nature of the LAN. So it can operate over other different LAN technology such
as Token Ring, FDDI and so on. Likewise, for the interface to the MAC layer, LLC
defines the services with the interface independent of the medium access
technology and with some of the nature of the medium itself.
Publication date: September, 2004
Revision A1
30
Page 41
User Manual
Table 3-1 LLC Format
The table 3-1 is the format of LLC PDU. It comprises four fields, DSAP, SSAP,
Control and Information. The DSAP address field identifies the one or more service
access points, in which the I/G bit indicates it is individual or group address. If all bit
of DSAP is 1s, it’s a global address. The SSAP address field identifies the specific
services indicated by C/R bit (command or response). The DSAP and SSAP pair
with some reserved values indicates some well-known services listed in the table
below.
0xAAAA SNAP
0xE0E0 Novell IPX
0xF0F0 NetBios
0xFEFE IOS network layer PDU
0xFFFF Novell IPX 802.3 RAW packet
0x4242 STP BPDU
0x0606 IP
0x9898 ARP
Table 3-2
LLC type 1 connectionless service, LLC type 2 connection-oriented service
and LLC type 3 acknowledge connectionless service are three types of LLC frame
for all classes of service. In Fig 3-2, it shows the format of Service Access Point
(SAP). Please refer to IEEE802.2 for more details.
31
Publication date: September, 2004
Revision A1
Page 42
User Manual
Fig. 3-2 SAP Format
3-2. Media Access Control (MAC)
MAC Addressing
Because LAN is composed of many nodes, for the data exchanged among
these nodes, each node must have its own unique address to identify who should
send the data or should receive the data. In OSI model, each layer provides its own
mean to identify the unique address in some form, for example, IP address in
network layer.
The MAC is belonged to Data Link Layer (Layer 2), the address is defined to
be a 48-bit long and locally unique address. Since this type of address is applied
only to the Ethernet LAN media access control (MAC), they are referred to as MAC
addresses.
The first three bytes are Organizational Unique Identifier (OUI) code
assigned by IEEE. The last three bytes are the serial number assigned by the
vendor of the network device. All these six bytes are stored in a non-volatile
memory in the device. Their format is as the following table and normally written in
the form as aa-bb-cc-dd-ee-ff, a 12 hexadecimal digits separated by hyphens, in
which the aa-bb-cc is the OUI code and the dd-ee-ff is the serial number assigned
by manufacturer.
Publication date: September, 2004
Revision A1
32
Page 43
User Manual
Bit 47 bit 0
1st byte 2nd byte 3rd byte 4th byte 5th byte 6th byte
OUI code Serial number
Table 3-3 Ethernet MAC address
The first bit of the first byte in the Destination address (DA) determines the
address to be a Unicast (0) or Multicast frame (1), known as I/G bit indicating
individual (0) or group (1). So the 48-bit address space is divided into two portions,
Unicast and Multicast. The second bit is for global-unique (0) or locally-unique
address. The former is assigned by the device manufacturer, and the later is usually
assigned by the administrator. In practice, global-unique addresses are always
applied.
A unicast address is identified with a single network interface. With this
nature of MAC address, a frame transmitted can exactly be received by the target
an interface the destination MAC points to.
A multicast address is identified with a group of network devices or network
interfaces. In Ethernet, a many-to-many connectivity in the LANs is provided. It
provides a mean to send a frame to many network devices at a time. When all bit of
DA is 1s, it is a broadcast, which means all network device except the sender itself
can receive the frame and response.
Ethernet Frame Format
There are two major forms of Ethernet frame, type encapsulation and length
encapsulation, both of which are categorized as four frame formats 802.3/802.2
SNAP, 802.3/802.2, Ethernet II and Netware 802.3 RAW. We will introduce the
basic Ethernet frame format defined by the IEEE 802.3 standard required for all
MAC implementations. It contains seven fields explained below.
PRE SFD DA SA Type/Length Data Pad bit if any FCS
7 7 6 6 2 46-1500 4
Fig. 3-3 Ethernet frame structure
- Preamble (PRE) —The PRE is 7-byte long with alternating pattern of
ones and zeros used to tell the receiving node that a frame is coming,
and to synchronize the physical receiver with the incoming bit stream.
The preamble pattern is:
10101010 10101010 10101010 10101010 10101010 10101010 10101010
- Start-of-frame delimiter (SFD) — The SFD is one-byte long with
alternating pattern of ones and zeros, ending with two consecutive
1-bits. It immediately follows the preamble and uses the last two
consecutive 1s bit to indicate that the next bit is the start of the data
packet and the left-most bit in the left-most byte of the destination
address. The SFD pattern is 10101011.
33
Publication date: September, 2004
Revision A1
Page 44
User Manual
- Destination address (DA) — The DA field is used to identify which
network device(s) should receive the packet. It is a unique address.
Please see the section of MAC addressing.
- Source addresses (SA) — The SA field indicates the source node.
The SA is always an individual address and the left-most bit in the SA
field is always 0.
- Length/Type — This field indicates either the number of the data
bytes contained in the data field of the frame, or the Ethernet type of
data. If the value of first two bytes is less than or equal to 1500 in
decimal, the number of bytes in the data field is equal to the
Length/Type value, i.e. this field acts as Length indicator at this
moment. When this field acts as Length, the frame has optional fields
for 802.3/802.2 SNAP encapsulation, 802.3/802.2 encapsulation and
Netware 802.3 RAW encapsulation. Each of them has different fields
following the Length field.
- If the Length/Type value is greater than 1500, it means the
Length/Type acts as Type. Different type value means the frames
with different protocols running over Ethernet being sent or received.
For example,
- Data — Less than or equal to 1500 bytes and greater or equal to 46
bytes. If data is less than 46 bytes, the MAC will automatically extend
the padding bits and have the payload be equal to 46 bytes. The
length of data field must equal the value of the Length field when the
Length/Type acts as Length.
- Frame check sequence (FCS) — This field contains a 32-bit cyclic
redundancy check (CRC) value, and is a check sum computed with
DA, SA, through the end of the data field with the following
polynomial.
0x0800 IP datagram
0x0806 ARP
0x0835 RARP
0x8137 IPX datagram
0x86DD IPv6
- It is created by the sending MAC and recalculated by the receiving
MAC to check if the packet is damaged or not.
Publication date: September, 2004
Revision A1
34
Page 45
User Manual
How does a MAC work?
The MAC sub-layer has two primary jobs to do:
1. Receiving and transmitting data. When receiving data, it parses frame to
detect error; when transmitting data, it performs frame assembly.
2. Performing Media access control. It prepares the initiation jobs for a
frame transmission and makes recovery from transmission failure.
Frame transmission
As Ethernet adopted Carrier Sense Multiple Access with Collision Detect
(CSMA/CD), it detects if there is any carrier signal from another network device
running over the physical medium when a frame is ready for transmission. This is
referred to as sensing carrier, also “Listen”. If there is signal on the medium, the
MAC defers the traffic to avoid a transmission collision and waits for a random
period of time, called backoff time, then sends the traffic again.
After the frame is assembled, when transmitting the frame, the preamble
(PRE) bytes are inserted and sent first, then the next, Start of frame Delimiter (SFD),
DA, SA and through the data field and FCS field in turn. The followings summarize
what a MAC does before transmitting a frame.
1. MAC will assemble the frame. First, the preamble and Start-ofFrame delimiter will be put in the fields of PRE and SFD, followed
DA, SA, tag ID if tagged VLAN is applied, Ethertype or the value
of the data length, and payload data field, and finally put the FCS
data in order into the responded fields.
2. Listen if there is any traffic running over the medium. If yes, wait.
3. If the medium is quiet, and no longer senses any carrier, the
MAC waits for a period of time, i.e. inter-frame gap time to have
the MAC ready with enough time and then start transmitting the
frame.
4. During the transmission, MAC keeps monitoring the status of the
medium. If no collision happens until the end of the frame, it
transmits successfully. If there is a collision happened, the MAC
will send the patterned jamming bit to guarantee the collision
event propagated to all involved network devices, then wait for a
random period of time, i.e. backoff time. When backoff time
expires, the MAC goes back to the beginning state and attempts
to transmit again. After a collision happens, MAC increases the
transmission attempts. If the count of the transmission attempt
reaches 16 times, the frame in MAC’s queue will be discarded.
35
Publication date: September, 2004
Revision A1
Page 46
User Manual
Ethernet MAC transmits frames in half-duplex and full-duplex ways. In halfduplex operation mode, the MAC can either transmit or receive frame at a moment,
but cannot do both jobs at the same time.
As the transmission of a MAC frame with the half-duplex operation exists
only in the same collision domain, the carrier signal needs to spend time to travel to
reach the targeted device. For two most-distant devices in the same collision
domain, when one sends the frame first, and the second sends the frame, in worstcase, just before the frame from the first device arrives. The collision happens and
will be detected by the second device immediately. Because of the medium delay,
this corrupted signal needs to spend some time to propagate back to the first device.
The maximum time to detect a collision is approximately twice the signal
propagation time between the two most-distant devices. This maximum time is
traded-off by the collision recovery time and the diameter of the LAN.
In the original 802.3 specification, Ethernet operates in half duplex only.
Under this condition, when in 10Mbps LAN, it’s 2500 meters, in 100Mbps LAN, it’s
approximately 200 meters and in 1000Mbps, 200 meters. According to the theory, it
should be 20 meters. But it’s not practical, so the LAN diameter is kept by using to
increase the minimum frame size with a variable-length non-data extension bit field
which is removed at the receiving MAC. The following tables are the frame format
suitable for 10M, 100M and 1000M Ethernet, and some parameter values that shall
be applied to all of these three types of Ethernet.
Actually, the practice Gigabit Ethernet chips do not feature this so far. They
all have their chips supported full-duplex mode only, as well as all network vendors’
devices. So this criterion should not exist at the present time and in the future.
The switch’s Gigabit module supports only full-duplex mode.
64 bytes
Fig. 3-4 Gigabit Ethernet Frame
Publication date: September, 2004
Revision A1
36
Page 47
User Manual
Parameter
value/LAN
Max. collision
domain DTE to
DTE
Max. collision
domain with
repeater
Slot time
Interframe Gap
AttemptLimit
BackoffLimit
JamSize
MaxFrameSize
MinFrameSize
BurstLimit
10Base 100Base 1000Base
100 meters
100 meters for UTP
412 meters for fiber
100 meters for UTP
316 meters for fiber
2500 meters 205 meters 200 meters
512 bit times 512 bit times 512 bit times
9.6us 0.96us 0.096us
16 16 16
10 10 10
32 bits 32 bits 32 bits
1518 1518 1518
64 64 64
Not applicable Not applicable 65536 bits
Table 3-4 Ethernet parameters for half duplex mode
In full-duplex operation mode, both transmitting and receiving frames are
processed simultaneously. This doubles the total bandwidth. Full duplex is much
easier than half duplex because it does not involve media contention, collision,
retransmission schedule, padding bits for short frame. The rest functions follow the
specification of IEEE802.3. For example, it must meet the requirement of minimum
inter-frame gap between successive frames and frame format the same as that in
the half-duplex operation.
Because no collision will happen in full-duplex operation, for sure, there is no
mechanism to tell all the involved devices. What will it be if receiving device is busy
and a frame is coming at the same time? Can it use “backpressure” to tell the
source device? A function flow control is introduced in the full-duplex operation.
Publication date: September, 2004
Revision A1
37
Page 48
User Manual
3-3. Flow Control
Flow control is a mechanism to tell the source device stopping sending frame
for a specified period of time designated by target device until the PAUSE time
expires. This is accomplished by sending a PAUSE frame from target device to
source device. When the target is not busy and the PAUSE time is expired, it will
send another PAUSE frame with zero time-to-wait to source device. After the
source device receives the PAUSE frame, it will again transmit frames immediately.
PAUSE frame is identical in the form of the MAC frame with a pause-time value and
with a special destination MAC address 01-80-C2-00-00-01. As per the specification,
PAUSE operation can not be used to inhibit the transmission of MAC control frame.
Normally, in 10Mbps and 100Mbps Ethernet, only symmetric flow control is
supported. However, some switches (e.g. 8+1 Managed Ethernet Switch) support
not only symmetric but asymmetric flow controls for the special application. In
Gigabit Ethernet, both symmetric flow control and asymmetric flow control are
supported. Asymmetric flow control only allows transmitting PAUSE frame in one
way from one side, the other side is not but receipt-and-discard the flow control
information. Symmetric flow control allows both two ports to transmit PASUE frames
each other simultaneously.
Inter-frame Gap time
After the end of a transmission, if a network node is ready to transmit data
out and if there is no carrier signal on the medium at that time, the device will wait
for a period of time known as an inter-frame gap time to have the medium clear and
stabilized as well as to have the jobs ready, such as adjusting buffer counter,
updating counter and so on, in the receiver site. Once the inter-frame gap time
expires after the de-assertion of carrier sense, the MAC transmits data. In
IEEE802.3 specification, this is 96-bit time or more.
Collision
Collision happens only in half-duplex operation. When two or more network
nodes transmit frames at approximately the same time, a collision always occurs
and interferes with each other. This results the carrier signal distorted and undiscriminated. MAC can afford detecting, through the physical layer, the distortion of
the carrier signal. When a collision is detected during a frame transmission, the
transmission will not stop immediately but, instead, continues transmitting until the
rest bits specified by jamSize are completely transmitted. This guarantees the
duration of collision is enough to have all involved devices able to detect the
collision. This is referred to as Jamming. After jamming pattern is sent, MAC stops
transmitting the rest data queued in the buffer and waits for a random period of time,
known as backoff time with the following formula. When backoff time expires, the
device goes back to the state of attempting to transmit frame. The backoff time is
determined by the formula below. When the times of collision is increased, the
backoff time is getting long until the collision times excess 16. If this happens, the
frame will be discarded and backoff time will also be reset.
where
k = min (n, 10)
Publication date: September, 2004
Revision A1
38
Page 49
User Manual
Frame Reception
In essence, the frame reception is the same in both operations of half duplex
and full duplex, except that full-duplex operation uses two buffers to transmit and
receive the frame independently. The receiving node always “listens” if there is
traffic running over the medium when it is not receiving a frame. When a frame
destined for the target device comes, the receiver of the target device begins
receiving the bit stream, and looks for the PRE (Preamble) pattern and Start-ofFrame Delimiter (SFD) that indicates the next bit is the starting point of the MAC
frame until all bit of the frame is received.
For a received frame, the MAC will check:
1. If it is less than one slotTime in length, i.e. short packet, and if
yes, it will be discarded by MAC because, by definition, the valid
frame must be longer than the slotTime. If the length of the frame
is less than one slotTime, it means there may be a collision
happened somewhere or an interface malfunctioned in the LAN.
When detecting the case, the MAC drops the packet and goes
back to the ready state.
2. If the DA of the received frame exactly matches the physical
address that the receiving MAC owns or the multicast address
designated to recognize. If not, discards it and the MAC passes
the frame to its client and goes back to the ready state.
3. If the frame is too long. If yes, throws it away and reports
frameTooLong.
4. If the FCS of the received frame is valid. If not, for 10M and 100M
Ethernet, discards the frame. For Gigabit Ethernet or higher
speed Ethernet, MAC has to check one more field, i.e. extra bit
field, if FCS is invalid. If there is any extra bits existed, which
must meet the specification of IEEE802.3. When both FCS and
extra bits are valid, the received frame will be accepted,
otherwise discards the received frame and reports
frameCheckError if no extra bits appended or alignmentError if
extra bits appended.
5. If the length/type is valid. If not, discards the packet and reports
lengthError.
6. If all five procedures above are ok, then the MAC treats the frame
as good and de-assembles the frame.
39
Publication date: September, 2004
Revision A1
Page 50
User Manual
What if a VLAN tagging is applied?
VLAN tagging is a 4-byte long data immediately following the MAC source
address. When tagged VLAN is applied, the Ethernet frame structure will have a
little change shown as follows.
Only two fields, VLAN ID and Tag control information are different in
comparison with the basic Ethernet frame. The rest fields are the same.
The first two bytes is VLAN type ID with the value of 0x8100 indicating the
received frame is tagged VLAN and the next two bytes are Tag Control Information
(TCI) used to provide user priority and VLAN ID, which are explained respectively in
the following table.
Bits 15-13
User Priority 7-0, 0 is lowest priority
CFI (Canonical Format Indicator)
Bit 12
1: RIF field is present in the tag header
0: No RIF field is present
Bits 11-0
VID (VLAN Identifier)
0x000: Null VID. No VID is present and only user
priority is present.
0x001: Default VID
0xFFF: Reserved
Table 3-5
Note: RIF is used in Token Ring network to provide source routing and comprises
two fields, Routing Control and Route Descriptor.
When MAC parses the received frame and finds a reserved special value
0x8100 at the location of the Length/Type field of the normal non-VLAN frame, it will
interpret the received frame as a tagged VLAN frame. If this happens in a switch,
the MAC will forward it, according to its priority and egress rule, to all the ports that
is associated with that VID. If it happens in a network interface card, MAC will
deprive of the tag header and process it in the same way as a basic normal frame.
For a VLAN-enabled LAN, all involved devices must be equipped with VLAN
optional function.
At operating speeds above 100 Mbps, the slotTime employed at slower
speeds is inadequate to accommodate network topologies of the desired physical
extent. Carrier Extension provides a means by which the slotTime can be increased
to a sufficient value for the desired topologies, without increasing the minFrameSize
parameter, as this would have deleterious effects. Nondata bits, referred to as
extension bits, are appended to frames that are less than slotTime bits in length so
that the resulting transmission is at least one slotTime in duration. Carrier Extension
can be performed only if the underlying physical layer is capable of sending and
receiving symbols that are readily distinguished from data symbols, as is the case in
most physical layers that use a block encoding/decoding scheme.
Publication date: September, 2004
Revision A1
40
Page 51
User Manual
The maximum length of the extension is equal to the quantity (slotTime minFrameSize). The MAC continues to monitor the medium for collisions while it is
transmitting extension bits, and it will treat any collision that occurs after the
threshold (slotTime) as a late collision.
3-4. How does a switch work?
8+1 Managed Ethernet Switch is a layer 2 Ethernet Switch equipped with 8
Fast Ethernet ports and 1 optional module which support Gigabit Ethernet or 100M
Ethernet. Each port on it is an independent LAN segment and thus has 9 LAN
segments and 9 collision domains, contrast to the traditional shared Ethernet HUB
in which all ports share the same media and use the same collision domain and
thus limit the bandwidth utilization. With switch’s separated collision domain, it can
extend the LAN diameter farther than the shared HUB does and highly improve the
efficiency of the traffic transmission.
Due to the architecture, the switch can provide full-duplex operation to
double the bandwidth per port and many other features, such as VLAN, bandwidth
aggregation and so on, not able to be supported in a shared hub.
Terminology
Separate Access Domains:
As per the description in the section of “What’s the Ethernet”, Ethernet
utilizes CSMA/CD to arbitrate who can transmit data to the station(s) attached in the
LAN. When more than one station transmits data within the same slot time, the
signals will collide, referred to as collision. The arbitrator will arbitrate who should
gain the media. The arbitrator is a distributed mechanism in which all stations
contend to gain the media. Please refer to “What’s the Ethernet” for more details.
In Fig.3-5, assumed in half duplex, you will see some ports of the switch are
linked to a shared HUB, which connects many hosts, and some ports just are
individually linked to a single host. The hosts attached to a shared hub will be in the
same collision domain, separated by the switch, and use CSMA/CD rule. For the
host directly attached to the switch, because no other host(s) joins the traffic
contention, hence it will not be affected by CSMA/CD. These LAN segments are
separated in different access domains by the switch.
Micro-segmentation:
To have a port of the switch connected to a single host is referred to as
micro-segmentation. It has the following interesting characteristics.
- There is no need the access contention (e.g.Collision). They
have their own access domain. But, collision still could happen
between the host and the switch port.
- When performing the full duplex, the collision vanishes.
- The host owns a dedicated bandwidth of the port.
The switch port can run at different speed, such as 10Mbps, 100Mbps or
1000Mbps. A shared hub cannot afford this.
41
Publication date: September, 2004
Revision A1
Page 52
User Manual
Extended Distance Limitations:
Fig.3-5 Collision Domain
The diameter of a half-duplex LAN segment is determined by its maximum
propagation delay time. For example, in 10M LAN, the most distance of a LAN
segment using yellow cable is 2500 meters and 185 meters when using coaxial
cable. The switch with its per port per collision domain can extend the distance like
a bridge does. And what’s more, when operating in full-duplex mode, the distance
can reach farther than half duplex because it is not limited by the maximum
propagation delay time (512 bits time). If fiber media is applied, the distance can be
up to tens of kilometers.
Traffic Aggregation:
Traffic aggregation is to aggregate the bandwidth of more than one port and
treat it as a single port in the LAN. This single port possesses the features of a
normal port but loading balance. This is a great feature for the port needing more
bandwidth but cannot afford paying much cost for high bandwidth port.
Publication date: September, 2004
Revision A1
42
Page 53
Fig. 3-6
User Manual
How does a switch operate?
A Layer 2 switch uses some features of the Data Link layer in OSI model to
forward the packet to the destination port(s). Here we introduce some important
features of a switch and how they work.
MAC address table
When a packet is received on a port of switch, the switch first checks if the
packet good or bad and extracts the source MAC address (SA) and destination
MAC address (DA) to find 1) if SA is existed in the MAC address table, if no, puts it
in the MAC address table, if yes, 2) looks up DA and its associated port to which the
traffic is forwarded. If DA does not exist, have the packet broadcasted.
Due to the size of the MAC address limited, MAC address aging function is
applied. When the MAC address has resided and keeps no update in the table for a
long time, this means the traffic using that entry has yet come for a while. If this time
period is more than the aging time, the entry will be marked invalid. The vacancy is
now available for other new MAC.
Both learning and forwarding are the most important functions in a switch.
Besides that, VLAN can be one of the rules to forward the packet. There are ingress
rule and egress rule applied. The ingress rule is used to filter the incoming packet
by VLAN ID and so on and to decide whether the packet is allowed to enter the
switch or not. The egress rule is used to forward the packet to the proper port.
43
Publication date: September, 2004
Revision A1
Page 54
User Manual
Mac address aging
There is a field in MAC address table used to put the entry’s Age time which
determines how long a MAC entry can reside in a switch. The age time is refreshed
when a packet with that SA. Usually, the age time is programmable.
Transmission schedule
In most layer 2 switches, the QoS is supported. QoS in a switch must
associate a transmission schedule to transmit the packet. This function is much to
do with the priority level a packet has. With the given priority, the scheduler will do
the proper action on it. The scheduler has many ways to implement, and different
chips may support different schedule algorithms. Most common schedulers are:
FCFS: First Come First Service.
Strictly Priority: All High before Low.
Weighted Round Robin:
Set a weight figure to the packet with a priority level, say 5-7, and next, set
another weight to the packet with a priority level, say 2-4 and so on. The WRR will
transmit the packet with the weight. So the packet of each priority level can be
allocated a fixed bandwidth.
Bandwidth rating
Bandwidth rating is the limitation set by administrator, and it can be applied
to those with SLA. Bandwidth rating can be total bandwidth, types of service of a
port with many steps. The switch supports by-port Ingress and Egress total
bandwidth rate control capacity. The bandwidth rate resolution is 0.1 Mbps
(100Kbps) and ranges from 0 to 100Mbps.
3-5. SNMP
Simple Network Management Protocol (SNMP) is an open management
standard used to facilitate the management of the network devices, in which there
are many management information needed to be exchanged between SNMP
manager and agent. SNMP specifies the operation of its basic commands, Get,
GetNext, Set and Trap, and the information format exchanged between SNMP
agent and Manager. With the management information Base (MIB) and commands,
network administrator can manage performance, find and solve the network
problems, and even predict the network growth. SNMP is a TCP/IP-based
application layer protocol with simple user interface to manage SNMP-enabled
devices. You can use it to shut down an interface of a router or just check the status
of an Ethernet interface, or even check the device’s power, temperature, etc. and
give you an alarm when something preset happened. In summary, an SNMPenabled network comprises the managed device(s), Agent and Manager or Network
Management System (NMS). The agent is the management software resided in the
managed device. NMS monitors the device status via the communication between
SNMP manager and agent(s).
Publication date: September, 2004
Revision A1
44
Page 55
User Manual
The versions of SNMP
So far, there are three version of SNMP existed: SNMP version 1 (SNMP v1),
SNMP version 2 (SNMP v2) and SNMP version 3 (SNMP v3). There are lots of
features in common among these three versions of SNMP. SNMP v1 is the most
popular and its standard specification is described in RFC 1157.
SNMP v1 uses community name to authenticate the user and uses clear text
to communicate with each other. Anyone who knows the community name of the
device(s) can access its MIB and configure the device(s) easily.
In SNMP v1, it provides three types of authentication of the community to
access the device(s). They are community name for GET/GET next, SET and TRAP.
Each of these three functions have their own community name, for sure, they can
be the same or different.
SNMP v2 provides many enhancement features, including security, protocol
operation and MIB. Usually, it is the community-based SNMPv2, referred to as
SNMPv2C. It is defined in RFC 1901-1908.
SNMP v3 is defined in RFC 1905-1907 and RFC 2571-2575. It introduces
the data encryption in communicating with the managed entities. It also enhances
the community authentication.
The operation of SNMP is simple. It provides only four basic commands,
including Get, GetNext, Set and Trap for you to monitor and control all the managed
devices.
Get: It is used to read the variables maintained by managed devices.
GetNext: It is used to sequentially read the bulky information maintained by
managed devices.
Set: It is used to change the values of variables in managed devices, and
thus controls managed devices.
Trap: This is the only command issued by managed devices. When certain
types of events happen, the managed device sends a trap message
with Trap PDU to NMS.
In SNMP v2, there are extra functions, Inform and GetBulk added. SNMP v2
also provides two types of PDU. One is for generic function and trap function, the
other is for GetBulk function. The format is slightly different from that of SNMP v1. In
this manual, we mainly focus on SNMP v1 the switch supports.
Terminology
NMS(Network Management Station):
An application is used to execute the monitor and control the managed
device. It runs on a workstation with large memory and computing power, for
network management.
Agent:
An application-layer software running in a managed device is used to
communicate with the SNMP manager.
45
Publication date: September, 2004
Revision A1
Page 56
User Manual
SMI (Structure of Management Information):
It defines the common framework and rules to describe the management
information using ISO Abstract Syntax Notation 1 (ASN.1). With the common
framework, we can identify the data types that can be used in MIB and specify the
parameters in MIB to stand for various information. Thus the agent can use this to
provide NMS for knowing the status of the managed device. The SNMP v1 SMI and
SNMP v2 SMI is defined separately in RFC 1155 and RFC 1902. There are different
SMIs for SNMP v1/v2/v3 respectively.
ASN.1 (ISO Abstract Syntax Notation 1):
A specification to describe the MIB structure of the actual managed objects.
MIB (Management Information Base):
A description using the syntax specified in SMI to describe the information of
a managed device the agent got. NMS can access any MIB information.
The relationship between NMS and SNMP Agent is as follows:
NMS
SNMP MIB Tree
1 3 6 1 2
ISO(1)
Org(3)
Dod(6) Internet (1) Directory(1)
Mgmt(2) Mib(1) System 1
Interface 2
At 3
Ip 4
Icmp 5
Tcp 6
Udp 7
Snmp 11
Experimental(3)
Private(4) Enterprise 1 5205
Security(5)
SNMPv2(6)
Trap Message
Get,GetNext,Set
SNMP Agent
Response Message
The object identifier picks the number of the tree’s name from the root to the
target in the hierarchical structure. For example, to access the system ID number,
you can trace the path from the root to the object “system”. The object ID looks like
1.3.6.1.2.1.1
Publication date: September, 2004
Revision A1
46
Page 57
User Manual
Here are other examples:
1.3.6.1.2.1.2 means Interfaces
1.3.6.1.2.1.11 means snmp
1.3.6.1.4.1.5205 means ex-factory’s private MIB
Management Information Base (MIB):
MIB is a tree architecture with many leaves which describe the information of
all the managed objects in hierarchy way and the way how to access them. The MIB
file is described by the syntax of ASN.1. Many forms of the MIB structure are
described in the following section. Any line following the symbol “--“ in the start of
the line means this line is a remarked text.
The following is the description of keywords defined by ASN.1.and used to
describe the object in MIB files.
INTEGER:
ASN.1 did not specify the type. Usually, it is a signed long integer.
OCTET STRING:
A sequence of octet, composed of the printable ASCII bytes or any binary
bytes.
NULL:
Actually, Null is not a data type but a value of MIB. It is used to point out
if a variable of MIB contains a valid data.
OBJECT IDENTIFIER:
It is used to store the location of a managed object in MIB and looks like
the form of 1.2.3.4…
IpAddress:
It is an octet string of 4 bytes long to store IP address with big endian.
Counter:
It is an unsigned 32-bit long integer. It will reset to 0 once it overflows.
Gauge:
It is an unsigned 32-bit long integer. The gauge can be incremented or
decremented until it reaches the threshold. It can change only between
the upper and lower bound.
TimeTicks:
A 32-bit integer in unit of centisecond per tick.
Opaque:
Mainly used by SMI to construct a new data type undefined before.
47
Publication date: September, 2004
Revision A1
Page 58
User Manual
There are also many forms of MIB Syntax. Here we introduce some basic
forms to help you read the MIB.
OBJECT IDENTIFIER
org OBJECT IDENTIFIER ::= { iso 3}
This means org is a sub-identifier 3 of iso (1), the OID of org,
org: oid =1.3
dod OBJECT IDENTIFIER ::= { org 6 }
This means dod is a sub-identifier 6 of org (3). The OID of dod,
dod: oid = 1.3.6
private OBJECT IDENTIFIER ::= { dod internet(1) 4 }
This means private is a sub-identifier 4 of internet (1), the OID of private,
private: oid = 1.3.6.1.4
SYNTAX DEFINE (Data Type)
Truth Value ::= INTEGER { true(1),false(2) }
This means Truth Value is integer type and chooses either one.
value 1 represents (true)
value 2 represents (false)
Display String ::= OCTET STRING
This means the octet string is a displayable string.
AtEntry ::=
SEQUENCE {
atIfIndex
INTEGER,
atPhysAddress
PhysAddress,
atNetAddress
NetworkAddress
}
AtEntry is a data structure with the type of SEQUENCE which contains
AtlfIndex with integer type and AtPhysAddress with AtPhysAddress type and so on.
Publication date: September, 2004
Revision A1
48
Page 59
User Manual
OBJECT-TYPE
sysDescr OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A textual description of the entity. This value should
include the full name and version identification of the
system's hardware type, software operating-system, and
networking software."
::= { system 1 }
This means sysDescr is a sub-identifier of system (1). The oid of system (1)
is 1.3.6.1.2.1.1, so the oid of sysDescr is 1.3.6.1.2.1.1.1. Usually, the oid with the
data type of INTEGER, OCTET and STRING, etc., is a leaf, which means followed
no oid. And if SYNTAX is the type of SQUENCE, it is not a leaf. For example,
atEntry OBJECT-TYPE
SYNTAX AtEntry
…
AtEntry ::=
SEQUENCE {
atIfIndex
INTEGER,
atPhysAddress
PhysAddress,
atNetAddress
NetworkAddress
}
AtEntry is a structure with the type of SEQUENCE, so it is not a leaf.
TRAP-TYPE
RC2024ModuleRemove TRAP-TYPE
ENTERPRISE RC2024ProductId
VARIABLES { ifIndex }
::= 9
This is TRAP-TYPE which means RC2024ModuleRemove is the private
trap message issued by GenTrapType=6 and SpeTrapType=9 of Enterprise
RC2024ProductId. ifIndex means the nth port in the switch. Also see Trap PDU
below for more explanation.
SNMP v1 PDU:
SNMP Message is TLV-format (type, length and value), each field has no
fixed length. It depends on the L value of TLV form. A TLV form may contain another
TLV form. (Refer to SNMP textbook for more details about TLV). There are two
types of SNMP PDU, one is for Get, GetNext and Set function, and the other is for
Trap. Their structures are described below.
Publication date: September, 2004
Revision A1
49
Page 60
User Manual
The SNMP v1 message is composed of the message header and PDU. The
first two fields Version and Community comprise the message header, and the third
field is the PDU for GET and SET. There is a little difference between two types of
PDU. Generic SNMP PDU consists of 7 fields, but 8 fields in Trap PDU.
A Generic SNMP Message
Version Community
PDU type
Fig. 3-7 Generic PDU Format (GetRequest, getNextRequest, GetResponse, SetRequest)
Request
ID
Error
Status
PDU type Enterprise
Agent
Address
Fig. 3-8 Trap Type PDU Format (TrapRequest)
GetRequest, getNextRequest,
GetResponse or SetRequest PDU
Error
Index
Generic
TrapType
OID1
Value1
Specific
TrapType
OID2
Value2 … …
Timestamp
OID1…
Value1….
OID-n
Valu e-n
OID-n
Valu e-n
Version:
The version of SNMP is being used.
Community:
The community name defines if an NMS can access managed devices.
NMSs within the community can access the same administrative domain.
NMS without the proper community name is precluded from SNMP
operations.
PDU Type:
GetRequest, getNextRequest, GetResponse, SetRequest and
TrapRequest.
Request ID:
An INTEGER type that correlates the manager’s request to the agent’s
response.
Publication date: September, 2004
Revision A1
50
Page 61
User Manual
Error Status:
An enumerated INTEGER type that indicates normal operation or one of
five error conditions below.
Error Value Meaning
noError 0 Proper manager/agent operation
tooBig 1
noSuchName 2
badValue 3
readOnly 4
genErr 5 Other errors
Error Index:
The size of the repuired Getresponse PDU exceeds a
local limitation
The requested object name did not match the names
available in the relevant MIB View
A SetRequest contained an inconsistent type, length,
and value of the variable
The Setquested object name in the relevant MIB View
is readonly
Table 3-6
When an error occurs, the Error Index field identifies the entry within the
variable bindings list that caused the error.
OID:
Object Identify.
Enterprise:
Managed Object’s OID.
Agent Address:
Managed Object’s IP Address.
Generic TrapType:
There are seven generic traps listed in the following table, six for public
trap and one for private trap. In private trap (TrapType = 6), it is usually
more than one trap. A parameter SpeTrapType is introduced to indicate
which private trap is used.
51
Publication date: September, 2004
Revision A1
Page 62
User Manual
Specific TrapType:
When Generic TrapType=6, SpeTrapType indicates which private trap is
applied in the SNMP trap.
TimeStamp:
Indicate the system-up time in unit of 10 ms.
SNMP v2 PDU:
SNMP v2 has the same message header as SNMP v1 has.
0 Cold Start
1 Warm Start
2 Link Down
3 Link Up
4 AuthentacationFailure
5 egpNeighborLoss
6 enterpriseSpecific
Table 3-7 Generic Trap type
PDU
Type
Generic PDU (Get, GetNext, Inform, Response, Set and Trap)
PDU
Type
Non repeaters:
Max repetitions:
Request
ID
Error
Status
Error
Index
Object 1
value1
Object 2
Value 2
Object 3
value 3
Request
ID
Non
repeaters
Max-
repetitions
Object 1
value 1
Object 2
value 2
GetBulk PDU
The number of object instances in last three fields that should not access
more than once from the beginning of the request.
The maximum number of times that the variables should be retrieved.
These variables should exclude the variables specified by Non repeaters.
Publication date: September, 2004
Revision A1
52
Page 63
User Manual
3-6. Spanning Tree Protocol
Bridge and Bridged LAN
Bridge is a device applied to connect two or more LAN segments to be a
larger network. A LAN using bridges to connect smaller ones is called Bridged LAN.
According to IEEE802.1W specification, the maximum bridge diameter can be up to
7, which means you can cascade up to 7 bridges in a network path.
Bridge can combine different types of LAN, such as an Ethernet, a TokenRing or FDDI if the bridge can interpret the fields of the layer-2 frame of these LANs.
This kind of bridge maps one frame format to another frame format. Generally
speaking, a layer 2 switch is actually a multi-port bridge.
There is another type of bridge, called transparent bridge, which acts a role
of data-link layer relay device. For example, if a FDDI LAN located between
Ethernet LANs, and a station at an Ethernet LAN, say LAN A, wishes to send a data
frame to the other station at the second Ethernet LAN, say LAN B. The data frame
has to traverse over the FDDI LAN. In this case, the bridge A encapsulates a FDDI
MAC frame header on an Ethernet frame, destined to another bridge B. The
transparent bridge sets the original MAC frame type in the LLC header. Therefore,
the frame passes to the bridge B, the bridge B deprives off the FDDI MAC header
and translates back to its original format.
A bridged network can be treated as a single LAN. But once one of LAN
segments works abnormally, it should keep the LAN working. This is the one of the
most important feature.
How a bridge works?
The bridge performs five basic functions: learning, flooding, filtering,
forwarding and aging.
We use Fig. 3-9 below to illustrate how a bridge works.
PC A on LAN A segment sends a packet to PC B on LAN B segment. Bridge
A gets the packet from PC A, it reads the source MAC address of PC A and put it to
the lookup table. This process is called learning.
Because Bridge A does not know where PC B is, it sends the packet to LAN
B except the port that the packet arrived on. If Bridge A has more ports on it, the
packet will be sent to all ports except the port that the packet came. The process
that Bridge A sends a packet out to find PC B is called flooding.
Conversely, when PC B sends a packet to PC A, Bridge A reads the source
MAC address and adds it to the lookup table. Since Bridge A already knows the
MAC address of PC A and its port, it sends the packet to it directly. The process that
Bridge A connects two LANs to send the packet is called forwarding.
53
Publication date: September, 2004
Revision A1
Page 64
User Manual
Now PC C sends a packet to PC A, Bridge A adds the MAC address of PC C
and port number to its lookup table and finds both stations are at LAN A, it will not
pass the packet to LAN 2. This is called filtering.
Learning and flooding keeps continuing as long as the network is working.
There will be more and more MAC address learned and occupied an entry in the
lookup table. Unfortunately, the size of the lookup table is limited; it may be full if the
number of the station on the LAN is big enough. This will restrict new stations to
access the LAN. The bridge must remove those entries, which have not been
updated for a period of time set by administrator. Each time a packet is received by
a station, the timestamp is refreshed. Once the time is up, the entry is marked
invalid and available to other stations. This is called aging.
Now the problem arises if Bridge B works in Fig. 3-9 below. It will do the
same jobs as Bridge A does at the same time. Which path should a packet go and
back? Let’s continue reading.
Normally, we are expecting that the bridged LAN supports network fault
tolerance, that is, we may have two links connected between LANs. One is active
and the other is blocked for the redundant link. We illustrate this with the following
figure.
Bridge A
PC A
LAN A
LAN B
PC B
Fig. 3-9 Bridged LAN
PC C
Bridge B
Publication date: September, 2004
Revision A1
54
Page 65
User Manual
LAN A and LAN B are combined by Bridge A and Bridge B into a Bridge LAN.
Although one of the two links is used to act as a redundant link, a loop is introduced.
The loop will cause message duplication broadcast storm and let the bridges learn
the MAC address with the wrong port number. For instance, Bridge A may learn the
MAC address of PC B on its port 1. Likewise, Bridge B may learn the MAC address
of PC A on its port 2. This will not be allowed because this would lead the network
crash. In Ethernet LAN, there is only one active link existed between two stations.
In practice, we must tolerate the fact that loops are there in a bridged
network and must block logically the some paths in the loops when frames are
running over the bridged network. In Fig. 3-9 above, we can have the path over the
Bridge B broken. When the path over Bridge A fails, the path over Bridge B
automatically takes over the job Bridge B did. For doing this job, we must apply the
spanning tree protocol (STP) to solve the problems induced by loop.
Spanning Tree Protocol (STP)
In order to allow a backup path existed in the bridged LAN, there must be an
open common mechanism to automatically maintain all links among LAN segments.
This mechanism is the very STP to provide the service.
STP is used to block all the paths causing loops and to become backup
paths. After that, we will see there will be only one path existed between any two
LAN segments. Thus, the whole network topology looks like a tree. This is the
spanning tree that means no loop exists between any two twigs or branches.
Terminology & Basic Rules
STP & Bridge PDU:
To maintain a bridged LAN, each bridge in it must be installed the Spanning
Tree Protocol (STP). STP uses Bridge Protocol Data Unit (BPDU) to compare each
other to form a tree topology without loops. BPDU is the frame communicating
between bridges. It just contains LLC information in the packet.
Bridge Identifier:
Each bridge has its own identifier, called bridge identifier, composed of bridge
priority (two bytes), able to be assigned by administrator, and MAC address (six
bytes). Basically, the root bridge is resulted by comparing the bridge priority and the
MAC address. First, the bridge with the smallest bridge priority will be the root
bridge. If the bridge priority is the same, the one with the smallest value of the MAC
address will be the root bridge.
55
Publication date: September, 2004
Revision A1
Page 66
User Manual
Root Bridge:
Logically, the root bridge is the center of the network. It is unique in a bridged
LAN. Every bridge in the LAN knows the ID of the root bridge. It monitors the
topology of STP. When any STP topology is changed anywhere, the bridge noticing
the change event must pass a Topology Change Notification (TCN) to root bridge.
Root bridge broadcasts a BPDU carrying a Topology Change Flag to all bridges.
If the root bridge receives a BPDU carrying a bridge ID smaller than the root
has, sent from another bridge, it will know it is no more the root bridge and re-assign
the port role to every port on it.
The root bridge is elected by the result of comparing the Bridge ID(consist of
MAC address and bridge priority) of all bridges in the bridge LAN.
Bridge Times:
Bridge Times has four components described as follows:
x Forward Delay
You can set the root bridge forward delay time. The forward delay
time is defined as the time spent from Listening state moved to Learning
state or from Learning state moved to Forwarding state of a port in bridge.
The forward delay time contains two states, Listening state to Learning
state and Learning state to Forwarding state. Assumes Forward delay
time is 15 seconds, then total forward delay time will be 30 seconds. This
will have much to do with the STP convergent time which will be more
than 30 seconds because some other factors. The valid value is 4 ~ 30
seconds, default is 15 seconds.
x Bridge Hello Time
Hello Time is used to determine the periodic time to send normal
BPDU from designated ports among bridges. It decides how long a
bridge should send this message to other bridge to tell I am alive. When
the switch is the root bridge of the LAN, for example, all other bridges will
use the hello time assigned by the switch to communicate with each
other. The valid value is 1 ~ 10 in unit of second. Default is 2 seconds.
x Bridge Max. Age
When the switch is the root bridge, the whole LAN will apply this
figure set by the switch as their maximum age time. When a bridge
received a BPDU originated from the root bridge and if the message age
conveyed in the BPDU exceeds the Max. Age of the root bridge, the
bridge will treat the root bridge malfunctioned and issue a Topology
Change Notification (TCN) BPDU to all other bridges. All bridges in the
LAN will re-calculate and determine who the root bridge is. The valid
value of Max. Age is 6 ~ 40 seconds. Default is 20 seconds.
Publication date: September, 2004
Revision A1
56
Page 67
x Bridge Message Age
When bridged LAN components are failed or removed, which may
result in the change of STP topology, the worse information will be
propagated to other bridges. The MAC on each bridge can signal failure
condition, but, unfortunately, not all failure conditions can be propagated
in this way. To prevent that old information endlessly circulating through
redundant paths in the network, a message age and a maximum age are
associated with the Configuration Message information originated by the
root bridge.
Once receiving a Configuration Message, the message age is
increased by not less than a specified fraction of the maximum age.
Received information is discarded and the Port made a Designated Port
if the message age is too old and exceeds the maximum age. Hence, the
number of Bridges the information can traverse before being discarded is
limited, and the loss of a network component will be detected by aging
out of Spanning Tree information, if it was not detected by means of MAC.
The following parameters are recommended by IEEE 802.1W.
Parameter Default value Fixed value Range
Bridge Hello Time
Bridge Max. Age
Bridge Forward Delay
Note: All times are in unit of second.
Table 3-8
2.0 - 1.0-10.0
20.0 - 6.0-40.0
15.0 - 4.0-30.0
User Manual
Path Cost:
Each bridge port is assigned a path cost value according to its bandwidth.
The higher bandwidth it has, the smaller cost value it is. Path cost is the cost value
that stands for the transmission cost from the bridge port to the root bridge. Path
cost can be adjusted by administrator.
802.1W computes the port path cost by the bandwidth of the port in
bits/second. 802.1W recommends a list of figures described in the table below for
different speeds.
Link
Speed
Recommended
Value
Recommended
Range
Range
<=100kb/s 200,000,000 20,000,000-200,000,000 1-200,000,000
1Mb/s 20,000,000 2,000,000-200,000,000 1-200,000,000
10Mb/s 2,000,000 200,000-20,000,000 1-200,000,000
Path
Cost
100Mb/s 200,000 20,000-2000,000 1-200,000,000
1Gb/s 20,000 2,000-200,000 1-200,000,000
10Gb/s 2000 200-20,000 1-200,000,000
100Gb/s 200 20-2000 1-200,000,000
1Tb/s 20 2-200 1-200,000,000
10Tb/s 2 1-20 1-200,000,000
Table 3-9
Publication date: September, 2004
Revision A1
57
Page 68
User Manual
Root Path Cost:
It may have more than one path in a bridge able to reach the root bridge.
From the viewpoint of a single path, the summation of the path cost of each bridge
on this path is the root path cost of the bridge port. But, from a bridge’s viewpoint,
the very one with the smallest cost value among these root path cost is the root
path cost of the bridge. And the bridge port on this best path to root bridge is the
root port of the bridge.
Designated Bridge:
In each LAN segment, there will be only one bridge able to act as a
designated bridge of the LAN segment. Designated bridge is on the path with the
optimized root path cost toward the root bridge and acts as a representative of the
LAN segment. If there are many bridges with the same root path cost, the bridge
with the smallest bridge ID will be the designated bridge of the LAN segment.
Designated Port:
In a specified LAN segment, the port on the designated bridge is used to
connect with this LAN segment.
segment.
Root Port:
There is only one designated port in a LAN
Besides Root bridge, each bridge has only a specified port on the path with
the best cost able to reach root bridge. This port is called root port.
Port Identifier:
Each port on a bridge owns its port ID. Port ID is composed of Port priority
(one octet) and Port number (one octet). The priority is adjustable by administrator.
If more than one port of a designated bridge connects to the same LAN segment,
the port with the minimal port ID is the designated port.
At deciding a root port of a designated bridge, if more than one port has the
same Root Path Cost and Designated Bridge ID, the port connected to a designated
port with smaller Port ID will be the root port of the designated bridge. And again, if
Root Path Cost, Designated Bridge ID and Designated Port ID of these ports are
the same, the port with minimal Port ID will be the Root Port of the bridge.
Edge port:
The port is connected to the bridge port of a LAN segment without BPDU
running on it. Usually, it is the port connected to the end station.
Note: Bridges encapsulate some of parameters listed above as a BPDU, for
example, Root Bridge ID, Root Path Cost, Designated Bridge ID, Designated Port
ID and so on, and send it to its neighboring LAN segments. Eventually, each bridge
blocks the ports exclusive of Root port or Designated port. This will prohibit data
frames passing through these ports except BPDU traffic. From the viewpoint of data
frame, the entire bridged LAN looks like a network without loops and the network
topology looks like a tree in which root bridge is the root node.
Publication date: September, 2004
Revision A1
58
Page 69
User Manual
How dose a Spanning Tree Protocol Work?
Basically, STP operation is transparent to all stations unaware that which
LAN segment they are connected to. At the beginning, each bridge in a bridged LAN
assumes it is the root bridge, a while later, all bridges start gathering all other
bridge’s information by exchanging the message through BPDU and come out the
real root bridge, designated bridge and remove the loops. A new STP topology
hence is generated.
There are five states in STP operation. They are blocking, listening, learning,
forwarding and disabled and are described below.
Blocking:
The purpose of Blocking state is to prevent frame duplication arising from
multiple paths in the active topology of a Bridged LAN. If a port’s MAC operational
status is enabled, Blocking state is one of the only two “stable” STP port states (the
other is Forwarding state).
In this state, a port blocks any packet except management BPDU. If a port is
a root port or a designated port, the port will enter Listening state unconditionally.
A port enters Blocking state in the following conditions:
1. The initialization of the bridge’s STP process.
2. From Disabled state when this is enabled by the operation of
management.
3. From Listen, Learning, or Forwarding states after STP protocol
determines that this port is neither a Designated Port nor a Root Port.
In this state, the port performs the following jobs:
1. Frames received from this port will be discarded.
2. The port will not forward any frames for transmission.
3. Station location information from this port will not be recorded by the
bridge’s Learning Process.
4. The STP protocol entity includes the port in its computation of the active
topology.
Listening:
The port is waiting for receiving BPDU packets that may tell the port to go
back to the blocking state. After receiving BPDU, it will enter disabled state if the
port is disabled manually, and enter Learning state after a Forward Delay time if the
STP process keeps considering this port as a Root Port or a Designated Port during
this period of time.
A port in Listening state which is a transitory state, is in preparation of
participating in frame forwarding. But frame forwarding is still disabled in this state
to prevent temporary loops which may occur in the Bridged LAN.
59
Publication date: September, 2004
Revision A1
Page 70
User Manual
A port immediately enters Listening state in only one condition:
When STP protocol entity determines that this port is a Designated Port or
Root Port, it will enter Listening state from Blocking state.
The following features are the behavior of a port in the Listening state:
1. Frames received from this port will be discarded.
2. The port will not forward any frames for transmission.
3. Station location information from this port will not be recorded by the
bridge’s Learning Process.
4. The STP protocol entity includes the port in its computation of the active
topology.
Learning:
A port in Learning state is in preparation of participating in frame forwarding.
Though frame forwarding is still disabled in this state, Learning of station location
information is enabled.
A port enters Learning state in only one condition:
The port enters this state from Listening state when an STP protocol timer
called forward delay expires.
The following features are the behavior of a port in the Learning state:
1. Frames received from this port will be discarded.
2. The port will not forward any frames for transmission.
3. MAC address and station location information from this port will be
recorded by the bridge’s Learning Process.
4. The STP protocol entity includes the port in its computation of the active
topology.
Forwarding:
A port in Forwarding state can now perform the function of relaying
(forwarding) frames.
A port enters Forwarding state in only one condition:
The port enters this state from Learning state when the forward delay timer
expires. The following features are the behavior of a port in the Forwarding state:
1. Frames received from this port can be forwarded by the Bridge’s
Forwarding Process.
2. The port will forward frames for transmission.
3. Station location information from this port will be recorded by the
bridge’s Learning Process.
4. The STP protocol entity includes the port in its computation of the active
topology.
Publication date: September, 2004
Revision A1
60
Page 71
User Manual
Disabled:
A port in the Disabled state is a port whose MAC operational state is disabled
through the operation of management. The state can be entered from any other
state mentioned above by the operation of management. A port leaves this state
when MAC operational function is enabled manually.
The following features are the behavior of a port in the Disabled state:
1. Frames received from this port will be discarded.
2. The port will not forward any frames for transmission.
3. Station location information from this port will not be recorded by the
bridge’s Learning Process.
4. The STP protocol entity shall not include the port in its computation of
the active topology. BPDUs received from this port will not be
processed by STP protocol entity. The port will not transmit any BPDUs.
Fig. 3-10 STP port states transition
In Fig. 3-11, there are three units of bridge in a bridged LAN. If configure
them with the following settings:
Bridge 0 ---
BridgeID=32768 , MAC: 00.40.00.00.00.00
Port1 PortID=128 , 01 PathCost=10
Bridege 1---
BridgeID=32768 , MAC: 00.40.00.00.00.01
Port1 PortID=128 , 01 PathCost=15
Port2 PortID=128 , 02 PathCost=10
Port3 PortID=128 , 03 PathCost=10
Initialize
Blocking
Listening
Learning
Forwarding
Disabled
61
Publication date: September, 2004
Revision A1
Page 72
User Manual
A
Bridege 2---
BridgeID=32768 , MAC: 00.40.00.00.00.02
Port1 PortID=128 , 01 PathCost=5
Port2 PortID=128 , 02 PathCost=5
Port3 PortID=128 , 03 PathCost=25
We will find the fact as follows:
1. Bridge 0 is the root bridge of the bridged LAN. Its Root Path Cost is 0
because it itself is the root bridge.
2. Bridge 0 is the designated bridge of LAN A.
4. Bridge 1 is the designated bridge of LAN B, and its port 3 is the
designated port of LAN B.
5. Bridge 1 is the designated bridge of LAN C, and the designated port of
LAN C is port 2 of Bridge 1.
6. The root port of Bridge 1 is port 1, and the root port of Bridge 2 is port 2.
7. The port 1 and 3 of Bridge 2 will be blocked because they are neither
the root port nor the designated port. Therefore, a new network
topology without loop is come out.
Bridge 0, RPC=0
port1,
pc=10
LAN
LAN B LAN C
Port3
pc=25
Fig 3-11
Port3
pc=10
port1
pc=5
port1
pc=15
Bridge 1
RPC=15
Bridge 2
RPC=20
Port2
pc=10
Port2
pc=5
Publication date: September, 2004
Revision A1
62
Page 73
Another Example---Changing some STP settings of a Bridge. Now we
reconfigure the settings of Bridge 0 ~ Bridge 2 as follows:
Bridge 0 ---
BridgeID=32768 , MAC: 00.40.00.00.00.00
Port1 PortID=128 , 01 PathCost=10
Bridege 1---
BridgeID=32768 , MAC: 00.40.00.00.00.01
Port1 PortID=128 , 01 PathCost=40
Port2 PortID=128 , 02 PathCost=10
Port3 PortID=128 , 03 PathCost=10
Bridege 2---
BridgeID=32768 , MAC: 00.40.00.00.00.02
Port1 PortID=128 , 01 PathCost=5
Port2 PortID=112 , 02 PathCost=5
Port3 PortID=128 , 03 PathCost=25
User Manual
63
Publication date: September, 2004
Revision A1
Page 74
User Manual
We will find the tree topology is changed in Fig.3-12 as the parameters of
STP have changed.
1. Bridge 0 is still the root bridge of the bridged LAN, Its Root Path Cost is 0
because it itself is the root bridge.
2. The Designated Bridge of LAN A is Bridge 0.
3. The Designated Bridge of LAN B becomes Bridge 2, and the designated port is
port 1 of Bridge 2.
4. The Designated Bridge of LAN C becomes Bridge 2, and the designated port is
the port 2 of Bridge 2.
5. The root port of Bridge 1 becomes port 2. (Note!)
6. The root port of Bridge 2 becomes port 3.
7. Both port 1 and port 3 of Bridge 1 are blocked.
Note: When Bridge 1 is making a decision to choose its root port, it will think over
the following procedures.
1. Root path cost: port 1=40, port 2 = 35, port 3 = 35.
2. We choose port 2 & 3 as candidates. Because their designated bridge is bridge
2, so bridge 1 needs to compare their designated port ID (the port 1&2 of bridge
2). Because the port priority of the port 2 of bridge 2 is now 112, this leads the
port ID of port 2 is less than that of port 1 and also leads bridge 1 choosing its
port 2 as its root port.
With the examples above, we know we can change the spanning tree as the
one we need by configuring the parameters of STP. For example, minimizing the
bridge ID of the bridge with high throughput to have it to be the root bridge, we can
gain the best network performance in a bridged LAN.
Bridge 0, RPC=0
port1
pc=10
Bridge 1
RPC=35
Port3
pc=10
port1
pc=40
Port2
pc=10
Fig. 3-12
port1
pc=5
Port3
pc=25
Port2
pc=5
Bridge 2
RPC=25
Publication date: September, 2004
Revision A1
64
Page 75
User Manual
3-7. Virtual LAN
What is a VLAN?
It is a subset of a LAN. Before we discuss VLAN, we must understand what
LAN is. In general, a LAN is composed of different physical network segments
bridged by switches or bridges which attach to end stations in the same broadcast
domain. The traffic can reach any station on the same LAN. Beyond this domain,
the traffic cannot go without router’s help. This also implies that a LAN is limited. If
you need to communicate with the station outside the LAN, a router is needed
which always lies on the edge of the LAN.
For a layer 2 VLAN, it assumes it is a logical subset of a physical LAN
separated by specific rules such as tag, port, MAC address and so on. In other
words, they can communicate with each other between separated small physical
LANs within a LAN but can not be between any two separated logical LANs.
In the figure above, all stations are within the same broadcast domain. For
these stations, it is obviously that the traffic is getting congested while adding more
stations on it. With the more and more users joining the LAN, broadcast traffic will
rapidly decrease the performance of the network. Finally, the network may get down.
65
Fig. 3-13
Publication date: September, 2004
Revision A1
Page 76
User Manual
Fig. 3-14
Now we apply VLAN technology to configure the system shown as the figure
above. We can partition the users into the different logical networks which have their
own broadcast domain. The traffic will not disturb among these logical networks.
The users 1x (x denotes a ~ d) are members of VLAN 1. Any traffic within VLAN 1
does not flow to VLAN 2 and others. This helps us configure the network easily
according to the criteria needed, for example, financial, accounting, R&D and
whatever you think it necessary. You can also easily move a user to a different
location or join a new user somewhere in the building to VLAN. Without VLAN, it is
very hard to do. Basically, VLAN can afford offering at least 3 benefits: move and
change users, reduce broadcast traffic and increase performance, Security.
Besides, VLAN can highly reduce the traffic congestion and increase total
performance because there are no more too many users in the same broadcast
domain.
Publication date: September, 2004
Revision A1
66
Page 77
User Manual
There are many types of VLAN applied. Most popular is port-based VLAN,
tag-based VLAN and protocol-based VLAN.
Port-based VLAN
Some physical ports are configured as members of a VLAN. All stations
attached on these ports can communicate with each other.
Tag-based VLAN
It identifies the membership by VLAN ID, no matter where the packet
comes from. It is also referred to as 802.1Q VLAN.
Protocol-based VLAN
It identifies the VLAN membership by layer 3 protocol types, for example
IPX, Appletalk, IP, etc.
Other VLAN technologies not mentioned above are MAC-based VLAN, IPbased VLAN and so on.
Terminology
Tagged Frame:
A frame, carrying a tag field following the source MAC address, is four bytes
long and contains VLAN protocol ID and tag control information composed of user
priority, Canonical Format Indicator (CFI) and optional VLAN identifier (VID).
Normally, the maximal length of a tagged frame is 1522 bytes.
802.1Q VLAN-tagged Ethernet frame
6 6 2 2 2
DA SA
VLAN Protocol
ID
Tag Control
Information
Length
/Type
VLAN Protocol ID =
0x8100
User Priority CFI VLAN identifier
Fig.3-15 Tag Format
VLAN Protocol ID: 8100 is reserved for VLAN-tagged frame.
User Priority: 3 bits long. User priority is defined to 7 – 0. 0 is the lowest
priority.
CFI: Canonical Format Indicator. 1 bit long. It is used to encapsulate a
token ring packet to let it travel across the Ethernet. Usually, it is
set to 0.
VLAN ID: 12 bits long. 0 means no VLAN ID is present. 1 means default VLAN,
4095 reserved.
67
Publication date: September, 2004
Revision A1
Page 78
User Manual
VLAN-tagged frame:
An Ethernet frame, carrying VLAN tag field, contains VLAN identification
without the value of 0 and 4095, and priority information.
Priority-tagged frame:
An Ethernet frame, carrying VLAN tag field, contains VLAN identification with
the value of 0 and priority information.
Untagged frame:
An Ethernet frame carries no VLAN tag information.
VLAN Identifier:
Also referred to as VID. It is used to identify a member whether it belongs to
the VLAN group with the VID. The assignable number is 1- 4094. If VID=0, the
tagged frame is a priority packet. Both the value of 0 and 4095 also cannot be
assigned in VLAN management.
Port VLAN Identifier:
VLAN identifier of a port. It also can be referred to as PVID. When an
untagged frame or a priority-tagged frame is received, the frame will be inserted the
PVID of that port in the VLAN tag field. The frame with VID assigned by a port is
called PVID. Each port can only be assigned a PVID. The default value for PVID is
1, the same as VID.
Ingress filtering:
The process to check a received packet and compare its VID to the VLAN
membership of the ingress port. The ingress filtering can be set by per port. When
receiving a packet, VLAN bridge examines if the VID in the frame’s header presents.
If the VID of the received packet presents, the VID of the packet is used. And
VLAN bridge will check its MAC address table to see if the destination ports are
members of the same VLAN. If both are members of the tagged VLAN, then the
packet will be forwarded.
If the packet is an untagged or a null tag packet, the ingress port’s PVID is
applied to the packet. VLAN bridge will then look up the MAC address table and
determine to which ports the packet should be forwarded. Next, it will check to see if
the destination ports belong to the same VLAN with that PVID. If the destination
ports are members of the VLAN used by ingress port, the packet will be forwarded.
Note: VID can not be 0 or 4095.
Publication date: September, 2004
Revision A1
68
Page 79
User Manual
Ingress Rule:
Each packet received by a VLAN-aware bridge will be classified to a VLAN.
The classification rule is described as follows.
1. If the VID of the packet is null VID (VID=0)or this packet is an untagged packet:
a. If there are still some other ways(e.g. protocol, MAC address, application,
IP-subnet, etc.) to classify the incoming packets beside port-based
classification in implement and these approaches can offer non-zero VID,
then, use the value of VID offered by other classifications for VLAN’s
classification.
b. If there is only port-based classification in implement or other classification
approaches cannot offer non-zero VID for the incoming packets, then
assign the PVID to the incoming packets as VID for the classification of
the VLAN group.
2. If the VID is not a null VID (VID≠0), then use the value to classify the VLAN group.
Egress Rule:
An egress list is used to make the tagging and forwarding decision on an
outgoing port. It specifies the VLANs whose packets can be transmitted out and
specifies if the packet should be tagged or not. It can be configured for port’s VLAN
membership, and tagged or untagged for a transmitted packet. When a packet is
transmitted out, the VLAN bridge checks the port’s egress list. If the VLAN of the
packet is on the egress list of the port on which the packet transmits out, the packet
will be transmitted with the priority accordingly. If enabled, an egress port will
transmit out a tagged packet if the port is connected to a 802.1Q-compliant device.
If an egress port is connected to a non-802.1Q device or an end station, VLAN
bridge must transmit out an untagged packet, i.e. the tag has been stripped off in an
egress port. Egress rule can be set by per port.
Independent VLAN Learning (IVL):
It specifies the mode how to learn MAC address. For a specified VLAN, it will
use an independent filtering database (FID) to learn or look up the membership
information of the VLAN and decide where to go.
Shared VLAN Learning (SVL):
It specifies the mode how to learn MAC address. In this mode, some VLAN
or all VLANs use the same filtering database storing the membership information of
the VLAN to learn or look up the membership information of the VLAN. In the switch,
you can choose a VID for sharing filtering database in Shared VID field if you wish
to use the existed filtering database. For a specified VLAN, when a MAC address is
learned by a switch, VLAN will use this formation to make forwarding decision.
Filtering Database:
Referred to as FID. It can provide the information where the packet will be
sent to. Filtering database will supply the outgoing port according to the request
from forwarding process with VID and DA. When a packet is received, if it has a
non-zero VID, then FID will offer the associated outgoing ports information to the
packet.
In SVL, VLANs use the same Filtering Database. In IVL, VLANs use different
FIDs. Any VID can be assigned to the same FID by administrator.
Publication date: September, 2004
Revision A1
69
Page 80
User Manual
How does a Tagged VLAN work?
If the ingress filtering is enabled and when a packet is received, VLAN bridge
will first check if the VID of the packet presents.
1). If the packet has a non-zero VID, VLAN bridge will apply this VID as the VLAN
ID of the packet in the network.
2). For a packet with null tag or no VLAN tag, if VLAN bridge provides rules to
decide its VID, then apply this VID to the packet.
If VLAN bridge does not support any rule for VID, then apply the PVID of the
port to the packet which came from that port. VLAN bridge checks to see if the
ingress port and the received packet are on the same VLAN. If not, drops it. If yes,
forwards it to the associated ports. Meanwhile, this VLAN must be applied to the
egress port, or the packet will be dropped.
If ingress filtering is disabled, VLAN bridge will only check the MAC address
table to see if the destination VLAN exists. If VLAN does not exist, then drop the
packet, and if both DA and VLAN do not exist, forwards the packet. If just knows
VLAN existed, then floods the packet to all the ports the VLAN covers.
If we plan to deploy four VLANs in an office and use a switch to partition
them, we should check which ports belong to which VLAN first. Assuming a 24-port
switch is applied.
Name VID Port Members
Marketing 2 1,2,3,4,5
Service 3 6,7,20,21,22
Sales 4 8,9,10,11,12,13,14,15,16
Administration 1 17,18,19,23,24
Table 3-10
Next, assigns IP address to each VLAN. Usually, we use 10.x.x.x as internal
IP block. Because there are total four VLANs in the network, we must assign 4 IP
blocks to each of them.
Name VID Network Address
Marketing 2 10.1.2.0/24
Service 3 10.1.3.0/24
Sales 4 10.1.4.0/24
Administration 1 10.1.1.0/24
Table 3-11
Here we apply the subnet mask 255.255.255, and each VLAN is capable of
supporting 254 nodes.
Why apply GVRP?
Static VLAN is hard to configure and manage, especially, in a large network
because it cannot automatically update VLANs’ the memberships of the switches in
the network. A dynamic VLAN standard is introduced and specified by IEEE 802.1Q
applying the GARP VLAN Registration Protocol (GVRP) to help manage VLANs.
Publication date: September, 2004
Revision A1
70
Page 81
User Manual
3-8. GARP VLAN Registration Protocol (GVRP)
GVRP is an application based on Generic Attribute Registration Protocol
(GARP), mainly used to automatically maintain the group membership information
of the VLANs, and thus save time and troubles. If switches in the network do not
support GVRP, administrator has to reconfigure these switches when change is
needed. But if switches support GVRP, then you just have to reconfigure one of the
switches; the rest ones with GVRP will also exchange the information to let the
VLANs operate well. Therefore, you must carefully and correctly configure VLANs.
GVRP can only work in tag-based VLAN network. For example,
the condition with no GVRP, if administrator wishes to have the port 1 of switch A
(A1) communicate with D2, in which both are on the VLAN with VID=64 (VLAN 64),
he must configure each switch one by one through each switch’s interface, to let A2,
B1, B2, C1, C2 and D1 being the members of the VLAN 64. Once configuration is
ok, A2 and D1 can communicate with each other in the VID=64 VLAN.
1 A 2
Here is a simple example, for given four 2-port switch A, B, C and D. Under
1 B 2
Fig.3-16 Four 2-port Switches
1 C 2
1 D 2
This is a very simple case. Usually, administrator faces numerous of switch
with, maybe, 24 ports or 48 ports. If there are 50 units of 24-port switch and 32
active VLAN existed in the network, administrator will not be able to manage it
without GVRP if tagged VLAN is applied. Because it may have the VLAN failed
owing to just a wrong setting in one of the switches.
If we apply GVRP to the network, troubles are gone. For the example above,
administrator just needs to configure the members of the VLAN 64, A1 and D2. The
rest will be automatically completed by GVRP. When administrator configures A1, a
member of VLAN 64, GVRP will send a GVRP BPDU to its neighbor, switch B, and
tell B1 there is a member of VLAN 64 from A2. Because B1 is connected to A2, so
B1 adds VLAN 64 to its ingress list. In turn, BPDU will finally reach to D1, D1 adds
VLAN 64 to its ingress list.
On the opposed way, D2 also sends a GVRP BPDU to its neighbor, switch C,
and tells C2 there is a VLAN 64 from D1, C2 adds the VLAN 64 to its ingress list,
hence, ingress list and egress list now have VLAN 64 information. In turn, switch A,
B, C, and D have VLAN 64 in their ingress list and egress list. This finishes the
setup of a VLAN path between A1 and D2. Now the switches on the path can start
talking with each other. Please note that GVRP will periodically issue a joined BPDU
to declare it is alive.
71
Publication date: September, 2004
Revision A1
Page 82
User Manual
Generic Attribute Registration Protocol (GARP)
This section will give you an overview of Generic Attribute Registration
Protocol (GARP). GARP provides a generic framework to serve the devices,
switches or end station, to register and de-register attribute values through GARP
Information Propagation (GIP), with each other, as well as defines operation rule
and variables. It is primarily used to maintain some information on ports among
switches. As to what is the information, it depends on the application. So far, there
are two applications, GVRP and GMRP (GARP Multicast Registration Protocol)
based on GARP. In GVRP application, the information is the VLAN ID. In GMRP
application, the information is the membership of a multicast group.
Supporting GARP, we can add or delete the port’s attributed information of a
switch. For GVRP, it means we can add or delete a port’s membership of a VLAN.
The following diagram shows the flow of GARP and explains what and how.
Each application based on GARP is associated with the mechanism of
GARP Information Propagation (GIP) and every port is associated with the
mechanism of GARP Information Declaration (GID). A GARP participant has three
major parts with it, GARP application component, GVRP and GMRP so far, GID and
GIP. GID is responsible for the registration and deletion of the attributes of the port it
associated as well as receiving and sending a GARP BPDU. When GID updates the
attributed information, it uses Applicant State Machine and Registrar State Machine
to complete the job. Applicant is used to receive and send BPDU, and Registrar is
used to maintain the registrar information state. Another state machine, LeaveAll, is
responsible for deleting the timeout information. GIP is engaged in the mechanism
to keep communicating among the port GID of a switch. Information propagated
between participants is to utilize layer 2 frame with LLC type 1 service. For more
information, please refer to IEEE 802.1Q specification.
Fig. 3-17 GVRP Application Architecture
GVRP GVRP
Port1GID
Publication date: September, 2004
Revision A1
GVRP PDU
GIP
Switch
72
Port2 GID
GVRP PDU
Page 83
User Manual
GVRP BPDU Format
DA LLC 2 bytes 1 byte 4 bytes
GID
Attribute 1
Applicant
Registrar
Attribute N
Attribute …
Applicant
Registrar
Applicant
Registrar
Fig.3-18 GID Architecture
JoinTimer
LeaveTimer
LeaveAllTimer
01-80-c2-00-
00-21
SA
length
DSAP
0x42
SSAP
0x42
Ctl
0x03
Protocol
ID
=0x0001
Message
1
…… Message
1 byte Attribute Type
0x01 = VLAN Identifier Attribute List
Attribute ……….. Attribute n End market=0x00
1 byte 1 byte 2 bytes
Attribute Length Attribute Event Attribute Value
12 bits
VLAN identifier
Fig.3-19
End
Marker
= 0x00
FCS
73
Publication date: September, 2004
Revision A1
Page 84
User Manual
The first byte of Attribute Type is 0x01, attribute message describes VLAN.
DA 01-80-c2-00-00-21 is reserved for GVRP.
DSAP:SSAP=0x4242 pair means Spanning tree protocol.
Protocol ID 0x0001 is reserved for GARP.
Attribute Length: it is defined by the type of Attribute Event. If Attribute Event is
LeaveAll, Attribute Length equals 2. The rest equals 4.
Attribute Event: see section of GVRP information.
Attribute Value = VID
Here is an example of GVRP BPDU with JoinIn event for VID=64.
0180C2000021 000000000002 000C 42 42 03 0001 01 04 02 0040 00 00
04: Length
02: JoinIn
0040: VID 64
GVRP Information
Attribute Event code:
The GVRP BPDU issued by GID may contain one of the following six types
of information. Here we use VID=64 to explain these information.
1: JoinEmpty
When GID issues this type of message, it means that the port issuing the
message has not yet joined the VLAN 64 group but now is telling its link partner
(LP) it want to join the VLAN 64 group. The LP receiving this message will also
join this VLAN 64 group.
2: JoinIn
When GID issues this type of message, it means that the port issuing this
message has joined the VLAN 64 group but is telling its LP. LP will join this VLAN
64 group after receiving the message.
3 and 4: LeaveEmpty and LeaveIn
When GID issues one of these two types of message, it means the port receiving
this message is going to leave the VLAN 64 group. If its LP wishes to keep
staying at the VLAN 64 group, the LP needs to send either the message of JoinIn
or JoinEmpty back to the port.
5: Empty
When GID issues this type of message, it means that GID is polling its LP if it has
joined the VLAN 64 group. If the LP has been in the VLAN 64 group already, it
will send the message of either JoinIn or JoinEmpty back to the port.
Publication date: September, 2004
Revision A1
74
Page 85
User Manual
0: LeaveAll
When GID issues this type of message, it means that GID is collecting garbage.
This implies the port issuing the message is going to leave all VLAN groups. If its
LP wishes it not to leave a specified VLAN group, the LP has to issue the
message of either JoinIn or JoinEmpty with the VID of the specified VLAN to the
port.
Administrative Controls
We can configure Applicant, Registrar and Timer to let them do as we are
expecting. The configurable parameters are as follows:
Applicant:
Normal participant: It will do the actions as GARP sets and exchange
GARP BPDU with other device.
Non-participant: It will do the actions as GARP sets but not send any
GARP BPDU.
Registrar:
Normal Registration: In this mode, Registrar will perform the function as
GARP sets.
Registration Fixed: In this mode, no matter what GARP message it
receives, the attribute will keep registered status.
Registration Forbidden: No matter what GARP message it receives, the
attribute will keep unregistered status.
Timer:
Each GID has three timers, and their definition and default values are
described as follows:
JoinTimer:
It keeps on running. Every time interval is random and ranges from 0 –
JoinTime. The default value of JoinTime is 20 centiseconds. Once the
timer is up, and if the GID happens to send a BPDU, it will be sent.
LeaveTimer:
When an attribute is changing from registered status to unregistered
status, it will start the timer with LeaveTime time interval. Default is 60
centiseconds. When timeout, if the attribute still keeps the status which
needs to be changed to unregistered status, it will have the status
change done.
LeaveAllTimer:
It keeps on running. Every time interval is random and ranges from
LeaveAllTime to 1.5*LeaveAllTime. The default of LeaveAllTime is 1000
centiseconds. When timeout, it will issue a LeaveAll message.
Publication date: September, 2004
Revision A1
75
Page 86
User Manual
3-9. Link Aggregation
Basically, Link Aggregation is to aggregate the bandwidth of more than one
port to an assigned logical link. This highly increases total bandwidth to the targeted
device. There is more than one Link Aggregation technology in many vendors’
switch products already, which may cause the problem of interoperability. This is the
reason why now we have 802.3ad Link Aggregation Control Protocol (LACP).
Why 802.3ad (LACP)?
Network is varying. For example, if a port malfunctioned or unplugged
accidentally in a static trunk port, administrator has to reconfigure it, or the network
will get trouble. Therefore, offering a tool with automatic recovery capability is
necessary for an administrator. LACP is a protocol that allows a switch able to know
whether its partner has the capability to co-setup a trunk between them.
Usually, if administrator wishes to increase the bandwidth of a specific link,
he may:
1. Buy new network equipments with higher throughput, or
2. Aggregate the bandwidth of more than one port to a logical link.
If the item 1 is the case, you will pay much more cost beyond your budget,
and the solution caused by the limitation of hardware performance may not be
scalable.
If the item 2 is the case, now you do not have to pay much more extra cost
and can keep flexible according to the demand of bandwidth because all
equipments are there already. And what’s more, you can avoid worrying about the
interoperability issue. Applying LACP in your network, you will not only gain benefits
below to improve the performance of your network but also have these investments
usable to future new products.
1. Public standardized specification
2. No interoperability issue
3. No change to IEEE 802.3 frame format, no change in software and
management.
4. Increased bandwidth and availability
5. Load sharing and redundancy
6. Automatic configuration
7. Rapid configuration and reconfiguration
8. Deterministic behavior
9. Low risk of duplication or mis-ordering
10. Support existing IEEE 802.3 MAC Clients
11. Backwards compatibility with aggregation-unaware devices
There are also some constraints when applying LACP.
1. LACP does not support inter-switch bandwidth aggregation.
2. The ports aggregated must operate in full-duplex mode.
3. The ports in the same Link Aggregation Group must have the same
speed, for example, all with 100Mbps or all 1000Mbps. You cannot
aggregate a 1000Mbps and two 100Mbps for a 1.2Gbps trunk port.
Publication date: September, 2004
Revision A1
76
Page 87
User Manual
Terminology
Link Aggregation:
It is a method to have multiple physical links with the same media and speed
bundled to be a logical link forming a Link Aggregation Group with a group ID. With
the viewpoint of MAC client, each Link Aggregation Group is an independent link.
There are three cases of link used in the network, which are switch to switch,
switch to station and station to station. Here station may be a host or a router.
Link Aggregation, called port trunking sometimes, has two types of link
configuration, including static port trunk and dynamic port trunk.
Static Port Trunk:
When physical links are changed, administrator needs to manually
configure the switches one by one.
Dynamic Port Trunk:
When physical links are changed, LACP takes over and automatically
reconfigure. Administrator does not have to do anything and may see the
trap message of LACP changed in NMS.
Fig. 3-20 Example of Link Aggregation Application
Publication date: September, 2004
77
Revision A1
Page 88
User Manual
What is LACP?
By IEEE 802.3ad’s definition shown in Fig. 3-21, Link Aggregation is sublayer between MAC client and MAC entity. It obviously shows that it connects to
multiple MACs. This means it provides a single interface to MAC client. When
multiple MACs are applied to LACP sub-layer, these ports are aggregated.
Fig. 3-21
In this section, we will describe the parameters used in Link Aggregation sublayer. The following is Link Aggregation sub-layer block diagram.
MAC Client
MACs
Publication date: September, 2004
Revision A1
78
Page 89
User Manual
Frame Distribution:
This function is responsible for forwarding the frame received from MAC
client to the destination port.
Frame Collection:
This function is responsible for collecting the frames received from different
MACs and transferring to MAC client.
Aggregator:
It performs the function of Frame Distribution, Frame Collection, and
Aggregator Parser/Multiplexers.
Aggregator Parser/Multiplexers:
When transmitting, the function is responsible for passing the frames
transmission request issued by Distributor, Marker Distributor and Maker Responder
to the appropriate port.
When receiving, the function is responsible for parsing the PDUs issued by
Marker and MAC client and transferring them to Marker responder, Marker receiver
and Collector.
Aggregator Control:
It is responsible for configuring and controlling Link Aggregation.
Control Parser/Multiplexers:
On transmit, it is simply responsible for passing the transmission request to
the appropriate port. On receive, it tells LACP PDU from frames and passes it to the
appropriate sub-layer entity. All other frames are passed to the Aggregator.
LACP Mode:
There are two LACP operation modes. One is Active LACP which will actively
send LACP PDU periodically to initiate negotiation to form an aggregate link; the
other is Passive LACP which will not issue a LACP PDU to initiate negotiation.
When receiving a LACP PDU, it will reply to the received LACP PDU to form an
aggregate link.
How does a LACP work?
LACP exchanges and parses the fields’ information, including system ID, port
ID and key, of LACP PDU to know if the other site has capability to form an
aggregate link.
79
Publication date: September, 2004
Revision A1
Page 90
User Manual
System ID:
Each network device has its own unique system id composed of MAC
address and priority. Aggregation can be created only among links when connected
to the same system. If a physical link of a LACP group is connected to one device,
and a physical link is connected to another device, this will have the trunk stopped
and LACP will have these ports to be individual normal single port.
Port ID: Port ID is composed of port number and port priority.
Key: The key here means that the ability of one port to aggregate with
another is summarized by a simple integer parameter. The key value is determined
by the following factors.
a) The port’s physical characteristics, such as data rate, duplexity, point-to-
point or shared medium.
b) Configuration constraints are established by the network administrator.
c) Use of the port by higher layer protocols (e.g. assignment of Network
Layer addresses).
d) Characteristics or limitations of the port implementation itself.
Operational key and administrative key are two types of key used in LACP.
Both associate with one port. The operational key is the key currently in use for
forming an aggregate link. The administrative key is used to manipulate key values
by management. LACP will use these three factors to determine if both parties can
form an aggregate link. The following illustration shows the example how they
decide.
Port 1
Port 2
Port 3
Switch A
Switch A Switch B
MAC Address
System Priority
Key
Port Number
Port Priority
System ID
Port ID
Publication date: September, 2004
Revision A1
00-40-C7-12-34-56 00-40-C7-11-22-33
Port 1,Port 2,Port 3 Port 4,Port 5,Port 6
{00-40-C7-12-34-56, 32768} {00-40-C7-11-22-33, 32768}
Port 4
Port 5
Port 6
Switch B
32768 32768
1 1
1 2
{1,1},{2,1},{3,1} {4,2},{5,2},{6,2}
Table 3-12
80
Fig.3-22
Page 91
User Manual
After exchanging LACP PDU between switch A and switch B, switch A will
contain the capability information of switch B, and vice versa. The ports 1&2&3 of
switch A have their own Link Aggregation Group ID (LAG ID) comprising Actor’s
system ID, Actor’s port ID, Partner’s system ID and Partner’s port ID. Ports 1&2&3
of switch A have the same LAG ID, so LACP identifies them a trunking group.
LACP PDU Format
LACP PDU contains two major parts: the actor itself and its partner. Both of
them are described below.
Field name Octets Description
Destination Address 6 Slow Protocol Multicast Address (01-80-c2-00-
00-02). Fixed.
Source Address 6 MAC Address
Length/Type 2 Always use Type in LACPDUs
Subtype = LACP 1 Subtype value of LACPDUs is0x01
Version Number 1 Current LACP version=0x01
TLV_type=Actor information 1 0x01 means an Actor type information
Acotr_Information_Length 1
Acotr_System_Priority 2 Actor’s system priority
This field indicates the length of this TLV-tuple.
Actor information uses 0x14 bytes long.
Actor_System 6 Actor’s MAC Address
Actor_Key 2 The operational Key assigned to the port
Actor_Port_Priority 2 The port priority assigned to the port
Actor_Port 2 The port number assigned to the port.
Actor_State 1 See below for details
Reserved 3
TLV_type=Partner
0x02 means an Partner type information
1
Information
Partner_Information_Length 1
This field indicates the length of this TLV-tuple.
Partner information uses 0x14 bytes long.
Partner_System_Priority 2 Partner’s system priority
Partner_System 6 Partner’s MAC Address
Partner_Key 2 The operational Key assigned to the port
Partner_Port_Priority 2 The port priority assigned to the port
Partner_Port 2 The port number assigned to the port.
Partner_State 1 See table below for details
81
Publication date: September, 2004
Revision A1
Page 92
User Manual
g
Reserved 3
TLV_type=Collector
Information 0x03
Collector_Information_Length
= 16
CollectorMaxDelay 2 The value of CollectorMaxDelay of the
Reserved 12
TLV_type = Terminator 0x00 1
Terminator_Length = 0 1 This field indicates the length of this TLV-
Reserved 50
FCS 4 Frame check sequence
Table 3-13 LACP PDU Format
The state variables table of Actor and Partner:
Bit 0 LACP_Activity
Bit 1 LACP_Timeout
Bit 2 Aggregation
Bit 3 Synchronization
Bit 4 Collecting
Bit 5 Distributing
Bit 6 Defaulted
Bit 7 Expired
0x03 means an Collector type information
1
This field indicates the length of this TLV-tuple.
1
Partner information uses 0x10 bytes long.
station transmittin
0x00 means an terminator type information
the LACPDU
tuple. Terminator uses 0 byte of length.
Table3-14
1. LACP_Activity
1: Active LACP , 0: Passive LACP
2. LACP_Timeout
1: Short timeout , 0: Long timeout
3. Aggregation
1: The link can be aggregated, 0:The link is an individual link.
4. Synchronization
1: The link has been allocated to the correct Link Aggregation Group.
0: The link has not been allocated to the correct Link Aggregation Group.
5. Collecting
1: Frame Collector is on working, 0: Frame Collector is on working, i.e. idle.
6. Distributing
1: Frame Distributor is on working, 0: Frame Distributor is idle.
7. Defaulted
1: The operational value of partner’s information is using administrative value.
0: The operational value of partner’s information is using the value from
LACP PDU which was received before.
Publication date: September, 2004
Revision A1
82
Page 93
User Manual
8. Expired
1: Actor’s Receive machine is in the EXPIRED state, 0: Actor’s Receive
machine is not in the EXPIRED state. The received values of Defaulted and
Expired state are not used by LACP.
83
Publication date: September, 2004
Revision A1
Page 94
User Manual
3-10. IGMP Snooping
The function IGMP snooping is used to establish the multicast groups to
forward the multicast packet to the member ports, and, in nature, avoid wasting the
bandwidth while IP multicast packets are running over the network. The reason is
that a switch that does not support IGMP or IGMP snooping unable to distinguish
multicast packet from broadcast packet, so it can only treat them all as broadcast
packets. Without IGMP snooping, the IP multicast packet is plain and nothing
different from broadcast packet.
A switch supported IGMP snooping with the function of query, report and
leave. A type of packet exchanged between IP multicast router/switch and IP
multicast host can update the information of the multicast table when a member
(port) joins or leaves an IP multicast destination address. With this function, once a
switch receives an IP multicast packet, it will forward the packet to the members
who joined to a specified IP multicast group before.
For example, in Fig. 3-23, a Host A will not receive the multicast packet
belonging to Group X from service provider if it did not join the multicast Group X.
When a multicast packet reaches the switch, the switch will check the IP multicast
table to decide to forward the packet to which ports. Host A does not join to be a
member of Group X, and the packet will not be forwarded to the port connected with
the Host A. Host B can receive the multicast traffic because it has issued Join
Request for Group X already. With the IP multicast and IGMP, it is obviously to have
the network performance and the efficiency of communication greatly improved
when the network is getting large.
Outbound Multicast
packet for Group X
Service
Provider
IGMP enabled
Switch
Host
A
No Join Request for
Group X
Join Request for
Group X
Host
B
Fig. 3-23 IGMP Operation
The switch supports IP multicast IGMP snooping, you can enable IGMP
protocol on web or console (Configuration/Network Management/IGMP Snooping)
to monitor the IGMP snooping information. You can view the multicast member list
with the IP address, VID and member port.
Publication date: September, 2004
Revision A1
84
Page 95
User Manual
A
A
Terminology
Internet Group Multicast Protocol (IGMP):
IGMP is a protocol at layer 3, dedicatedly serving the setup and maintenance
of the membership as well as the forwarding of the multicast traffic. A network
device can register its membership to a router or switch to be the member of the
multicast group(s). After becoming a member of a multicast group, the device, then,
can receive the multicast packet from a specified multicast group. For more detailed
information, please refer to RFC 1112 and RFC 2236.
There are three types of service functions in IGMP, including Membership
Report Message, Membership Query Message and Leave Group Message. For
your better understanding, we explain some terminologies below.
Message Description
Query
Report
Leave Group
A query message sent from querier (IGMP router or switch)
queries for response from each host within the same multicast
group.
report message sent by a host to the querier indicates that
the host wants to be or is a member of a given group indicated
in the report message.
message sent by a host to the querier indicates that the host
has quit being a member of a specific multicast group.
Table 3-15
Membership Report Message:
If there is a new host(s) needed to join the multicast group, a membership
report message issued by a host will be used to join a specified multicast group with
the carried information. When an IGMP router or switch receives the membership
report message to join the specified multicast group, the router will add this
specified multicast group to its multicast routing table and will forward the
corresponding multicast traffic to the group.
Membership Query Message:
A membership query message is issued by a router every a specified time
interval to identify if the port(s) of the multicast group(s) still stays there to receive
the multicast traffic. When a host receives a membership query message, it will
reply a membership report message to the router if it would like to keep receiving
the multicast traffic or some new hosts are meant to join groups.
85
Publication date: September, 2004
Revision A1
Page 96
User Manual
Leave Group Message:
This is a message to have a port leaved a specified multicast group and no
association exists between the port and the multicast group.
In IGMP version 1, there is no “Leave” mechanism. In that situation, the
member who wants to leave the group, the only way is to keep silence and ignore
the query. Because a host does not respond when queried, the switch will remove
the member port the host connected from the specified group.
In version 2, the host can send an IGMP Leave Message to the switch which
will remove the member port the host connected from the group the host used to
belong to.
Multicast IP Address:
Multicast IP address block is the class D address ranging from 224.0.0.0 to
239.255.255.255. These addresses can be referred to as Multicast Group Address
(GA), also called Destination IP address. For each GA, there is an associated MAC
address. This GA MAC address is formed by 01:00:5E:XX:XX:XX, followed by the
latest 23 bits of the GA multicast IP address in hex, shown in the Fig. 3-24.
For Example: Destination IP Address 224.1.2.3 is corresponding to MAC
address 01:00:5E:01:02:03 and Destination IP Address 239.255.255.255 is
corresponding to MAC address 01:00:5E:FF:FF:FF.
Bits 0 1 2 3 4 5 6 7 8 9 15 16 23 24 31
Class D IP Address
224 unused
1110
The lower order 23
bits are copied to the
MAC responded bits
01 00 5E bit 26 48
0000 0001 0000 0000 11011110 0
Ethernet MAC Address
Fig. 3-24
IGMP snooping uses the multicast technique to make communication. Its
Destination MAC address is quite different from the ones for uni-cast frame. From
the view of the frame format, it looks a little different from Destination MAC address
(DA). Refer to Fig. 3-22 for more details.
Publication date: September, 2004
Revision A1
86
Page 97
User Manual
In Layer 2 frames:
• Source MAC address: MAC address of the host
• Destination MAC address: MAC address for the 32-bit group address
(class D IP address). It looks like 01:00:5E:XX:XX:XX
Layer 3 packet:
• Source IP address: IP address of the host
• Destination IP address: from 224.0.0.0 to 239.255.255.255
How does IGMP work?
As mentioned before, IGMP maintains the database of the membership of
the groups, this implies the join/report, query and leave of a member.
Join a Multicast Group
When a host would like to join a multicast group, it will send an IGMP report
message to a router, in which the message specifies the multicast group address it
wants to join. On the path toward the targeted router, if this packet touches an IGMP
snooping switch, the switch will parse the content of this packet.
If the targeted multicast group already existed in the switch, the switch
associates the port the host connected to the member list of the targeted multicast
group.
If the targeted multicast group does not exist in the switch, the switch will add
a new multicast group and associates its multicast group address with the related
port. Again, the switch receives a multicast packet, the packet will be immediately
forwarded to the ports associated with the specified multicast group address.
If multicast packets have no specific recipients and if this is the case, then
they will be treated as broadcast packets.
Leave a Multicast Group
It is different to leave a Multicast Group in IGMP v1 and v2. In anytime, a
host, only supported IGMP v1, would like to leave the multicast group it belongs to;
it can keep silence and make no response to the IGMP query request. This is
because no quit message can tell the target router via IGMP v1 protocol.
IGMP multicast router will query every a specified time interval the member
ports associated with groups in the router to identify if these member ports still wish
to receive the multicast traffic. The traffic will run on the internet and be transferred
to an IGMP snooping switch. This switch will forward the packet to the associated
ports connected to the host. If this switch does not receive the reply from host,
IGMP snooping in the switch does nothing, but in an IGMP router, it may remove
the membership of the host.
87
Publication date: September, 2004
Revision A1
Page 98
User Manual
In IGMP version 2, if a host would not like to receive the multicast traffic any
more, it can issue an IGMP Leave Message. The switch supporting IGMP v2 will
remove the association of the specified ports and the specified group.
IGMP PDU
IGMP version 1 (RFC 1112) messages are transmitted with the following
format.
0 3 4 7 8 15 16 31
Version Type Unused Checksum
32-bit group address
IGMP v1 Format
Version: Code Version = 1, a 4-bit long field.
Type: There are 2 types of IGMP messages
1 = Host Membership Query
2 = Host Membership Report
Group Address: Multicast Group Address, a 32-bit long class D IP address
IGMP version 2 (RFC 2236) messages are transmitted with the following
format.
The version 2 is backward compatible with the version 1.
0 3 4 7 8 15 16 31
Type MRT Checksum
32-bit group address
IGMP v2 Format
Type: 8 bits long. There are 4 types of IGMP messages defined:
0x11 = Membership Query
- General Query, used to learn which groups have members on an
attached network.
- Group-Specific Query, used to learn if a particular group has any
members on an attached network.
0x12 = Version 1 Membership Report
0x16 = Version 2 Membership Report
0x17 = Leave Group
Publication date: September, 2004
Revision A1
88
Page 99
User Manual
MRT: Maximum Response Time
This field makes response only to the membership query messages. The
sender must assign a value in unit of one-tenth second to this field for the receiver’s
longest response time. When a host receives a membership query message, it must
reply a membership report message within MRT. For any other message type, this
field is always 0. The default is 10 seconds.
IGMP Snooping Mode
There are two types of IGMP snooping mode, including Active mode and
Passive mode. In Active mode, IGMP snooping switch will periodically issue the
membership query message to all hosts attached to it and gather the membership
report message to update the database of the multicast table. By the way, this also
reduces the unnecessary multicast traffic.
In Passive snooping mode, the IGMP snooping will not periodically poll the
hosts in the groups. The switch will send a membership query message to all hosts
only when it has received a membership query message from a router.
3-11. Dynamic Host Configuration Protocol (DHCP)
DHCP is applied to get an IP address from DHCP server and set it as that of
the request itself. This facilitates administrator to manage and configure IP
addresses in a large network.
DHCP is a client-server application. All IP addresses are centralized at DHCP
server which monitors and receives client’s request and is responsible for assigning
IPs to clients. DHCP client uses broadcast to find DHCP server and get an IP, which
is used to configure its IP setting automatically. Actually, this is similar to the concept
of lease in dynamic allocation mode. Because once a station is powered off, it must
release the IP it occupied for other stations’ use.
IP address allocation from DHCP
Three ways are provided by DHCP server to assign IP addresses:
Automatic Allocation:
In this mode, once DHCP client first time gets an IP address from DHCP
server, the client will occupy this address forever and never change.
Dynamic Allocation:
In this mode, client leases an IP address for use temporarily. Once it is
powered off or the time is due. It must release this IP address. It also
provides the client to renew the lease to use the same IP address the
last time the client used in prior to other. The typical lease time is 1- 30
days.
Manual Allocation:
A client’s IP address is assigned by the network administrator, and DHCP
is used simply to convey the assigned address to the client.
89
Publication date: September, 2004
Revision A1
Page 100
User Manual
It is obviously that Dynamic allocation is much more flexible than Automatic
allocation, especially when there are not enough IP addresses to be used in a
network. Besides dynamically allocating IP addresses, DHCP can reserve some
addresses for specified devices. It can also assign IP addresses by the ranking of
MAC address. Meanwhile, DHCP can also assign default router, netmask, DNS
server and so on to DHCP client. All you have to do is enable DHCP as you are
working on a client.
How does DCHP work?
When the device is the first time to login the network, it will do:
1. Find DHCP server
When DHCP client logins the network at the first time, it will broadcast a
DHCPDISCOVER packet. Because the client has not yet known where it locates,
the source IP address is set “0.0.0.0”, and destination IP address is set
“255.255.255.255” and appended a DHCPDISCOVER message. There are many
information fields in the packet, but the most important one is the IP address of the
DCHP client.
The client begins in INIT state and forms a DHCPDISCOVER message. The
client SHOULD wait a random time between one and ten seconds to desynchronize
the use of DHCP at startup. If DCHP client gets no response yet, it will show an
error message to claim it failed to get an IP address from DHCP server. If the switch
fails to get an IP address from DHCP server, it will automatically apply the IP
address of working configuration previously configured.
2. Server offers a leased IP address
Once receiving DHCP client’s DHCPDISCOVER packet, DHCP server will
choose an IP listed at the top of the available IP pool and its related TCP/IP setting
to send back to client via broadcasting a DHCPOFFER packet.
Because DHCP client has no IP yet at the beginning, the allocated IP in the
DHCPOFFER will not reach it. Fortunately, there is a DHCP client MAC address in
the DHCPDISCOVER packet, this leads DHCPOFFER packet to reach DHCP client.
The DHCPOFFER packet echoed to DHCP client uses the request information in
DHCPDISCOVER packet accordingly, in which it will contain a lease with the due
date.
Client accepts a leased IP address
If DHCP client receives more than one echo from DHCP servers, it will
choose only one of them, usually, the one received earliest, and send a
Dhcprequest via broadcasting. It tells all DHCP servers which one’s IP address will
be accepted in the network. Meanwhile, DHCP client issues an ARP packet to poll if
any other station has occupied that address. If yes, DHCP client will send DHCP
server a Dhcpdecline to decline the offer by Dhcpoffer, and re-issue a Dhcpdiscover
packet.
Publication date: September, 2004
Revision A1
90
Loading...