How it Works
ELTEX
Loading...
MES2000
Operation Manual
231 pgs4.36 Mb0

ELTEX MES1000, MES2000 Operation Manual

Download
L2 Fast Ethernet and Gigabit Ethernet Managed Switches
MES1000, MES2000
Operation Manual,Firmware Version 1.1.42
Document version
Issue date
Revisions
Version 2.17
20/10/2015
Changes in chapters:
- 5.23.1 Copper-wire cable diagnostics
Version 2.16
31/08/2015
Added description of MES1124MB, MES1124M DC, MES2124M DC Changes in chapters:
- 2.2.8 Additional functions
- 2.3 Main specifications
- 2.4 Design
- 5.5 System management commands
- 5.10 Interface configuration
- 5.11 Selective Q-in-Q
- 5.12 Broadcast storm control
- 5.13 Link Agregation Group (LAG)
- 5.16.6 Flex-link function configuration
- 5.19.1 ААА mechanism
- 5.21 Port mirroring (monitoring)
- 5.33.1 QoS Configuration Added chapters:
- 5.24 IP Service Level Agreements (IP SLA)
Version 2.15
18/05/2015
Added description of MES1124M, MES2124M. Added chapters:
- 2.4.3 MES1124M, MES2124M series devices panels appearance and layout
- 5.28 DHCP protocol management and Option 82 Changes in chapters:
- 2.2.7 Switch control function
- 2.3 Main specifications
- 5.5 System management commands
- 5.8.1 Command parameters description
- 5.8.3 Configuration backup commands
- 5.10.1 Ethernet and Port-Channel interface parameters
- 5.10.2 VLAN interface configuration
- 5.16.4 Loopback detection mechanism
- 5.16.5 STP protocol family (STP, RSTP, MSTP)
- 5.16.6 Flex-link function configuration
- 5.16.11 CFM protocol configuration
- 5.19.2 RADIUS protocol
- 5.19.4 Simple network management protocol (SNMP)
- 5.26.2.2 Advanced authentication
- 5.26.3 DHCP protocol management and Options 82
- 5.27 DHCP Relay mediations features
Version 2.14
17/02/2015
Added chapters:
- 3.3 SFP transceiver installation and removal Changes in chapters:
- 5.10.2 VLAN interface configuration
- 5.12 Broadcast storm control
- 5.18.2 IGMP snooping function
- 5.19.4 Simple network management protocol (SNMP)
- 5.26.2.2 Advanced authentication
Version 2.13
14/01/2015
Changes in chapters:
- 5.8.3 Configuration backup commands Added chapters:
- 5.15.3 IPv6 ra guard function configuration
- 5.15.4 DHCPv6 guard function configuration
- 5.16.6 Flex-link function configuration
Version 2.12
21/10/2014
Synchronized with firmware version 1.1.30. Changes in chapters:
- 5.10.2 VLAN interface configuration
- 5.12 Broadcast storm control
Version 2.11
27/08/2014
Changes in chapters:
- 5.10 Interface configuration
- 5.16.6 EAPS protocol
- 5.27 DHCP Relay mediation features
MES1000, MES2000 Ethernet Switches 3
Version 2.10
28/07/2014
Changes in chapters:
- 5.19.7.1 Telnet, SSH, HTTP and FTP
Version 2.9
12/05/2014
Added description of devices MES2124P, MES2208P
Version 2.8
06/05/2014
Changes in chapters:
- 5.5 System management commands
- 5.19.2 IGMP Snooping function
Version 2.7
27/03/2014
Changes in chapters:
5.24.1 Copper-wire cable diagnostics
5.25.6 DHCP protocol management and Option 82
Version 2.6
09/01/2014
Changes in chapters:
- 5.18.2 IGMP Snooping function
- 5.18.4 Multicast traffic restriction functions Added chapters:
- 4.3 Configuration procedure
- 5.18.5 RADIUS Authorization of IGMP Queries
- Configuration of IGMP Query Authorization via RADIUS (appendix А)
Version 2.5
22/11/2013
Changes in chapters:
- 5.16.5 STP protocol family (STP, RSTP, MSTP)
- 5.9.1 Ethernet and Port-Channel interface parameters
- 5.16.6 EAPS protocol
- 5.19.2 Radius protocol Added chapters:
- 5.3 Filtering of command line messages
Version 2.4
15/08/2013
Changes in chapters:
- 5.26.1 IPv4 ACL Configuration
- 5.26.2 IPv6 ACL Configuration
- 5.26.3 MAC ACL Configuration
Version 2.3
05/07/2013
Added chapters:
- 6.27 Configuration of Protection from DoS Attacks Changes in chapters:
- Appendix А Samples of use and configuration of device
Version 2.2
18/06/2013
Added chapters:
- 5.14.9 OAM protocol configuration
- 5.14.10 CFM protocol configuration Changes in chapters:
- 4.1 Terminal configuration
- 5.9 Broadcast storm control
- 5.17.1 ААА mechanism
- 5.17.7.1Telnet, SSH, HTTP and FTP
- 5.17.7.2 Terminal configuration commands
Version 2.1
28/05/2013
Added chapters:
- 5.6.3 Configuration backup commands
- 5.15.7 G.8032v2 (ERPS) protocol configuration Changes in chapters:
- 5.18.2 RADIUS protocol
- 5.18.3 TACACS+ protocol
- 5.18.4 SNMP network management protocol
- 5.21.2 Optical transceiver diagnostics
Version 2.0
03/04/2013
Added description of the device MES1124
Version 1.6
20/03/2013
Added chapters:
- Multicast traffic restriction features Changes in chapters:
- IGMP snooping funcion
- ААА mechanism
- Access configuration
- DHCP protocol management and Option 82
- PPPoE Intermediate Agent configuration
Version 1.5
06/03/2013
Changes in chapters:
- 5.4 System management commands;
- 5.9 Selective Q-in-Q;
- 5.17.2 IGMP Snooping function Added chapters:
- Appendix B Typical buildings of networks on basis of EAPS protocol
Version 1.4
28/12/2012
Changes in chapters:
- 5.4 Added description of the CPU monitoring and protection feature configuration.
- 5.8.1. Added description of the interface load monitoring feature configuration.
- 5.8.2. Added description of MAC-based vlan, EtherType configuration for outgoing packets.
- 5.17.1. Added description of MAC address learning configuration in VLAN.
- 5.18.4. Added description of SNMP trap messages configuration on ports.
- 5.20. Added description of remote mirroring configuration.
- 5.23.3. Added description of DHCP Option 82 format configuration. Added chapters:
- 5.23.6 MAC Address Notification function configuration.
Version 1.3
10/09/2012
Changes in chapters:
5.22 Physical diagnostics functions
Version 1.2
21/08/2012
Added description of EAPS protocol configuration.
Version 1.1
12/05/2012
Added chapters:
- PPPoE Intermediate Agent configuration
Version 1.0
21/12/2011
First issue.
Firmware version
1.1.42
MES1000, MES2000 Ethernet Switches 5
CONTENTS
1 INTRODUCTION ........................................................................................................................................... 9
2 PRODUCT DESCRIPTION ............................................................................................................................ 10
2.1 Purpose .............................................................................................................................................. 10
2.2 Device Functions ............................................................................................................................... 10
2.2.1 Basic functions ......................................................................................................................... 10
2.2.2 MAC Address Processing Functions ......................................................................................... 11
2.2.3 Second-layer functions of OSI model ...................................................................................... 11
2.2.4 Third-layer functions of OSI model .......................................................................................... 13
2.2.5 QoS functions ........................................................................................................................... 13
2.2.6 Security functions .................................................................................................................... 13
2.2.7 Switch control functions .......................................................................................................... 14
2.2.8 Additional functions................................................................................................................. 15
2.3 Main specifications ............................................................................................................................ 16
2.4 Design ................................................................................................................................................ 19
2.4.1 MES1024, MES1124, MES2124 series devices front panel appearance and layout ............... 19
2.4.2 MES1124MB, MES2124MB series devices panels appearance and layout ............................. 20
2.4.3 MES1124M, MES2124M series devices panels appearance and layout ................................. 22
2.4.4 MES2208P series device panel appearance and layout .......................................................... 24
2.4.5 MES2124P series device panel appearance and layout .......................................................... 25
2.4.6 Side panels of the device ......................................................................................................... 26
2.4.7 Light Indication ........................................................................................................................ 26
2.5 Delivery Package ................................................................................................................................ 28
3 INSTALLATION AND CONNECTION ............................................................................................................ 29
3.1 Support brackets mounting ............................................................................................................... 29
3.2 Device rack installation ...................................................................................................................... 29
3.3 Battery connection to MES1124MB, MES2124MB ........................................................................... 31
3.4 SFP transceiver installation and removal .......................................................................................... 31
3.5 Connection to Power Supply ............................................................................................................. 32
4 DEVICE STARTUP, INITIAL CONFIGURATION ............................................................................................. 33
4.1 Configuring the Terminal ................................................................................................................... 33
4.2 Turning off the device ....................................................................................................................... 33
4.3 Configuration procedure ................................................................................................................... 35
4.3.1 Stackable Mode Selection........................................................................................................ 35
4.3.2 Initial Configuration ................................................................................................................. 36
4.3.3 Security system configuration ................................................................................................. 39
5 DEVICE MANAGEMENT COMMAND LINE INTERFACE .............................................................................. 42
5.1 Command Line Operation Principles ................................................................................................. 43
5.2 Basic commands ................................................................................................................................ 43
5.3 Filtering of command line messages ................................................................................................. 45
5.4 Macrocommand configuration .......................................................................................................... 45
5.5 System management commands ...................................................................................................... 46
5.6 Switch Stack Management ................................................................................................................ 50
5.7 Commands for configuration of password parameters .................................................................... 52
5.8 File operations ................................................................................................................................... 53
5.8.1 Command parameters description .......................................................................................... 53
5.8.2 File operation commands ........................................................................................................ 53
5.8.3 Configuration backup commands ............................................................................................ 55
5.8.4 Automatic update and configuration commands .................................................................... 56
5.9 System time configuration ................................................................................................................ 58
5.10 Interface configuration ...................................................................................................................... 61
5.10.1 Ethernet and Port-Channel interface parameters ................................................................ 62
5.10.2 VLAN interface configuration ............................................................................................... 69
5.11 Selective Q-in-Q ................................................................................................................................ 75
5.12 Broadcast storm control ................................................................................................................... 76
5.13 Link Aggregation Groups (LAG) ......................................................................................................... 77
5.13.1 Static link aggregation groups.............................................................................................. 78
5.13.2 LACP link aggregation protocol ............................................................................................ 79
5.14 IPv4 addressing configuration .......................................................................................................... 80
5.15 IPv6 addressing configuration .......................................................................................................... 81
5.15.1 IPv6 protocol ........................................................................................................................ 81
5.15.2 IPv6 protocol tunnelling (ISATAP) ........................................................................................ 84
5.15.3 IPv6 RA guard function configuration .................................................................................. 86
5.15.4 DHCPv6 guard function configuration ................................................................................. 87
5.16 Protocol configuration ...................................................................................................................... 88
5.16.1 DNS protocol configurationdomain name system ........................................................... 88
5.16.2 ARP protocol configuration .................................................................................................. 89
5.16.3 GVRP protocol configuration ............................................................................................... 90
5.16.4 Loopback detection mechanism (loopback-detection) ....................................................... 92
5.16.5 STP protocol family (STP, RSTP, MSTP) ................................................................................ 93
5.16.6 Flex-link function configuration ........................................................................................... 99
5.16.7 EAPS protocol ..................................................................................................................... 100
5.16.8 G.8032v2 (ERPS) protocol configuration ........................................................................... 101
5.16.9 LLDP protocol configuration .............................................................................................. 103
5.16.10OAM protocol configuration .............................................................................................. 108
5.16.11CFM protocol configuration ............................................................................................... 110
5.17 Voice VLAN ...................................................................................................................................... 113
5.18 Multicast addressing ....................................................................................................................... 115
5.18.1 Multicast addressing rules ................................................................................................. 115
5.18.2 IGMP snooping function .................................................................................................... 120
5.18.3 MLD snoopingmulticast traffic control protocol for IPv6 networks .............................. 124
5.18.4 Multicast traffic restriction functions ................................................................................ 126
5.18.5 RADIUS Authorization of IGMP Queries ............................................................................ 127
5.19 Control functions ............................................................................................................................ 129
5.19.1 AAA mechanism ................................................................................................................. 129
5.19.2 RADIUS protocol ................................................................................................................ 133
5.19.3 TACACS+ protocol .............................................................................................................. 135
5.19.4 Simple network management protocol (SNMP) ................................................................ 136
5.19.5 Remote network monitoring protocol (RMON) ................................................................ 140
5.19.6 ACL access lists for device management ........................................................................... 146
5.19.7 Access configuration .......................................................................................................... 147
5.20 Alarm log, SYSLOG protocol ............................................................................................................ 151
5.21 Port mirroring (monitoring) ............................................................................................................ 153
5.22 sFlow function................................................................................................................................. 155
5.23 Physical layer diagnostics functions ............................................................................................... 156
5.23.1 Copper-wire cable diagnostics ........................................................................................... 156
5.23.2 Optical transceiver diagnostics .......................................................................................... 158
5.24 IP Service Level Agreements (IP SLA) .............................................................................................. 160
5.24.1 ICMP Echo operation ......................................................................................................... 161
5.24.2 UDP Jitter operation .......................................................................................................... 163
5.25 Green Ethernet configuration......................................................................................................... 165
5.26 Power over Ethernet (PoE) ............................................................................................................. 167
5.27 Security functions ........................................................................................................................... 171
5.27.1 Port security functions ....................................................................................................... 171
5.27.2 Port-based client authentication (802.1x standard) .......................................................... 172
5.27.3 DHCP protocol management and Option 82 ..................................................................... 179
5.27.4 Client IP address protection (IP-source Guard) ................................................................. 183
MES1000, MES2000 Ethernet Switches 7
5.27.5 ARP management (ARP Inspection).................................................................................... 185
5.27.6 MAC Address Notification function configuration ............................................................. 187
5.28 DHCP Relay mediation features ...................................................................................................... 189
5.29 PPPoE Intermediate Agent Configuration ....................................................................................... 190
5.30 DHCP Server Configuration.............................................................................................................. 192
5.31 ACL Configuration (Access Control Lists) ......................................................................................... 195
5.31.1 IPv4 ACL Configuration ....................................................................................................... 197
5.31.2 IPv6 ACL Configuration ....................................................................................................... 201
5.31.3 MAC ACL Configuration ...................................................................................................... 204
5.31.4 Access List Time Range Configuration (time-range) ........................................................... 205
5.32 Configuration of Protection from DoS Attacks ................................................................................ 206
5.33 Quality of Services (QoS) ................................................................................................................. 207
5.33.1 QoS Configuration .............................................................................................................. 207
5.33.2 QoS Statistics ...................................................................................................................... 213
6 SERVICE MENU, CHANGE OF SOFTWARE ................................................................................................ 215
6.1 Startup Menu................................................................................................................................... 215
6.2 Update of software from TFTP server ............................................................................................. 217
6.2.1 System software update ........................................................................................................ 217
6.2.2 Update of loading file of the device (initial loader) ............................................................... 218
APPENDIX A SAMPLES OF USE AND CONFIGURATION OF DEVICE ............................................................... 220
Configuration of multiple spanning trees (MSTP) ................................................................................... 220
Configuration of selective-qinq ............................................................................................................... 222
Addition of SVLAN ........................................................................................................................... 222
Substitution of CVLAN .................................................................................................................... 222
Configuration of multicast-TV VLAN ....................................................................................................... 222
Configuration of IGMP Query Authorization via RADIUS ........................................................................ 224
APPENDIX B TYPICAL BUILDINGS OF NETWORKS ON BASIS OF EAPS PROTOCOL ....................................... 226
APPENDIX C DESCRIPTION OF SWITCH PROCESSES ..................................................................................... 228
SYMBOLS
Value
Description
[ ]
In the command line, optional parameters are shown in square brackets; when entered, they provide additional options.
{}
In the command line, mandatory parameters are shown in curly braces.
,
-
In the description of the command, these signs are used for defining ranges. |
In the description of the command, this sign means 'or'.
/
This character is used to divide the possible variable values from the default values.
Calibri italic
Variables and parameters, that should be replaced with the appropriate word or string, are written in Calibri Italic.
Semibold font
Notes and warnings are written in semibold font.
<Semibold italic>
Keyboard keys are written in semibold italic and enclosed in angle brackets.
Courier New
Examples of command entry are written in Courier New semibold.
Courier New
Results of command execution are written in Courier New font in a frame with the shadow border.
Notes and warnings
Notes contain important information, tips or recommendations on device operation and setup.
Warnings are used to inform the user about harmful situations for the device and the user alike, which could cause malfunction or data loss.
MES1000, MES2000 Ethernet Switches 9
1 INTRODUCTION
In the last few years, more and more large-scale projects are utilizing NGN concept for communication network development. One of the main tasks in implementation of large multiservice networks is the creation of reliable high-performance transport network, that will serve as a backbone in multilayer architecture of next-generation networks.
For delivering high transfer rates, Gigabit Ethernet (GE) data transfer technologies are widely used. High-speed data transmission, especially in large-scale networks, requires a network topology, that will allow flexible distribution of high-speed data flows.
MES1000, MES2000 series switches could be used in large enterprise networks, SMB networks and operator's networks. They provide high performance, flexibility, security and multi-tier QoS.
This operation manual describes intended use, specifications, first time setup recommendations, and the syntax of commands used for configuration, monitoring and firmware update of the switch.
2 PRODUCT DESCRIPTION
2.1 Purpose
MES1000 and MES2000 series devices are the managed stackable network switches that operate on
data-link and network layers of the OSI model.
MES1024 network switches are equipped with 24 Fast Ethernet ports with electric interfaces and 2
Gigabit Ethernet ports combined with slots for SFT transceiver installation (combo ports).
MES1124, MES1124M, MES1124MB network switches are equipped with 24 Fast Ethernet ports with electric interfaces and 4 Gigabit Ethernet ports combined with slots for SFT transceiver installation (combo ports). MES1124MB allows operation from 12V battery as a backup power source.
MES2124, MES2124M network switches are equipped with 24 Gigabit Ethernet ports with electric interfaces and 4 Gigabit Ethernet ports combined with slots for SFT transceiver installation (combo ports).
MES2124MB network switches are equipped with 24 Gigabit Ethernet ports with electric interfaces and 4 Gigabit Ethernet ports combined with slots for SFT transceiver installation (combo ports). Device allows operation from 12V battery as a backup power source.
MES2124P network switches are equipped with 24 Gigabit Ethernet ports with electric interfaces and PoE+ support and 4 Gigabit Ethernet ports combined with slots for SFT transceiver installation (combo ports).
MES2208P network switches are equipped with 4 electric ports Gigabit Ethernet with PoE+ support, 4 Gigabit Ethernet ports combined with slots for SFT transceiver installation (combo ports), 2 Gigabit Ethernet optical ports and 2 Gigabit Ethernet electric ports.
The combined ports may have only one active interface at the same time. In case of simultaneous connections, the interface with SFP transceiver will be active.
2.2 Device Functions
2.2.1 Basic functions
Table 2.1 lists the access switch basic functions.
Table 2.1 Basic device functions
HOL blocking protection
A blocking, that appears when device output ports are overloaded with traffic coming from highly active sources. It may lead to traffic loss from other low activity sources. The switch resource reservation methods are used to prevent such situations. Not supported in the current firmware version.
Backpressure routing
support
The backpressure routing method is utilized in half-duplex connections for management of data streams, coming from the opposite devices, by means of collisions. This method allows to avoid buffer overruns and the loss of data.
MDI/MDIX support
Automatic cable type detectioncrossed or straight.
MDI (Media-Dependent Interfacestraight)cable standard for
connection of terminal devices
MDIX (Media-Dependent Interface with Crossovercrossed)cable
standard for connection of hubs and switches
Jumbo frames
Enables jumbo frame transmission to minimize the amount of packets used in the data transfer. It allows to reduce service data volumes, processing time and interrupts.
MES1000, MES2000 Ethernet Switches 11
Flow control
(IEEE 802.3X)
Flow control allows to interconnect the low-speed and the high-speed devices. To avoid buffer overrun, the low-speed device gains the ability to send PAUSE packets, that will force the high-speed device to pause the packet transmission.
Operation in device
stack
You can combine multiple switches in a stack. In this case, switches are considered as a single device with shared settings. There are two stack topologiesring and chain. At that, all port parameters for all stacked devices could be configured from the 'master' switch. Device stacking allows to reduce network management efforts.
2.2.2 MAC Address Processing Functions
Table 2.2 lists MAC address processing functions.
Table 2.2 MAC address processing functions
MAC address
table
The switch creates a look-up table for MAC addresses and switch port nodes in its memory.
Learning mode
When learning is not available, the data, coming to any port, will be transmitted to other ports of the switch. In learning mode, the switch performs analysis of the frame, discovers sender's MAC address and adds it to the routing table. Afterwards, the inbound frame, dedicated to the host, which MAC address has been already added to the routing table, will be sent only to the port specified in the table.
MAC Multicast Support
This function allows to perform one-to-many or many-to-many data distribution. Thus, the frame addressed to the multicast group will be transmitted to each port of the group.
Automatic Aging for
MAC Addresses
If there are no packets from the device with the specific MAC address in the definite period of time, the record for this address expires and will be removed. It allows to keep the switch table up to date.
Static MAC Entries
Network switch allows you to define static records of MAC address matches, that will be saved to the routing table.
2.2.3 Second-layer functions of OSI model
Table 2.3 lists second-layer functions and special aspects (OSI Layer 2).
Table 2.3 Second-layer functions description (OSI Layer 2)
VLAN support
The switches support VLAN operation.
Function
IGMP Snooping
IGMP protocol implementation analyzes the contents of IGMP packets and allows to discover network devices participating in multicast groups and forward the traffic to the corresponding ports.
MLD Snooping
MLD Snooping function implementation allows the device to minimize multicast IPv6 traffic.
Function
Multicast-TV VLAN
Function that allows to redirect multicast traffic from the specified VLAN (multicast VLAN) to the user port using IGMP messages and to reduce the load to the uplink port of the switch. This function is used in III-play solutions.
Broadcast Storm Control
Broadcast storm is a multiplication of broadcast messages in each host causing their exponential growth, that can lead to a network meltdown. Devices has a function that restricts the transfer rate for multicast and broadcast frames
received and sent by the switch.
Port Mirroring
Port mirroring allows to duplicate the traffic for monitored ports, sending inbound and/or outbound packets to the controlling port. Switch users can define controlled and controlling ports and select the type of traffic (inbound or outbound), that will be sent to the controlling port.
Protected ports
This function allows to assign the uplink port to the switch port. This uplink port will receive all the traffic and provide isolation from other ports (in a single switch).
Private VLAN Edge
This function allows to isolate the group of ports (in a single switch), located in the same broadcast domain, from each other, allowing traffic exchange with other ports, located in the same broadcast domain, but not belonging to this group.
Private VLAN
Provides isolation of devices, located in the same broadcast domain, within L2 network. Only two port operation modes are implementedPromiscuous and Isolated (isolated ports cannot exchange traffic).
Spanning Tree Protocol
Spanning Tree Protocol is a network protocol that ensures loop-free network topology by converting networks with redundant links to the tree-like structure. Switches exchange configuration messages, using the special format frames, and selectively enable or disable device ports.
IEEE 802.1w Rapid
spanning tree protocol
Rapid STP (RSTP) is the enhanced version of STP protocol that enables faster network conversion to the tree-like topology and provides higher stability.
EAPS protocol
EAPS (Ethernet Automatic Protection Switching) is a protocol, that allows to avoid traffic loops in the ring topology networks and enables fast restoration of traffic flow after the failure in the specific network section. Restoration time provided by EAPS is far less than in case of spanning tree protocols.
Ethernet Ring Protection
Switching
The protocol allows to increase stability and robustness of data network with ring topology by decreasing the restoration time after the failure. Restoration time does not exceed 1 second, that is substantially lower than the network reconstruction in case of Spanning Tree family protocols.
GARP VLAN
GVRP VLAN registration protocol enables dynamic adding/removal of VLAN groups on the switch ports. If GVRP protocol is enabled, the switch identifies and then distributes the VLAN inherence data to all ports, that form the active topology.
Port-Based VLAN
Distribution to VLAN groups is performed by the inbound ports. This solution allows to use only one VLAN group on each port.
802.1Q support
IEEE 802.1Q is an open standard, that describes the traffic tagging procedure for transfer of VLAN inherence information. It allows to use multiple VLAN groups on one port.
Link aggregation (LAG
link groups)
Devices support link group creation functions. Link aggregation, trunking or IEEE
802.3ad is the technology, that enables aggregation of multiple physical links into one logical link. This technology allows to increase the bandwidth and reliability of the backbone 'switch-switch' or 'switch-server' channels. There are three types of balancing between channels: based on MAC addresses, IP addresses and the destination port.
LAG group contains similar speed ports, operating in full-duplex mode.
Dynamic link groups
(LACP protocol)
LACP protocol enables automatic aggregation of separate links between two devices (switch-switch or switch-server) in a single data communication channel.
Protocol constantly tries to find ways for link aggregation; in case of link failure in the aggregated channel, its traffic will be automatically redistributed to
MES1000, MES2000 Ethernet Switches 13
functioning components of the aggregated channel.
Auto Voice VLAN
support
Allows to identify voice traffic by OUI (Organizationally Unique Identifierfirst 24 bits of MAC address). If MAC address with VoIP gateway or IP phone OUI exists in the MAC table of the switch, this port will be automatically added to voice vlan (identification by SIP protocol or destination MAC address is not supported).
Selective Q-in-Q
This function allows to manipulate the SPVLAN (Service Provider's VLAN) external identifier based on the configured filtering rules by the external VLAN identifier (Customer VLAN). Selective Q-in-Q allows to add or change SPVLAN tag for the packet in the specific network section.
2.2.4 Third-layer functions of OSI model
Table 2.4 lists third-layer functions (OSI Layer 3).
Table 2.4 Third-layer functions description (OSI Layer 3)
BootP and DHCP clients
(Dynamic Host
Configuration Protocol)
Device can obtain IP address automatically via BootP/DHCP protocol.
ARP Protocol
(Address Resolution
Protocol)
ARP protocol establishes match between the IP address and the physical address of the device. The match is established on the basis of the network host response analysis; host address is requested with the broadcast packet.
2.2.5 QoS functions
Table 2.5 lists the basic quality of service functions.
Table 2.5 Basic quality of service functions
Priority queues support
The switch supports outbound traffic prioritization with queues for each port. Packet distribution to queues may be performed via packet classification by various fields in packet headers.
802.1p class of service support
802.1p standard specifies frame priority definition method and algorithm of priority usage for timely delivery of delay-critical traffic. 802.1p standard defines 8 priority levels. Switches can use 802.1p priority value for frame distribution between priority queues.
2.2.6 Security functions
Table 2.6 Security functions
DHCP snooping
Switch function designed for protection from DHCP protocol attacks. Enables filtering of DHCP messages coming from untrusted ports by building and maintaining DHCP snooping binding database. DHСP snooping performs firewall function between untrusted ports and DHCP servers.
DHCP Option 82
Option, that allows to inform DHCP server about DHCP relay and port of incoming request.
By default, the switch with DHCP snooping function enabled identifies and drops all DHCP requests with Option 82, if they were received via untrusted port.
UDP relay
Broadcast UDP traffic forwarding to the specified IP address.
IP Source address guard
Switch function is to restrict IP traffic and filter it according to the match table from DHCP snooping binding database and static configured IP addresses. This function allows to prevent IP address spoofing.
Dynamic ARP Inspection
(Protection)
Switch function designed for protection from ARP protocol attacks. The switch checks the message received from the untrusted portif the IP address in the body of received ARP packet matches the IP address of the sender.
If these addresses do not match, the switch drops this packet.
L2 – L3 – L4 ACL (Access
Control List)
Using information, contained in headers of level 2, 3 ,4, the administrator can configure rules for processing or dropping packets.
Time-Based ACL
Allows to configure the time frame for ACL operation.
Blocked ports support
Main blocking functionimprove the network security; access to the switch port will be granted only to those devices, whose MAC addresses have been assigned for this port.
Port-based
authentication (802.1x)
IEEE 802.1x authentication mechanism manages access to resources through the external server. Authorized users will gain access to the selected network resources.
PPPoE IA
This function allows to complement PPPoE Discovery packets with the access interface characterizing information. It is essential for the user interface identification at the access server (BRAS, Broadband Remote Access Server).
2.2.7 Switch control functions
Table 2.7 Switch control functions
Configuration file
download and upload
Device parameters are saved into the configuration file, that contains configuration data for the specific device ports as well as for the whole system.
Trivial File Transfer
Protocol
TFTP protocol is used for file read and write operations. Protocol is based on UDP transport protocol.
Devices are able to download and transfer configuration files and firmware images via this protocol.
SCP (Secure Copy
protocol)
SCP is used for file read and write operations. Protocol is based on SSH network protocol.
Devices are able to download and transfer configuration files and firmware images via this protocol.
Remote monitoring
(RMON)
Remote monitoring (RMON)means, that perform the monitoring of computer networks, extension of SNMP. Compatible devices gather diagnostics data using the network management station. RMON is the standard MIB database, that contains actual and historic MAC level statistics and control objects, providing real-time data.
SNMP protocol
SNMP protocol is used for monitoring and management of network devices. For system access control purposes, the community record list is defined, where each record contains access privileges.
Command Line Interface
Devices CLI management is performed locally via serial port RS-232, or remotely via telnet, ssh. Console command line interface (CLI) is the industrial standard. CLI interpreter contains the list of commands and keywords, that will help the user and reduce the amount of input data.
Syslog
Syslog is a protocol, designed for transmission of system event messages and error
notifications to remote servers.
MES1000, MES2000 Ethernet Switches 15
SNTP
(Simple Network Time
Protocol)
SNTP protocol is a network time synchronization protocol; it allows to perform
time synchronization of the network device with the server with accuracy up to 1ms.
Traceroute
Traceroute is a service function, that allows to display data transfer routes in IP
networks.
Controlled access
managementprivilege
levels
Administrator can define privilege levels for users of the device and settings for each privilege level (read-onlylevel 1, full accesslevel 15).
Management interface
blocking
The switch can block access to each management interface (SNMP, Telnet, SSH). Blocking can be set independently for each type of access:
Telnet(CLI over Telnet Session)
Secure Shell (CLI over SSH)
SNMP
Local authentication
For local authentication, passwords can be stored in the switch database.
IP address filtering for
SNMP
Access via SNMP is allowed only for specific IP addresses, that are the part of SNMP community.
RADIUS client
RADIUS protocol is used for authentication, authorization and accounting. RADIUS server operates with the user database, that contains authentication data for each user. Switches contain client part of the RADIUS protocol.
TACACS+
(Terminal Access
Controller Access Control
System)
Device supports client authentication with TACACS+ protocol. TACACS+ protocol provides centralized security system for authentication of users, gaining access to the device, and centralized management system, while ensuring compatibility with RADIUS and other authentication processes.
SSH server
SSH server functionality allows SSH client to establish secure connection to the device for management purposes.
Macrocommand
support
This function allows to create macrocommandscommand setsand apply them for the time-sensitive device management.
2.2.8 Additional functions
The table lists the additional device functions.
Table 2.8 Additional device functions
Virtual cable tester
(VCT)
Network switches are equipped with the hardware and software tools, that allow them to perform the following cable testing functionsVCT:
Determine the communication faults when the copper-wire cable is used
(break/short-circuit)
Test results reporting
Optical transceiver
diagnostics
The device allows to test the optical transceiver. During testing, the device monitors the current, power voltage and transceiver temperature, receiving and transmitting optical signal power. The diagnostics is available only for transceivers with the Digital Diagnostics Monitoring (DDM) support.
Green Ethernet
This mechanism allows to reduce the device power consumption by switching inactive electric ports to the economy mode.
IP SLA
Active monitoring technology used for measuring network performance and data transmission quality. Supported operations: ICMP Echo, UDP Jitter.
2.3 Main specifications
Table 2.9 lists main specifications of the switch.
Table 2.9 Main specifications
General parameters
Packet processor
Marvell 98DX1035 / 98DX3035
Interfaces
MES1024
24x 10/100Base-T 2x (10/100/1000Base-T / 1000Base-X Combo)
MES1124 MES1124M MES1124MB
24x 10/100Base-T 4x (10/100/1000Base-T / 1000Base-X Combo)
MES2124 MES2124M MES2124P MES2124MB
24x 10/100/1000Base-T (MES2124P with PoE+ support) 4x (10/100/1000Base-T / 1000Base-X Combo)
MES2208P
4x 10/100/1000Base-T (with PoE+ support) 4x (10/100/1000Base-T / 1000Base-X Combo) 2x 1000Base-X 2x 10/100/1000Base-T
Optical transceivers
SFP
Full-duplex/Half-duplex mode
Full-duplex/half-duplex mode for electric ports, full-duplex mode for optical ports
Switch performance
MES1024
8,8 Gbps
MES1124 MES1124M MES1124MB
12,8 Gbps
MES2124 MES2124M MES2124P MES2124MB
56 Gbps
MES2208P
24 Gbps
Buffer memory
8Mb
TCAM routing volume
512х24B
SQinQ rules qty
Ingress: 168 Egress: 96
ACL rules qty
246
Data transfer rate
electric interfaces 10/100/1000Mbps optical interfaces 1Gbps
Table of MAC addresses
16,000 records (some MAC addresses are reserved by the system)
VLAN support
up to 4K according to 802.1Q
Quality of Services (QoS)
Traffic priority, 4 tiers 4 output queues with different priorities for each port
Multicast
up to 1000 static multicast groups
MSTP instances qty
28
Jumbo frames
Max. packet size
LAG
8 groups, up to 8 ports per group
Stacking
Up to 3 devices
MES1000, MES2000 Ethernet Switches 17
Compliance
IEEE 802.3 10BASE-T Ethernet IEEE 802.3u 100BASE-T Fast Ethernet IEEE 802.3ab 1000BASE-T Gigabit Ethernet IEEE 802.3z Fiber Gigabit Ethernet ANSI/IEEE 802.3 Speed autodetection IEEE 802.3x Data flow control IEEE 802.3ad LACP link aggregation IEEE 802.1p Priority of traffic IEEE 802.1q VLAN virtual local networks IEEE 802.1v IEEE 802.3ac IEEE 802.1d STP spanning tree IEEE 802.1w RSTP rapid spanning tree IEEE 802.1s MSTP multiple spanning tree IEEE 802.1x User authentication IEEE 802.3af PoE, IEEE 802.3at PoE+ (only MES2124P, MES2208P)
Control
Local control
RS-232 Console
Remote control
TELNET, SSH, WEB
Physical specifications and ambient conditions
Power supply
MES1024 MES1124 MES2124
110-250VAC, 50Hz Power consumption:
- MES1024, MES1124, MES1124М: 25W max;
- MES2124: 30W max.
MES1124М MES2124М
110-250VAC, 50Hz, or 48VDC
Power consumption:
- MES1124М: 25W max;
- MES2124M: 30W max.
MES2124P AC
170-265VAC, 50Hz Power consumption: 400W max.
MES2124P DC, MES2208P
DC: 48+-10%V
Power consumption:
- MES2124P DC: 400W max;
- MES2208P: 140W max.
MES1124MB
110-250VAC, 50Hz, and a lead-acid battery Power consumption: 45W max. Charger specifications:
- charge current: 1.7A;
- circuit breaker tripping voltage: 10-10.5V;
- low battery indication threshold voltage: 11V.
MES2124MB
110-250VAC, 50Hz, and a lead-acid battery Power consumption: 50W max. Charger specifications:
- charge current: 1.7A;
- circuit breaker tripping voltage: 10-10.5V;
- low battery indication threshold voltage: 11V.
Weight
2.5kg max.
Dimensions
MES1024, MES1124, MES2124
430x44x138mm
MES1124M MES1124MB
430x44x160mm MES2124M
430x44x180mm
MES2124P
430x44x203mm
MES2208P
320x44x159mm
MES2124MB
430x44x190mm
Operating temperature range
from -10 to +45оС (from -20 to +65 оС for MES2208P)
Storage temperature range
from -40 to +70оС
Operation relative humidity (non­condensing)
up to 80%
Storage relative humidity (non­condensing)
from 10% to 95% Average lifetime
20 years
Power supply type is determined at the time of order.
MES1000, MES2000 Ethernet Switches 19
2.4 Design
This section describes the design of devices. Depicted front, back and side panels of the device,
connectors, LED indicators and controls.
Network switches are enclosed in metal cases available for 19” form-factor rack-mount 1U shelf
installation.
2.4.1 MES1024, MES1124, MES2124 series devices front panel appearance and layout
Front panel layout MES1024, MES1124, MES2124 is depicted in Fig. 1-3.
Fig. 1 MES1024, front panel
Fig. 2 MES1124, front panel
Fig. 3 MES2124, front panel
Table 2.10 lists sizes, LEDs and controls located on the front panel of the switch.
The combined ports may have only one active interface at the same time. In case of simultaneous connections, the interface with SFP transceiver will be active.
Table 2.10 Description of connectors, LEDs and controls located on the front panel MES1024, MES1124, MES2124
Front panel element
Description
1
Console
RS-232 console port for local control of the device.
2
[1 .. 24] MES1024
MES1124
24 ports 10/100 Base-T(RJ45)
MES2124
24 ports 10/100/1000 Base-T(RJ45)
3
25,26
MES1024
Combo ports: 10/100/1000 Base-T (RJ45) ports and slots for 1000Base-X (SFP) transceiver installations
25,26,27,28
MES1124 MES2124
4
Unit ID (1-4)
Indicator of device number in a stack
Power
Device power indicator
Status
Device status indicator
Master
Stacked device activity mode indicatormaster or slave
5
F
Functional key that reboots the device and resets it to factory settings:
- pressing the key for less than 10 seconds reboots the device.
- pressing the key for more than 10 seconds resets the terminal to factory settings.
6
~150-250VAC, 60/50Hz
Connector for AC power supply
7 The earthing bolt.
2.4.2 MES1124MB, MES2124MB series devices panels appearance and layout
Front panel layout MES1124MB, MES2124MB is depicted in Fig. 4-5.
Fig. 4 MES1124MB, front panel
Fig. 5 MES2124MB, front panel
MES1000, MES2000 Ethernet Switches 21
Table 2.11 lists sizes, LEDs and controls located on the front panel MES1124MB, MES2124MB.
Table 2.11 Description of connectors, LEDs and controls located on the front panel MES1124MB, MES2124MB
Front panel element
Description
1
~110­250VAC, 60/50Hz max 1A
MES1124MB
Connector for AC power supply
~110­250VAC, 60/50Hz max 2A
MES2124MB
2
12VDC max 3A
12V battery connection terminals
3
Unit ID (1-4)
Indicator of device number in a stack
Power
Device power indicator
Master
Stacked device activity mode indicatormaster or slave
Status
Device status indicator
Battery
Battery status light
4
Console
RS-232 console port for local control of the device
5
F
Functional key that reboots the device and resets it to factory settings:
- pressing the key for less than 10 seconds reboots the device.
- pressing the key for more than 10 seconds resets the terminal to factory settings
6
[1 .. 24] MES1124MB
24 ports 10/100/100 Base-T (RJ-45)
MES2124MB
24 ports 10/100/1000 Base-T (RJ-45)
7
Link/Speed
LED indication of optical interface status
8
25,26,27,28
Combo ports: 10/100/1000 Base-T (RJ45) ports and slots for 1000Base-X Combo transceiver installations
The rear panel layout of MES1124MB, MES2124MB series switches is depicted in Fig. 6.
Fig. 6 – MES1124MB, MES2124MB, rear panel
An earthing bolt is located on the rear panel of MES1124MB, MES2124MB series devices and marked with
(1) symbol.
2.4.3 MES1124M, MES2124M series devices panels appearance and layout
MES1124M front panel with 110-250VAC power supply connector is shown in Fig. 7, with 48VDC
connector in Fig. 8.
Fig. 7 – MES1124M AC, front panel
Fig. 8 – MES1124M DC, front panel
MES2124M front panel with 110-250VAC power supply connector is shown in Fig. 9, with 48VDC
connector in Fig. 10.
Fig. 9 – MES2124M AC, front panel
Fig. 10 – MES1124M DC, front panel
Table 2.12 lists sizes, LEDs and controls located on the front panel MES1124M, MES2124M.
MES1000, MES2000 Ethernet Switches 23
Table 2.12 Description of connectors, LEDs and controls located on the front panel MES1124M, MES2124M
Front panel element
Description
1
110-250VAC, 60/50Hz max 1A
Connector for AC power supply 36-72 VDC max 1A
Connector for DC power supply 48В
2
Power
Device power indicator
Status
Device status indicator
Master
Stacked device activity mode indicatormaster or slave
Unit ID (1-4)
Indicator of device number in a stack
3
Console
RS-232 console port for local control of the device
4
F
Functional key that reboots the device and resets it to factory settings:
- pressing the key for less than 10 seconds reboots the device.
- pressing the key for more than 10 seconds resets the terminal to factory settings
5
[1 .. 24] MES1124M
24 ports 10/100 Base-TX (RJ-45)
MES2124M
24 ports 10/100/1000 Base-T (RJ-45)
6
Link/Speed
LED indication of optical interface status
7
25,26,27,28
Combo ports: 10/100/1000 Base-T (RJ45) ports and slots for 1000Base-X Combo transceiver installations
The rear panel layout of MES1124M, MES2124M series switches is depicted in Fig. 11.
Fig. 11 – MES1124M, MES2124M, rear panel
An earthing bolt is located on the rear panel of MES1124M, MES2124M series devices and marked
with (1) symbol.
2.4.4 MES2208P series device panel appearance and layout
Front panel layout MES2208P is depicted in Fig. 12.
Fig. 12— MES2208P, front panel
Table 2.13 lists sizes, LEDs and controls located on the front panel MES2208P.
Table 2.13 Description of connectors, LEDs and controls located on the front panel MES2208P
Front panel element
Description
1
Console
RS-232 console port for local control of the device.
2
1,2,7,8
4 ports 10/100/1000 Base-T (RJ-45 with support for PoE+)
3
3,4,9,10
Combo ports: 10/100/1000 Base-T (RJ45) ports and slots for 1000Base-X (SFP) transceiver installations
4
5,11
2 ports 1000 Base-X
5
6,12
2 ports 10/100/1000Base-T
6
Unit ID (1-4)
Indicator of device number in a stack
Power
Device power indicator
Status
Device status indicator
Master
Stacked device activity mode indicatormaster or slave
Alarm
PoE power supply indicator
7
F
Functional key that reboots the device and resets it to factory settings:
- pressing the key for less than 10 seconds reboots the device.
- pressing the key for more than 10 seconds resets the terminal to factory settings.
8
36-72 VDC max 4A
Connector for DC power supply
9 The earthing bolt.
Ports 3, 4, 9, 10 are combo ports. The combined ports may have only one active interface at the same time.
MES1000, MES2000 Ethernet Switches 25
2.4.5 MES2124P series device panel appearance and layout
Front panel layout MES2124P is depicted in Fig. 13.
Fig. 13— MES2124P, front panel
Table 2.14 lists sizes, LEDs and controls located on the front panel of the switch.
Table 2.14 Description of connectors, LEDs and controls located on the front panel MES2124P
Front panel element
Description
1
Console
RS-232 console port for local control of the device.
2
1-24
24 ports 10/100/1000 Base-T (RJ-45 with support for PoE+)
3
25-28
Combo ports: 10/100/1000 Base-T (RJ45) ports and slots for 1000Base-X (SFP) transceiver installations
4
Unit ID (1-4)
Indicator of device number in a stack
Power
Device power indicator
Status
Device status indicator
Alarm
PoE power supply indicator
5
F
Functional key that reboots the device and resets it to factory settings:
- pressing the key for less than 10 seconds reboots the device.
- pressing the key for more than 10 seconds resets the terminal to factory settings.
6
~150-250VAC, 60/50Hz max 2A
Connector for AC power supply
The rear panel layout of MES2124P series switches is depicted in Fig. 14.
Fig. 14—Rear panel of MES2124P
Table 2.13 lists rear panel connectors of the switch.
Table 2.15 Description of rear panel connectors of the switch
Rear panel element
Description
1
Removable fans
Removable ventilation modules with hot-swapping.
2 Earth bonding point of the device.
2.4.6 Side panels of the device
Fig. 15—The right-side panel of Ethernet switches
Fig. 16—The left-side panel of Ethernet switches
Side panels of the device have air vents for heat removal. Do not block air vents. This may cause components overheating which may result in terminal malfunction. For recommendations on device installation, see section 'Installation and connection'.
2.4.7 Light Indication
Ethernet interface status is represented by two LEDsamber SPEED and green LINK/ACTlocated next to each interface connector. Location of LEDs is depicted on Fig. 17, 18.
Fig. 17RJ-45 socket appearance
LINK/ACT
SPEED
MES1000, MES2000 Ethernet Switches 27
Fig. 18—SFP transceiver socket appearance
Table 2.16 Ethernet interface status light indication
LINK/ACT indicator is lit
SPEED indicator is lit
Ethernet interface state
Off
Off
Port is disabled or connection is not established
Solid on
Off
10Mbps or 100Mbps connection is established
Solid on
Solid on
1000Mbps connection is established
Flashes
X
Data transfer is in progress
Unit ID (1-4) indicators are intended for identifying the number of device in a stack.
System indicators (Power, Master, Fan, RPS) are designed for displaying the operation status of
switches.
Table 2.17 LED indication of the system indicators
Indicator name
Indicator
function
LED State
Device State
Power
Power supply status
Off
Power is off
Green, solid
Power is on, normal device operation
Red
At least one of the secondary power supply units has failed.
Status
Device State
Green, solid
Normal device operation state
Red, solid
Managing or switching device system failure
Green, red, flashes
Device starts up No IP addresses assigned to interfaces
Master
Marker of the master device in a stack
Green, solid
The device is stack 'master'
Off
The device is not stack 'master' or stackable mode is not specified
LINK/ACT
SPEED
Alarm1
Device alarm level indicator Green, solid
Device is in normal operation state
Orange, solid
Non-urgent alarm
Red, solid
Critical failure
Battery
2
Battery status light
Green, solid
Battery is connected, power status OK
Green, flashes
Battery is charging
Orange, solid
Primary power supply is down, battery discharging
Orange, flashes
Low battery charge
Red, solid
Battery is disabled
Red, flashes
Battery current breaker failure
When the switch operates in standalone mode without stacking, Master and Unit ID indicators are off.
2.5 Delivery Package
The standard delivery package includes:
Ethernet switch Power cable Rack mounting set Documentation
DB-9F/RJ-45 or DB-9M/DB-9M console cable depending on the switch model:
for MES1124M, MES1124MB, MES2124M, MES2124MB, MES2124P, MES2208P, the DB-
9F/RJ-45 cable is provided
for MES1024, MES1124, MES2124, the DB-9M/DB-9M cable is provided
SFP transceivers may be included in the delivery package on the customer's request.
1
Used only in MES2208P, MES2124P series devices
2
Used only in MES1124MB, MES2124MB series devices
MES1000, MES2000 Ethernet Switches 29
3 INSTALLATION AND CONNECTION
This section describes installation of the equipment into a rack and connection to a power supply.
3.1 Support brackets mounting
The delivery package includes support brackets for rack installation and mounting screws to fix the
device case on the brackets. To install the support brackets:
Fig. 19—Support brackets mounting
1. Align three mounting holes in the support bracket with the corresponding holes in the side
panel of the device.
2. Use a screwdriver to screw the support bracket to the case.
3. Repeat steps 1 and 2 for the second support bracket.
3.2 Device rack installation
To install the device to the rack:
1. Attach the device to the vertical guides of the rack.
2. Align mounting holes in the support bracket with the corresponding holes in the rack
guides. Use the holes of the same level on both sides of the guides to ensure the device horizontal installation.
3. Use a screwdriver to screw the switch to the rack.
Fig. 20—Device rack installation
Fig. 21 shows the example of MES1000/2000 rack installation.
Fig. 21—MES1000/2000 switch rack installation
Minimum height spacing for switchesnot less than 1U.
When switches are installed next to equipment with excessive heat generation, the spacing should be increased.
MES1000, MES2000 Ethernet Switches 31
3.3 Battery connection to MES1124MB, MES2124MB
Connect the battery using copper-wire cable with cross-section not less than 0.5mm2. Observe the
correct polarity, when connecting the battery.
Fig. 22Connecting battery to device
3.4 SFP transceiver installation and removal
Optical modules can be installed when the terminal is turned on or off.
1. Insert the top SFP module into a slot with its open side down, and the bottom SFP module
with its open side up.
Fig. 23SFP transceiver installation
2. Press the module until it fits with a click.
Fig. 24Installed SFP transceivers
To remove a transceiver, perform the following actions:
1. Unlock the module's latch.
Fig. 25—Opening SFT transceiver latch
2. Remove the module from the slot.
Fig 26—SFP transceiver removal
3.5 Connection to Power Supply
To install the device:
1. Mount the device. In case of installation to a 19" form-factor rack, mount the support
brackets from the delivery package to the rack (see Paragraph 3.1).
2. Ground the case of the device. This should be done prior to connecting the device to the
power supply. An insulated multiconductor wire should be used for earthing. The device grounding and the earthing wire cross-section should comply with Electric Installation Code.
3. If a PC or another device is supposed to be connected to the switch console port, the device
should be also securely grounded.
4. Connect the power supply cable to the device. Depending on the switch model, the device
can be powered by AC 220V 50/60Hz or DC 48V electrical network. To connect the device to AC power supply, use the cable from the delivery package. To connect the device to DC power supply, use the cable with cross-section not less than 1mm2.
5. Turn the device on and check the front panel LEDs to make sure the terminal is in normal
operating conditions.
MES1000, MES2000 Ethernet Switches 33
4 DEVICE STARTUP, INITIAL CONFIGURATION
The switch is equipped with the console port, that allows to use device diagnostics, management and monitoring. This section describes the device console port functionality and the procedure of initial configuration.
4.1 Configuring the Terminal
To establish connection with the switch via the console port, run the terminal emulation application on PC (HyperTerminal, TeraTerm, Minicom) and perform the following actions
1. Select the corresponding serial port of the PC.
2. Set the data transfer rate115,200 baud.
3. Specify the data format: 8 data bits, 1 stop bit, non-parity.
4. Disable hardware and software data flow control.
5. Specify VT100 terminal emulation mode (many terminal applications use this emulation
mode by default).
4.2 Turning off the device
Prepare the equipment for operation according to requirements described in Section 3.
Establish connection between the switch console ('console' port) and the serial interface port on PC, where terminal emulation application is installed.
Turn the switch on. Upon every startup, the switch performs power-on self-test (POST), that allows to check operational capability of the device before main program is loaded.
POST procedure progress on switch:
Boot1 Checksum Test...............................PASS
Boot2 Checksum Test...............................PASS
Flash Image Validation Test.......................PASS
BOOT Software Version 0.0.0.3 Built 23-Feb-2011 17:40:14
Networking device with CPU based on arm926ejs core. 128 MByte SDRAM.
I-Cache 16 KB. D-Cache 16 KB. L2 Cache 256 KB. Cache Enabled.
MAC Address : 02:11:12:13:14:27.
Autoboot in 2 seconds - press RETURN or Esc. to abort and enter prom.
The switch firmware will be automatically loaded two seconds after POST procedure completion. To perform the special procedures, use service menu. To do this, interrupt the startup procedure with <Esc> or <Enter> keys. The description of service menu capabilities for device management is provided in Section 6.
Example of the following device startup.
Preparing to decompress...
100%
Decompressing SW from image-2
100%
OK
Running from RAM...
*******************************************************************
*** Running SW Ver. 1.0.18 Date 23-Nov-2011 Time 18:14:56 ***
*******************************************************************
HW version is V00 Base Mac address is: 02:11:12:13:14:27 Dram size is : 128M bytes Dram first block size is : 98304K bytes Dram first PTR is : 0x1C00000 Dram second block size is : 4096K bytes Dram second PTR is : 0x7C00000 Flash size is: 16M 23-Nov-2011 18:15:04 %CDB-I-LOADCONFIG: Loading running configuration. 23-Nov-2011 18:15:04 %CDB-I-LOADCONFIG: Loading startup configuration. The monitor is activated with Trace Enabled. It will be automatic enabled after system reset also. Device configuration: Slot 1 - Eltex MES-2124 Device 0: GT_98DX1035 (AlleyCat)
------------------------------------
-- Unit Standalone --
------------------------------------
23-Nov-2011 18:15:16 %Entity-I-SEND-ENT-CONF-CHANGE-TRAP: entity configuration change trap. Tapi Version: v1.9.5 Core Version: v1.9.5 23-Nov-2011 18:15:29 %INIT-I-InitCompleted: Initialization task is completed
23-Nov-2011 18:15:41 %SNMP-I-CDBITEMSNUM: Number of running configuration items loaded: 12
23-Nov-2011 18:15:41 %SNMP-I-CDBITEMSNUM: Number of startup configuration items loaded: 12
console> 23-Nov-2011 18:15:43 %LINK-W-Down: fa1/0/1 23-Nov-2011 18:15:43 %LINK-W-Down: fa1/0/2 23-Nov-2011 18:15:43 %LINK-W-Down: fa1/0/3 23-Nov-2011 18:15:43 %LINK-W-Down: fa1/0/4 23-Nov-2011 18:15:43 %LINK-W-Down: fa1/0/5 23-Nov-2011 18:15:43 %LINK-W-Down: fa1/0/6 23-Nov-2011 18:15:44 %LINK-W-Down: fa1/0/7 23-Nov-2011 18:15:44 %LINK-W-Down: fa1/0/8 23-Nov-2011 18:15:44 %LINK-W-Down: fa1/0/9 23-Nov-2011 18:15:44 %LINK-W-Down: fa1/0/10 23-Nov-2011 18:15:44 %LINK-W-Down: fa1/0/11 23-Nov-2011 18:15:44 %LINK-W-Down: fa1/0/12 23-Nov-2011 18:15:44 %LINK-W-Down: fa1/0/13 23-Nov-2011 18:15:44 %LINK-W-Down: fa1/0/14 23-Nov-2011 18:15:44 %LINK-W-Down: fa1/0/15 23-Nov-2011 18:15:45 %LINK-W-Down: fa1/0/16 23-Nov-2011 18:16:31 %SYSLOG-N-LOGGING: Logging started. 23-Nov-2011 18:17:51 %INIT-I-Startup: Warm Startup
After the successful startup of the switch, you should enter the user name and password.
The manufacturer supplies the device with the configuration parameters set to the default values. Also, username and password are not defined and will not be prompted by the system.
If registration on the device was successful, you will see CLI interface prompt in the console.
console>
To quickly get help with available commands, use key combination SHIFT+?.
MES1000, MES2000 Ethernet Switches 35
4.3 Configuration procedure
Before proceeding to configuration, you should have the following information minimum:
Device operation modestandalone or stackable IP address that will be used for switch management access Default route Subnet mask value
You should configure the stackable mode in the first place, if necessary. Switches are supplied pre­configured at the factory for standalone operation.
When the switch acts as a standalone device or a master device in a stack, you should perform its initial configuration in order to prepare the device management interfaces and set the necessary security level.
The next configuration step may be represented by the detailed security system configuration that includes configuration of authorization and authentication procedures for device management.
After implementation of any changes into the device configuration, you should save the configuration into the non-volatile memory until the device is rebooted. To save the configuration, use the following command:
console# copy running-config startup-config
4.3.1 Stackable Mode Selection
The device can operate in two modesstandalone mode and stackable mode. In stackable mode, multiple switches can be combined in a stack and perform as a single device. By default, switches operate in standalone mode. Only devices of the same model can be organized into stacks.
Switch operation mode selection is available in the bootloader menu:
Startup Menu
[1] Download Software
[2] Erase Flash File
[3] Password Recovery Procedure
[4] Set Terminal Baud-Rate
[5] Stack menu
[6] Back
Enter your choice or press 'ESC' to exit:
Item no. [5]Stack management
Stack menu
[1] Show unit stack id
[2] Set unit stack id
[3] Set unit working mode
[4] Back
Enter your choice or press 'ESC' to exit:
In the stack management menu, there are the following items available:
[1]show the device identifier in a stack
[2]assign the device identifier
[3]operation mode selection ([1]standalone mode, [2]stackable mode)
For detailed information on the device operation in the stackable mode, see Item 5.6.
4.3.2 Initial Configuration
Initial configuration is performed via the device console port. By performing the initial configuration, you can configure various management access methods. You can change the console port mode or enable the remote access through available interfaces and control protocols.
The following initial configuration examples include the following settings:
1. Creation of administrator account with the username 'admin' and the password 'pass' and the
maximum priority level 15.
2. Configuration of the static IP address and the gateway address for the switch management
network.
3. SNMP protocol management settings configuration.
4. Configuration for obtaining IP address from DHCP server.
5. SNMP protocol settings configuration
You can obtain configuration-essential parameters from the network administrator.
When configuration procedures are described, it is supposed that the switch has not been configured before.
4.3.2.1 Creation of the Administrator Account
To ensure the secure login process, access passwords should be given to all the privileged users.
Username and password are required for login during the device administration sessions. Use the following commands to create a new system user or configure the username, password, or privilege level:
console(config)# username name password password privilege {1-15}
Privilege level 1 allows to access the device, but denies its configuration. Privilege level 15 allows both the access and configuration of the device.
Example of commands for assigning eltex password for admin user and creation of operator
user with pass password and the privilege level 1:
console> enable
console# configure
console(config)# username admin password eltex
console(config)# username operator password pass privilege 1
console (config) # exit
console#
MES1000, MES2000 Ethernet Switches 37
4.3.2.2 Configuration of the Static Management Network Settings
In order to manage the switch from the network, you have to configure the device IP address,
subnet mask and gateway address, if the device is managed from another network.
You can assign IP address to any interfaceVLAN, physical port, port group. Gateway IP address
should belong to the same subnet with the one of IP interfaces of the device.
Default values: IP address 192.168.1.239, mask 255.255.255.0 on the VLAN1 interface. If the IP address is configured for the physical port or port group interface, this interface
will be deleted from its VLAN group.
Example of commands for IP address configuration on VLAN1 interface.
Interface parameters:
IP address to be assigned for VLAN 1 interface—192.168.16.144 Subnet mask255.255.255.0 Default gateway IP address192.168.16.1
console# configure console(config)# interface vlan 1 console (config-if) # ip address 192.168.16.144 /24 console (config-if) # exit console (config) # ip default-gateway 192.168.16.1 console (config) # exit console#
To ensure the correct IP address assigning for the interface, enter the following command:
console# show ip interface vlan 1
IP Address Type Directed Precedence Status Broadcast
------------------- ----------- ---------- ---------- -----------
192.168.25.67/24 Static disable No Valid
4.3.2.3 Configuration of SNMP Protocol Settings for Device Access
SNMP protocol (Simple Network Management Protocol) provides means for the network device management. Devices with SNMP protocol support contain the software code that performs the management agent function. SNMP agent interacts with the set of device parameters. These parameters are described in the Management Information Base (MIB).
SNMP agent access rights are managed by defining the SNMP community name and permitted access type.
Switches support management via SNMP v1/v2с/v3 and equipped with the integrated SNMP agent.
SNMP agent supports the set of standard and extended MIB variables.
For the switch integration into monitoring or management systems or for development of such systems, the full MIB description can be provided.
SNMP protocol can be used for changing any device parameters except for the management IP
address, SNMP community name and the user privilege level.
Device comes without any specific SNMP community settings.
To enable the device administration via SNMP protocol, you have to create at least one community
string. Switches support three types of communities:
Read Only (ro)community members will have read-only access (configuration viewing
rights), they will not be able to change any parameters.
Read/Write (rw)community members will have read-write access and will be able to
change configuration parameters.
Super (su)community members will have administrator's privileges.
Most commonly used community stringspublic with read-only access to MIB objects, and private with read-write access to MIB objects. You can assign the IP address of the management station for each community.
Example of private community creation with read-write access and management station IP
address 192.168.16.44:
console> enable
console# configure
console(config)# snmp-server server
console(config)# snmp-server community private rw 192.168.16.44
console (config)# exit
console#
Use the following command to view the created community strings and SNMP settings:
console# show snmp
SNMP is enabled.
Community-String Community-Access View name IP address
-------------------- ------------------ -------------- ------------
private read write Default 192.168.16.44
Community-String Group name IP address Type
------------------ ------------------ --------------- ------
Traps are enabled.
Authentication-failure trap is enabled.
Version 1,2 notifications
Target Address Type Community Version Udp Filter To Retries
Port name Sec
---------------- -------- ----------- ---------- ----- ------- ----- ---------
Version 3 notifications
Target Address Type Username Security Udp Filter To Retries
Level Port name Sec
---------------- -------- ----------- -------- ----- ------- ----- ---------
System Contact:
System Location:
MES1000, MES2000 Ethernet Switches 39
4.3.3 Security system configuration
This section describes configuration of the dynamic IP address assigning and configuration of the
secure device management based on the AAA mechanism (Authentication, Authorization, Accounting).
Authenticationmatching of the existing account in the security system. Authorization (access level verification)matching of the existing account in the system
(passed authentication) and specific privileges.
Accounting—user resource consumption monitoring.
4.3.3.1 Obtaining IP Address from DHCP Server
If you have a DHCP server in your network, you can obtain the IP address via DHCP protocol. The device acts as DHCP client. You can obtain IP address from DHCP server using any interfaceVLAN, physical port, port group.
DHCP client is enabled on VLAN 1 interface by default.
IP address obtained via DHCP will not be saved into the device configuration.
Configuration example for obtaining dynamic IP address from DHCP server on VLAN 1 interface:
console> enable
console# configure
console(config)# interface vlan 1
console(config-if)# ip address dhcp
console(config-if)# exit
console#
To ensure the correct IP address assigning for the interface, use the show ip interface command:
console# show ip interface vlan 1
IP Address Type Directed Precedence Status
Broadcast
------------------- ----------- ---------- ---------- -----------
192.168.25.67/24 DHCP disable No Valid
4.3.3.2 Management Security and Password Configuration
To ensure the system security, the switch uses AAA mechanism (Authentication, Authorization, Accounting), which manages user access rights, privilege levels and control methods. AAA mechanism is able to use both local and remote user databases.
To ensure the management security, it is possible to encrypt the management data using SSH protocol.
Device comes with pre-configured access password. Assigning access passwords is the responsibility of the system administrator.
If you have lost access to the device, you can initiate the password recovery procedure. This procedure allows to access the device management features once without the password from the local terminal (console port). Password recovery may be initiated via the console port only.
You can set up device access passwords for the following access interfaces:
Local terminal (console port connection) Telnet SSH HTTP
Privilege level 1 is assigned to the user after creation, that allows to selectively view device parameters but denies the management of device. Configuration permission is granted to users with the privilege level 15.
You can leave the privilege level 15 user without a password, but we do not recommend you to do so.
If the privileged user is left without a password, this user may get access to the web interface of the device with any password.
Setting Password for Console
console(config)# aaa authentication login default line console(config)# aaa authentication enable default line console(config)# line console console(config-line)# login authentication default console(config-line)# enable authentication default console(config-line)# password passwd1
Enter the passwd1 password in reply to the password entry prompt, that appears during the
registration in the console session. Also, you may need to tenter the password to switch into the privileged mode with the enable command.
Setting password for Telnet
console(config)# aaa authentication login default line console(config)# aaa authentication enable default line console(config)# ip telnet server console(config)# line telnet console(config-line)# login authentication default console(config-line)# enable authentication default console(config-line)# password passwd2
Enter the passwd2 password in reply to the password entry prompt, that appears during the
registration in the Telnet session.
Setting password for SSH
console(config)# aaa authentication login default line console(config)# aaa authentication enable default line console(config)# ip ssh server console(config)# line ssh console(config-line)# login authentication default console(config-line)# enable authentication default console(config-line)# password passwd3
Enter the passwd3 password in reply to the password entry prompt, that appears during the
registration in the SSH session.
MES1000, MES2000 Ethernet Switches 41
Setting Password for HTTP
To configure the password for access via HTTP protocol, enter the following commands:
console(config)# ip http authentication local
console(config)# username admin password passwd4 level 15
During the HTTP session initialization, enter the username admin and the password passwd4.
Device Access Password Recovery.
For default device settings, username is admin, password is not assigned. Password should be assigned by the user. If the password is lost, you can restart the device and interrupt its startup via the console port by pressing <Esc> or <Enter> keys in two seconds after the automatic startup message is displayed. The Startup menu will open, where you can initiate the password recovery procedure ([3] Password Recovery Procedure).
5 DEVICE MANAGEMENT COMMAND LINE INTERFACE
Four main modes are used for configuration of the switch. Each mode has its own specific set of
commands. Enter the '?' character to view the set of commands available for each mode.
Transition between modes is performed with special commands. The list of existing modes and
commands for mode transition:
Command mode (EXEC)—this mode is available right after the successful startup of the switch and
the username input. System prompt in this mode consists of the device name (host name) and '>' character.
console>
If the device name is not defined, the word 'console' is used instead.
Privileged command mode (privileged EXEC)—this mode is available to privileged users after
logging in. This mode should be protected with a password. Commands for changing switch system parameters are available in the privileged mode only. In the privileged mode, '#' character is used in the system prompt. Use 'enable' command to enter the privileged mode from EXEC mode.
console> enable enter password: console#
Global configuration mode (global configuration)—this mode allows to specify general settings of
the switch. Global configuration mode commands are available in any configuration submode. Use
configure command to enter this mode.
console# configure console(config)#
Interface configuration mode (interface configuration)—this mode is designed for configuration
of the switch interfaces (port, port group, VLAN interface). You can enter into this mode from the global configuration mode; there is a specific command for each interface (in the example below shown the configuration mode transition command for VLAN interface with VID=1).
console(config)# interface vlan 1 console (config-if)#
Terminal configuration mode (line configuration)—this mode is designed for terminal operation
configuration. You can enter this mode from the global configuration mode.
console(config)# line {console | telnet | ssh} console(config-line)#
MES1000, MES2000 Ethernet Switches 43
5.1 Command Line Operation Principles
All unsaved changes will be lost after the device restarts. Use the following command to save all changes made to the switch configuration:
console# copy running-config startup-config
To facilitate the entry of commands, you can use the command autocompletion feature. To activate this feature, begin the command input and press the <Tab> key.
5.2 Basic commands
EXEC mode commands
Command line request in EXEC mode appears as follows:
console>
Table 5.1 Basic commands available in EXEC mode
Command
Value/
Default value
Action
enable [priv]
priv: (1..15)/15
Switch to the privileged mode (if the value is not defined privilege level 15).
login - Close the current session and switch the user.
exit - Close the active terminal session.
help - Get help on command line interface operations.
show history
-
Show the history of commands, entered during the current terminal session.
show privilege
-
Show the privilege level of the current user.
terminal history
-/ function is enabled
Enable saving history of commands, entered during the current terminal session.
no terminal history
Disable saving history of commands, entered during the current terminal session.
terminal history size size
Size: (10..216)/10
Change buffer size for history of commands, entered during the current terminal session.
no terminal history size
Set the default value.
terminal datadump
-/ command output is split into pages
Show command output without splitting to pages (to split help output into pages, use the command: More: <space>, Quit: q, One line: <return>)..
no terminal datadump
Set the default value.
show banner [motd | login | exec]
-
Displays banner configuration.
Privileged EXEC mode commands
Command line request appears as follows:
console#
Table 5.2Basic commands available in privileged EXEC mode
Command
Value/
Default value
Action
disable [priv]
priv: (1..15)/1
Return to the normal mode from the privileged mode (if the value is not definedprivilege level 1).
configure[terminal]
-
Enter the configuration mode.
debug-mode
-
Enter the debug mode (this command is available to privileged users only).
Commands available in all configuration modes
Command line request appears as follows:
console# console(config)# console(config-line)#
Table 5.3 Basic commands available in all configuration modes
Command
Value
Action
exit
-
Exit from any configuration mode to the upper level in CLI command hierarchy.
end
-
Exit from any configuration mode to the command mode (Privileged EXEC).
do
-
Execute the command of the command level (EXEC) from any configuration mode.
help - Shows help on commands being used.
Global configuration mode commands
Command line request appears as follows:
console(config)#
Table 5.4 Basic commands available in configuration mode
Command
Value
Action
banner motd
d message-text d
no banner motd
-
Specify motd (message of the day) message text and show it on the screen. ddelimiter message-textmessage text (the string up to 510 characters, total count 2000 characters).
banner exec d message-text d no banner exec
-
Specify exec message text (example: User logged in successfully) and show it on the screen ddelimiter message-textmessage text (the string up to 510 characters, total count 2000 characters).
banner login
d message-text d
no banner login
-
Specify login message text (informational message, that is shown before username and password entry) and show it on the screen. ddelimiter message-textmessage text (the string up to 510 characters, total count 2000 characters).
Terminal configuration mode commands
Command line request in terminal configuration mode appears as follows:
console(config-line)#
Table 5.5 Basic commands available in terminal configuration mode
Command
Value/
Default value
Action
history
-/ function is enabled
Enable saving history of entered commands.
no history
Disable saving history of entered commands.
history size {size}
(0..216)/10
Change buffer size for history of entered commands.
no history sie
Set the default value.
motd-banner
-/enabled
Enable welcome messages such as 'motd' (message of the day).
no motd-banner
Disable informational messages such as 'motd'.
MES1000, MES2000 Ethernet Switches 45
login-banner
-/enabled
Enable login welcome messages.
no login-banner
Disable login welcome messages.
exec-banner
-/enabled
Enable exec welcome messages.
no exec-banner
Disable exec welcome messages.
5.3 Filtering of command line messages
Message filtering allows to reduce the amount of data shown in return to user requests and facilitate the search of the necessary information. For information filtering, add '|' symbol at the end of the command line and use one of the filtering options provided in the table
Table 5.6 Global configuration mode commands
Method
Value/Default value
Action
begin pattern
-
Show strings with first characters corresponding to the pattern template
include pattern
Display all strings that contain the template
exclude pattern
Display all strings that doesn't contain the template
5.4 Macrocommand configuration
This function allows to create the unified sets of commandsmacros, that can be used later for configuration purposes.
Global configuration mode commands
Command line request in global configuration mode appears as follows:
console(config)#
Table 5.7 Global configuration mode commands
Command
Value/Default value
Action
macro name [word]
(1..32) characters
Create a new command set, if the set with such name exists, it will be overwritten. Commands are entered one line at a time. Finish the macro with '@' character. Maximum macro length510 characters.
no macro name word
Delete the selected macro.
macro global apply word
(1..32) characters
Apply the selected macro.
macro global trace word
(1..32) characters
Validate the selected macro.
macro global description
word
(1..160) characters
Create the global macro descriptor string.
no macro global description
Delete the descriptor string.
EXEC mode commands
Command line request in EXEC mode appears as follows:
console>
Table 5.8 EXEC mode commands
Command
Action
macro apply word
(1..32) characters
Apply the selected macro.
macro trace word
Validate the selected macro.
show parser macro [ description [interface {gigabitethernet gi_port | fastethernet fa_port |
gi_port: (1..3/0/1..28);
fa_port: (1..3/0/1..24);
group: (1..8);
Show parameters of macros configured on the device.
port-channel group}] | name macro-name]
macro-name:
(1..32) characters
Interface configuration mode commands
Command line request in interface configuration mode appears as follows:
console(config-if)#
Table 5.9 Interface configuration mode commands
Command
Action
macro apply word
(1..32) characters
Apply the selected macro.
macro trace word
(1..32) characters
Validate the selected macro.
macro description word
(1..160) characters
Specify macro descriptor string.
no macro description
Delete the descriptor string.
5.5 System management commands
EXEC mode commands
Command line request in EXEC mode appears as follows:
console>
Table 5.10 System management commands in EXEC mode
Command
Value/Default value
Action
ping [ip] {A.B.C.D|host} [size size] [count count] [timeout timeout]
host (1..158) symbols;
size (64..1518)/64 Byte;
count (0..65535)/4;
timeout (50..65535) /2000
ms
This command is used for transmission of ICMP requests (ICMP Echo-Request) to the specified network node, and for reply management (ICMP Echo-Reply).
- A.B.C.DIPv4 address of the network node
- hostdomain name of the network node
- sizesize of the packet to be sent, the quantity of bytes in a packet
- countquantity of packets to be sent
- timeouttimeout of the request
ping ipv6 {A.B.C.D.E.F|host} [size size] [count count] [timeout timeout]
host (1..158) symbols;
size (68..1518)/68 Byte;
count (0..65535)/4;
timeout (50..65535) /2000
ms
This command is used for transmission of ICMP requests (ICMP Echo-Request) to the specified network node, and for reply management (ICMP Echo-Reply).
- A.B.C.D.E.FIPv6 address of the network node
- hostdomain name of the network node
- sizesize of the packet to be sent, the quantity of bytes in a packet
- countquantity of packets to be sent
- timeouttimeout of the request
traceroute ip {A.B.C.D |host} [size size] [ttl ttl] [count count] [timeout timeout] [source ip_address] [tos tos]
host (1..158) symbols;
size (64..1518)/64 Byte;
ttl (1..255)/30;
count (1..10)/3;
timeout (1..60) /3 с;
tos(0..255)/0
Detection of the traffic route to the destination node. ­A.B.C.DIPv4 address of the network node
- hostdomain name of the network node
- sizesize of the packet to be sent, the quantity of bytes in a packet
- ttlmaximum quantity of route portions
- countmaximum quantity of packet transmission attempts for each portion
- timeouttimeout of the request
- ip_address switch interface IP address, used for packet transmission
- tostype of service sent in the IP protocol header.
For description of errors, occurring during the execution of commands, see tables 5.12, 5.13
MES1000, MES2000 Ethernet Switches 47
traceroute ipv6 {A.B.C.D.E.F|host} [size size] [ttl ttl] [count count] [timeout timeout]
[source ip_address] [tos tos]
host (1..158) symbols;
size (66..1518)/66 Byte;
ttl (1..255)/30;
count (1..10)/3;
timeout (1..60) /3 s;
tos (0..255)/0
Detection of the traffic route to the destination node. ­A.B.C.D.E.FIPv6 address of the network node
- hostdomain name of the network node
- sizesize of the packet to be sent, the quantity of bytes in a packet
- ttlmaximum quantity of route portions
- countmaximum quantity of packet transmission attempts for each portion
- timeouttimeout of the request
- ip_address switch interface IP address, used for packet transmission
- tostype of service sent in the IP protocol header.
For description of errors, occurring during the execution of commands, see tables 5.12, 5.13
telnet {A.B.C.D| host} [port] [keyword1…]
host: (1..158) symbols;
port: (1..65535)/23
Open TELNET session for the network node.
- A.B.C.DIPv4 address of the network node
- hostdomain name of the network node
- portTCP port, that is used by Telnet operation
- keywordkeyword
For description of Telnet special commands and keywords, see tables 5.14 , 5.15
ssh {A.B.C.D | host} [port port] [username username] [cipher cipher]
host: (1..158) symbols;
port: (1..65535)/22;
username: (1..70) symbols
Open SSH session for the network node.
- A.B.C.Dnetwork node IPv4 address;
- hostnetwork node domain name;
- portTCP port used by SSH service;
- usernameuser name that should be used for logon;
- cipherselection of encryption method. Supported methods: 3des, aes128, aes192, aes256, arcfour. All methods are provided by default.
resume [connection]
(1..4)/the last established
session
Switch to another established TELNET session.
- connectionnumber of established telnet session
show cpu counters
-
View CPU packet counter.
show users
-
Show information on users that consume device resources.
show sessions
-
Show information on open TELNET sessions with remore devices.
show system
[unit unit_id]
unit_id: (1..8)/-
Show switch system information.
- unit_idnumber of the device in a stack (for standalone switch, this parameter is not used)
During command execution, unit_id parameter is available in the stackable mode only.
show version
-
Show the current device firmware version.
show system tcam utilization [unit unit_id]
unit_id: (1..8)/-
Show TCAM memory (Ternary Content Addressable Memory) resource load.
- unitnumber of the device in a stack (for standalone switch, this parameter is not used)
During command execution, unit_id parameter is available in the stackable mode only.
'show sessions' command shows all remote connections for the current session only. This command is used as follows:
1. Connect to a remote device from the switch via TELNET or SSH.
2. Return to a parent session (to the switch). Press <Ctrl+Shift+6>, release the keys and
press <x>. This will switch you to a parent session.
3. Execute 'show sessions' command. All outgoing connections for the current session
will be listed in the table.
4. To return to remote device session, execute 'resume N' command, where N is a
connection number from 'show sessions' command output.
Privileged EXEC mode commands
Command line request in privileged EXEC mode appears as follows:
console#
Table 5.11 System management commands in privileged EXEC mode
Command
Value/Default value
Action
reload [unit unit_id]
unit_id: [1..4]
Use this command to restart the device.
- unit_id number of device in a stack
reload in time
time: (mmm | hhh:mm)
Sets the time period for delayed device restart.
reload cancel
-
Cancels delayed restart.
show cpu utilization
-
Show statistics on CPU load level.
show cpu input-rate
-
Show statistics on the speed of inbound frames, processed by CPU.
show cpu input-rate detailed
-
Show statistics on the speed of inbound frames, processed by CPU, for each traffic type.
show cpu rate-limits
-
Show restrictions on the speed of inbound frames, processed by CPU.
show tasks utilization
-
Show statistics on CPU load level for each process.
clear cpu counters
-
Zero the CPU packet counter.
show system id [unit unit_id]
unit_id: (1..4)/-
Show device system identification information.
- unit_idnumber of the device in a stack (for standalone switch, this parameter is not used)
During command execution, unit_id parameter is available in the stackable mode only.
show system defaults [{management|ipv6|802.1x |port|fdb|multicast|
port-mirroring| spanning-tree|vlan| voice-vlan| network-security| dos-attacks | ip-addressing| qos-acl }]
-
Show the device factory settings.
show system tcam utilization
-
Shows utilization of TCAM (Ternary Content Addressable Memory) resources.
Example use of traceroute command:
console# traceroute eltex.com
Type Esc to abort. Tracing the route to eltex.com (148.21.11.69) 1 gateway.eltex (192.168.1.101) 0 msec 0 msec 0 msec 2 eltexsrv (192.168.0.1) 0 msec 0 msec 0 msec 3 * * *
Table 5.12 Description of 'traceroute' command execution results
Field
Description
1
Sequence number of the router in the path to the specified network node.
gateway.eltex
Network name for this router.
192.168.1.101
IP address of the router.
0 msec 0 msec 0 msec
The time that the packet was sent to and returned from the router. Specified for each packet transmission attempt.
MES1000, MES2000 Ethernet Switches 49
Execution of traceroute command can lead to errors, see error description in the table.
Table 5.13 Errors occurring during 'traceroute' command execution
Error symbol
Description
*
Packet transmission timeout.
?
Unknown packet type.
A
Administratively unavailable. Usually, this error is shown when outbound traffic is blocked by rules in ACL access table.
F
Fragmentation or DF bit setting required.
H
Network node is not available.
N
Network is not available.
P
Potocol is not available.
Q
Source is suppressed.
R
Expiration of the fragment reassembly timer.
S
Outbound route error.
U
Port is not available.
Switch Telnet software supports special commandsterminal control functions. To enter special command mode during the active Telnet session, use key combination <Ctrl-shift-6>.
Table 5.14 Telnet special commands
Special command
Value
^^ b
Send disconnect command through telnet.
^^ c
Send process interruption command (IP) through telnet.
^^ h
Send erase character (EC) command through telnet.
^^ o
Send abort output (AO) command through telnet.
^^ t
Send 'Are You There?' (AYT) message through telnet to check the connection.
^^ u
Send erase line (EL) command through telnet.
^^ x
Return to the command line mode.
Also you can use additional options during Telnet session opening:
Table 5.15 Keywords used during Telnet session opening
Option
Description
/echo
Locally enable echo function (suppress console output).
/quiet
Suppresses output of all Telnet software messages.
/source-interface
Defines the source interface.
/stream
Activates the processing of the stream, that enables insecure TCP connection without Telnet sequence control. Stream connection will not process Telnet options, and could be used for establishing connections to ports where UNIX-to-UNIX (UUCP) copy programs or other non-telnet protocols are running.
Global configuration mode commands
Command line request in global configuration mode appears as follows:
console(config)#
Table 5.16 System management commands in global configuration mode
Command
Value/Default value
Action
hostname name
(1..160) characters/-
Use this command to specify the network name for the device.
no hostname
Set the default network device name.
service cpu-utilization
-/enabled
Allow the device to perform software-based measurement of the switch CPU load level.
no service cpu-utilization
Deny the device to perform software-based measurement of the switch CPU load level.
service cpu-input-rate
-/disabled
Allow the device to perform software-based speed measurement of inbound frames, processed by the switch CPU.
no service cpu-input-rate
Deny the device to perform software-based speed measurement of inbound frames, processed by the switch CPU.
service cpu-rate-limits traffic limit pps
traffic: http, telnet, shh,
snmp, ip, link-local, arp-
switch-mode, arp­inspection, stp-bpdu, other­bpdu, dhcp-snooping, web-
auth, igmp-snooping, mld­snooping, sflow, log-deny-
aces, ptp, other
pps: 8..1024
Set the restrictions on the speed of inbound frames for the selected type of traffic.
- ppspackets per second.
service tasks-utilization
-/disabled
Allow the device to perform software-based measurement of the switch CPU load level for each system process.
no service tasks-utilization
Deny the device to perform software-based measurement of the switch CPU load level for each system process.
5.6 Switch Stack Management
The switch stack works as a single device and can include up to 3 devices1 with the following roles
defined by their identifiers (StackID):
Master (StackID 1)master switch, controls other stack devices. Backup (StackID 2)backup master switch. If there is a correctly operating device with the
StackID 1 in a stack, it means that this switch is a slave. If the failure occurs on the master switch, the backup switch will take its role. During operation, the startup configuration synchronization is performed between the master switch and the backup switch.
Slave (StackID 3)slave switch. Such switch cannot operate without the master switch.
In the stackable mode switches use the pair of ports for the synchronization of the stack. Port
selection depends on the switch model:
MES1024 uses Gi0/1 and Gi0/2 MES1124, MES1124M uses Gi0/3 and Gi0/4 MES2124, MES2124P, MES2124M, MES2124MB use Gi0/27 and Gi0/28 MES2208 TBD
Ports engaged in stacking are used for the service information and the transit traffic exchange between the stack switches. The following two topologies are supported for device connection in a stackring and linear. It's recommended to use the ring topology for increased stack robustness.
Privileged EXEC mode commands
Command line request appears as follows:
1
In the current firmware version.
MES1000, MES2000 Ethernet Switches 51
console#
Table 5.17Basic commands available in privileged EXEC mode
Command
Value/
Default value
Action
unit mode {standalone|stackable}
-
Defines the switch operation mode:
- standaloneswitch can perform as a standalone device
- stackableswitch can be combined in a stack The mode change takes effect after the switch is restarted.
unit renumber local after­reset stack-id
stack-id: (1..3)/1
Specifies the device number 'stack-id' to a local device (where the command is executed). The command may be used in standalone mode or stackable mode on the master device. The device number change takes effect after the switch is restarted.
unit renumber current_id after-reset new_id
current-id: (1..3)
new-id: (1..3)
Specifies the 'new-id' device number to the switch with the 'current-id' number. This command may be used only on the master device of the stack. The device number change takes effect after this device is restarted.
show unit [stack-id]
stack-id: (1..3)
Shows information on devices in a stack. If you enter this command without parameters, the brief information will be shown for all devices in a stack. If you specify 'stack-id', detailed information will be shown for the specific device.
Example use of show unit command:
console# show unit 1
Unit: 1 MAC address: a8:f9:4b:81:61:40 Master: Enabled. Product: MES-2124. Software: 1.1.16 Uplink unit: 0 Downlink unit: 0. Status: master Active image: image1. Selected for next boot: image1. Topology is Chain Stack image auto synchronization is enabled Unit Mode After Reset: stacking Unit Num After Reset: 1
Table 5.18Description of 'show unit' command execution results
Field
Description
Unit:
Identifier of the selected device
MAC address:
Switch MAC address
Master:
Permission to become the master device in a stack.
Product:
Switch model description.
Uplink unit:
Switch identifier connected to the top stack port of the selected device
Downlink unit:
Switch identifier connected to the bottom stack port of the selected device
Status:
The current role of the switch in a stack
Active image:
Active firmware image
Selected for next boot:
Firmware image, that will become active after restart
Topology is
Current stack topologychain or ring
Unit Mode After Reset:
Switch operation mode after restartstandalone/stackable
Unit Num After Reset:
Switch identifier, that will be applied after restart
Devices with identical Unit IDs won't be able to work in one stack.
5.7 Commands for configuration of password parameters
This set of commands is designed for minimum password complexity and duration configuration.
Global configuration mode commands
Command line request in global configuration mode appears as follows:
console(config)#
Table 5.19 System management commands in global configuration mode
Command
Value/Default value
Action
passwords aging age
age: (0 .. 365)/0 days
Define password duration. When this period expires, you will be asked to change the password. Zero value '0' means that the password duration is not set.
no password aging
Restore the default value.
passwords complexity enable
-/disabled
Enable field format restriction.
passwords complexity min­classes value
value: (0..4)/3
Enable the restriction for the minimum quantity of character classes (lowercase, uppercase, numbers, symbols).
no passwords complexity min-classes
Restore the default value.
passwords complexity min­length value
value: (0..64)/8
Enable minimum password length restriction.
no passwords complexity min-length
Restore the default value.
passwords complexity no­repeat number
number: (0 ..16)/3
Enable the restriction for the minimum quantity of identical consecutive characters in a new password.
no password complexity no-repeat
Restore the default value.
passwords complexity not­current
-/enabled
Deny to use the old password, when the password is changed.
no passwords complexity not-current
Allow to use the old password, when the password is changed.
passwords complexity not­username
-/enabled
Deny to use username as a password.
no passwords complexity not-username
Allow to use username as a password.
Table 5.20 System management commands in Privileged EXEC mode
Command
Action
show passwords configuration
Show information on password restriction.
MES1000, MES2000 Ethernet Switches 53
5.8 File operations
5.8.1 Command parameters description
URL addressesresource locatorsare used as command parameters in file operations. For
description of keywords, used in operations, see Table 5.20.
Table 5.21 Keyword list and description
Keyword
Description
flash://
Source or destination address for non-volatile memory. Non-volatile memory is used by default, if URL address is defined without the prefix (prefixes: flash:, tftp:, scp:…).
running-config
Current configuration file.
startup-config
Initial configuration file.
image
If the source filethis image is active. If the deleted filethis image is inactive.
boot
Load file.
tftp://
Source or destination address for TFTP server. Syntax: tftp://host/[directory/]filename. hostIPv4 address or device network name, directory, filename
scp://
Source or destination address for SSH server. Syntax: scp://[username[:password]@]host/[directory/] filename
usernameuser name; passworduser password; hostdevice IPv4 address of network name; directorydirectory; filenamefile name.
xmodem:
Source file address for X-modem protocol through the serial connection.
unit://member/ startup­config
Configuration file, used during the device startup. member—IP address or device network name in a stack.
unit://member/ image
System firmware file on the device or on one of the stacked devices. To copy file from the master device to other modules, use '*' symbol in the member element. member—IP address or device network name in a stack.
unit://member/ boot
The load file on the device or on one of the stacked devices. To copy file from the master device to other modules, use '*' symbol in the member element. member—IP address or device network name in a stack.
null:
Empty destination for copies or files. You can copy the deleted file to the empty index to determine its size.
logging
File with the command history.
unit://member/ backup­config
Backup of the configuration file on the device or on one of the stacked devices. member—IP address or device network name in a stack.
5.8.2 File operation commands
File operation commands are available to privileged users only.
Command line request in Privileged EXEC mode appears as follows:
console#
Table 5.22 File operation commands in Privileged EXEC mode
Command
Value
Action
copy source_url destination_url [snmp]
source-url:
(1..160) characters
Copy file from the source location to destination location.
- snmpused only when file is being copied from/to startup­config Specify the utilization of the source address and
destination-url:
(1..160) characters
destination address in SNMP format
- source_urlsource location of the file being copied
- destination_urldestination location for the file to be copied to
copy source_url image
Copy the system firmware file from the server into non-volatile memory.
copy source_url boot
Copy the load file from the server into non-volatile memory.
copy source_url running-config
Copy configuration file from the server into the current configuration.
copy source_url startup-config
Copy configuration file from the server into the initial configuration.
copy running-config destination_url
Save the current configuration on the server.
copy startup-config destination_url
Save the initial configuration on the server.
copy running-config startup-config
-
Save the current configuration into the initial configuration.
copy running-config file
-
Save the current configuration into the specified backup configuration file.
copy startup-config file
-
Save the initial configuration into the specified backup configuration file.
copy running-config backup-config
-
Save the current configuration into the backup configuration file.
copy startup-config backup-config
-
Save the initial configuration into the backup configuration file.
dir
-
Display the list of files in the flash memory
more {flash://<file> | startup-config |
running-config | mirror-config | <file>}
<file> - (1..160) characters
Show file contents.
- startup-configshow the contents of the initial configuration file
- running-configshow the contents of the current configuration file
- flash:// - show files from USB flash drives
- mirror-configshow the current configuration file contents from the mirror
- filefilename
File contents are shown in ASCII standard, except for image files that are shown in hexadecimal format.
*.prv files are not shown.
delete url
-
Delete the file from the device flash memory.
*.prv, image-1 and image-2 files cannot be removed.
delete startup-config
-
Delete the initial configuration file.
boot system [unit unit] {image-1| image-2}
unit: (1..4)
Define the system firmware file, that will be loaded on startup.
- unitnumber of the device in a stack (for standalone switch, this parameter is not used)
show running-config
-
Show contents of the current configuration file.
show startup-config
-
Show contents of the initial configuration file.
show bootvar [unit unit]
unit: (1..4)
Show the active system firmware file, that device loads on startup.
- unitnumber of the device in a stack (for standalone switch, this parameter is not used).
During command execution, [unit unit] parameter is available in the stackable mode only.
write [memory|terminal]
Save the current configuration into the initial configuration file.
rename url new_url
url: (1 .. 160)
Change the filename.
- urlcurrent filename
- new_urlnew filename
MES1000, MES2000 Ethernet Switches 55
There are some inappropriate combinations of location and destination. Copying is impossible in the following circumstances:
If source and target files are the same X-modem cannot be used as a destination Using X-modem, you can copy
the file from the source address into the system firmware file, load file or null
TFTP server cannot be used as source address and destination address for a
single copy command
*.prv files cannot be copied or read Copying from/to the stack devices, operating in the slave mode, is possible
only for the system firmware file and the bootloader file
Table 5.23 Copy indicator description
Indicator
Description
!
Exclamation mark means, that the copying process is going smoothly. Each exclamation mark indicates successful transmission of ten packets (512 bytes each).
.
Dot means, that the copying process was interrupted. Multiple dots in succession mean, that the error occurred during the copying.
Example use of commands
Delete test file from the non-volatile memory.
console# delete flash: test Delete flash:test? [confirm]
Command execution result: File will be deleted after confirmation.
5.8.3 Configuration backup commands
This section describes commands, intended for configuring backup timer or saving the current
configuration on the flash drive.
Global configuration mode commands
Command line request in global configuration mode appears as follows:
console(config)#
Table 5.24 System management commands in global configuration mode
Command
Value/Default value
Action
backup server server
server: 1..22 characters
Specify TFTP server, that will be used for storing the configuration backup. String in format tftp://XXX.XXX.XXX.XXX.
no backup server
Delete backup server.
backup history enable
/disabled
Enable backup history.
no backup history enable
Disable backup history.
backup path path
path: 1..128 characters
Specify path to file location on server and the file prefix. During saving, the currend date and time will be appended to the prefix in 'yyyymmddhhmmss' format.
no backup path
Delete backup path.
backup time-period timer
timer: 1..35791394
min/720min
Specify the time period for automatic creation of the configuration backup.
no backup time-period
Restore the default value.
backup auto
-/disabled
Enable automatic configuration backup.
no backup auto
Set the default value.
backup write-memory
-/disabled
Enable configuration backup, when user saves configuration to the flash drive.
no backup write-memory
Set the default value.
Table 5.25 System management commands in Privileged EXEC mode
Command
Action
show backup
Show information on configuration backup settings.
show backup history
Displays the history of configurations successfully saved on a server.
5.8.4 Automatic update and configuration commands
Automatic update
The switch will automatically execute the update process, based on DHCP (prior to the automatic configuration process), if autoupdate is enabled and the text file name (DHCP Option 125), containing the firmware file name, is provided by DHCP server.
Automatic update process includes the following steps:
1. The switch downloads the text file and reads the firmware file name on TFTP server.
2. The switch downloads the first block (512 bytes) of the firmware image file from TFTP server
with the firmware version.
3. The switch compares firmware image file version, downloaded from TFTP server, with the
active image of the switch firmware. If they differ, the switch will download the firmware image from TFTP server and make it active.
4. When the firmware image download is finished, the switch will restart.
Automatic configuration
The switch will automatically execute the configuration process, based on DHCP, if the following conditions are met:
1. Automatic configuring is enabled in configuration.
2. DHCP server reply contains TFTP server IP address (DHCP Option 66) and configuration file
name (DHCP Option 67) in ASCII format.
Resulting configuration file will be added to the current (running) configuration.
If the user has enabled automatic saving ('boot host auto-save' command), the current (running) configuration will be copied into the initial configuration (startup).
Switch will try to load configuration, if one of the following conditions is met:
1. The switch has default configuration.
2. User entered boot host dhcp command prior to the switch reboot, that will force the obtaining
of configuration on startup.
MES1000, MES2000 Ethernet Switches 57
Global configuration mode commands
Command line request in global configuration mode appears as follows:
console(config)#
Table 5.26 System management commands in global configuration mode
Command
Value/Default value
Action
boot host auto-config
-/enabled
Enable automatic configuration, based on DHCP.
no boot host auto-config
Set the default value.
boot host auto-save
-/disabled
Enable automatic saving of the current configuration into initial configuration after getting it via TFTP.
no boot host auto-save
Set the default value.
boot host auto-update
-/enabled
Enable automatic configuration, based on DHCP.
no boot host auto-update
Set the default value.
boot host dhcp
-/disabled
Enable forced configuration load on the next switch startup.
no boot host dhcp
Set the default value.
Privileged EXEC mode commands
Command line request in privileged EXEC mode appears as follows:
console#
Table 5.27 System management commands in privileged EXEC mode
Command
Value/Default value
Action
show boot
-
View automatic update and configuration settings.
Example of ISC DHCP Server configuration:
option image-filename code 125 = { unsigned integer 32, #enterprise-number. Manufacturer ID, always equal to 35265(Eltex) unsigned integer 8, #data-len. All option data length. Equal to length of the string sub­ option-data + 2. unsigned integer 8, #sub-option-code. Suboption code, always equal 1 unsigned integer 8, #sub-option-len. String length sub-option-data text #sub-option-data. Text file name, containing firmware file name };
host mes2124-test { hardware ethernet a8:f9:4b:85:a2:00; #MAC address of the switch filename "mes2124-test.cfg"; #switch configuration name option image-filename 35265 15 1 13 "mes2000-image"; #text file name, , containing firmware file name next-server 192.168.1.3; #TFTP server IP address fixed-address 192.168.1.36; #switch IP address }
5.9 System time configuration
Automatic daylight saving change is performed according to US and EU standards by default. You can set any date and time for daylight saving change and the set back process in the configuration.
Privileged EXEC mode commands
Command line request in Privileged EXEC mode appears as follows:
console#
Table 5.28 System time configuration commands in Privileged EXEC mode
Command
Value
Action
clock set hh:mm:ss day month year
clock set hh:mm:ss month day year
hh (0..23), mm(0..59),
ss (0..59), day (1..31);
month (Jan..Dec);
year (2000 – 2037)
Manual system time setting (this command is available to privileged users only). hh—hours, mm—minutes, ss—seconds dayday; monthmonth; yearyear.
show sntp configuration
-
Show SNTP protocol configuration.
show sntp status
-
Show SNTP protocol status.
EXEC mode commands
Command line request in EXEC mode appears as follows:
console>
Table 5.29System time configuration commands in EXEC mode
Command
Value
Action
show clock
-
Show system time and date.
show clock detail
Additionally show timezone and daylight saving settings.
Global configuration mode commands
Command line request in global configuration mode appears as follows:
console(config)#
Table 5.30 List of system time configuration commands in global configuration mode
Command
Value/Default value
Action
clock source sntp
-/external source is not used
Use the external source for setting system time.
no clock source
Deny the utilization of the external source for setting system time.
clock timezone zone hours-offset [minutes minutes-offset]
zone: (1..4) characters/
no zone description
hours-offset:
-12..+13/0;
minutes-offset:
(0..59)/0;
Set the timezone value.
- zoneabbreviation of the phrase (zone description)
- hours-offsethour offset from UTC zero meridian
- minutes-offsetminute offset from UTC zero meridian
no clock timezone
Restore the default value.
MES1000, MES2000 Ethernet Switches 59
clock summer-time zone date month date year hh:mm
date month year hh:mm [offset]
zone: (1..4) characters/
no zone description
week: (1..4, first, last);
day: (mon..sun);
date:( 1..31);
month: (Jan..Dec);
year: (2000 ..2097);
hh: (0..23), mm: (0..59);
offset: (1..1440)/60 min;
The daylight saving
change is disabled by
default.
Define date and time for automatic daylight saving change and the set back process (for the specific year). Zone description should be specified first, time for daylight savingsecond, and the set back timethird.
- zoneabbreviation of the phrase (zone description)
- datedate
- monthmonth
- yearyear
- hhhours, mmminutes
- offsetquantity of minutes added during the daylight saving change
clock summer-time zone recurring {usa|eu| {week day month hh:mm week day month hh:mm}} [offset]
Define date and time for automatic daylight saving change and the set back process for each year.
- zoneabbreviation of the phrase (zone description)
- usaset the daylight saving rules, used in US (daylight saving on the second Sunday of March, set back on the first Sunday of November, at 2am local time)
- euset the daylight saving rules, used in EU (daylight saving on the last Sunday of March, set back on the last Sunday of October, at 1am GMT)
- hhhours, mmminutes
- weekweek of the month
- dayday of the week
- monthmonth
- offsetquantity of minutes added during the daylight saving change
no clock summer-time
Disable daylight saving change
sntp authentication-key
number md5 value
number
(1..4294967295);
value (1..8) characters
By default,
authentication is disabled
Specify authentication key for SNTP protocol.
- numberkey number
- valuekey value
no sntp authentication-key number
Delete authentication key for SNTP protocol.
sntp authenticate
-/authentication is not required
Enable mandatory authentication for getting information from NTP servers.
no sntp authenticate
Restore the default value.
sntp trusted-key key-number
key-number
(1..4294967295);
By default,
authentication is disabled
Perform synchronization system authentication with SNTP by the specified key.
- key-numberkey number
no sntp trusted-key key­number
Restore the default value.
sntp client poll timer seconds
seconds (60 .. 86400)
/1024
Set polling time for SNTP client.
no sntp client poll timer
Restore the default value.
sntp broadcast client enable
-/denied
Allow multicast SNTP client operation.
no sntp broadcast client enable
Restore the default value.
sntp anycast client enable
-/denied
Allow the operation of SNTP clients, that support packet transmission to the nearest device in a group of receivers.
no sntp anycast client enable
Restore the default value.
sntp client enable { gigabitethernet gi_port | fastethernet fa_port | port­channel group| vlan vlan_id}
gi_port: (1..3/0/1..28); fa_port: (1..3/0/1..24);
group: (1..8);
vlan_id (1..4094)
/denied
Allow the operation of SNTP clients, that support packet transmission to the nearest device in a group of receivers, and to broadcast SNTP clients for the selected interface.
- for detailed interface configuration, see Interface Configuration Section.
no sntp client enable { gigabitethernet gi_port | fastethernet fa_port | port­channel group| vlan vlan_id}
Restore the default value.
sntp unicast client enable
-/denied
Allow unicast SNTP client operation.
no sntp unicast client enable
Restore the default value.
sntp unicast client poll
-/denied
Allow sequential polling of the selected unicast SNTP servers.
no sntp unicast client poll
Restore the default value.
sntp server {ipv4_address | ipv6_address | { ipv6-link-local-address } %{vlan {integer} | ch {integer} | isatap {integer} | {physical-port-name}}| hostname}
[poll] [key keyid]
hostname: (1..158)
characters
keyid: (1..4294967295)
Define SNTP server address.
- ipv4_addressIpv4 address of the network node.
- ipv6_addressIpv6 address of the network node.
- ipv6z_addressIpv6z address of the network node for ping. Address format {ipv6-link-local-address}%{interface-name} ipv6-link-local-addresslocal link IPv6 address interface-namename of the source interface is specified in the following format: vlan {integer} | ch {integer} | isatap {integer} | {physical­port-name}
- hostnamedomain name of the network node
- pollenable polling
- keyidkey identifier
no sntp server {ipv4_address | ipv6_address | { ipv6-link-local-address}% {vlan {integer} | ch {integer} |
isatap {integer} | {physical-port-name} }| hostname}
Delete the server from NTP server list.
sntp port port-number
port-number:
(1..65535)/123
Define UDP port of SNTP server.
no sntp port
Restore the default value.
clock dhcp timezone
-/denied
Allow to get the timezone and daylight saving data from DHCP server.
no clock dhcp timezone
Deny to get the timezone and daylight saving data from DHCP server.
Interface configuration mode commands
Command line request in interface configuration mode appears as follows:
console(config-if)#
Table 5.31 List of system time configuration commands in the interface configuration mode
Command
Value/Default value
Action
sntp client enable
-/denied
Allow the operation of SNTP clients, that support packet transmission to the nearest device in a group of receivers, and to broadcast SNTP client for the selected interface (ethernet, port-channel, VLAN).
no sntp client enable
Restore the default value.
Example execution of commands
Show the system time, date and timezone data:
console# show clock detail
15:29:08 NSK(UTC+7) Jun 17 2009 Time source is SNTP
Time zone: Acronym is NOV Offset is UTC+7
Summertime: Acronym is NSK Recurring every year. Begins at first Sunday of April at 2:00.
MES1000, MES2000 Ethernet Switches 61
Synchronization status is shown by the additional character before the time value.
Example:
*15:29:08 NSK(UTC+7) Jun 17 2009
The following symbols are used:
The dot (.) means, that the time is valid, but there is no synchronization with SNTP server No symbol means, that the time is valid and the synchronization is present Asterisk (*) means, that the time is not valid
Define system clock date and time: 7 March 2009, 1:32pm
console# clock set 13:32:00 7 Mar 2009
Show SNTP protocol status:
console# show sntp status
Clock is synchronized, stratum 0, reference is 192.168.16.1, unicast Reference time is cec866d5.8a20cccb 05:47:01.0 NSK Dec 8 2009 Unicast servers: Server Status Last Response Offset Delay [mSec] [mSec]
--------------- --------- ------------------- --------- -------
192.168.16.1 up 05:47:01.0 NSK Dec 7230 -1000 8 2009 Anycast server: Server Interface Status Last Response Offset Delay [mSec] [mSe
--------------- --------- --------- ----------------------- --------- ------- Broadcast: Interface IP address Last Response
In the example above, the system time is synchronized with the server 192.168.16.1, the last
response is received at 05:47:01; system time mismatch with server time is equal to 7.23 seconds.
5.10 Interface configuration
Depending on the switch operation modestandalone or stackablethe record appearance for Ethernet interface will change. In standalone operation, the record for the interface appears as follows: 1/0/N, where Ninterface number; in stackable operation, the record for the interface appears as follows: K/0/N, where Kdevice number in a stack, Ninterface number. For switch operation mode selection, see Paragraph 4 of the Startup Menu.
You can specify the mask value in Х.Х.Х.Х format, or in /N format, where N is the number of
1's in the binary mask representation.
Use the following command to reset interface configuration to default:
console(config)#default interface {gigabifastethernet fa_port | gigabitethernet gi_port | port-channel group | vlan vlan_id | tunnel tunnel_id | range {…}}
5.10.1 Ethernet and Port-Channel interface parameters
Interface configuration mode commands (interface range)
console# configure console(config)# interface { gigabitethernet gi_port | fastethernet fa_port|port-channel group|range {…}} console(config-if)#
This mode is available from the configuration mode and designed for configuration of interface
parameters (switch port or port group operating in the load distribution mode) or the interface range.
Selection of the interface is performed by the following commands:
for MES1024
interface fastethernet fa_portfor Fast Ethernet 1-24 interface configuration interface gigabitethernet gi_portfor Gigabit Ethernet 1-2 interface configuration
interface port-channel groupfor channel group configuration
where
groupsequential number of the channel group, possible values (1..8) fa_portFast Ethernet interface sequential number, specified as: 1..3 /0/1..24 gi_portGigabit Ethernet interface sequential number, specified as: 1..3/0/1..2
fog MES1124, MES1124M
interface fastethernet fa_port for Fast Ethernet 1-24 interface configuration interface gigabitethernet gi_port – for Gigabit Ethernet 1-4 interface configuration interface port-channel group – for channel group configuration
where
groupsequential number of the channel group, possible values (1..8) fa_portFast Ethernet interface sequential number, specified as: 1..3 /0/1..24 gi_portGigabit Ethernet interface sequential number, specified as: 1..3/0/25..26
for MES2124, MES2124P, MES2124M
interface gigabitethernet gi_portfor Gigabit Ethernet 1-28 interface configuration interface port-channel groupfor channel group configuration
where
groupsequential number of the channel group, possible values (1..8) gi_portGigabit Ethernet interface sequential number, specified as: 1..3/0/1..28
for MES2208P
interface gigabitethernet gi_portfor Gigabit Ethernet 1-12 interface configuration interface port-channel groupfor channel group configuration,
where
groupsequential number of the channel group, possible values (1..8) gi_portGigabit Ethernet interface sequential number, specified as: 1..4/0/1..12
MES1000, MES2000 Ethernet Switches 63
Interface record
1..3/0/1..N
number of device in a stack slot number interface number
Commands entered in the interface configuration mode are applied to the selected interface.
Given below are commands for entering the configuration mode of 10th Ethernet interface located
on the first device in the stack and entering the configuration mode of the channel group 1.
console# configure console(config)# interface gigabitethernet 1/0/10 console(config-if)# console# configure console(config)# interface port-channel 1 console(config-if)#
Selection of the interface range is performed by the following commands:
interface range fastethernet portlist – for configuration of the fastethernet interface
range
interface range gigabitethernet portlistfor configuration of the gigabitethernet
interface range
interface range port-channel grouplistfor configuration of port groups
Commands entered in this mode are applied to the selected interface range.
Given below are commands for entering the configuration mode of the Ethernet interface range
from 1 to 10 and entering the configuration mode of all port groups.
console# configure console(config)# interface range gigabitethernet 1/0/1-10 console(config-if)#
console# configure console(config)# interface range fastethernet 1/0/1-10 console(config-if)#
console# configure console(config)# interface range port-channel 1-8 console(config-if)#
Table 5.32 Ethernet and Port-Channel interface configuration mode commands
Command
Value/
Default value
Action
shutdown
-/enabled
Disable the configured interface (Ethernet, port-channel).
no shutdown
Enable the configured interface.
description descr
(1..64) characters/
no description
Add interface description (Ethernet, port-channel).
no description
Remove interface description.
speed mode
10, 100, 1000
Set data transfer rate (Ethernet, port-channel).
no speed
Set the default value.
duplex mode
(full, half)/full
Define interface duplex mode.
no duplex
Set the default value.
negotiation [cap1 [cap2… cap5]]
10f, 10h, 100f, 100h, 1000f
Enables autonegotiation of speed and duplex on the configured interface. You can define the specific compatibility autonegotiation parameters; if these parameters are not
defined, all compatibilities are supported (Ethernet, port­channel).
no negotiation
Disable autonegotiation of speed and duplex on the configured interface.
flowcontrol mode
(on, off, auto)/off
Define the 'flowcontrol ' flow control mode (enable, disable or autonegotiation). Flowcontrol autonegotiation works only when negotiation mode is enabled on configured interface (Ethernet, port-channel).
no flowcontrol
Disable flow control mode.
mdix mode
(on, auto)/auto
Enable the crossed cable utilization for the configured interface (Ethernet).
no mdix
Disable the crossed cable utilization for the configured interface (Ethernet).
back-pressure
-/disabled
Enable 'backpressure' function for the configured interface (Ethernet).
no back-pressure
Disable 'backpressure' function for the configured interface.
load-average period
period: 5..300/15
Specify the period of load statistics collection for the interface.
no load-average
Set the default value.
Global configuration mode commands
Command line request in global configuration mode appears as follows:
console(config)#
Table 5.33 Ethernet and Port-Channel interface general configuration mode commands
Command
Value
Action
port jumbo-frame
-/denied
Enable processing of jumbo fames by the switch.
Maximum transmission unit (MTU) default value is 1500 bytes.
Configuration changes will take effect after the switch is restarted.
Maximum transmission unit (MTU) value for port jumbo-frame configuration is 10'200bytes.
no port jumbo-frame
Disable processing of jumbo fames by the switch.
errdisable recovery cause {loopack-detection | port-security | dot1x-src-address | acl-deny | stp-bpdu-guard | stp-loopback-guard }
-/denied
Enable automatic interface activation after its disconnection in the following circumstances:
- loopback-detectionloopback-detection
- port-securitysecurity breach for port security
- dot1x-src-addressuser MAC authentication failed
- acl-denynon-compliance with access lists (ACL)
- stp-bpdu-guardBPDU Guard activation (unauthorized BPDU packet transmission via the interface)
- stp-loopback-guardloopback detection
no errdisable recovery cause { loopack-detection | port-security | dot1x-src-address | acl-deny | stp-bpdu-guard | stp-loopback-guard }
Set the default value.
errdisable recovery interval seconds
seconds: (30..86400}/300
seconds
Define the time period for automatic interface reactivation.
no errdisable recovery interval
Set the default value.
MES1000, MES2000 Ethernet Switches 65
default interface [range] {gigabitethernet gi_port | fastethernet fa_port
| port-channel group}
gi_port: (1..3/0/1..28); fa_port: (1..3/0/1..24);
group: (1..8)
Resets configuration of an interface or a group of interfaces to default.
EXEC mode commands
Command line request in EXEC mode appears as follows:
console#
Table 5.34 EXEC mode commands
Command
Value
Action
clear counters
-
Reset statistics for all interfaces.
clear counters { gigabitethernet gi_port | fastethernet fa_port | port-channel group }
gi_port: (1..3/0/1..28); fa_port: (1..3/0/1..24);
group: (1..8)
Reset statistics for Ethernet port, port group.
set interface active { gigabitethernet gi_port | fastethernet fa_port}
gi_port: (1..3/0/1..28); fa_port: (1..3/0/1..24);
Activate port, disabled with the shutdown command.
show interfaces configuration [gigabitethernet gi_port | fastethernet fa_port | port­channel group]
gi_port: (1..3/0/1..28); fa_port: (1..3/0/1..24);
group: (1..8)
Show the interface configuration.
set interface active port­channel group
group: (1..8)
Activate port group, disabled with the shutdown command.
show interfaces status
-
Show status for all interfaces.
show interfaces status { gigabitethernet gi_port | fastethernet fa_port}
gi_port: (1..3/0/1..28); fa_port: (1..3/0/1..24);
group: (1..8)
Show status for Ethernet port, port group.
show interfaces advertise
-
Show autonegotiation parameters, announced for all interfaces.
show interfaces advertise { gigabitethernet gi_port | fastethernet fa_port | port­channel group }
gi_port: (1..3/0/1..28);
fa_port: (1..3/0/1..24);
group: (1..8)
Show autonegotiation parameters, announced for Ethernet port, port group.
show interfaces description
-
Show descriptions for all interfaces (including VLAN interface).
show interfaces description { gigabitethernet gi_port | fastethernet fa_port | port­channel group }
gi_port: (1..3/0/1..28);
fa_port: (1..3/0/1..24);
group: (1..8)
Show descriptions for Ethernet port, port group.
show interfaces counters
-
Show statistics for all interfaces.
show interfaces counters { gigabitethernet gi_port | fastethernet fa_port| port­channel group }
gi_port: (1..3/0/1..28);
fa_port: (1..3/0/1..24);
group: (1..8)
Show statistics for Ethernet port, port group.
show interfaces utilization
-
Show load statistics for all interfaces.
show interfaces utilization [ gigabitethernet gi_port |
fastethernet fa_port | port-channel group]
gi_port: (1..3/0/1..28);
fa_port: (1..3/0/1..24);
group: (1..8)
Show load statistics for Ethernet port, port group.
show ports jumbo-frame
-
Show jumbo frame settings for the switch.
show errdisable recovery
-
Show settings of the automatic interface reactivation.
show errdisable interfaces [gigabitethernet gi_port | fastethernet fa_port | port-channel group]
gi_port: (1..3/0/1..28);
fa_port: (1..3/0/1..24);
group: (1..8)
Show reasons for disabling the interface(s) and the automatic activation status.
Example execution of commands
Show interface status:
console# show interfaces status
Flow Link Up Time Back Mdix Port Type Duplex Speed Neg ctrl State (d,h:m:s) Pressure Mode Port Mode
-------- ------------ ------ ----- -------- ---- ----------- ----------- -------- ------- --------­gi1/0/1 1G-Copper Full 1000 Enabled Off Up 01,00:54:25 Disabled Off Trunk gi1/0/2 1G-Copper -- -- -- -- Down -- -- -- Access gi1/0/3 1G-Copper -- -- -- -- Down -- -- -- Access gi1/0/4 1G-Copper -- -- -- -- Down -- -- -- Access gi1/0/5 1G-Copper -- -- -- -- Down -- -- -- Access gi1/0/6 1G-Copper -- -- -- -- Down -- -- -- Access gi1/0/7 1G-Copper -- -- -- -- Down -- -- -- Access gi1/0/8 1G-Copper -- -- -- -- Down -- -- -- Access gi1/0/9 1G-Copper -- -- -- -- Down -- -- -- Access gi1/0/10 1G-Copper -- -- -- -- Down -- -- -- Access gi1/0/11 1G-Copper -- -- -- -- Down -- -- -- Access gi1/0/12 1G-Copper -- -- -- -- Down -- -- -- Access gi1/0/13 1G-Copper -- -- -- -- Down -- -- -- Access gi1/0/14 1G-Copper -- -- -- -- Down -- -- -- Access gi1/0/15 1G-Copper -- -- -- -- Down -- -- -- Access gi1/0/16 1G-Copper -- -- -- -- Down -- -- -- Access gi1/0/17 1G-Copper -- -- -- -- Down -- -- -- Access gi1/0/18 1G-Copper -- -- -- -- Down -- -- -- Access gi1/0/19 1G-Copper -- -- -- -- Down -- -- -- Access gi1/0/20 1G-Copper -- -- -- -- Down -- -- -- Access gi1/0/21 1G-Copper -- -- -- -- Down -- -- -- Access gi1/0/22 1G-Copper -- -- -- -- Down -- -- -- Access gi1/0/23 1G-Copper -- -- -- -- Down -- -- -- Access gi1/0/24 1G-Copper -- -- -- -- Down -- -- -- General gi1/0/25 1G-Combo-C -- -- -- -- Down -- -- -- Access gi1/0/26 1G-Combo-C Full 1000 Enabled Off Up 01,00:25:56 Disabled Off Access gi1/0/27 1G-Combo-C -- -- -- -- Down -- -- -- Trunk gi1/0/28 1G-Combo-C Full 1000 Enabled Off Up 01,00:54:25 Disabled On General
Flow Link Ch Duplex BW Neg control State Port Mode
-------- ------ ----- -------- ------- ----------- --------­Po1 Full 1000 Enabled Off Up Trunk Po2 -- -- -- -- Not Present Access Po3 -- -- -- -- Not Present Access Po4 -- -- -- -- Not Present Access Po5 -- -- -- -- Not Present Access Po6 -- -- -- -- Not Present Access Po7 -- -- -- -- Not Present Access Po8 -- -- -- -- Not Present Access
Show autonegotiation parameters:
console# show interfaces advertise
Port Type Neg Operational Link Advertisement
--------- ------------ -------- ---------------------------------­gi0/1 1G-Fiber Disabled -- gi0/2 1G-Fiber Disabled -- gi0/3 1G-Fiber Disabled -- gi0/4 1G-Fiber Disabled -- gi0/5 1G-Fiber Disabled -- gi0/6 1G-Fiber Disabled -- gi0/7 1G-Fiber Disabled -- gi0/8 1G-Fiber Disabled -- gi0/9 1G-Fiber Disabled -- gi0/10 1G-Fiber Disabled -- gi0/11 1G-Combo-C Enabled -- gi0/12 1G-Combo-C Enabled -- gi0/13 1G-Fiber Disabled -- gi0/14 1G-Fiber Disabled -- gi0/15 1G-Fiber Disabled -- gi0/16 1G-Fiber Disabled -- gi0/17 1G-Fiber Disabled -- gi0/18 1G-Fiber Disabled -- gi0/19 1G-Fiber Disabled -- gi0/20 1G-Fiber Disabled --
MES1000, MES2000 Ethernet Switches 67
gi0/21 1G-Fiber Disabled -- gi0/22 1G-Fiber Disabled -- gi0/23 1G-Combo-C Enabled -- gi0/24 1G-Combo-C Enabled 1000f, 100f, 100h, 10f, 10h
Ch Type Neg Operational Link Advertisement
--------- ------------ -------- ---------------------------------­Po1 -- Enabled -- Po2 -- Enabled -- Po3 -- Enabled -- Po4 -- Enabled -- Po5 -- Enabled -- Po6 -- Enabled -- Po7 -- Enabled -- Po8 -- Enabled --
Show interface statistics:
console# show interfaces counters
Port InUcastPkts InMcastPkts InBcastPkts InOctets
---------------- ------------ ------------ ------------ ------------ gi0/1 0 0 0 0 gi0/2 0 0 0 0 gi0/3 0 0 0 0 gi0/4 0 0 0 0 gi0/5 0 0 0 0 gi0/6 0 0 0 0 gi0/7 0 0 0 0 gi0/8 0 0 0 0 gi0/9 0 0 0 0 gi0/10 0 0 0 0 gi0/11 0 0 0 0 gi0/12 0 0 0 0 gi0/13 0 0 0 0 gi0/14 0 0 0 0 gi0/15 0 0 0 0 gi0/16 0 0 0 0 gi0/17 0 0 0 0 gi0/18 0 0 0 0 gi0/19 0 0 0 0 gi0/20 0 0 0 0 More: <space>, Quit: q, One line: <return>
Show channel group 1 statistics:
console# show interfaces counters port-channel 1
Ch InUcastPkts InMcastPkts InBcastPkts InOctets
---------------- ------------ ------------ ------------ ------------ Po1 111 0 0 9007
Ch OutUcastPkts OutMcastPkts OutBcastPkts OutOctets
---------------- ------------ ------------ ------------ ------------ Po1 0 6 3 912 Alignment Errors: 0 FCS Errors: 0 Single Collision Frames: 0 Multiple Collision Frames: 0 SQE Test Errors: 0 Deferred Transmissions: 0 Late Collisions: 0 Excessive Collisions: 0 Carrier Sense Errors: 0 Oversize Packets: 0 Internal MAC Rx Errors: 0 Symbol Errors: 0 Received Pause Frames: 0
Transmitted Pause Frames: 0
Table 5.35 Description of counters
Counter
Description
InOctets
Quantity of bytes received.
InUcastPkts
Quantity of unicast packets received.
InMcastPkts
Quantity of multicast packets received.
InBcastPkts
Quantity of broadcast packets received.
OutOctets
Quantity of bytes sent.
OutUcastPkts
Quantity of unicast packets sent.
OutMcastPkts
Quantity of multicast packets sent.
OutBcastPkts
Quantity of broadcast packets sent.
Alignment Errors
Quantity of frames, that failed integrity verification (with the byte quantity mismatching the length) and checksum verification (FCS).
FCS Errors
Quantity of frames with the byte quantity matching the length, that failed checksum verification (FCS).
Single Collision Frames
Quantity of frames involved in a single collision, but transmitted successfully later.
Multiple Collision Frames
Quantity of frames involved in multiple collisions, but transmitted successfully later.
Deferred Transmissions
Quantity of frames with the first transmission attempt delayed due to busy communication medium.
Late Collisions
Quantity of cases, when collision is identified after transmission of the first 64 bytes of the packet to the communication link (slotTime).
Excessive Collisions
Quantity of frames, that were not sent due to excessive number of collisions.
Carrier Sense Errors
Quantity of cases, when carrier control state was lost or not approved in the frame transmission attempt.
Oversize Packets
Quantity of received packets, which size exceeds the maximum allowed frame size.
Internal MAC Rx Errors
Quantity of frames, that were not received successfully due to internal receiving error on the MAC level.
Symbol Errors
For the interface operating in 100Mbps mode, the quantity of cases, when inappropriate data symbol was found, while the correct carrier was represented. For the interface operating in 1000Mbps mode, the quantity of cases, when receiving instrumentation was busy for the time equal or greater than the slot size (slotTime), and during which there was one or more events, that forced PHY to return the data reception error or carrier extend error on GMII. For the interface operating in full-duplex 1000Mbps mode, the quantity of cases, when receiving instrumentation was busy for the time equal or greater than the minimum frame size (minFrameSize), and during which there was one or more events, that forced PHY to return the data reception error on GMII.
Received Pause Frames
Quantity of received control MAC frames with PAUSE operation code.
Transmitted Pause
Frames
Quantity of sent control MAC frames with PAUSE operation code.
Show jumbo frame settings for the switch:
console# show ports jumbo-frame
Jumbo frames are disabled Jumbo frames will be disabled after reset
MES1000, MES2000 Ethernet Switches 69
5.10.2 VLAN interface configuration
VLAN configuration mode commands
Command line request in VLAN configuration mode appears as follows:
console# configure console(config)# vlan database console(config-vlan)#
This mode is available from the global configuration mode and designed for configuration of VLAN
parameters.
Table 5.36 VLAN configuration mode commands
Command
Value/
Default value
Action
vlan vlan_range
vlan_range: (2 .. 4094)
Add a single or multiple VLANs.
no vlan vlan_range
Remove a single or multiple VLANs.
map protocol protocol [encaps] protocols-group group
protocol: ip, ipx, ipv6, arp,
(0600-ffff (hex)}*
encaps: ethernet, rfc1042,
llcOther
group: (1.. 2147483647)
Tether the protocol to the associated protocol group.
no map protocol protocol [encaps]
Remove tethering. *protocol number (16bit).
map mac mac_address { host | mask } macs-group group
mask: (9..48)
group: (1..2147483647)
Tether a single MAC address or MAC address range to MAC address group using mask.
no map mac mac_address { host | mask }
Remove tethering.
map subnet ip_address mask subnets-group group
mask: (1..32)
group: (1..2147483647)
Tether a single IP address or IP address range to IP address group using mask.
no map subnet ip_address mask
Remove tethering.
VLAN interface configuration mode commands (interface range)
Command line request in VLAN interface configuration mode appears as follows:
console# configure console(config)# interface {vlan { vlan_id }|range vlan {vlan_list}} console(config-if)#
This mode is available from the global configuration mode and designed for configuration of VLAN
interface or VLAN interface range parameters.
Selection of the interface is performed by interface vlan { vlan_id }command.
Selection of the interface range is performed by interface range vlan {vlan_list}
command.
Given below are commands for entering the configuration mode of the VLAN 1 interface and
entering the configuration mode of VLAN 1, 3, 7 group.
console# configure console(config)# interface vlan 1 console(config-if)#
console# configure
console(config)# interface range vlan 1,3,7 console(config-if)#
Table 5.37 VLAN interface configuration mode commands
Command
Value/
Default value
Action
name name
(1-64) characters/
name matches VLAN
number
Add VLAN name.
no name
Set the default value.
Ethernet interface configuration mode commands (interface range), port group interface
Command line request in Ethernet interface, port group interface configuration mode appears as
follows:
console# configure console(config)# interface { fastethernet fa_port | gigabitethernet gi_port |port-channel group | range {…}} console(config-if)#
This mode is available from the configuration mode and designed for configuration of interface
parameters (switch port or port group operating in the load distribution mode) or the interface range.
The port can operate in four modes:
accessaccess interfaceuntagged interface for a single VLAN trunkinterface, that accepts the tagged traffic only, except for a single VLAN, that can be
added by switchport trunk native vlan command
generalinterface with 802.1q full support, accepts both tagged and untagged traffic customer802.1 Q-in-Q interface
Table 5.38 Ethernet interface configuration mode commands
Command
Value/
Default value
Action
switchport mode mode
access, trunk, general,
customer/
access
Define port operation mode in VLAN.
no switchport mode
Set the default value.
switchport access vlan vlan_id
vlan_id: (1..4094)/1
Add VLAN for the access interface.
no switchport access vlan
Set the default value.
switchport trunk allowed vlan add vlan_list
vlan_list: (2..4094, all)
Add VLAN list for the interface.
switchport trunk allowed vlan remove vlan_list
Remove VLAN list for the interface.
switchport trunk native vlan vlan_id
vlan_id: (1..4095)/
1if default VLAN is
defined
4095—untagged traffic is
dropped
Add the defined VLAN as Default VLAN for this interface, all untagged traffic, coming to this port, will be directed to this VLAN.
no switchport trunk native vlan
Set the default value.
switchport general allowed vlan add vlan_list [tagged| untagged]
vlan_list: (2..4094, all)
Add VLAN list for the interface. Port will send:
- taggedtagged
- untaggeduntagged packets for VLAN
switchport general allowed vlan remove vlan_list
Remove VLAN list for the interface.
switchport general pvid vlan_id
vlan_id: (1..4094)/
1if default VLAN is
defined, otherwise4095
Add port VLAN identifier (PVID) for the main interface.
no switchport general pvid
Set the default value.
MES1000, MES2000 Ethernet Switches 71
switchport general ingress-filtering disable
-/
filtering is enabled
Disable filtering of inbound packets on the main interface based on their assigned VLAN ID.
no switchport general ingress-filtering disable
Enable filtering of inbound packets on the main interface based on their assigned VLAN ID. If filtering is enabled, and the packet is not in VLAN group with assigned VLAN ID, this packet will be dropped.
switchport general acceptable-frame-type {tagged-only | untagged-only | all}
-/accept all frame types
Accept only specific frame type on the main interface:
- tagged-onlytagged only
- untagged-onlyuntagged only
- allall frames
no switchport general acceptable-frame-type
Accept all frame types on the main interface.
switchport general map protocols-group group vlan vlan_id
vlan_id: (1..4094)
group: (1.. 2147483647)
Set the VLAN classification rule for an interface based on the protocol tethering.
no switchport general map protocols-group group
Remove the classification rule.
switchport general map macs-group group vlan vlan_id
vlan_id: (1..4094)
group: (1.. 2147483647)
Set the VLAN classification rule for an interface based on the MAC address tethering.
no switchport general map macs-group group
Remove the classification rule.
switchport general map subnets-group group vlan vlan_id
vlan_id: (1..4094)
group: (1..2147483647)
Set VLAN classification rule for an interface based on IP address tethering.
no switchport general map subnets-group group
Remove the classification rule.
switchport dot1q ethertype egress stag ether-type
ether-type: (0..ffff) (hex)
Replace EtherType in outbound packets from this interface .
no switchport dot1q ethertype egress stag
Set the default value.
switchport customer vlan vlan_id
vlan_id: (1..4094)/1
Add VLAN for the user interface.
no switchport customer vlan
Set the default value.
switchport customer multicast-tv vlan vlan_id
vlan_id: (1..4094)
Enable the multicast traffic receiving from the specified VLAN (that is different from the user interface VLAN) on the configured interface, together with other port users, that receive multicast traffic from the current VLAN.
no switchport customer multicast-tv vlan
Disable the multicast traffic receiving for the configured interface.
switchport forbidden vlan add vlan_list
vlan_list: (2..4094, all)/
all VLANs are enabled for
this port
Deny to add the selected VLANs for this port.
no switchport forbidden vlan add vlan_list
Set the default value.
switchport forbidden vlan remove vlan_list
vlan_list: (2..4094, all)/
all VLANs are enabled for
this port
Allow to add the selected VLANs for this port.
no switchport forbidden vlan remove vlan_list
Set the default value.
switchport forbidden default-vlan
Membership in the default
VLAN is enabled by default.
Deny to add the default VLAN for this port.
no switchport forbidden default-vlan
Set the default value.
switchport protected-port
-
Put the port in isolation mode within the port group.
no switchport-protected­port
Restore the default value.
switchport community community
community: (1..30)
Add port to community (port isolation group). Ports within a single community can exchange traffic only
with each other and other unprotected ports (without
'switchport protected-port' setting).
- community: community name.
no switchport community
Restore the default value. In this case, protected port is an isolated port (does not belong to any community), and it can exchange traffic only with unprotected ports (without
'switchport protected-port' setting).
switchport protected {gigabitethernet gi_port | fastethernet fa_port | port-channel group}
gi_port: (1..3/0/1..28); fa_port: (1..3/0/1..24);
group: (1..8);
By default, routing is
performed via learnt MAC
address database (FDB).
Put the port into Private VLAN Edge mode. Disable the learnt MAC address database (FDB) routing and direct all unicast, multicast and broadcast traffic to the uplink port.
no switchport protected
Enable the learnt MAC address database (FDB) routing.
ip internal-usage-vlan vlan_id
vlan_id: (1..4094)/
no reserve
Reserve VLAN for internal use on the interface.
no ip internal-usage-vlan
Set the default value.
switchport default-vlan tagged
-
Define the port as tagging in the default VLAN.
no switchport default-vlan tagged
Set the default value.
Global configuration mode commands
Command line request in global configuration mode appears as follows:
console# configure console(config)#
Table 5.39 Global configuration mode commands
Command
Value
Action
vlan database
-
Enter the VLAN configuration mode.
default interface {vlan vlan _id | range vlan vlan_list}
vlan_id: (1..4094);
vlan_list: (1..4094)
Resets configuration of a VLAN interface or a range of VLAN interfaces to default.
- vlan_id: VLAN ID
- vlan_list: list of VLAN IDs To define VLAN range, enter values separated by commas or separate starting and ending values with a hyphen '-'.
Example use of the command:
console# configure console(config)# vlan database console(config-vlan)#
Privileged EXEC mode commands
Command line request in Privileged EXEC mode appears as follows:
console#
Table 5.40 Privileged EXEC mode commands
Command
Value
Action
show vlan
-
Show information on all VLANs
show interface description vlan vlan_id
vlan_id: (1..4094)
Show description VLAN interface.
MES1000, MES2000 Ethernet Switches 73
show vlan name name
1..32 characters
Show information on VLAN, search by name
show vlan tag vlan_id
vlan_id: (1..4094)
Show information on VLAN, search by ID
show vlan internal usage
-
Show VLAN list for internal use by the switch.
show default-vlan­membership [ gigabitethernet gi_port | fastethernet fa_port | port-channel group ]
gi_port: (1..3/0/1..28);
fa_port: (1..3/0/1..24);
group: (1..8)
Show default VLAN group content.
EXEC mode commands
Command line request in EXEC mode appears as follows:
console>
Table 5.41 EXEC mode commands
Command
Value
Action
show vlan multicast-tv vlan vlan_id
vlan_id: (1..4094)
Show source ports and multicast traffic receivers in the current VLAN. Source ports can send and receive the multicast traffic.
show vlan protocols­groups
-
Show information on protocol groups.
show vlan macs-groups
-
Show information on MAC address groups.
show interfaces switchport { gigabitethernet gi_port | fastethernet fa_port | port-channel group }
gi_port: (1..3/0/1..28);
fa_port: (1..3/0/1..24);
group: (1..8)
Show port, port group configuration.
show interfaces protected­ports [ gigabitethernet gi_port | fastethernet fa_port | port-channel group ]
gi_port: (1..3/0/1..28);
fa_port: (1..3/0/1..24);
group: (1..8)
Show port status: in Private VLAN Edge mode, in private-vlan­edge community.
Example execution of commands
Show information on all VLANs:
console# show vlan
Vlan Name Ports Type Authorization
---- ----------------- --------------------------- ------------ ------------- 1 1 gi1/0/1-28,Po1-8 Default Required 4 4 gi1/0/4-5 permanent Required
2000 2000 permanent Required
Show source ports and multicast traffic receivers in VLAN 4:
console# show vlan multicast-tv vlan 4
Source ports : gi1/0/4-5 Receiver ports: gi1/0/1
Show information on protocol groups:
console# show vlan protocols-groups
Encapsulation Protocol Group Id
------------- ---------------- ---------------- 0x800 (IP) Ethernet 1 0x806 (ARP) Ethernet 1 0x86dd (IPv6) Ethernet 3
Show information on subnet groups:
console# show vlan subnets-groups
Ip Subnet Address Mask Group Id
----------------- ----------- -------------
192.168.16.44 255.255.255.0 1
192.168.16.44 255.255.255.0 2
Show VLAN list for internal use by the switch:
console# show vlan internal usage
Usage VLAN Reserved IP address
------ ------ ---------- ------------ gi0/22 9 Yes Inactive
Show GigabitEthernet 22 port configuration:
console# show interfaces switchport gigabitethernet 1/0/22
Port : gi1/0/22 Port Mode: Access Gvrp Status: disabled Ingress Filtering: true Acceptable Frame Type: all Ingress UnTagged VLAN ( NATIVE ): 1 Protected: Disabled
Port is member in:
Vlan Name Egress rule Port Membership Type
---- -------------------------------- ----------- -------------------- 1 1 Untagged System
Forbidden VLANS: Vlan Name
---- --------------------------------
Classification rules:
Protocol based VLANs: Group ID Vlan ID
------------ -------
Mac based VLANs: Group ID Vlan ID
------------ -------
MES1000, MES2000 Ethernet Switches 75
5.11 Selective Q-in-Q
This function allows to assign external SPVLAN (Service Provider's VLAN), substitute Customer VLAN, and block the transmission of traffic based on configured filtering rules by internal VLAN numbers (Customer VLAN).
The list of rules will be created for the device, that will be used for traffic processing.
The Selective-Q-in-Q rule configuration commands are not available in the acl-only mode.
If at least one Selective Q-in-Q rule is present for an interface, broadcast storm logging becomes disabled for this interface.
Ethernet and Port-Channel interface configuration mode commands (interface range)
Command line request in configuration interface configuration mode appears as follows:
console# configure
console(config)# interface { fastethernet fa_port | gigabitethernet
gi_port | port-channel group | range {…}}
console(config-if)#
Table 5.42 Ethernet interface configuration mode commands (interface range)
Command
Value
Action
selective-qinq list ingress add_vlan vlan_id [ingress_vlan ingress_vlan_id]
vlan_id: (1..4094)
ingress_vlan_id: (1..4094)
Create the rule, that will be used for adding the second tag vlan_id to the ingress_vlan_id inbound packet external tag. If the ingress_vlan_id parameter is not defined, the rule will be applied to all inbound packets regardless of their VLAN inherence. Such rule may be applied to all packets not falling under any other rule ('default rule').
selective-qinq list ingress deny [ingress_vlan ingress_vlan_id]
ingress_vlan_id: (1..4094)
Create the restriction rule, that will be used for dropping packets with external ingress_vlan_id tag. If the ingress_vlan_id parameter is not defined, the rule will cause the inbound traffic drop regardless of the external VLAN tag.
selective-qinq list ingress permit [ingress_vlan ingress_vlan_id]
ingress_vlan_id: (1..4094)
Create the rule, that will allow to forward inbound packets with the ingress_vlan_id external tag without any changes. If the ingress_vlan_id parameter is not defined, all inbound packets will be forwarded regardless of the external tag value.
selective-qinq list ingress override_vlan vlan_id [ingress_vlan ingress_vlan_id]
vlan_id: (1..4094)
ingress_vlan_id: (1..4094)
Create the rule, that will be used for replacing the ingress_vlan_id inbound packet external tag with the vlan_id value. If the ingress_vlan_id parameter is not specified, the rule will be applied to inbound packets not falling under any other rule.
selective-qinq list egress override_vlan vlan_id [ingress_vlan
ingress_vlan_id]
vlan_id: (1..4094)
ingress_vlan_id: (1..4094)
Create the rule, that will be used for replacing the ingress_vlan_id inbound packet external tag with the vlan_id tag. This rule is applied to outbound packets. If the ingress_vlan_id parameter is not specified, the rule will be applied to outbound packets regardless of the ingress_vlan_id value.
no selective-qinq list ingress [ingress-vlan ingress_vlan_id]
ingress_vlan_id: (1-4094)
Remove the rule for the selected ingress_vlan_id for inbound packets. Command without the ingress_vlan_id parameter deletes the rule applied by default to the inbound traffic.
no selective-qinq list egress ingress-vlan ingress_vlan_id
ingress_vlan_id: (1-4094)
Remove the selective qinq rule for the selected ingress_vlan_id for outbound packets.
EXEC mode commands
Command line request in EXEC mode appears as follows:
console#
Table 5.43 EXEC mode commands
Command
Value
Action
show selective-qinq [interface {gigabitethernet gi_port | fastethernet fa_port |port­channel group }
gi_port: (1..3/0/1..28);
fa_port: (1..3/0/1..24);
group:(1..12)
Show selective qinq rule list for the specific port.
Example execution of commands
Create the rule, that will replace the external mark 11 of the inbound packet to 10.
console# configure console(config)# interface gigabitethernet 1/0/1 console(config-if)# selective-qinq list ingress override vlan 10 ingress- vlan 11 console(config-if)# end
Show created selective qinq rule list.
console# show selective-qinq
Direction Interface Rule type Vlan ID Classification by Parameter
--------- --------- --------------- -------- ---------------- -----------------­ingress gi0/1 override_vlan 10 ingress_vlan 11
5.12 Broadcast storm control
Broadcast storm appears as a result of excessive amount of broadcast messages transmitted simultaneously via single network port, that causes delays and network resources overloads. Storm can appear, if looped segments exist in Ethernet network.
The switch measures the transfer rate of received broadcast, multicast or unknown unicast traffic for ports with enabled broadcast storm control and drops packets, if the transfer rate exceeds the defined maximum value.
Ethernet interface configuration mode commands
Command line request in Ethernet interface, port group interface configuration mode appears as follows:
console(config-if)#
Table 5.44 Ethernet interface configuration mode commands
Command
Value/Default value
Action
storm-control include­multicast
-/default
Add multicast traffic to broadcast control.
no storm-control include­multicast
Disable multicast traffic control.
storm-control include unknown-unicast
-/default
Add unknown unicast traffic to broadcast control.
MES1000, MES2000 Ethernet Switches 77
no storm-control include unknown-unicast
Disable unknown unicast traffic control.
storm-control broadcast enable
-/default
Enable broadcast traffic control.
no storm-control broadcast enable
Disable broadcast traffic control.
storm-control broadcast logging
-/default
Enables broadcast storm logging. Multicast and unicast traffic logging is not performed.
Enabling storm logging disables SQinQ rule configuration for that interface.
no storm-control broadcast logging
Disables broadcast storm logging.
storm-control broadcast level kbps rate
(1..1000000)/
3500 kbps
Define the maximum transfer rate for broadcast, multicast or unknown unicast traffic.
no port storm-control broadcast level
Restore the default value.
EXEC mode commands
Command line request in EXEC mode appears as follows:
console#
Table 5.45 EXEC mode commands
Command
Value
Action
show storm-control [gigabitethernet gi_port | fastethernet fa_port]
gi_port: {1..3/0/1..28}; fa_port: {1..3/0/1..24}
Show broadcast storm control configuration for the selected port or all ports.
Example execution of commands
Enable broadcast, multicast or unknown unicast traffic control for Ethernet interface 15. Define the maximum transfer rate 5000 kbps for controlled traffic.
console# configure console(config)# interface gigabitethernet 1/0/15 console(config-if)# storm-control broadcast enable console(config-if)# storm-control include-multicast console(config-if)# storm-control include-multicast unknown-unicast console(config-if)# storm-control broadcast level kbps 5000
5.13 Link Aggregation Groups (LAG)
Switches support up to 8 Ethernet interfaces in one LAG port group and up to 8 LAG groups on the standalone device or device stack. Each port group should include Ethernet interfaces operating at the same speed in full-duplex mode. Aggregation of ports into group will allow to increase the link bandwidth between the communicating devices and to increase the robustness. The switch interprets the port group as a single logical port.
Device supports two port group operation modesstatic group and LACP managed protocol group. For description of LACP protocol group, see the corresponding section of the manual.
To add the interface into a group, you have to restore the default interface settings, if they were modified.
You can add interfaces into link aggregation group in the Ethernet interface configuration mode only.
Command line request in Ethernet interface configuration mode appears as follows:
console(config-if)#
Table 5.46 Ethernet interface configuration mode commands
Command
Value
Action
channel-group group mode mode
group: (1..8)
mode: (on, auto)
Add Ethernet interface to the port group (onadd port to link without LACP, autoadd port to link with LACP).
No channel-group
Remove Ethernet interface from the port group.
Global configuration mode commands
Command line request in global configuration mode appears as follows:
console# configure console(config)#
Table 5.47 Global configuration mode commands
Command
Value
Action
port-channel load-balance {src-dst-mac-ip| src-dst-mac| src-dst-ip| src-dst-mac-ip-port} [mpls­aware]
src-dst-mac
Define load balance mechanism for aggregated port group.
- src-dst-mac-ip—load balance mechanism based on MAC address and IP address;
- src-dst-mac—load balance mechanism based on MAC address;
- src-dst-ipload balance mechanism based on IP address
- src-dst-mac-ip-portload balance mechanism based on MAC
address, IP address and the destination port;
- mpls-aware: enable parsing of L3/L4 headers of packets with MPLS tags on the device. Useful only with balance modes for L3/L4 packet headers.
Command line request in EXEC mode appears as follows:
console>
Table 5.48 EXEC mode commands
Command
Value
Action
show interfaces port­channel [group]
group: (1..8)
Show information on the channel group.
5.13.1 Static link aggregation groups
Static LAG function is the aggregation of multiple physical links into a single link, that will allow to increase the link bandwidth and robustness. For static groups, the priority of link utilization in aggregated group is not defined.
To enable the interface operation in the static group, use 'channel-group {group} mode on' command in the configuration mode of the respective interface.
MES1000, MES2000 Ethernet Switches 79
5.13.2 LACP link aggregation protocol
Link Aggregation Control Protocol (LACP) function is the aggreagtion of multiple physical links into a single link. Link aggregation allows to increase the link bandwidth and robustness. LACP performs traffic transmission via aggregated links according to the defined priorities.
To enable the interface operation via LACP protocol, use 'channel-group {group} mode auto' command in the configuration mode of the respective interface.
Global configuration mode commands
Command line request in global configuration mode appears as follows:
console(config)#
Table 5.49 Global configuration mode commands
Command
Value/Default value
Action
lacp system-priority value
value: (1..65535/1)
Define the system priority.
no lacp system-priority
Restore the default value.
Ethernet interface configuration mode commands
Command line request in Ethernet interface configuration mode appears as follows:
console(config-if)#
Table 5.50 Ethernet interface configuration mode commands
Command
Value/Default value
Action
lacp timeout {long | short}
The 'long' value is used by
default.
Set LACP protocol administrative timeout.
- longlong timeout
- shortshort timeout
no lacp timeout
Restore the default value.
lacp port-priority value
value: (1..65535/1)
Set the Ethernet inteface priority.
no lacp port-priority
Restore the default value.
EXEC mode commands
Command line request in EXEC mode appears as follows:
console#
Table 5.51 EXEC mode commands
Command
Value/Default value
Action
show lacp
{ gigabitethernet gi_port| fastethernet fa_port } [parameters | statistics | protocol-state]
gi_port: (1..3/0/1..28); fa_port: (1..3/0/1..24);
Show information on LACP protocol for Ethernet interface. If additional parameters are not used, all information will be shown.
- parametersshow protocol configuration parameters
- statisticsshow protocol operation statistics
- protocol-stateshow protocol operation state.
show lacp port-channel [group]
group: (1..8)
Show information on LACP protocol for the port group.
Example execution of commands
Create the first LACP protocol port group, that includes two Ethernet interfaces3 and 4.
Group operation transfer rate1000Mbps. Set the system priority 6, priorities 12 and 13 for Ports 3 and 4 respectively.
console# configure console(config)# lacp system-priority 6 console(config)# interface port-channel 1 console(config-if)# speed 1000 console(config-if)# exit console(config)# interface fastethernet 1/0/3 console(config-if)# speed 1000 console(config-if)# channel-group 1 mode auto console(config-if)# lacp port-priority 12 console(config-if)# exit console(config)# interface fastethernet 1/0/4 console(config-if)# speed 1000 console(config-if)# channel-group 1 mode auto console(config-if)# lacp port-priority 13 console(config-if)# exit console(config)#
5.14 IPv4 addressing configuration
This section describes commands, intended for configuring the IP addressing static parametersIP address, subnet mask, default gateway. For DNS and ARP protocol configuration, see the corresponding configuration sections.
Ethernet interface configuration mode commands, port group interface, VLAN
Command line request in Ethernet interface, port group, VLAN interface configuration mode appears as follows:
console(config-if)#
Table 5.52 Ethernet interface configuration mode commands
Command
Value
Action
ip address ip_address mask [gateway| prefix_length]
prefix_length:{8 .. 30}
Assign IP address, subnet mask, and default gateway address to the physical Ethernet interface.
no ip address [ip_address ]
Remove the IP address on the physical Ethernet interface.
ip address dhcp
[1..20] characters
Obtain IP address for configured interface from DHCP server.
no ip address dhcp
Do not obtain the IP address from DHCP server for the configured interface.
Global configuration mode commands
Command line request in global configuration mode appears as follows:
console(config)#
Table 5.53 Global configuration mode commands
Command
Value
Action
ip default-gateway ip_address
-/default gateway is not defined
Define the default gateway for the switch.
no ip default-gateway
Remove the default gateway for the switch.
MES1000, MES2000 Ethernet Switches 81
Privileged EXEC mode commands
Command line request in Privileged EXEC mode appears as follows:
console#
Table 5.54 Privileged EXEC mode commands
Command
Value
Action
clear host dhcp {name | *}
{1..158} characters
(This command is available to privileged users only.) *delete all matches.
renew dhcp {gigabitethernet gi_port | fastethernet fa_port | port-channel group| vlan vlan_id} [force­autoconfig]
gi_port: (1..3/0/1..28); fa_port: (1..3/0/1..24);
group: (1..8);
vlan_id: (1..4094)
Send the IP address renewal request to DHCP server.
- force-autoconfig—download the configuration from TFTP server on IP address renewal.
EXEC mode commands
Command line request in Exec mode appears as follows:
console>
Table 5.55 EXEC mode commands
Command
Value
Action
show ip interface [gigabitethernet gi_port | fastethernet fa_port | port-channel group| vlan vlan_id]
gi_port: (1..3/0/1..28); fa_port: (1..3/0/1..24);
group: (1..8);
vlan_id: (1..4094)
Show IP addressing configuration for the specific interface.
Example execution of commands
Define the default gateway IP address192.168.16.2:
console (config)# ip default-gateway 192.168.16.2
5.15 IPv6 addressing configuration
5.15.1 IPv6 protocol
Switches support IPv6 protocol operations. Ipv6 protocol support is the important advantage, since IPv6 protocol is destined to replace IPv4 protocol addressing completely in the future. In comparison to IPv4, IPv6 protocol has the extended address space128 bit instead of 32. IPv6 address consists of 8 blocks separated by a colon; each block has 16 bit of the address, represented as 4 hexadecimal numbers.
In addition to address space extension, IPv6 protocol has the hierarchical addressing scheme, provides route aggregation, simplifies routing table, thus boosting the router performance by using neighbouring node discovery mechanism.
Local IPv6 addresses (IPv6Z) are assigned to the interfaces by the switch; use the following format in the command syntax for IPv6Z addresses:
<ipv6-link-local-address>%<interface-name>
where interface-name—name of the interface:
interface-name = vlan<integer> | ch<integer> |<physical-port-name> integer = <decimal-number> | <integer><decimal-number> decimal-number = 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 physical-port-name = = gigabitethernet {1..3/0/1..24}| fastethernet {1..3/0/1..24}
If the value of a single group or multiple sequential groups in the IPv6 protocol address is equal to zero0000, these groups can be dropped. For example, FE40:0000:0000:0000:0000:0000:AD21:FE43 address can be shortened to FE40::AD21:FE43. It's impossible to shorten 2 distributed zero groups because of arising multiplicity.
EUI-64 is an identifier, based on the interface MAC address, that represents 64 lower bits of IPv6 address. MAC address is divided into two parts by 24 bits separated by FFFE constant.
Global configuration mode commands
Command line request in global configuration mode appears as follows:
console(config)#
Table 5.56 Global configuration mode commands
Command
Value
Action
ipv6 default-gateway
ipv6_address
-
Define the default IPv6 gateway local address. This command will be available only in the following switch mode: set system mode switch policy-based vlan active.
no ipv6 default-gateway
Remove default IPv6 gateway settings.
ipv6 host name ipv6_address_1 [ipv6_address_2... ipv6_address_4]
name:
(1..158) characters
Create the static record, that matches IPv6 address to the device network name.
no ipv6 host name
Remove static record, that matches IPv6 address to the device network name.
ipv6 neighbor ipv6_address { gigabitethernet gi_port | fastethernet fa_port | port-channel group| vlan vlan_id} mac_address
gi_port: (1..3/0/1..28); fa_port: (1..3/0/1..24);
group: (1..8);
vlan_id: (1..4094)
Create static match between MAC address of the neighbouring device and its IPv6 address.
- ipv6_addressIPv6 address
- mac_address—МАС address
no ipv6 neighbor
Remove static match between MAC address of the neighbouring device and its IPv6 address.
ipv6 icmp error-interval milliseconds [bucketsize]
milliseconds:
(0 .. 2147483647)/100
bucketsize: (1..200)/10
Specify the transfer rate limit for ICMPv6 error messages.
no ipv6 icmp error-interval
Restore the default value.
Interface configuration mode commands (VLAN, Ethernet, Port-Channel)
Command line request in interface configuration mode appears as follows:
console (config-if)#
Table 5.57 Interface configuration mode commands (Ethernet, VLAN, Port-channel)
Command
Value/Default value
Action
ipv6 enable [no-autoconfig]
-
Enable IPv6 support for the interface. no ipv6 enable
Disable IPv6 support for the interface.
ipv6 address ipv6_address/prefix_length [eui-64] [anycast]
prefix-length:
(3..128)
(64, if eui-64 parameter is
used)
Create IPv6 address on the interface.
- ipv6_addressIPv6 network assigned to the interface (8 blocks separated by a colon; each block has 16 bit of data,
MES1000, MES2000 Ethernet Switches 83
represented as 4 hexadecimal numbers)
- prefix_lengthIPv6 prefix lengthdecimal number quantity of address high bits comprising the prefix
- eui-64identifier, based on the interface MAC address, recorded in 64 lower bits of IPv6 address
- anycastidentifies that the specified address is the anycast address.
no ipv6 address
[ipv6_address/ prefix_length] [eui-64]
Remove IPv6 address from the interface.
ipv6 address autoconfig
By default, automatic
configuration is enabled,
addresses are not defined.
Enable automatic IPv6 address configuration for the interface. Addresses are configured depending on prefixes, that were received in Router Advertisement messages.
no ipv6 address autoconfig
Restore the default value.
ipv6 address ipv6_address/ prefix_length link-local
Default value for local
address: (FE80::EUI64)
Define local IPv6 interface address. High bits of the local IP addresses in IPv6FE80::
no ipv6 address [ipv6_address/prefix-length link-local]
Remove the local IPv6 address.
ipv6 nd dad attempts
attempts_number
(0..600)/1
Specify the quantity of demand messages, sent via the interface to the device, when IPv6 address duplication (collision) is detected.
ipv6 unreachables
-/enabled
Disable ICMPv6 'destination inaccessible' messages, when sending packets to the specific interface.
no ipv6 unreachables
Restore the default value.
ipv6 mld version {1 | 2}
(1,2)/2
Define MLD protocol version for the interface.
no ipv6 mld version
Restore the default value.
ipv6 mld join-group ipv6_multicast_address
-
Define MLD messages for the specific group.
- ipv6_multicast_address—IPv6 address of a multicast group.
no ipv6 mld join-group ipv6_multicast_address
Disable reporting and remove IP address from a multicast group.
Privileged EXEC mode commands
Command line request in Privileged EXEC mode appears as follows:
console#
Table 5.58 Privileged EXEC mode commands
Command
Value/Default value
Action
ipv6 set mtu { gigabitethernet gi_port | fastethernet fa_port | port-channel group } { bytes | default}
gi_port: (1..3/0/1..28); fa_port: (1..3/0/1..24);
group: (1..8)
bytes: (1280 .. 65535)
/1500
Define MTU value for IPv6 packets.
show ipv6 neighbors {static | dynamic} [ipv6-address ipv6_address ] [mac-address mac_address ] [gigabitethernet gi_port |
fastethernet fa_port | port-channel group| vlan vlan_id]
gi_port: (1..3/0/1..28); fa_port: (1..3/0/1..24);
group: (1..8);
vlan_id: (1..4094)
Show information on the neighbouring IPv6 devices, stored in cache.
- staticshow static records
- dynamicshow dynamic records
clear ipv6 neighbors
-
Clear cache, that contains the information on the neighbouring devices operating via IPv6 protocol. Information on static records will remain.
EXEC mode commands
Command line request in EXEC mode appears as follows:
console#
Table 5.59 EXEC mode commands
Command
Value
Action
show ipv6 interface [gigabitethernet gi_port | fastethernet fa_port | port-channel group| vlan vlan_id]
gi_port: (1..3/0/1..28); fa_port: (1..3/0/1..24);
group: (1..8);
vlan_id: (1..4094)
Show IPv6 protocol settings for the selected interface.
show ipv6 route
-
Show Ipv6 routing table.
show ipv6 icmp error­interval
-
Show ICMPv6 error message settings.
Example execution of commands
Show dynamic records of the routing table on the neighbouring IPv6 devices.
console# show ipv6 neighbors dynamic
Interface IPv6 address HW address State
--------- ----------------------------------- ----------------- ----­VLAN 1 5629:78:13::6782:B588:1AB5 00:00:03:08:D8:98 REACH
Possible states:
INCMP (Incomplete)—address resolution procedure is performed at the entry. It means, that
neighbouring request has been sent to the multicast address, but the respective neighbouring confirmation is not received yet.
REACH (Reachable)—positive confirmation; means that the route to the neighbouring device works
correctly; received during the reachable time (ReachableTime, ms). While the neighbouring device is accessible and the packet exchange goes without errors, no special actions are taken.
STALE—positive confirmation; means that the route to the neighbouring device works correctly;
received after the reachable time period (ReachableTime, ms). While the neighbouring device is accessible and the packet exchange goes without errors, no special actions are taken.
DELAY—positive confirmation; means that the route to the neighbouring device works correctly;
received after the reachable time period (ReachableTime, ms) and the next request was sent during attempt time interval (DELAY_FIRST_PROBE_TIME, seconds). If the positive reply is not received during attempt time interval (DELAY_FIRST_PROBE_TIME, seconds), the route state to the neighbouring device will be changed to PROBE.
PROBE—neighbouring requests are sent periodically with the 'retranslation' interval (RetransTimer,
ms), until the positive confirmation is received.
5.15.2 IPv6 protocol tunnelling (ISATAP)
IPv6 traffic tunnelling function based on ISATAP (Intra-Site Automatic Tunnel Addressing Protocol) allows to transfer IPv6 traffic via IPv4 addressing networks. Thus, nodes with IPv6 addressing, that support ISATAP tunnelling, will be able to communicate by icapsulating traffic into packets with IPv4 header.
Global configuration mode commands
Command line request in global configuration mode appears as follows:
console(config)#
MES1000, MES2000 Ethernet Switches 85
Table 5.60 Global configuration mode commands
Command
Value/Default value
Action
interface tunnel number
1
1. Create tunnelling interface.
2. Enter the tunnelling interface configuration mode.
tunnel isatap query-interval seconds
seconds: (10..3600)/10
seconds
Set the period between DNS requests, sent for automatic discovery of ISATAP router IP address.
no tunnel isatap query­interval
Restore the default value.
tunnel isatap solicitation­interval seconds
seconds: (10..3600)/10
seconds
Set the transmission period for requests, that require confirmation from ISATAP router (if there is no active router).
no tunnel isatap solicitation­interval
Restore the default value.
tunnel isatap robustness number
seconds: (1..20)/3
Define quantity of DNS-query and quantity of queries, transmitted to ISATAP router during the lifetime of established connection. Request periods are defined by the following equations:
- for DNS: (lifetime received in the DNS server reply)/(number+1)
- for requests to ISATAP router: (minimum lifetime received in the ISATAP router reply)/(number+1)
no tunnel isatap robustness
Restore the default value.
Tunnelling mode commands
Command line request in tunnelling mode appears as follows:
console# configure console(config)# interface tunnel 1 console (config-tunnel)#
Table 5.61 Tunnelling mode commands
Command
Value
Action
tunnel mode ipv6ip isatap
Tunnelling is disabled by
default.
Enable IPv6 tunnelling support through IPv4 with ISATAP.
IPv6 addressing and tunnelling support can coexist in the same interface (e.g. Ethernet/VLAN). IPv6 addressing and tunnelling selection will be based on the information on the destination IP address.
no tunnel mode ipv6ip isatap
Disable IPv6 protocol tunnelling support.
tunnel isatap router
router_name
By default, the domain
name is 'isatap'.
Define the name for IPv6 tunnel. Users with IPv4 addressing will be able to access the device (tunnelling device) while performing the standard DNS procedure.
no tunnel isatap router
Restore the default value.
tunnel source { auto | ip-address ipv4_address }
By default, IP address is not
defined.
The command assigns the local IP address to a tunnel, that will be used as a source address for packet transmission.
- autoIP address will be automatically assigned by the system
no tunnel source
Delete local tunnel IP address.
EXEC mode commands
Command line request in EXEC mode appears as follows:
console#
Table 5.62 EXEC mode commands
Command
Action
show ipv6 tunnel
Show information on the tunnel settings.
Example execution of commands
Enable tunnelling interface, define the tunnel domain name MES2124, define the local IP address
192.168.16.88.
console# configure
console(config)# interface tunnel 1
console(config-tunnel)# tunnel mode ipv6ip isatap
console(config-tunnel)# tunnel isatap router MES2124
console(config-tunnel)# tunnel source ip-address 192.168.16.88
5.15.3 IPv6 RA guard function configuration
IPv6 RA guard function provides attacks protection based on sending fake Router Advertisement packets and allows sending messages only from trusted ports.
Global Configuration Mode Commands
Command line request in global configuration mode appears as follows:
console(config)#
Table 5.63Global configuration mode commands
Command
Value/Default value
Action
ipv6 nd raguard
/disabled
Enable IPv6 RA guard function management for the switch.
no ipv6 nd raguard
Disable IPv6 RA guard function.
ipv6 nd raguard vlan
vlan
(1..4094)
Enable IPv6 RA guard function management for the switch within the specified VLAN.
- vlan – VLAN number.
Ethernet Interface Configuration Mode Commands
Command line request in the interface configuration mode appears as follows:
console (config-if)#
Table 5.64Ethernet interface configuration mode commands
Command
Value/Default value
Action
ipv6 nd raguard device-role { host | router }
-/host
Port operation mode selection.
- host – block all incoming RA messages;
- router filter RA messages according to the configured rules.
ipv6 nd raguard match access-list acl
(1..32) characters
Enable ACL for filtering RA messages in router mode.
- acl – ACL name.
ipv6 nd raguard match prefix-list prefix-list
(1..32) characters
Enable prefix-list for filtering RA messages in router mode.
- prefix-list – prefix-list name.
ipv6 nd raguard trusted­port
By default, all ports are
untrusted
Add port to the trusted list.
MES1000, MES2000 Ethernet Switches 87
5.15.4 DHCPv6 guard function configuration
The DHCPv6 guard feature prevents third-party DHCPv6 servers on the network and allows their use
only on trusted interfaces.
Global Configuration Mode Commands
Command line request in global configuration mode appears as follows:
console(config)#
Table 5.65Global configuration mode commands
Command
Value/Default value
Action
ipv6 dhcp guard
/disabled
Enable DHCPv6 guard function management for the switch.
no ipv6 dhcp guard
Disable DHCPv6 guard function.
ipv6 dhcp guard vlan vlan
(1..4094)
Enable DHCPv6 guard function management within the specified VLAN.
- vlan – VLAN number.
Ethernet Interface Configuration Mode Commands
Command line request in the interface configuration mode appears as follows:
console (config-if)#
Table 5.66Ethernet interface configuration mode commands
Command
Value/Default value
Action
ipv6 dhcp guard device­role { client | server }
-/client
Port operation mode selection:
- client – 'advertise' and 'relpy' messages are discarded
- server – 'advertise' and 'relpy' messages are filtered by the rules.
ipv6 dhcp guard match server accsess-list acl
(1..32) characters
Enable ACL for filtering DHCPv6 messages.
- acl – ACL name.
ipv6 dhcp guard match reply prefix-list prefix-list
(1..32) characters
Enable prefix-list for filtering DHCPv6 messages.
- prefix-list – prefix-list name.
ipv6 dhcp guard trusted­port
By default, all ports are
untrusted
Add port to the trusted list. Trusted ports allow all types of messages.
no ipv6 dhcp guard trusted-port
Delete port from trusted list.
5.16 Protocol configuration
5.16.1 DNS protocol configurationdomain name system
The main task of DNS protocol is the identification of the network node (host) IP address by the request, that contains its domain name. The database of network node domain names and corresponding IP addresses is stored on DNS servers.
Global configuration mode commands
Command line request in global configuration mode appears as follows:
console(config)#
Table 5.67 Global configuration mode commands
Command
Action
ip domain lookup
Enable DNS protocol utilization.
no ip domain lookup
Disable DNS protocol utilization.
ip name-server
server_ipv_address list
Define IPv4/IPv6 addresses available DNS servers. You can define up to 8 server IP addresses. Server IP address values should be space-separated.
no ip name-server
[server_ip_address1 … server_ip_address8]
Remove DNS server IP address from the list of available servers.
ip domain name name
Define the default domain name, that will be used by the application for correction of invalid domain names (domain names without a dot). For domain names without a dot, a dot with the domain name specified in the command will be added at the end of the name. The name should contain from 1 to 158 characters.
no ip domain name
Remove default domain name.
ip host name ip_address1 [ip_address2 … ip_address4]
Define static matches between network node names and IP addresses, add the established match to the cache. The name may contain from 1 to 158 characters. You can define up to four IP addresses.
no ip host name
Delete static matches between node names and IP addresses. The name may contain from 1 to 158 characters.
EXEC mode commands
Command line request in EXEC mode appears as follows:
console#
Table 5.68 EXEC mode commands
Command
Action
clear host {name|*}
Delete the match between node name and IP address in cache or delete all records (*). The name should contain from 1 to 158 characters.
show hosts [name]
Show default domain name, DNS server list, static and cached matches between node names and IP addresses. When network node name is used in command, the corresponding IP address will be shown. The name should contain from 1 to 158 characters.
Example use of commands
MES1000, MES2000 Ethernet Switches 89
Use DNS server with 192.168.16.35 and 192.168.16.38 addresses, define the default domain name mes:
сonsole# configure console(config)# ip name-server 192.168.16.35 192.168.16.38 console(config)# ip domain-name eltex-sw-1
Define static match: network node with the name eltex.mes has IP address 192.168.16.39:
сonsole# configure console(config)# ip host eltex.mes 192.168.16.39
5.16.2 ARP protocol configuration
ARP (Address Resolution Protocol) is a channel-level interface that performs the identification of
MAC address based on the IP address contained in the request.
Global configuration mode commands
Command line request in global configuration mode appears as follows:
console(config)#
Table 5.69 Global configuration mode commands
Command
Value/Default value
Action
arp ip_address mac_address
[gigabitethernet gi_port | fastethernet fa_port | port-channel group| vlan vlan_id]
ip_address format: A.B.C.D
mac_address format:
H.H.H
H:H:H:H:H:H
H-H-H-H-H-H; gi_port: (1..3/0/1..28); fa_port: (1..3/0/1..24);
group: (1..8);
vlan_id: (1..4094)
Add the static record of matches between IP and MAC addresses to ARP table for the interface, specified in the command.
- ip_address—IP address
- mac_addressMAC address
no arp ip_address [gigabitethernet gi_port | fastethernet fa_port | port-channel group| vlan vlan_id]
Remove the static record of matches between IP and MAC addresses from ARP table for the interface, specified in the command. arp timeout seconds
seconds: (1-40000000)/
60000 seconds
Define the dynamic record lifetime in ARP table (in seconds).
no arp timeout
Restore the default value.
Privileged EXEC mode commands
Command line request in privileged EXEC mode appears as follows:
console#
Table 5.70 Privileged EXEC mode commands
Command
Value
Action
clear arp-cache
-
Delete all dynamic records from ARP table. (This command is available to privileged users only.)
show arp [ip-address ip_address | mac-address mac-addres | gigabitethernet gi_port | fastethernet fa_port | port-channel group]
ip_address format: A.B.C.D mac_address format:
H.H.H or H:H:H:H:H:H or H­H-H-H-H-H
gi_port: (1..3/0/1..28) fa_port: (1..3/0/1..24)
group: (1..8)
Show ARP table records: All records, filter by IP address, filter by MAC address, filter by interface
- ip_addressIP address
- mac_addressMAC address
- gi_portGigabit Ethernet interface number
- fa_portFast Ethernet interface number
- groupchannel group
show arp configuration
-
Show global ARP configuration and interface ARP configuration.
ip arp proxy disable
-
Disable ARP request proxy mode for the switch.
no ip arp proxy disable
Enable ARP request proxy mode for the switch.
Interface configuration mode commands
Command line request in interface configuration mode appears as follows:
console(config-if)#
Table 5.71 Interface configuration mode commands
Command
Value
Action
ip proxy-arp
-
Disable ARP request proxy mode for configured interface.
no ip proxy-arp
Enable ARP request proxy mode for configured interface.
arp timeout sec
sec: (1-40000000)
Define the dynamic record lifetime in ARP table (in seconds) for the configured interface.
no arp timeout
Restore the default value (global).
Example use of commands
Add static record to ARP table: IP address 192.168.16.32, МАС address 0:0:C:40:F:BC, set dynamic record lifetime in ARP table 12,000 seconds:
сonsole# configure console(config)# arp 192.168.16.32 00-00-0c-40-0f-bc gigabitethernet 1/0/2
сonsole(config)# exit сonsole# arp timeout 12000
Show ARP table contents:
сonsole# show arp
VLAN Interface IP address HW address status
--------------------- --------------- ------------------- --------------- vlan 1 gi0/12 192.168.25.1 02:00:2a:00:04:95 dynamic
5.16.3 GVRP protocol configuration
GARP VLAN Registration Protocol (GVRP). This protocol allows to distribute VLAN identifiers in the network. The basic function of GVRP protocol is to discover information on VLAN networks, that are missing from the switch database, upon receiving GVRP messages. Switch adds received information on missing VLANs to its database.
Global configuration mode commands
Command line request in global configuration mode appears as follows:
console(config)#
Table 5.72 Global configuration mode commands
Command
Value/Default value
Action
gvrp enable
-/disabled
Enable GVRP protocol for the switch.
no gvrp enable
Disable GVRP protocol for the switch.
Ethernet interface configuration mode commands (interface range), port group interface
Command line request in Ethernet interface, port group interface configuration mode appears as follows:
console# configure
MES1000, MES2000 Ethernet Switches 91
console(config)# interface {gigabitethernet gi_port| fastethernet fa_port |port-channel group} console(config-if)#
Table 5.73 Ethernet interface configuration mode commands, interface group
Command
Value/Default value
Action
gvrp enable
-/disabled
Enable GVRP utilization for configured interface.
no gvrp enable
Disable GVRP utilization for configured interface.
garp timer {join | leave | leaveall} timer_value
timer_value:
(10-2147483640) ms
Default values:
join: 200 ms
leave: 600 ms
leaveall: 10000 ms
Set the GARP timer value (for time description, see Table
5.74). timer_valuetimer value (must be divisible by 10).
no garp timer
Set default values.
gvrp vlan-creation-forbid
-/enabled
Disable dynamic VLAN modification or creation for configured interface.
no gvrp vlan-creation­forbid
Enable dynamic VLAN modification or creation for configured interface.
gvrp registration-forbid
Be default, VLAN creation
and registration is enabled
for the interface.
Deregister all VLANs and disable the creation or registration of new VLANs on the current interface.
no gvrp registration-forbid
Restore the default value.
Table 5.74 GARP timer description
GARP timer
Value
Join Timer
Define the request transmission interval for adding VLAN into the group (value range from 10 to 2147483640 ms, default value 200 ms).
Leave Timer
Define the amount of time the interface will wait before leaving the VLAN group (value range from 10 to 2147483640 ms, default value 600 ms).
Leave timer value should be greater or equal to 3 x Join timer value.
LeaveAll Timer
Define the amount of time the interface will wait before sending LeaveAll request for complete disconnection from VLAN group (value range from 10 to 2147483640 ms, default value 10000 ms).
Leave timer value should be much greater than Leave timer value.
GARP timer values should be the same for all communicating devices. If timer values are different, the switch will not be able to operate with GVRP protocol correctly.
Communication of untagged and tagged ports can be defined administratively by setting PVID value for the untagged port.
Interface configured in the access port mode will not be able to work with GVRP protocol, since it always belongs to only one VLAN group.
Privileged EXEC mode commands
Command line request in privileged EXEC mode appears as follows:
console#
Table 5.75 Privileged EXEC mode commands
Command
Value
Action
clear gvrp statistics
gi_port: (1..3/0/1..28);
Clear collected GVRP statistics.
[gigabitethernet gi_port | fastethernet fa_port | port-channel group]
fa_port: (1..3/0/1..24);
group: (1..8)
EXEC mode commands
Command line request in EXEC mode appears as follows:
console>
Table 5.76 EXEC mode commands
Command
Value
Action
show gvrp configuration [gigabitethernet gi_port | fastethernet fa_port |
port-channel group]
gi_port: (1..3/0/1..28); fa_port: (1..3/0/1..24);
group: (1..8)
Show GVRP configuration for the selected interface or for all interfaces.
show gvrp statistics [gigabitethernet gi_port | fastethernet fa_port | port-channel group]
Show collected GVRP statistics for the selected interface or for all interfaces.
show gvrp error-statistics [gigabitethernet gi_port | fastethernet fa_port |
port-channel group]
Show GVRP error statistics for the selected interface or for all interfaces.
5.16.4 Loopback detection mechanism (loopback-detection)
This mechanism allows the device to detect loopback ports. Port loopback detection is performed by sending frame with the destination address, matching one of the device MAC addresses.
Global configuration mode commands
Command line request in global configuration mode appears as follows:
console(config)#
Table 5.77 Global configuration mode commands
Command
Value/Default value
Action
loopback-detection enable
-/disabled
Enable loopback detection mechanism for the switch.
no loopback-detection enable
Restore the default value.
loopback-detection interval seconds
(1..60)/30 seconds
Set the time interval between loopback frames.
- secondstime interval between LBD frames.
no loopback-detection interval
Restore the default value.
loopback-detection mode {src-mac-addr|base-mac­addr}
-
Set loopback detection mode.
- src-mac-addrdefine that the destination MAC address is the interface MAC address
- base-mac-addrdefine that the destination MAC address is the device MAC address
loopback-detection vlan­based
- / disabled
Enables loopback detection mode for VLAN. If there is a loop in VLAN, this VLAN will be blocked on port, on which the loop is detected.
no loopback-detection vlan-based
Disables loopback detection mode for VLAN.
loopback-detection vlan­based recovery-time
(30..1000000) / disabled
Defines time in seconds, during which a VLAN will remain in the blocked state on port.
no loopback-detection vlan-based recovery-time
VLAN on port, on which the loop is detected, will not be unblocked automatically.
MES1000, MES2000 Ethernet Switches 93
Ethernet interface configuration mode commands (interface range), port group interface
Command line request in Ethernet interface, port group interface configuration mode appears as
follows:
console# configure console(config)# interface {gigabitethernet gi_port| fastethernet fa_port|port-channel group} console(config-if)#
Table 5.78 Ethernet interface configuration mode commands, interface group
Command
Value/Default value
Action
loopback-detection enable
-/disabled
Enable loopback detection mechanism for the port.
no loopback-detection enable
Restore the default value.
EXEC mode commands
Command line request in EXEC mode appears as follows:
console#
Table 5.79 EXEC mode commands
Command
Value
Action
show loopback-detection [gigabitethernet gi_port | fastethernet fa_port | port-channel group]
gi_port: (1..3/0/1..28); fa_port: (1..3/0/1..24);
group: (1..8)
Show the state of loopback-detection mechanism.
- gi_port Gigabit Ethernet interface number
- fa_portFast Ethernet interface number
- groupchannel group
5.16.5 STP protocol family (STP, RSTP, MSTP)
The main task of STP (Spanning Tree Protocol) is to convert Ethernet network with multiple links into tree-like loop-free topology. Switches exchange configuration messages, using the special format frames, and selectively enable or disable traffic transmission to ports.
Rapid STP (RSTP) is the enhanced version of STP protocol that enables faster network conversion to the tree-like topology and provides higher stability.
Multiple STP (MSTP) is the most recent implementation of STP protocol, that support VLAN utilization. Each instance may contain multiple VLAN groups. However, MSTP protocol has a drawbackall MSTP-operating switches should have the same VLAN group configuration.
Multiprocess STP mechanism is designed for creation of independent STP/RSTP/MSTP trees on device ports. State changes of a separate tree will not affect the state of other trees, that will allow to increase the network stability and reduce the tree rebuild time in case of failures. During the configuration, it is important to eliminate the possibility of loop formation for member ports of the different trees. For isolated tree processing, the separate process is created for each tree in the system. The process matches the device ports that belong to the tree.
Maximum allowed quantity of MSTP instances is given in Table 2.9.
5.16.5.1 STP, RSTP protocol configuration
Global configuration mode commands
Command line request in global configuration mode appears as follows:
console(config)#
Table 5.80 Global configuration mode commands
Command
Value/Default value
Action
spanning-tree
-
Enable STP protocol utilization by the switch.
no spanning-tree
Disable STP protocol utilization by the switch.
spanning-tree mode {stp | rstp | mstp}
-/RSTP
Set STP protocol operation mode.
- stpIEEE 802.1D Spanning Tree Protocol;
- rstpIEEE 802.1W Rapid Spanning Tree Protocol;
- mstpIEEE 802.1S Multiple Spanning Tree Protocol.
no spanning-tree mode
Restore the default value.
spanning-tree forward-time seconds
(4..30)/15 seconds
Set the time interval for state listening and learning before switching to the transfer mode.
no spanning-tree forward-time
Restore the default value.
spanning-tree hello-time seconds
(1..10)/2 seconds
Set the interval for 'Hello' broadcast message transmission to communicating switches.
no spanning-tree hello-time
Restore the default value.
spanning-tree loopback-guard
-
Enable protection, that disables any interface, when BPDU packet is received.
no spanning-tree loopback-guard
Disable protection, that disables the interface, when BPDU packet is received.
spanning-tree max-age seconds
(6..40)/20 seconds
Set the lifetime of the STP spanning tree.
no spanning-tree max-age
Restore the default value.
spanning-tree priority priority
(0..61440)/32768
Set the priority of the STP spanning tree.
Priority value must be divisible by 4096.
no spanning-tree priority
Restore the default value.
spanning-tree pathcost method {long | short}
-/short
Set the method for defining the path value.
- longvalue in the range 1..200000000
- shortvalue in the range 1..65535.
no spanning-tree pathcost method
Restore the default value.
spanning-tree bpdu {filtering | flooding}
-/flooding
Define BPDU packet processing mode by the interface with disabled STP protocol.
- filteringpackets are filtered for the interface with STP BDPU protocol disabled
- floodinguntagged BDPU packets are transmitted for the interface with STP protocol disabled, tagged packets are filtered
no spanning-tree bpdu
Restore the default value.
spanning-tree process id
(1-31)/0
The command creates the separate process and transfers the command interface to the configuration mode.
no spanning-tree process id
Remove the selected process.
When setting forward-time, hello-time, max-age STP parameters, you should take into account the following expression: 2*(Forward-Delay - 1) >= Max-Age >= 2*(Hello-Time + 1).
Ethernet interface configuration mode commands, port group interface
Command line request in Ethernet interface, port group interface configuration mode appears as
follows:
console(config-if)#
MES1000, MES2000 Ethernet Switches 95
Table 5.81 Ethernet interface configuration mode commands, port group
Command
Value/Default value
Action
spanning-tree disable
-/enabled
Disable STP protocol operation for the configured interface.
no spanning-tree disable
Enable STP protocol operation for the configured interface.
spanning-tree cost cost
(1..200000000)/ see Table
5.82
Set path value via the following interface.
no spanning-tree cost
Set the value based on the port transfer rate and the method of route value definition, table 5.82.
spanning-tree port-priority priority
(0..240)/128
Set the interface priority in the STP spanning tree.
Priority value must be divisible by 16.
no spanning-tree port­priority
Restore the default value.
spanning-tree portfast [auto]
-
Enable mode, where port immediately switches to transmission mode when the link is established without waiting for the timer expiration.
- autoadd 3 second delay before entering the transmission mode.
no spanning-tree portfast
Enable momentary transition into transmission mode when the link is established.
spanning-tree guard root
-/protection disabled
Enable root protection for all STP spanning trees for the selected port. Such protection denies the interface to be the root port of the switch.
no spanning-tree guard root
Restore the default value.
spanning-tree bpduguard
-/protection disabled Enable protection, that disables the interface, when BPDU packet is received.
no spanning-tree bpduguard
Disable protection, that disables the interface, when BPDU packet is received.
spanning-tree link-type {point-to-point | shared}
Default value for full-
duplex port'point-to-
point', for half-duplex
split'.
Define the transfer state for RSTP protocol and specify the connection type for the selected port'point-to-point' or 'split'.
no spanning-tree link-type
Restore the default value.
spanning-tree bpdu {filtering | flooding}
-
Define BPDU packet processing mode by the interface with disabled STP protocol.
- filteringpackets are filtered for the interface with STP BDPU protocol disabled
- floodinguntagged BDPU packets are transmitted for the interface with STP protocol disabled, tagged packets are filtered
no spanning-tree bpdu
Restore the default value.
spanning-tree binding­process id
(1..31)/0
Tethers the port to the specific process. By default, all ports are controlled by the zero process.
no spanning-tree binding-process
Restore the default port tethering.
Table 5.82 Route value set by default (spanning-tree cost)
Interface
Method for defining the path value.
Long
Short
Port-channel
20000
4
Gigabit Ethernet (1000 Mbps)
20000
4
Fast Ethernet (100 Mbps)
200000
19
Process configuration mode commands
Command line request in tree configuration mode appears as follows:
console(config-mstp-process)#
Table 5.83 Privileged EXEC mode commands
Command
Value
Action
spanning-tree forward­time seconds
(4..30)/15 seconds
Set the time interval for state listening and learning of configured process before switching to the interchange mode.
no spanning-tree forward­time
Restore the default value.
spanning-tree hello-time seconds
(1..10)/2 seconds
Set the interval for 'Hello' broadcast message transmission to communicating switches.
no spanning-tree hello­time
Restore the default value.
spanning-tree max-age seconds
(6..40)/20 seconds
Set the lifetime of the STP spanning tree.
no spanning-tree max-age
Restore the default value.
spanning-tree mst instance_id priority priority
instance_id: (1..4094);
priority: (0..61440)/32768
Set the switch priority value in the selected MST instance.
Priority value must be divisible by 4096.
no spanning-tree mst instance_id priority
Restore the priority default value.
Privileged EXEC mode commands
Command line request in privileged EXEC mode appears as follows:
console#
Table 5.84 Privileged EXEC mode commands
Command
Value
Action
show spanning-tree
[process process_id] [gigabitethernet gi_port |
fastethernet fa_port | port-channel group]
process_id: (1-31)/0;
gi_port: {1..3/0/1..28}; fa_port: {1..3/0/1..24};
group: {1..8}.
Show STP protocol configuration for the selected process.
show spanning-tree [detail] [active | blockedports] [process id]
process_id: (1-31)/0
Show the detailed information on STP protocol configuration, information on active or blocked ports
clear spanning-tree detected-protocols [interface gigabitethernet
gi_port | fastethernet fa_port | port-channel group]
gi_port: (1..3/0/1..28); fa_port: (1..3/0/1..24);
group: (1..8)
Restart protocol migration process STP tree recalculation.
EXEC mode commands
Command line request in EXEC mode appears as follows:
console#
Table 5.85 EXEC mode commands
Command
Value
Action
show spanning-tree bpdu [gigabitethernet gi_port | fastethernet fa_port | port-channel group]
gi_port: {1..3/0/1..28}; fa_port: {1..3/0/1..24};
group: {1..8}.
Show BDPU packet processing mode for the interfaces.
MES1000, MES2000 Ethernet Switches 97
5.16.5.2 MSTP protocol configuration
Global configuration mode commands
Command line request in global configuration mode appears as follows:
console(config)#
Table 5.86 Global configuration mode commands
Command
Value/Default value
Action
spanning-tree
-
Enable STP protocol utilization by the switch.
no spanning-tree
Disable STP protocol utilization by the switch.
spanning-tree mode {stp | rstp | mstp}
-/RSTP
Set STP protocol operation mode.
no spanning-tree mode
Restore the default value.
spanning-tree pathcost method {long | short}
-/short
Set the method for defining the path value.
- longvalue in the range 1..200000000
- short—value in the range 1..65535.
no spanning-tree pathcost method
Restore the default value.
spanning-tree mst instance_id priority priority
instance_id: (1..4094);
priority: (0..61440)/32768
Set the higher priority for the current switch than for other switches, that use the common MSTP instance.
Priority value must be divisible by 4096.
no spanning-tree mst instance_id priority
Restore the default value.
spanning-tree mst max­hops hop_count
(1..40)/20
Set the maximum transit portions for BDPU packet required for the tree formation and keeping the information on its structure. If the packet has gone through the maximum quantity of transit portions, it will be discarded at the next portion;
no spanning-tree mst max­hops
Restore the default value.
spanning-tree mst configuration
-
Enter the MSTP configuration mode.
MSTP configuration mode commands
Command line request in MSTP configuration mode appears as follows:
console# configure console (config)# spanning-tree mst configuration console (config-mst)#
Table 5.87 MSTP configuration mode commands
Command
Value/Default value
Action
instance instance_id vlan vlan_range
instance_id:(1..4094);
vlan_range: (1..4094)
Create the match between MSTP instance and VLAN groups.
no instance instance_id vlan vlan_range
Remove the match between MSTP instance and VLAN groups. name string
(1..32) characters
Set MST configuration name.
no name
Remove MST configuration name.
revision value
(0..65535)/0
Set the MST configuration revision number.
no revision
Restore the default value.
show {current | pending}
-
Show the current or pending MST configuration.
exit - Save configuration and exit MSTP configuration mode.
abort
-
Discard configuration and exit MSTP configuration mode.
Ethernet interface configuration mode commands, port group interface
Command line request in Ethernet interface, port group interface configuration mode appears as
follows:
console(config-if)#
Table 5.88 Ethernet interface configuration mode commands, port group
Command
Value/Default value
Action
spanning-tree guard root
-/protection disabled
Enable root protection for all STP spanning trees for the selected port. Such protection denies the interface to be the root port of the switch.
no spanning-tree guard root
Restore the default value.
spanning-tree mst
instance_id port-priority priority
instance_id: (1..4094);
priority: (0..240)/128
Set the interface priority in MSTP instance.
Priority value must be divisible by 16.
no spanning-tree mst instance_id port-priority
Restore the default value.
spanning-tree mst instance_id cost cost
instance_id: (1..4094);
cost: (1..200000000)
Set the path value through the selected interface for the specific MSTP instance.
no spanning-tree mst instance_id cost
Set the value based on the port transfer rate and the method of route value definition, table 5.82.
spanning-tree port-priority
(0..240)/128
Set the interface priority in the MSTP root spanning tree.
Priority value must be divisible by 16.
no spanning-tree port­priority
Restore the default value.
Privileged EXEC mode commands
Command line request in privileged EXEC mode appears as follows:
console#
Table 5.89 EXEC mode commands
Command
Value
Action
show spanning-tree [gigabitethernet gi_port | fastethernet fa_port | port-channel group]
[instance instance-id] [process process_id]
gi_port: (1..3/0/1..28); fa_port: (1..3/0/1..24);
group: (1..8)
instance_id: (1..4094);
process_id: (1..31)/0
Show STP protocol configuration.
- instance_idMSTP instance identifier.
show spanning-tree [detail] [active | blockedports]
[instance instance-id] [process process_id]
instance_id: (1..64) ;
process_id: (1..31)/0
Show the detailed information on STP protocol configuration, information on active or blocked ports.
- instance_idMSTP instance identifier.
show spanning-tree mst­configuration
-
Show information on configured MSTP instances.
clear spanning-tree detected-protocols [gigabitethernet gi_port | fastethernet fa_port | port-channel group]
gi_port: (1..3/0/1..28); fa_port: (1..3/0/1..24);
group: (1..8)
Restart protocol migration process STP tree recalculation.
Example execution of commands
Enable STP support, set the RSTP spanning tree priority value to 12288, forward-time interval
20 seconds, 'Hello' broadcast message transmission interval 5 seconds, spanning tree lifetime 38 seconds.
console(config)# spanning-tree console(config)# spanning-tree mode rstp console(config)# spanning-tree priority 12288 console(config)# spanning-tree forward-time 20 console(config)# spanning-tree hello-time 5
MES1000, MES2000 Ethernet Switches 99
console(config)# spanning-tree max-age 38 console(config)# exit
Show STP protocol configuration:
console# show spanning-tree
*********************************** Process 0 ***********************************
Spanning tree enabled mode RSTP Default port cost method: long Loopback guard: Disabled
Root ID Priority 32768 Address a8:f9:4b:81:61:40 This switch is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Number of topology changes 1 last change occurred 00:10:02 ago Times: hold 1, topology change 35, notification 2 hello 2, max age 20, forward delay 15
Interfaces Name State Prio.Nbr Cost Sts Role PortFast Type
--------- -------- -------- -------- ------ ---- -------- ----------------- gi1/0/1 enabled 128.49 20000 Frw Desg No P2P (RSTP) gi1/0/2 enabled 128.50 20000 Frw Desg No P2P (RSTP) gi1/0/3 enabled 128.51 2000000 Dsbl Dsbl No -
5.16.6 Flex-link function configuration
Flex-link is a redundancy function that secures the reliability of data communication channel. A flex­link can contain Ethernet and port-channel interfaces. One of these interfaces is in blocked state; it starts forwarding traffic only when there is a failure on another interface.
Ethernet interface configuration mode commands, port group interface
Command line request in Ethernet interface, port group interface configuration mode appears as follows:
console(config-if)#
Table 5.90 Ethernet interface configuration mode commands, port group
Command
Value/Default value
Action
flex-link backup { gigabitethernet gi_port | fastethernet fa_port | port-channel port-channel}
gi_port: (1..4/0/1..28)/-; fa_port: (1..4/0/1..24)/-;
port_сhannel: (1..8)/-
Enables flex-link on the interface and specifies the backup role for the selected interface in a pair.
no flex-link backup { gigabitethernet gi_port | fastethernet fa_port | port-channel port-channel}
Disables flex-link on the interface and removes configured interface from flex-link pair.
flex-link preemption mode [forced | bandwidth| off]
-/off
Specifies action upon establishing an interface participating in flex-link:
- forced: if the established interface is configured as master, it will become active.
- bandwidth: upon establishing an interface, the interface with the highest bandwidth will become active.
- off: established interface will remain in a locked state.
no flex-link preemption mode
Restore the default value.
flex-link preemption delay delay
delay: (1..300)/35
When disabled port status changes to 'up', specifies the amount of time that should pass for an action, set by flex-link
preemption mode command, to be executed.
no flex-link preemption delay
Restore the default value.
Privileged EXEC mode commands
Command line request in privileged EXEC mode appears as follows:
console#
Table 5.91 EXEC mode commands
Command
Value
Action
show interfaces flex-link [detailed] { gigabitethernet
gi_port | fastethernet fa_port | port-channel port-channel}
gi_port: (1..4/0/1..28); fa_port: (1..4/0/1..24);
port_сhannel: (1..8)
Displays flex-link function configuration.
5.16.7 EAPS protocol
EAPS (Ethernet Automatic Protection Switching) protocol allows to increase stability and robustness of data network with ring topology by decreasing the restoration time after the failure. Restoration time does not exceed 1 second, that is substantially lower than the network reconstruction in case of spanning tree family protocols.
Global configuration mode commands
Command line request in global configuration mode appears as follows:
console(config)#
Table 5.92 Global configuration mode commands
Command
Value/Default value
Action
eaps - Enable EAPS protocol operation.
no eaps
Disable EAPS protocol operation.
eaps fail-timer seconds
(1..10)/3 seconds
Define the absence time for test packets, that should pass for ring failure to be registered.
no eaps fail-timer
Set the timer default value.
eaps hello-timer seconds
(1..10)/1 seconds
Hello-packet sending frequency timer.
no eaps hello-timer
Set the timer default value.
eaps domain domain_id
0..63
Create EAPS region with domain-id identifier and enter the region configuration mode.
no eaps domain domain_id
Remove EAPS region with domain-id identifier.
Domain configuration mode commands
Command line request in domain configuration mode appears as follows:
console(config-eaps-domain)#
Table 5.93 EAPS domain configuration mode commands
Command
Value/Default value
Action
control-vlan vlan_id
1..4093
Identifier of VLAN being used for EAPS management. Also, the next successive VLAN identifier is used for secondary loop management. Master EAPS VLAN should not be used for transmission of other traffic types.
no control-vlan
Cancel VLAN assignment.
Loading...
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use