Lucent STGR-CM-IP2000-F, Stinger IP2000, STGRRT-SFP-LX, STGRRT-CM-IP2000-F, STGR-SFP-SX Configuration Manual

®

Stinger

IP Control Module

Configuration Guide

Part Number: 363-217-011R9.9.1

Issue 2

For software version 9.9.1

September 2006

Copyright © 2006 Lucent Technologies Inc. All rights reserved.

This material is protected by the copyright laws of the United States and other countries. It may not be reproduced, distributed, or altered in
any fashion by any entity (either internal or external to Lucent Technologies), except in accordance with applicable agreements, contracts, or
licensing, without the express written consent of Lucent Technologies. For permission to reproduce or distribute, please email your request to
techcomm@lucent.com.

Notice

Every effort was made to ensure that the information in this document was complete and accurate at the time of printing, but information is
subject to change.

European Community (EC) RTTE compliance

Hereby, Lucent Technologies, declares that the equipment documented in this publication is in compliance with the essential require­ments and other relevant provisions of the Radio and Telecommunications Technical Equipment (RTTE) Directive 1999/5/EC.

To view the official Declaration of Conformity certificate for this equipment, according to EN 45014, access the Lucent INS online documentation
library at http://www.lucentdocs.com/ins.

Safety, compliance, and warranty Information

Before handling any Lucent Access Networks hardware product, read the Edge Access and Broadband Access Safety and Compliance Guide included
in your product package. See that guide also to determine how products comply with the electromagnetic interference (EMI) and network
compatibility requirements of your country. See the warranty card included in your product package for the limited warranty that Lucent
Technologies provides for its products.

Security statement

In rare instances, unauthorized individuals make connections to the telecommunications network through the use of access features.

Trademarks

Lucent, the Lucent logo, and all Lucent brand and product names are trademarks or registered trademarks of Lucent Technologies Inc. Other
brand and product names are trademarks of their respective holders.

Ordering Information

You can order the most up-to-date product information and computer-based training online at http://www.lucentdocs.com/bookstore.

How to comment

To comment on this information product, go to the Online Comment Form (http://www.lucent-info.com/comments/enus/) or email your
comments to the Comments Hotline (comments@lucent.com).

Lucent Technologies

Customer Service

Product and service information, and software upgrades, are available 24 hours a day.
Technical assistance options accommodate varying levels of urgency.

Finding information and software

To obtain software upgrades, release notes, and addenda for this product, log in to
Lucent OnLine Customer Support at http://www.lucent.com/support.

Lucent OnLine Customer Support also provides technical information, product
information, and descriptions of available services. The center is open 24 hours a day,
seven days a week. Log in and select a service.

Obtaining technical assistance

Lucent OnLine Customer Support at http://www.lucent.com/support provides access
to technical support. You can obtain technical assistance through email or the
Internet, or by telephone. If you need assistance, make sure that you have the
following information available:

■ Active service or maintenance contract number, entitlement ID, or site ID

■ Product name, model, and serial number

■ Software version

■ Software and hardware options If supplied by your carrier, service profile

identifiers (SPIDs) associated with your line

■ Your local telephone company’s switch type and operating mode, such as AT&T,

5ESS Custom, or Northern Telecom National ISDN-1

■ Whether you are routing or bridging with your Lucent product

■ Type of computer you are using

■ Description of the problem

Obtaining assistance through email or the Internet

If your services agreement allows, you can communicate directly with a technical
engineer through Email Technical Support or a Live Chat. Select one of these sites
when you log in to http://www.lucent.com/support.

Calling the technical assistance center (TAC)

If you cannot find an answer through the tools and information of Lucent OnLine
Customer Support or if you have a very urgent need, contact TAC. Access Lucent
OnLine Customer Support at http://www.lucent.com/support and click Contact Us
for a list of telephone numbers inside and outside the United States.

Alternatively, call 1-866-LUCENT8 (1-866-582-3688) from any location in North
America, or +353 16924579 in the Europe, Middle East and Africa (EMEA) region,

for a menu of Lucent services. Or call +1 510-747-2000 for an operator. You must

have an active services agreement or contract.

Stinger® IP Control Module Configuration Guide iii

Contents

About This Guide ...............................................................................xix

Chapter 1 Introduction.......................................................................................1-1

Stinger IP DSLAM network features ........................................................................ 1-1

Introduction to the Stinger IP2000 control module................................................. 1-3

IP2000 model numbers and platform support ................................................... 1-3

IP2000 support for up to 2048 trunk terminated calls ...................................... 1-4

Features not currently supported by the IP2000 ............................................... 1-5

Introduction to the Stinger IP2100 control module................................................. 1-5

Model numbers and platform support ............................................................... 1-6

IP2100 memory modes ...................................................................................... 1-7

Maximizing the number of user connections .................................................... 1-7

Overview of OAM-CONFIG profile settings................................................ 1-8

Required IP2100 memory mode to maximize user connections ................ 1-8

Additional connections created for trunk-terminated connections ............ 1-8

Notice of OAM limitation with more than 5000 user PVCs........................ 1-8

Configurable IP2100 port managers .................................................................. 1-9

System-generated profiles ........................................................................... 1-9

Fixed-rate and nonfixed-rate bandwidth .................................................... 1-9

Configurable NP-PORT profile settings ..................................................... 1-10

Caution about modifying NP-PORT bandwidth allocations ...................... 1-12

How to recover from a bandwidth starvation condition ........................... 1-13

Protection against exceeding line capacity in NP-PORT configurations.... 1-13

Sample HB LIM NP-PORT configuration .................................................. 1-13

Features not currently supported by the IP2100 ............................................. 1-15

Network architecture overview.............................................................................. 1-15

Multicast video ................................................................................................ 1-15

Internet and voice access ................................................................................. 1-16

Multiplexing multiple IP flows on a single ATM VCC ..................................... 1-17

Chapter 2 Gigabit Ethernet Configuration .......................................................2-1

Stinger® IP Control Module Configuration Guide v

Configuring Gigabit Ethernet interfaces................................................................... 2-1

Overview of ETHERNET profile settings ............................................................ 2-1

Enabling layer 2 bridging for VLAN operations ................................................. 2-3

Verifying the Gigabit Ethernet interface setup .................................................. 2-3

Checking the routing table .......................................................................... 2-4

Verifying the network processor setup for the interface ............................. 2-4

Verifying the SAR setup for the interface ................................................... 2-4

Verifying IP packet transfer on the interface............................................... 2-4

Configuring Gigabit Ethernet port redundancy ....................................................... 2-5

Contents

Configuring a soft IP interface for Gigabit Ethernet redundancy ...................... 2-6

Configuring Gigabit Ethernet redundancy for RFC 2684 (IPoA) connections .. 2-6

Configuring Gigabit Ethernet redundancy for VLAN bridging .......................... 2-7

Configuring a redundant LAN MBONE............................................................. 2-8

Configuring LACP on Gigabit Ethernet ports (IP2100 only).................................... 2-9

LACP configuration overview.......................................................................... 2-10

ETHER-GROUP settings ............................................................................ 2-10

Virtual ETHERNET profile settings for a LAG ........................................... 2-10

ETHERNET profile settings for physical ports in a LAG ............................ 2-12

LACP profile settings ................................................................................. 2-13

Sample link aggregation configuration ............................................................ 2-14

Configuring a routed VLAN on the aggregated bandwidth....................... 2-14

Configuring an N:1 bridged VLAN that uses the aggregated bandwidth .. 2-15

Configuring an MBONE interface on the aggregated ports....................... 2-15

LACP implementation details .......................................................................... 2-16

LACP-related diagnostics ................................................................................. 2-17

Configuring STP on Gigabit Ethernet ports (IP2100 only)..................................... 2-17

Primary application with this software version ............................................... 2-17

Limitations with this software version ............................................................ 2-18

Configuration overview ................................................................................... 2-18

Bridge-level STP settings in the ETHER-GROUP profile ........................... 2-19

Port-level STP settings in each port’s ETHERNET profile.......................... 2-20

Sample configuration with transparent bridging ............................................. 2-21

Routing implications for STP-enabled ports .................................................... 2-24

Administrative tools for Gigabit Ethernet .............................................................. 2-25

Chapter 3 VLAN Configuration..........................................................................3-1

IP filters for Ethernet-encapsulated bridged IP datagrams ....................................... 3-2

Configuring 1:1 VLAN bridging................................................................................ 3-2

Overview of VLAN-ETHERNET and CONNECTION settings ............................. 3-3

Sample 1:1 VLAN bridging configuration .......................................................... 3-5

Configuring N:1 VLAN bridging ............................................................................... 3-6

Creating and configuring bridge groups ............................................................ 3-6

Overview of BRIDGE-GROUP settings........................................................ 3-7

Sample BRIDGE-GROUP configuration with MAC address aging .............. 3-9

Sample BRIDGE-GROUP configuration with port blocking........................ 3-9

Sample BRIDGE-GROUP configuration with IGMP snooping .................. 3-10

VLAN and connection settings......................................................................... 3-11

How address limiting works............................................................................. 3-11

Sample N:1 VLAN bridging configuration with address limiting..................... 3-12

Configuring DHCP and PPPoE snooping for DSL line identification ............... 3-14

Structure of identifiers added to DHCP and PPPoE Discovery packets ..... 3-14

Configuring DHCP snooping ..................................................................... 3-16

Configuring PPPoE snooping for line identification of PPPoE clients ....... 3-20

Configuring stacked VLANs.................................................................................... 3-24

Bridging untagged frames to stacked VLANs................................................... 3-25

Overview of VLAN stacking settings for untagged frames ........................ 3-25

Sample configuration bridging untagged frames....................................... 3-26

Bridging enterprise VLAN tagged frames to stacked VLANs............................ 3-27

Overview of VLAN stacking settings for tagged frames............................. 3-28

Sample configuration for mapping tagged frames..................................... 3-30

vi Stinger® IP Control Module Configuration Guide

Contents

Configuring routed VLANs..................................................................................... 3-32

Creating a virtual IP interface for a routed VLAN ........................................... 3-32

Sample routed VLAN configuration ................................................................ 3-33

Applying an IP filter to a routed VLAN ..................................................... 3-35

Assigning a virtual router to a routed VLAN............................................. 3-35

VLAN bridging of IPoA traffic to an upstream BRAS ............................................. 3-36

Upstream packet processing............................................................................. 3-36

Downstream packet processing ....................................................................... 3-37

Configuration overview ................................................................................... 3-37

Overview of the BRAS profile ................................................................... 3-37

Overview of CONNECTION profile settings .............................................. 3-38

Configuring VLAN bridged IPoA...................................................................... 3-39

Configuring bridged IPoA to multiple BRAS with the same IP address .......... 3-41

Caveat when configuring an unnumbered interface for bridged IPoA............ 3-43

Sample VLAN configuration...................................................................... 3-43

Sample profiles .......................................................................................... 3-43

Possible proxy ARP problems with the sample configuration................... 3-44

Conclusions about the sample configuration ............................................ 3-45

VLAN-based ARP table .................................................................................... 3-45

How the VLAN ARP entries are updated dynamically .............................. 3-45

Adding VLAN ARP entries statically.......................................................... 3-45

PPPoA bridging in 1:1 and N:1 VLAN .................................................................... 3-46

Upstream network element configuration requirements ................................ 3-46

PPPoA bridging in N:1 VLANs ......................................................................... 3-47

Required settings to enable PPPoA bridging in a bridge group ................. 3-47

Downstream CPE configuration considerations ........................................ 3-48

Sample configuration enabling PPPoA bridging in a bridge group ........... 3-48

PPPoA bridging in 1:1 VLANs .......................................................................... 3-50

Required setting to enable PPPoA bridging in a 1:1 VLAN ....................... 3-50

Downstream CPE configuration considerations ........................................ 3-51

Sample configuration enabling PPPoA bridging in a 1:1 VLAN circuit ..... 3-51

Administrative tools for VLAN ............................................................................... 3-53

Chapter 4 IP Routing Configuration..................................................................4-1

Introduction to the IP router software ..................................................................... 4-1

Routes and interfaces......................................................................................... 4-2

Displaying the routing table ........................................................................ 4-2

Displaying the interface table ...................................................................... 4-3

IP control module performance statistics .................................................... 4-4

IP address syntax ............................................................................................... 4-4

Configuring IP-INTERFACE profiles for Ethernet ports ........................................... 4-6

Overview of typical local interface settings ....................................................... 4-6

Configuring a local IP interface.......................................................................... 4-7

Defining a local virtual IP interface ................................................................... 4-8

Defining a soft interface for increased accessibility............................................ 4-8

Disabling directed broadcasts to protect against denial-of-service..................... 4-8

Configuring IP-GLOBAL network features .............................................................. 4-9

Setting a system address .................................................................................... 4-9

Configuring DNS.............................................................................................. 4-10

Overview of typical DNS settings .............................................................. 4-10

Specifying domain names for lookups ...................................................... 4-10

Stinger® IP Control Module Configuration Guide vii

Contents

Setting RIP options .......................................................................................... 4-11

RIP policy for propagating updates back to the originating subnet........... 4-12

RIP triggering ............................................................................................ 4-12

Limiting the size of UDP packet queues .................................................... 4-12

Ignoring default routes when updating the routing table ......................... 4-13

Suppressing host-route advertisements .................................................... 4-13

Subscriber profile sharing ................................................................................ 4-14

Equal cost multipath routing ........................................................................... 4-15

Packet-based ECMP................................................................................... 4-15

Flow-based ECMP ..................................................................................... 4-15

Caveat about changing the type of load balancing ................................... 4-15

Limitations of ECMP load balancing ......................................................... 4-16

Overview of ECMP settings ....................................................................... 4-16

Sample downstream ECMP configuration ................................................ 4-17

Example of downstream flow-based ECMP .............................................. 4-19

Sample upstream ECMP through routed VLAN interfaces ....................... 4-21

Configuring and using address pools ............................................................... 4-23

Pool requirements ..................................................................................... 4-23

Overview of settings for defining pools ..................................................... 4-23

Preventing the use of class boundary addresses ........................................ 4-26

Examples of configuring address pools ..................................................... 4-26

Example of configuring summarized address pools .................................. 4-27

Examples of assigning an address from a pool .......................................... 4-29

IP pool chaining ........................................................................................ 4-30

Slot-based address assignment......................................................................... 4-36

Overview of profile settings....................................................................... 4-36

Sample slot-based address configuration using the global router ............. 4-37

Expanding the sample configuration to use a virtual router .................... 4-39

Configuring IP-ROUTE profiles .............................................................................. 4-40

Overview of typical static route settings .......................................................... 4-40

Offloading routing overhead to an external router ......................................... 4-41

Creating a static route to a subnet ................................................................... 4-42

Overview of routed subscriber connection features............................................... 4-42

Source interface local addresses....................................................................... 4-42

Packets that use the specified source address ............................................ 4-42

CPE client considerations .......................................................................... 4-43

Soft IP interface requirement .................................................................... 4-43

Overview of configuration settings ........................................................... 4-44

Sample configuration with a source interface address .............................. 4-44

Anti-spoofing protection for IPoA, BIR, PPPoA, and PPPoE connections ....... 4-46

Overview of anti-spoofing settings............................................................ 4-47

Sample anti-spoofing configuration .......................................................... 4-48

Configuring IPoA subscriber connections .............................................................. 4-49

Typical CONNECTION atm-options settings for terminating PVCs ................. 4-49

Typical CONNECTION ip-options settings for terminating PVCs .................... 4-50

Sample RFC 2684 (IPoA) terminating PVC ..................................................... 4-51

Example of using a local-address setting for a numbered interface ................ 4-52

Example of routing a terminated PVC across Gigabit Ethernet ....................... 4-53

Example of using IP routing to aggregate PVCs onto a trunk VC.................... 4-55

Configuring BIR subscriber connections ................................................................ 4-56

Overview of CONNECTION bir-options and ip-options settings ..................... 4-56

Sample subnet (BIR/24) configuration............................................................ 4-57

viii Stinger® IP Control Module Configuration Guide

Contents

Sample host route (BIR/32) configurations..................................................... 4-58

Sample BIR connection on a VDSL port .......................................................... 4-60

Sample use of filters with BIR connections ..................................................... 4-61

Configuring multiple WAN virtual IP interfaces on a BIR connection............ 4-62

Overview of multiple IP address settings .................................................. 4-63

Sample configuration of multiple addresses on a BIR connections .......... 4-64

How routes are created for WAN virtual interfaces......................................... 4-65

Configuring DHCP relay for IPoA and BIR connections ........................................ 4-66

RFC compliance and caveats ........................................................................... 4-66

DHCP option 82 ............................................................................................... 4-66

WAN virtual interfaces on DHCP-configured BIR connections ....................... 4-66

IP address assignments on DHCP-configured WAN virtual interfaces ...... 4-67

DHCP IP address lease time for WAN virtual interfaces............................ 4-67

When WAN virtual interfaces are activated.............................................. 4-67

How the system selects an interface for incoming packets ....................... 4-68

Deactivating and deleting WAN virtual IP interfaces ................................ 4-68

DHCP relay configuration settings ................................................................... 4-68

Overview of IP-GLOBAL DHCP relay settings .......................................... 4-68

Overview of DHCP relay agent settings..................................................... 4-69

Overview of DHCP option 82 suboption settings ...................................... 4-70

Overview of IP-INTERFACE and CONNECTION DHCP settings............... 4-72

Per-connection control of the DHCP relay giaddr field ................................... 4-73

Overview of how to use per-connection giaddr contents ......................... 4-73

Samples of how various settings affect giaddr contents ............................ 4-74

Sample DHCP relay configurations for IPoA connections ............................... 4-74

Sample configuration using DHCP relay without option 82 ..................... 4-74

Sample configuration using DHCP relay with option 82 .......................... 4-75

Sending only a hostname in the suboption fields ..................................... 4-75

Interoperation with DHCP servers that zero-delimit suboption fields ...... 4-76

Allowing non-standard DHCP source ports .............................................. 4-76

DHCP issues on LAN management interfaces ................................................. 4-76

Sample DHCP relay configurations for BIR connections ................................. 4-78

Sample configuration with no DHCP relay on a BIR connection ............. 4-78

Sample configuration enabling relay agent on a BIR connection ............. 4-79

Sample configuration with option 82 ....................................................... 4-80

Sample configuration with option 82 and multiple interface creation ..... 4-81

Sample configuration on a VDSL port with option 82 and multiple interface

creation......................................................................................... 4-82

Sample using the soft interface address in the giaddr field ....................... 4-82

Sample configuration using the DHCP router option ............................... 4-83

Sample configuration that sends only a hostname ................................... 4-84

Configuring broadband RAS subscriber access....................................................... 4-85

Recommended call-type setting for PPP sessions .......................................... 4-85

Overview of PPPoA and PPPoE topologies ...................................................... 4-86

Required setup for PPPoA and PPPoE connections ......................................... 4-87

Configuring the ANSWER-DEFAULTS profile for PPP sessions ...................... 4-87

Terminating traffic on a LIM internal interface ............................................... 4-89

The underlying ATM circuit required to terminate traffic ........................ 4-89

PPPoA and PPPoE encapsulation types in the underlying ATM circuit .... 4-89

Configuring an ATM circuit to terminate PPPoA ...................................... 4-90

Configuring an ATM circuit to terminate PPPoE ...................................... 4-91

Example of configuring a PPPoA connection .................................................. 4-91

Stinger® IP Control Module Configuration Guide ix

Contents

Overview of PPPoA CONNECTION settings.............................................. 4-92

Sample PPPoA connection with bidirectional CHAP authentication ........ 4-93

PPPoA over LLC............................................................................................... 4-94

Verifying the encapsulation type............................................................... 4-94

Example of configuring a PPPoE connection................................................... 4-95

Overview of PPPoE CONNECTION settings .............................................. 4-95

Sample PPPoE connection using PAP authentication ............................... 4-96

Sample PPPoE connection on a VDSL port ............................................... 4-97

Enabling LCP keepalives ........................................................................... 4-98

Enabling magic-number negotiation when LQM is disabled .................. 4-101

Enabling support for PPPoE service names.................................................... 4-101

Details of the service-name negotiation process ..................................... 4-101

Configuration overview .......................................................................... 4-102

Sample PPPoE server configuration using local profiles.......................... 4-105

Sample PPPoE server configuration using RADIUS ................................ 4-106

Administrative tools for IP routing....................................................................... 4-109

Chapter 5 Ethernet and IP QoS..........................................................................5-1

Overview of the QoS implementation ..................................................................... 5-1

Packet classification subsystem .......................................................................... 5-2

Rate-limiting, prioritization, and scheduling subsystem.................................... 5-3

Packet marking engine ...................................................................................... 5-3

Configuration steps ............................................................................................ 5-4

What the system does at the output interface ................................................... 5-4

Default IP QoS configuration ............................................................................. 5-5

Introduction to PACKET-FLOWS profile settings .................................................... 5-5

Layer 2 classifiers ............................................................................................... 5-6

Packet classifiers................................................................................................. 5-7

Caveat about fragmented IP packets ........................................................... 5-9

Details of packet classifier comparison passes ............................................. 5-9

Comparisons of IP addresses ..................................................................... 5-10

Comparisons of IP TOS values................................................................... 5-10

Comparisons of port numbers ................................................................... 5-11

How nonmatching packets are prioritized (the default rule) .................... 5-11

Scheduling and rate limiting............................................................................ 5-12

Token buckets in the single-rate three color policing algorithm............... 5-13

Using a single rate two-color algorithm .................................................... 5-14

Notes on the policing implementation ...................................................... 5-14

Rate limiting on VLAN bridged interfaces ................................................. 5-14

Example of rate limiting on a BIR connection .......................................... 5-15

Example of rate limiting on a 1:1 bridged VLAN ...................................... 5-16

Packet marking ................................................................................................ 5-16

QoS packet marking for routed traffic....................................................... 5-17

Ethernet p-bit marking for bridged or routed VLAN traffic ...................... 5-17

Overview of packet marking settings ........................................................ 5-18

Example of IP ToS marking on a routed VLAN interface.......................... 5-19

Example of Ethernet p-bit marking .......................................................... 5-20

Example of mapping ATM QoS to a packet marking value ...................... 5-21

QoS-related connection and interface settings....................................................... 5-22

Applying a PACKET-FLOWS profile to an output interface ............................ 5-23

Inheritance of PACKET-FLOWS configurations on virtual IP interfaces .. 5-23

x Stinger® IP Control Module Configuration Guide

Contents

Virtual IP interfaces and interface grouping.............................................. 5-24

ATM QoS and IP QoS considerations ........................................................ 5-24

Configuring Ethernet IP traffic shaping ........................................................... 5-24

Configuring VLAN Ethernet traffic shaping..................................................... 5-25

QoS-related settings in the SYSTEM profile........................................................... 5-25

Performance recommendations ....................................................................... 5-25

Configurable queue size for IPTV traffic on DSL links ..................................... 5-26

Tracking rate adaptation for downstream traffic shaping ...................................... 5-26

How traffic shaping typically occurs ................................................................ 5-27

How rate adaptation affects traffic shaping...................................................... 5-27

How to enable the rate-tracking optimization................................................. 5-27

How this feature works on the VDSL LIM ................................................ 5-27

How this feature works on the ADSL2+ HB LIM...................................... 5-27

Examples of configuring QoS ................................................................................. 5-28

Prioritizing IP packet flows based on DSL service contracts ............................ 5-29

Prioritizing different kinds of IP traffic on an ATM PVC.................................. 5-30

Prioritizing traffic using both IP and ATM QoS ............................................... 5-32

Configuring bridging VLAN Ethernet QoS ...................................................... 5-36

Configuring traffic shaping and rate limiting for a N:1 VLAN bridging ........... 5-37

Configuring rate limiting and traffic shaping with VLAN stacking.................. 5-39

Configuring rate limiting and traffic shaping for 1:1 VLAN bridging .............. 5-42

Configuring a PPPoE connection with and without line-rate tracking ........... 5-44

Configuring a BIR connection with line-rate tracking .................................... 5-46

Administrative tools for monitoring IP QoS........................................................... 5-46

Example of monitoring routed traffic onto Gigabit Ethernet .......................... 5-47

Creating a terminating routed connection ................................................ 5-47

Applying a PACKET-FLOWS profile to the Ethernet IP interface............. 5-47

Obtaining the Ethernet interface number ................................................. 5-48

Enabling monitoring on the Ethernet IP interface .................................... 5-48

Example of monitoring bridged VLAN traffic (transparent bridging) .............. 5-49

Creating a bridged VLAN interface and PACKET-FLOWS profile............. 5-49

Creating a bridged subscriber interface and PACKET-FLOWS profile ...... 5-50

Obtaining the interface numbers .............................................................. 5-51

Enabling monitoring for the bridged VLAN interface ............................... 5-51

Enabling monitoring for the bridged subscriber interface......................... 5-52

Example of monitoring 1:1 VLAN bridged traffic ............................................ 5-53

Creating the subscriber-side profiles ......................................................... 5-53

Creating the VLAN-side profiles................................................................ 5-54

Obtaining the interface numbers .............................................................. 5-54

Enabling monitoring in the upstream direction ........................................ 5-55

Enabling monitoring in the downstream direction ................................... 5-56

Example of monitoring stacked VLAN bridged traffic ..................................... 5-57

Enabling QoS monitoring on an NSP VLAN interface .............................. 5-57

Enabling QoS monitoring on a stacked VLAN WAN connection.............. 5-58

Example of displaying a connection’s traffic shaping parameters ................... 5-59

Displaying a connection’s traffic shaping parameters on the IP2000........ 5-59

Displaying a connection’s traffic shaping parameters on the IP2100........ 5-60

Limitations with the current software version....................................................... 5-61

Chapter 6 L2TP Tunneling Configuration .........................................................6-1

Overview of L2TP tunneling .................................................................................... 6-2

Stinger® IP Control Module Configuration Guide xi

Contents

Links to LNS servers .......................................................................................... 6-2

Links to PPP clients ............................................................................................ 6-2

L2TP-related network settings ........................................................................... 6-3

L2TP-related RADIUS configuration.................................................................. 6-3

Overview of L2TP tunnel authentication ................................................................. 6-3

System name used for tunnel authentication.................................................... 6-4

How the system finds a matching tunnel .......................................................... 6-4

Examples of how client-auth-id settings create parallel tunnels ....................... 6-5

Examples of configuration errors causing multiple tunnels .............................. 6-5

Configuring L2TP global options .............................................................................. 6-6

Enabling L2TP operations and authentication................................................... 6-6

Setting L2TP timers and other variables ............................................................ 6-7

Retry timers................................................................................................. 6-9

CSN encoding for RADIUS accounting ..................................................... 6-10

Sample global tunneling configuration............................................................ 6-10

Configuring client connections with PPP authentication....................................... 6-11

Overview of mobile client connection settings ................................................ 6-11

Sample PPP-authenticated client connection .................................................. 6-13

Sample PPP-authenticated connection with two LNS systems........................ 6-14

Configuring connection-based tunnel authentication ........................................... 6-16

Overview of connection-based tunnel authentication settings ....................... 6-16

Example of connection-based tunnel authentication...................................... 6-17

Configuring server-based tunnel authentication ................................................... 6-18

Overview of server-based tunnel authentication settings ............................... 6-19

Example TUNNEL-SERVER password configuration....................................... 6-20

Sample server-based authentication configuration ......................................... 6-21

Using tunnel assignment IDs.................................................................................. 6-22

Overview of tunnel assignment settings .......................................................... 6-22

Example of configuring tunnel assignment IDs ............................................... 6-23

Administrative tools for monitoring L2TP.............................................................. 6-26

Displaying traffic statistics for open UDP/TCP ports ........................................ 6-26

Displaying L2TP statistics ................................................................................. 6-26

Displaying PPPoE statistics ............................................................................... 6-27

Limitations with this software version ................................................................... 6-27

Impact of L2TP data sequencing limitation ..................................................... 6-28

Impact of L2TP IP QoS limitation .................................................................... 6-28

Chapter 7 Virtual Router Configuration ...........................................................7-1

Overview of virtual routing ..................................................................................... 7-1

How virtual routers affect the routing table ...................................................... 7-2

Interconnecting virtual domains ....................................................................... 7-2

Applicability and limitations .............................................................................. 7-2

Creating a virtual router........................................................................................... 7-3

Overview of VROUTER profile settings ............................................................. 7-3

Example of defining a virtual router ................................................................. 7-4

Defining address pools for a virtual router ........................................................ 7-7

Assigning interfaces to a virtual router .............................................................. 7-7

Overview of interface virtual router settings .............................................. 7-7

Examples of assigning virtual router membership to interfaces ................. 7-8

Defining virtual router static routes................................................................... 7-8

Overview of static route settings ................................................................. 7-8

xii Stinger® IP Control Module Configuration Guide

Contents

Examples of defining a route on a per-virtual-router basis ........................ 7-9

Specifying an inter-virtual-router route...................................................... 7-9

Configuring virtual router DNS servers ........................................................... 7-10

Overview of virtual router DNS settings ................................................... 7-11

Example of a typical virtual router DNS configuration............................. 7-11

Deleting a virtual router......................................................................................... 7-12

Administrative tools for virtual routers.................................................................. 7-12

Chapter 8 OSPF Configuration ..........................................................................8-1

Overview of supported OSPF features ..................................................................... 8-1

Limited border router capability ........................................................................ 8-2

One active IP interface per port ......................................................................... 8-2

Authentication................................................................................................... 8-2

Support for variable-length subnet masks ......................................................... 8-2

Exchange of routing information ...................................................................... 8-3

Designated and backup designated routers on broadcast networks .................. 8-4

Routing across NBMA interfaces ....................................................................... 8-5

Configurable cost metrics................................................................................... 8-5

Hierarchical routing (areas) ............................................................................... 8-6

Link-state routing algorithms ............................................................................ 8-7

Enabling OSPF systemwide ...................................................................................... 8-8

Configuring OSPF on Gigabit Ethernet .................................................................... 8-9

Overview of IP-INTERFACE OSPF settings....................................................... 8-9

Sample Gigabit Ethernet interface configuration ............................................ 8-12

Configuring OSPF on an ATM trunk interface ...................................................... 8-13

Overview of CONNECTION OSPF settings ...................................................... 8-13

Sample OSPF point-to-point configuration ..................................................... 8-14

Sample configuration of NBMA across point-to-point .................................... 8-14

Overview of additional NBMA settings..................................................... 8-14

Example of an NBMA configuration ......................................................... 8-15

Configuring global route options that apply to OSPF ............................................ 8-16

Example of importing a summarized pool as an ASE...................................... 8-17

Example of setting ASE preferences ................................................................ 8-17

Configuring IP-ROUTE OSPF options .................................................................... 8-17

Example of configuring a type 7 LSA in an NSSA........................................... 8-18

Example of assigning a cost to a static route ................................................... 8-19

Administrative tools for OSPF routing ................................................................... 8-19

Chapter 9 IP Multicast Configuration ...............................................................9-1

IP multicast forwarding ............................................................................................ 9-1

Network-side MBONE interfaces ....................................................................... 9-2

Notice about Gigabit Ethernet redundancy for a LAN MBONE ........................ 9-2

LIM-side multicast client interfaces ................................................................... 9-2

IP2100 and IP2000 maximum limits on multicast and bridge groups............... 9-3

Configuring MBONE interfaces................................................................................ 9-3

Overview of multiple MBONE configuration .................................................... 9-4

Sample configuration with multiple MBONE interfaces ................................... 9-5

Sample MBONE configuration on Gigabit Ethernet VLANs.............................. 9-6

Managing multicast group memberships ................................................................. 9-8

Overview of MCAST-SERVICE settings ............................................................. 9-8

Sample multicast address filters ......................................................................... 9-9

Stinger® IP Control Module Configuration Guide xiii

Contents

Sample multicast address range filter .............................................................. 9-10

Configuring multicast client interfaces................................................................... 9-11

Overview of multicast client CONNECTION settings ...................................... 9-11

Setting IGMP-v2 timers (local profiles only) ................................................... 9-13

Example of using multiple multicast filters ..................................................... 9-14

Sample multicast video configuration with filters ........................................... 9-15

Configuring the local MBONE interface.................................................... 9-16

Configuring multicast client PVCs ............................................................. 9-16

Applying a filter that restricts the GigE interface to video traffic only ...... 9-17

An alternative filter to restrict each client interface.................................. 9-18

Sample multicast video configuration with a remote MBONE interface......... 9-19

ATM QoS when both multicast and unicast clients are supported.................. 9-21

Multicast server virtual circuits .............................................................................. 9-22

Overview of multicast server VC settings ........................................................ 9-23

Sample configuration of multicast server VCs ................................................. 9-24

Enabling the multicast server VC feature .................................................. 9-24

Configuring the multicast server VCs........................................................ 9-24

Configuring the terminating connections for DSL users ........................... 9-25

Distributed multicast with HB LIMs (IP2100 only)................................................ 9-25

Benefits of distributed multicast ...................................................................... 9-25

Conceptual overview ....................................................................................... 9-26

MBONE and multicast client interactions on FFW interfaces ......................... 9-27

What happens when a CPE joins a multicast group ................................. 9-27

What happens when a CPE leaves a multicast group ............................... 9-28

Multicast-capable HB LIM considerations ....................................................... 9-28

Downstream traffic processing .................................................................. 9-28

Changes in packet-flow prioritization with distributed multicast ............. 9-29

Scheduling priority of the HB LIM FFW interface .................................... 9-30

ATM QoS for unicast traffic on the HB LIM.............................................. 9-31

Statistics and diagnostics for the multicast-capable HB LIM............................ 9-31

Administrative tools for IGMP operations.............................................................. 9-31

Chapter 10 PIM-SM v2 Configuration ...............................................................10-1

PIM-SM features supported with this software version......................................... 10-2

Overview of PIM-SM configuration ....................................................................... 10-2

Enabling multicast and PIM............................................................................. 10-3

Overview of settings in the IP-GLOBAL profile ........................................ 10-3

Example showing BSR election and dynamic group-RP mappings .......... 10-4

Configuring static mappings between groups and rendezvous points ............. 10-5

Configuring PIM on Gigabit Ethernet or trunk interfaces ............................... 10-6

PIM options in the IP-INTERFACE and CONNECTION profiles ............... 10-7

Example of enabling PIM on the Gigabit Ethernet interface .................... 10-9

Example of enabling PIM on a trunk interface ....................................... 10-10

Sample PIM-SM system configuration ................................................................. 10-10

Administrative tools for PIM-SM routing ............................................................ 10-11

Chapter 11 Filter Configuration ........................................................................11-1

Filter overview ....................................................................................................... 11-1

Filter rules........................................................................................................ 11-2

Explicit default filter rules................................................................................ 11-2

Defining IP filters.................................................................................................... 11-2

xiv Stinger® IP Control Module Configuration Guide

Contents

Overview of IP filter settings............................................................................ 11-2

Details of IP filter comparison passes ............................................................... 11-4

Filtering on source or destination IP addresses ......................................... 11-4

Filtering on port numbers ......................................................................... 11-5

TCP-established filters ............................................................................... 11-6

Sample IP filters ............................................................................................... 11-7

Sample TCP-established filter .................................................................... 11-8

Preventing address spoofing ...................................................................... 11-8

An IP filter for more complex security issues ............................................ 11-9

Sample filter with no explicit default rule............................................... 11-10

Sample filter with explicit default rule.................................................... 11-11

Sample filter using a generic explicit default rule ................................... 11-11

Defining ICMP filters............................................................................................ 11-12

Overview of profile settings ........................................................................... 11-12

Sample ICMP filter configurations ................................................................. 11-14

Blocking incoming Echo-Request packets............................................... 11-14

Stopping Echo-Request packets from being forwarded upstream .......... 11-16

Blocking Echo-Requests to a specific IP address ..................................... 11-16

Defining route filters ............................................................................................ 11-17

Overview of route filter settings .................................................................... 11-17

Sample route filters........................................................................................ 11-18

Sample route filter that excludes a route ................................................ 11-18

Sample route filter that configures a route’s metric ................................ 11-19

Defining Ethernet input filters ............................................................................. 11-19

Overview of ethernet filter settings ............................................................... 11-19

Sample PPPoE and MAC address filter .......................................................... 11-20

Applying a filter to an interface ........................................................................... 11-21

Profile settings for applying a filter ................................................................ 11-21

Applying filters to a CPE interface ................................................................. 11-21

Applying a filter to an Ethernet interface ...................................................... 11-22

Applying a filter to a VLAN Ethernet interface.............................................. 11-22

Applying an Ethernet filter to a VLAN bridging connection ......................... 11-23

Administrative tools for filters.............................................................................. 11-23

Appendix A IP Control Module Diagnostics........................................................ A-1

Enabling the debug environment ............................................................................A-2

Gigabit Ethernet diagnostics.....................................................................................A-2

IGMP diagnostics ......................................................................................................A-4

PIM-SM diagnostics................................................................................................A-10

VLAN-related diagnostics .......................................................................................A-13

SAR-related diagnostics..........................................................................................A-19

Network processor-related diagnostics ...................................................................A-20

Multicast-capable high-bandwidth LIM diagnostics ..............................................A-27

SNMP MIB for GMAC and VLAN statistics ............................................................A-29

History maintained at 15-minute intervals......................................................A-29

Gigabit Ethernet (GigE) statistics tables ...........................................................A-29

Gigabit Ethernet configuration..................................................................A-30

Interval transmit statistics .........................................................................A-30

Total transmit statistics ..............................................................................A-30

Interval receive statistics ...........................................................................A-32

Total receive statistics ................................................................................A-32

VLAN statistics tables .......................................................................................A-34

Stinger® IP Control Module Configuration Guide xv

Contents

VLAN statistics...........................................................................................A-34

VLAN clear statistics ..................................................................................A-35

PIMv2 MIB support................................................................................................A-35

Index ........................................................................................... Index-1

xvi Stinger® IP Control Module Configuration Guide

Figures

Figure 1-1 IP2100 control module basic architecture ......................................... 1-6

Figure 1-2 Sample setup showing multicast and unicast video services .......... 1-16

Figure 1-3 Sample setup showing Internet access and voice over ATM .......... 1-16

Figure 1-4 Sample setup showing multiple IP flows to a CPE router............... 1-17

Figure 2-1 Gigabit Ethernet redundancy for RFC 2684 connectivity ................. 2-6

Figure 2-2 Gigabit Ethernet redundancy for a LAN MBONE ............................. 2-8

Figure 2-3 Redundant uplinks for a VLAN ....................................................... 2-18

Figure 3-1 Bridging VLAN: One PVC to one VLAN (1:1) ................................... 3-2

Figure 3-2 Sample 1:1 VLAN circuit ................................................................... 3-5

Figure 3-3 Bridging multiple PVCs to a VLAN.................................................... 3-6

Figure 3-4 Sample N:1 VLAN bridging ............................................................. 3-12

Figure 3-5 Format when an interface IP address (if-ip) is used ..................... 3-15

Figure 3-6 Format when a text string (vendor-option-string) is used ........... 3-15

Figure 3-7 Format when sending only the hostname (send-only-hostname).. 3-15

Figure 3-8 DHCP snooping example................................................................. 3-17

Figure 3-9 Contents of fields with sample DHCP snooping configuration ....... 3-19

Figure 3-10 PPPoE vendor-specific tag format ................................................... 3-21

Figure 3-11 PPPoE snooping example ................................................................ 3-23

Figure 3-12 Contents of fields with sample PPPoE snooping configuration....... 3-24

Figure 3-13 Stacked VLAN: Bridging untagged frames from DSL interfaces...... 3-25

Figure 3-14 Stacked VLAN: Bridging enterprise VLAN-tagged frames............... 3-28

Figure 3-15 Sample routed VLAN ...................................................................... 3-32

Figure 3-16 Sample routed VLAN ...................................................................... 3-33

Figure 3-17 Terminating IPoA traffic on an upstream BRAS ............................. 3-36

Figure 3-18 Sample 1:1 VLAN circuits for bridging IPoA ................................... 3-39

Figure 3-19 Two BRAS with the same IP address in different VLANs................ 3-41

Figure 3-20 Not recommended with unnumbered interfaces ............................ 3-43

Figure 3-21 Sample transparent-bridged PPPoA configuration.......................... 3-47

Figure 3-22 Sample PVC-to-VLAN bridged PPPoA configuration ...................... 3-50

Figure 4-1 Four DSL links using ECMP routes ................................................. 4-17

Figure 4-2 Two routed VLAN uplinks using ECMP routes ............................... 4-21

Figure 4-3 Remote CPE requiring dynamic IP address assignment .................. 4-29

Figure 4-4 Example of a PPPoE session using slot-based address assignment.. 4-37

Figure 4-5 Default route to a local IP router..................................................... 4-41

Figure 4-6 Static route to a subnet ................................................................... 4-42

Figure 4-7 Sample configuration using two soft IP interface addresses............ 4-45

Figure 4-8 Sample network with two levels of anti-spoofing protection ......... 4-48

Figure 4-9 Router-to-router IP connection ...................................................... 4-51

Figure 4-10 A numbered-interface connection .................................................. 4-52

Figure 4-11 Forwarding terminating PVCs on the Gigabit Ethernet interface ... 4-53

Figure 4-12 Aggregating PVCs onto a single virtual circuit using IP routing...... 4-55

Stinger® IP Control Module Configuration Guide xvii

Figures

Figure 4-13 BIR interface on a LIM port ............................................................ 4-56

Figure 4-14 BIR subnet configuration on LIM interface .................................... 4-57

Figure 4-15 BIR/32 configurations ..................................................................... 4-59

Figure 4-16 Bidirectional filtering on a BIR interface......................................... 4-61

Figure 4-17 Sample BIR connection with four static IP addresses ..................... 4-64

Figure 4-18 DHCP relay for an IPoA terminated PVC ........................................ 4-74

Figure 4-19 Option 82 information field formats ............................................... 4-76

Figure 4-20 Sample DHCP usage with LAN management interface................... 4-77

Figure 4-21 Sample DHCP setup on BIR connection ......................................... 4-78

Figure 4-22 PPPoA topology ............................................................................... 4-86

Figure 4-23 PPPoE topology ............................................................................... 4-87

Figure 4-24 Example of a PPPoA session on a DSL interface ............................. 4-91

Figure 4-25 Example of a PPPoE session on a DSL interface.............................. 4-95

Figure 5-1 QoS subsystems ................................................................................. 5-1

Figure 5-2 Sample deployment with VLAN p-bit marking............................... 5-17

Figure 5-3 Using interface grouping to prioritize traffic by service level .......... 5-29

Figure 5-4 Unicast and multicast video share the same priority ...................... 5-31

Figure 5-5 Prioritizing traffic at the connection level and flow level ............... 5-32

Figure 5-6 Stacked VLAN requiring p-bit remarking on the output interface . 5-36
Figure 5-7 Sample N:1 VLAN bridging with traffic shaping and rate limiting.. 5-37

Figure 5-8 Stacked VLAN with rate limiting and traffic shaping...................... 5-39

Figure 5-9 1:1 bridging VLAN with rate limiting and traffic shaping ............... 5-42

Figure 6-1 L2TP tunneling.................................................................................. 6-2

Figure 6-2 Bringing up a tunnel using PPP authentication .............................. 6-13

Figure 6-3 Primary and secondary tunnel end points ...................................... 6-15

Figure 6-4 Connection-based tunnel authentication........................................ 6-17

Figure 6-5 Server-based tunnel authentication................................................ 6-21

Figure 6-6 Tunnel assignment IDs.................................................................... 6-23

Figure 7-1 Simple diagram of three virtual domains (virtual routers) ............... 7-1

Figure 8-1 OSPF broadcast network on Gigabit Ethernet................................... 8-4

Figure 8-2 OSPF costs for different types of links ............................................... 8-5

Figure 8-3 Dividing an OSPF autonomous system into areas ............................ 8-6

Figure 8-4 Sample OSPF topology ...................................................................... 8-7

Figure 8-5 OSPF on a LAN interface................................................................. 8-12

Figure 8-6 OSPF over ATM point to point........................................................ 8-14

Figure 8-7 OSPF NBMA over ATM point to point............................................ 8-15

Figure 9-1 Multicast video sample setup ............................................................ 9-1

Figure 9-2 Multiple MBONE interfaces on trunk or LAN interfaces .................. 9-2

Figure 9-3 Sample configuration with multiple MBONE interfaces................... 9-5

Figure 9-4 Sample configuration of VLAN MBONE interface ............................ 9-7

Figure 9-5 DSL video application with a local MBONE interface..................... 9-16

Figure 9-6 IPTV video sample configuration .................................................... 9-19

Figure 9-7 One VC per multicast group for incoming multicast data streams.. 9-22

Figure 9-8 Multicast server VCs on a trunk interface ....................................... 9-24

Figure 9-9 FFW interfaces on multicast-capable modules ................................ 9-26

Figure 9-10 Two IGMP Join requests for the same multicast group .................. 9-27

Figure 9-11 Two IGMP Leave requests for the same multicast group................ 9-28

Figure 10-1 PIM-SM on Gigabit Ethernet and trunk interface......................... 10-10

xviii Stinger® IP Control Module Configuration Guide

Tab le s

Table 1-1 Overview of network features........................................................... 1-1

Table 1-2 IP2000 model numbers and platform support ................................. 1-3

Table 1-3 IP2100 control module enhancements ............................................. 1-5

Table 1-4 IP2100 model numbers and platform support ................................. 1-6

Table 1-5 NP port manager profiles .................................................................. 1-9

Table 1-6 Default classification and prioritization ........................................... 1-17

Table 3-1 Definition of VLAN terms.................................................................. 3-1

Table 3-2 Traffic restrictions when port blocking is enabled............................. 3-9

Table 3-3 IGMP control packet handling with IGMP snooping enabled......... 3-10

Table 3-4 Maximum number of learned MAC addresses per module ............ 3-11

Table 3-5 Packet handling with PPPoE snooping ............................................ 3-20

Table 3-6 Enterprise VLAN tagged frames mapped to a stacked VLAN .......... 3-30

Table 3-7 ARP request packet contents on a configured VLAN ...................... 3-45

Table 3-8 VLAN ID argument added to arptable command............................ 3-53

Table 4-1 Decimal subnet masks and corresponding prefix lengths ................. 4-5

Table 4-2 Profiles for configuring logical IP interfaces for Ethernet ports......... 4-6

Table 4-3 Settings that affect contents of the giaddr field in DHCP packets ... 4-74

Table 4-4 Required encapsulation types for PPPoA and PPPoE ...................... 4-90

Table 4-5 Configurable LCP Echo interaction with LQM.............................. 4-100

Table 4-6 Permanent RADIUS PPPoE server profiles .................................... 4-107

Table 5-1 Descriptions of QoS support for routed, bridged, and VLAN traffic .. 5-2

Table 5-2 Packet marking supported on egress interfaces................................. 5-4

Table 5-3 Comparison passes performed on inbound packet flows .................. 5-9

Table 5-4 Rate limiting terminology ............................................................... 5-12

Table 5-5 Flow-based rate limiting configurations.......................................... 5-14

Table 5-6 VLAN traffic shaping configurations ............................................... 5-25

Table 5-7 Sample IP traffic types and priorities across an ATM PVC .............. 5-31

Table 5-8 Sample IP traffic types and priorities across two PVCs.................... 5-32

Table 5-9 Sample bandwidth limitations ........................................................ 5-33

Table 5-10 Ethernet p-bit remarking table........................................................ 5-36

Table 6-1 Network settings related to L2TP ...................................................... 6-3

Table 6-2 Existing tunnels to the same LNS ..................................................... 6-5

Table 6-3 Tunnels created for clients based on profile settings......................... 6-5

Table 6-4 Tunnels created when user1 dials in first (error not detected) ......... 6-6

Table 6-5 Tunnels created when user2 dials in first (error shown) .................. 6-6

Table 7-1 Administrative commands showing optional vrouter arguments... 7-12

Table 8-1 Description of LSA types ................................................................... 8-3

Table 8-2 Link-state databases for OSPF topology in Figure 8-4 ...................... 8-7

Table 8-3 Shortest-path tree and resulting routing table for Router-1 ............. 8-8

Table 8-4 Shortest-path tree and resulting routing table for Router-2 ............. 8-8

Table 8-5 Shortest-path tree and resulting routing table for Router-3 ............. 8-8

Table 9-1 Maximum multicast groups, multicast users, and bridge groups ...... 9-3

Stinger® IP Control Module Configuration Guide xix

Tables

Table 9-2 Sample multicast and unicast client requirements ......................... 9-21

Table 9-3 FFW interfaces registered as MBONE or multicast client................ 9-27

Table 9-4 Packet flow with multicast traffic as the highest priority flow........ 9-29

Table 9-5 Packet flow with unicast traffic as the highest priority flow........... 9-29

Table 9-6 Packet flow with interleaving priorities (unicast/multicast) ........... 9-30

Table 9-7 Packet flow with interleaving priorities (multicast/unicast) ........... 9-30

Table 10-1 Current level of support for PIM-SM functionality......................... 10-2

Table 11-1 Default filtering behavior ................................................................ 11-1

Table A-1 GigEConfigTable MIB objects .......................................................... A-30

Table A-2 GigETxIntervalTable MIB objects .................................................... A-30

Table A-3 GigETxTotalTable MIB objects ........................................................ A-31

Table A-4 GigERxIntervalTable MIB objects ................................................... A-32

Table A-5 GigERxTotalTable MIB objects ........................................................ A-33

Table A-6 GigEVlanStatTable MIB objects ....................................................... A-34

Table A-7 GigEVlanClearStatTable MIB objects .............................................. A-35

Table A-8 Current level of support for PIMv2 MIB tables............................... A-35

xx Stinger® IP Control Module Configuration Guide

About This Guide

A Stinger system with an IP control module supports Asynchronous Transfer Mode
(ATM) capabilities similar to those in Stinger units with a standard control module, as
described in the Stinger ATM Configuration Guide. In addition, an IP control module can
terminate and route IP and related traffic.

Note Instructions for installing and configuring the management functions of the

Stinger system are found in the Getting Started Guide for your Stinger platform.

What is in this guide

This guide focuses on the aspects of Stinger configuration that are specific to the IP
DSLAM functionality. It describes how to configure IP routing and related functions
in the Stinger. It includes information about local and global network IP issues, as
well as how to configure both IP-routed switch-through ATM permanent virtual
circuits (PVCs) and RFC 2684 PVCs.

This guide also describes how to set up IEEE 802.1Q virtual local area network
(VLAN) support on the Gigabit Ethernet interface, and how to configure the system
to support multicast video over DSL with Internet Group Management Protocol
(IGMP) version-1 or version-2 messaging.

You can configure the amount of bandwidth allocated to LIM interfaces and control
modules for carrying upstream traffic. For details about that aspect of using the IP
control module, as well as for ATM PVCs, ATM quality of service (QoS) and other
traffic management capabilities, see the Stinger ATM Configuration Guide.

Warning Before installing your Stinger unit, be sure to read the safety instructions

in the Edge Access and Broadband Access Safety and Compliance Guide. For information
specific to your unit, see the “Safety-Related Physical, Environmental, and Electrical
Information” appendix in the Getting Started Guide for your Stinger unit.

Stinger® IP Control Module Configuration Guide xix

About This Guide

Documentation conventions

Following are all the special characters and typographical conventions used in this
manual:

Convention Meaning

Monospace text Represents text that appears on your computer’s screen, or that

could appear on your computer’s screen.

Boldface
monospace text

Italics Represent variable information. Do not enter the words

[ ] Square brackets indicate an optional argument you might add

| Separates command choices that are mutually exclusive.

> Points to the next level in the path to a parameter or menu

Key1+Key2 Represents a combination keystroke. To enter a combination

Press Enter Means press the Enter or Return key or its equivalent on your

Represents characters that you enter exactly as shown (unless
the characters are also in italics—see Italics, below). If you
could enter the characters but are not specifically instructed to,
they do not appear in boldface.

themselves in the command. Enter the information they
represent. In ordinary text, italics are used for titles of
publications, for some terms that would otherwise be in
quotation marks, and to show emphasis.

to a command. To include such an argument, type only the
information inside the brackets. Do not type the brackets unless
they appear in boldface.

item. The item that follows the angle bracket is one of the
options that appear when you select the item that precedes the
angle bracket.

keystroke, press the first key and hold it down while you press
one or more other keys. Release all the keys at the same time.
(For example, Ctrl+H means hold down the Ctrl key and press
the H key.)

computer.

Introduces important additional information.

Note

Warns that a failure to follow the recommended procedure

Caution

Warning

Warning

xx Stinger® IP Control Module Configuration Guide

could result in loss of data or damage to equipment.

Warns that a failure to take appropriate safety precautions
could result in physical injury.

Warns of danger of electric shock.

Acronyms used in this guide

AAA Authentication, Authorization, and Accounting

AAL5 Asynchronous Transfer Mode Adaptation Layer 5

ABR Area Border Router

ARP Address Resolution Protocol

AS Autonomous System

ASBR Autonomous System Border Router

ASE Autonomous System External

ATM Asynchronous Transfer Mode

BDR Backup Designated Router

BIR Bridged IP Routing

BOOTP Bootstrap Protocol

BRAS Broadband Remote Access Server

BSM Bootstrap Message

BSR Bootstrap Router

C-RP Candidate Rendezvous Point

CAC Connection Admission Control

CBS Committed Burst Size

CBR Constant Bit Rate

CDMA/CD Code Division Multiple Access/Carrier Detect

CHAP Challenge Handshake Authentication Protocol

CIR Committed Information Rate

CoS Class of Service

CPE Customer Premises Equipment

CRC Cyclic Redundancy Check

DHCP Dynamic Host Configuration Protocol

DID Destination ID

DNS Domain Name System

DSL Digital Subscriber Loop

DSLAM DSL Access Multiplexer

DR Designated Router

DVRMP Distance Vector Multicast Routing Protocol

EBS Excess Burst Size

ECMP Equal Cost Multi Path

EMI Electromagnetic Interference

GE-OLIM Gigabit Ethernet Optical Line Interface Module

GMAC Gigabit Ethernet Media Access Control

HB High Bandwidth

About This Guide

Stinger® IP Control Module Configuration Guide xxi

About This Guide

IAD Integrated Access Device

ICMP Internet Control Message Protocol

IGMP Internet Group Management Protocol

IGP Interior Gateway Protocol

IP Internet Protocol

IPCP IP Control Protocol

IPoA Internet Protocol over ATM

ISP Internet Service Provider

L2TP Layer 2 Tunneling Protocol

LACP Link Aggregation Control Protocol

LAG Link Aggregation Group

LAMP Link Aggregation Marker Protocol (not yet supported)

LAN Local Area Network

LCP Link Control Protocol

LIM Line Interface Module

LLC Logical Link Control

LSA Link State Advertisement

MAC Media Access Control

MBONE Multicast Backbone

MIB Management Information Base

MOSPF Multicast OSPF

MPOA Multiprotocol over ATM

MP Multilink Protocol

MTU Maximum Transmission Unit

NBMA Non-Broadcast Multi Access

NP Network Processor

NSP Network Service Provider

NSSA Not So Stubby Area

OAM Operations, Administration, and Maintenance

OSPF Open Shortest Path First

PADI PPPoE Active Discovery Initiation

PADO PPPoE Active Discovery Offer

PADR PPPoE Active Discovery Request

PADS PPPoE Active Discovery Session-confirmation

PADT PPPoE Active Discovery Terminate

PAP Password Authentication Protocol

PCR Peak Cell Rate

PDU Protocol Data Unit

PIM-SM Protocol Independent Multicast-Sparse Mode

xxii Stinger® IP Control Module Configuration Guide

PMBR PIM Multicast Border Router

PNNI Private Network-to-Network Interface

POP Point of Presence

POST Power-On Self Test

PPP Point-to-Point Protocol

PPPoA Point-to-Point over ATM

PPPoE Point-to-Point over Ethernet

PPV Pay Per View

PVC Permanent Virtual Circuit

QoS Quality of Service

RADIPAD RADIUS IP Address Daemon

RADIUS Remote Authentication Dial In User Service

RARP Reverse Address Resolution Protocol

RAS Remote Access Server

RIP Routing Information Protocol

RFC Request for comment

RLIM Remote Line Interface Module

RP Rendezvous Point

RPF Reverse Path Forwarding

RPT Rendezvous Point Tree

RSTP Rapid Spanning Tree Protocol

SAR Segmentation and Reassembly

SCCRP Start Control Connection Reply

SCCRQ Start Control Connection Request

SCR Sustainable Cell Rate

SFP Small Form Factor Pluggable transceiver

SPT Shortest Path Tree

STB Set Top Box

STP Spanning Tree Protocol

TACL Telnet Access Control Lists

TOS Type of Service

UBR Unspecified Bit Rate

UDP User Datagram Protocol

UNI User Network Interface

VBR Variable Bit Rate

VC Virtual Circuit

VCC Virtual Channel Connection

VCI Virtual Channel Identifier

VLAN Virtual Local Area Network

About This Guide

Stinger® IP Control Module Configuration Guide xxiii

About This Guide

VLSM Variable Length Subnet Mask

VP Virtual Path

VPC Virtual Path Connection

VPI Virtual Path Identifier

VPN Virtual Private Network

VSA Vendor-Specific Attributes

WAN Wide Area Network

Stinger documentation set

The Stinger documentation set consists of the following manuals, which can be found
at http://www.lucent.com/support.

■ Read me first:

– Edge Access and Broadband Access Safety and Compliance Guide. Contains

important safety instructions and country-specific information that you must

read before installing a Stinger unit.

– TAOS Command-Line Interface Guide. Introduces the TAOS command-line

environment and shows you how to use the command-line interface

effectively. This guide describes keyboard shortcuts and introduces

commands, security levels, profile structure, and parameter types.

■ Installation and basic configuration:

– Getting Started Guide for your Stinger platform. Shows how to install your

Stinger chassis and hardware. This guide also shows you how to use the

command-line interface to configure and verify IP access and basic access

security on the unit, and how to configure Stinger control module

redundancy on units that support it.

– Stinger Compact Remote Installation and Configuration Guide. Provides an

overview of the Stinger Compact Remote and instructions for the installation

and replacement of its components. This guide also describes how to

configure and manage the Compact Remote as a hosted unit.

– Module guides. For each Stinger line interface module (LIM), trunk module,

or other type of module, an individual guide describes the module's features

and provides instructions for configuring the module and verifying its status.

■ Configuration:

– Stinger ATM Configuration Guide. Describes how to integrate the Stinger into

the ATM and Digital Subscriber Line (DSL) access infrastructure. The guide

explains how to configure PVCs, and shows how to use standard ATM

features such as quality of service (QoS), connection admission control

(CAC), and subtending.

– Stinger IP Control Module Configuration Guide. For Stinger systems with an IP

control module, this guide describes how to integrate the system into the IP

infrastructure. Topics include IP-routed switch-through ATM PVCs and RFC

2684 PVCs, IEEE 802.1Q VLAN, and forwarding multicast video

transmissions on DSL interfaces.

– Stinger Private Network-to-Network Interface (PNNI) Supplement. For the optional

PNNI software, this guide provides quick-start instructions for configuring

xxiv Stinger® IP Control Module Configuration Guide

About This Guide

PNNI and soft PVCs (SPVCs), and describes the related profiles and

commands.

– Stinger SNMP Management of the ATM Stack Supplement. Describes SNMP

management of ATM ports, interfaces, and connections on a Stinger unit to

provide guidelines for configuring and managing ATM circuits through any

SNMP management utility.

– Stinger T1000 Module Routing and Tunneling Supplement. For the optional T1000

module, this guide describes how to configure the Layer 3 routing and virtual

private network (VPN) capabilities.

■ RADIUS: TAOS RADIUS Guide and Reference. Describes how to set up a unit to use

the Remote Authentication Dial-In User Service (RADIUS) server and contains a
complete reference to RADIUS attributes.

■ Administration and troubleshooting: Stinger Administration Guide. Describes

how to administer the Stinger unit and manage its operations. Each chapter
focuses on a particular aspect of Stinger administration and operations. The
chapters describe tools for system management, network management, and
Simple Network Management Protocol (SNMP) management.

■ Reference:

– Stinger Reference. An alphabetic reference to Stinger profiles, parameters, and

commands.

– TAOS Glossary. Defines terms used in documentation for Stinger units.

Related documents

The following industry documents provide background information about features
described in this guide:

■ RFC 951, Bootstrap Protocol

■ RFC 1112, Host Extensions for IP Multicasting

■ RFC 1334, PPP Authentication Protocols

■ RFC 2684, Multiprotocol Encapsulation over ATM Adaptation Layer 5

■ RFC 1587, The OSPF NSSA Option.

■ RFC 1700, Assigned Numbers

■ RFC 1723, RIP Version 2: Carrying Additional Information

■ RFC 1812, Requirements for IP Version 4 Routers

■ RFC 1994, PPP Challenge Handshake Authentication Protocol (CHAP)

■ RFC 2131, Dynamic Host Configuration Protocol

■ RFC 2132, DHCP Options and BOOTP Vendor Extensions

■ RFC 2236, Internet Group Management Protocol Version 2

■ RFC 2328, OSPF Version 2

■ RFC 2362, Protocol Independent Multicast-Sparse Mode (PIM-SM): Protocol Specification,

draft-ietf-pim-sm-v2-new-07.txt, March 2003,
draft-ietf-pim-sm-bsr-03.txt, February 2003

■ RFC 2364, PPP over AAL5

■ RFC 2516, A Method for Transmitting PPP Over Ethernet (PPPoE)

Stinger® IP Control Module Configuration Guide xxv

About This Guide

■ RFC 3046, DHCP Relay Agent Information Option

■ RFC 2697, A Single Rate Three Color Marker

■ IEEE 802.1Q-1998, IEEE Standard for Local and Metropolitan Area Networks: Virtual

Bridged Local Area Networks

■ IEEE 802.1P, LAN Layer 2 QoS/CoS Protocol for Traffic Prioritization

xxvi Stinger® IP Control Module Configuration Guide

Introduction

Stinger IP DSLAM network features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1

Introduction to the Stinger IP2000 control module. . . . . . . . . . . . . . . . . . . . . . . 1-3

Introduction to the Stinger IP2100 control module. . . . . . . . . . . . . . . . . . . . . . . 1-5

Network architecture overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-15

A Stinger system with an IP control module provides cost-effective, high-speed DSL
access using native IP architecture. A Stinger system with an IP control module is
referred to in this guide as a Stinger IP DSLAM.

Stinger IP DSLAM network features

A Stinger IP control module supports both an IP network processor and ATM
switching fabric that supports the same set of features as non-IP-capable control
modules. For details about ATM features, see the Stinger ATM Configuration Guide.

1

Table 1-1 provides a general overview of the IP network-related features supported
by Stinger IP control modules:

Table 1-1. Overview of network features

Category Features

Layer 3 Routing and
QoS

RIPv1, RIPv2, OSPF routing protocols

DHCP relay with option 82

IP filters, route filters

Virtual routers

IP QoS per IP flow with 8 priority queues

TOS bit packet marking

Rate limiting

IPoA (RFC 2684), BIR connections

Equal cost multipath (ECMP) load balancing (IP2000 only)

Stinger® IP Control Module Configuration Guide 1-1

Introduction

Stinger IP DSLAM network features

Table 1-1. Overview of network features (Continued)

Category Features

Multicasting

Layer 2 Bridging and
QoS

Multicast protocols: PIM-SM

IGMP forwarding (v1, v2)

Multicast group management

Multicast filters

PVC-to-VLAN bridging (1:1)

VLAN stacking

Transparent bridging (IEEE 802.1d) (N:1 VLAN)

Classification and Priority-bit marking

IGMP snooping

DHCP snooping with option 82

PPPoE intermediate agent

Ethernet filters

VLAN traffic shaping

Forwarding traffic to a VLAN based on Class of traffic

Link Aggregation Control Protocol (LACP) on IP2100 only

Broadband RAS

Rapid Spanning Tree Protocol (RSTP) on IP2100 only

Bridging IPoA and PPPoA traffic to an upstream BRAS

Subscriber termination

PPPoA/PPPoE session termination

PPPoA/PPPoE autodetection capability

L2TP tunneling support

1-2 Stinger® IP Control Module Configuration Guide

Introduction to the Stinger IP2000 control module

Table 1-1. Overview of network features (Continued)

Category Features

Introduction

Security

IP anti-spoofing

Device attachment limiting per interface

Telnet access control lists

SSH-v2

RADIUS, extended RADIUS

MS-CHAP

User groups and password expiration

Command logging per user profile

ICMP filters

Password Authentication Protocol (PAP)

Challenge Authentication Protocol (CHAP)

Profile-based access

Introduction to the Stinger IP2000 control module

The Stinger IP2000 control module provides one fiber-based Gigabit Ethernet
interface, which uses modular Small Form Factor Pluggable (SFP) transceivers, and a
network processor (NP) capacity of approximately 2.5Gbps.

The IP2000 also supports one 10/100 BASE-T Ethernet port, and one RS-232 serial
port, for management access.

IP2000 model numbers and platform support

Table 1-2 shows the IP2000 model numbers and platform support:

Table 1-2. IP2000 model numbers and platform support

Control module number Description Supporting platforms

STGR-CM-IP2000-F IP2000 control module Stinger FS/Stinger FS+/

STGRRT-CM-IP2000-F IP2000 control module

environmentally hardened

STGR-SFP-SX Short-haul SFP module Stinger FS/Stinger FS+/

STGR-SFP-LX Long-haul SFP module Stinger FS/Stinger FS+/

Stinger LS
Stinger Compact Remote

Stinger RT
Stinger FS/Stinger FS+/
Stinger LS
Stinger Compact Remote

Stinger LS

Stinger LS

Stinger® IP Control Module Configuration Guide 1-3

Introduction

Introduction to the Stinger IP2000 control module

Table 1-2. IP2000 model numbers and platform support (Continued)

Control module number Description Supporting platforms

STGRRT-SFP-LX Long-haul SFP module,

environmentally hardened

IP2000 support for up to 2048 trunk terminated calls

Stinger systems with an IP2000 control module can establish 1175 terminated calls
with default settings, and with the proper configuration can establish 2048
terminated calls. To enable the higher number of terminated calls, you must reduce
the number of VCIs supported on at least one of the system’s LIM slots. On a fully
loaded system, reducing the number of VCIs on at least six LIM slots is
recommended.

Following is the parameter, shown with its default value for a LIM in slot 1, for
restricting the number of VCIs supported on the LIM slot:

[in SLOT-STATIC-CONFIG/{ shelf-1 slot-1 0 }]
num-of-vci = two-k

Stinger RT
Stinger Compact Remote

This parameter applies only to the LIM slots of a standalone or host Stinger system. A
system reset is required to recognize the new value.

Note Changing the default setting for this parameter is not recommended for OLIMs

on a fully loaded Stinger system.

Parameter Setting

num-of-vci

Maximum number of VCIs that can be allocated on the
module in this slot. Valid values are one-k (to indicate
that 1024 VCIs can be allocated by the card) and two-k
(the default, which indicates that 2048 VCIs are
available for allocation).

When all SLOT-STATIC-CONFIG profiles use the default
two-k setting, the system can bring up 1175 terminated
calls. If one or more SLOT-STATIC-CONFIG profile is
modified to a value of one-k, an increased number of
VCIs are made available to the system’s control module,
which enables it to terminate an increased number of
calls, up to a maximum of 2048. On a fully loaded
system, reducing the number of VCIs on at least six LIM
slots is recommended.

When you write the SLOT-STATIC-CONFIG profile after modifying the num-of-vci
setting, the system displays a warning message indicating that you must reset the
system for the new setting to take effect. For example:

admin> read slot-static-c { 1 1 0 }

admin> set num-of-vci = one-k

admin> write -f

1-4 Stinger® IP Control Module Configuration Guide

Introduction to the Stinger IP2100 control module

LOG warning, Shelf 1, Controller-1, Time: 01:08:09--

Please reset the system immediately to make this new change effective and
avoid any undesired behavior

admin> reset

Features not currently supported by the IP2000

The IP2000 control module does not currently support the following features:

■ Link Aggregation Control Protocol (LACP)

■ Rapid Spanning Tree Protocol (RSTP)

■ IP filters for Ethernet-encapsulated bridged IP datagrams

■ Distributed multicast

Introduction to the Stinger IP2100 control module

The IP2100 control module is the successor to the IP2000 control module. It provides
the same basic set of capabilities plus the following enhancements:

Table 1-3. IP2100 control module enhancements

Introduction

Feature Description

Gigabit Ethernet Dual Gigabit Ethernet uplink ports

Network processor 4Gbps network processor

Backplane speed Supports STS-12c (622Mbps) backplane links to high-

bandwidth (HB) Annex A LIMs with ADSL2+ capability
(STGR-LIM-AP-72-HB and STGR-LIM-AP-48-HB)

Supports STS-3c (155Mbps) backplane links to legacy xDSL
and T1/E1 LIMs

Supports configurable network processor port managers to
distribute NP capacity

Operating temperature Designed for industrial temperature range of -40C to +65C

The IP2100 supports up to 4,096 trunk terminating connections, as compared to
2,048 for the IP2000.

With its increased throughput and support for high-bandwidth (HB) Annex A LIMs
with ADSL2+ capability (STGR-LIM-AP-72-HB and STGR-LIM-AP-48-HB), the
IP2100 provides performance enhancements useful for high-quality IP video
streaming.

Stinger® IP Control Module Configuration Guide 1-5

Introduction

Introduction to the Stinger IP2100 control module

Figure 1-1shows the basic system architecture using the IP2100:

Figure 1-1. IP2100 control module basic architecture

Stinger FS+

GigE Port 2

GigE Port 3

IP2100 CM

4 Gbps

Network

Processor

Enhanced

Microprocessor

Complex

Legacy trunk modules

Backplane Interface

Legacy trunk modules

Legacy LIMs

155 Mbps

Legacy LIMs

HB Annex A LIMs

Backplane

622 Mbps

GE-OLIM-6

.
.
.

STB

.
.
.

Stinger Compact
Remote IP DSLAMs

When you install an HB LIM, the IP2100 generates a log message to the effect that
you must modify the SLOT-STATIC-CONFIG profile for that slot to allocate the
additional bandwidth. For details about bandwidth allocation, see the Stinger ATM
Configuration Guide.

Model numbers and platform support

Table 1-4 shows control module model numbers and platform support:

Table 1-4. IP2100 model numbers and platform support

Control module number Description Supporting platforms

STGR-CM-IP2100-F­MODEL

STGR-SFP-SX Short-haul SFP module Stinger FS/Stinger FS+/

STGR-SFP-LX Long-haul SFP module Stinger FS/Stinger FS+/

1-6 Stinger® IP Control Module Configuration Guide

IP2100 control module Stinger FS/Stinger FS+/

Stinger LS
Stinger Compact Remote

Stinger LS
Stinger Compact Remote

Stinger LS
Stinger Compact Remote

IP2100 memory modes

The IP2100 control module supports selectable operation modes for its fast pattern
processor (FPP) classification program memory. By default, it uses a high­performance operation mode, which maximizes classification speed and uses 8MB
memory for classification. In a capacity environment, you could see log messages
indicating that FPP memory is low and calls could be dropped as a result. In that case,
the number of calls the system can simultaneously process can be pushed higher by
changing the mode.

Following is the relevant parameter, shown with its default setting:

[in SYSTEM]
np-fpp-class-mem-mode = high-performance

Parameter Setting

np-fpp-class-mem­mode

Introduction

Introduction to the Stinger IP2100 control module

Specifies the memory mode for operating the IP2100 control
module FPP classification program memory. If you change
this value, you must reset the system for the new value to
become operational. See “Required IP2100 memory mode to
maximize user connections” on page 1-8 for related
information.

Following are valid values:

high-performance This is the default mode and the most

high-capacity-0 This mode is less efficient in accessing

medium-capacity With this mode, classification occurs at a

Maximizing the number of user connections

efficient for accessing program memory.
With this mode, classification is fast, but
less memory (approximately 8MB) is
available for classification.

program memory but provides an
increase in the amount of program
memory. With this mode, classification
occurs more slowly but more memory
(approximately 32MB) is available for
classification.

rate between the high-performance and
high-capacity settings, and available
memory for classification is
approximately 16MB.

This setting is required to maximize the
number of user connections in the
system.

An IP2100 system creates internal OAM (operations, administration, and
maintenance) connections for each user connection. For connections on the LIM
side, the OAM connections are created on the LIM. For trunk-terminated
connections, the system creates an OAM connection as well as an internal
connection for a SAR exception data path on the control module. These connections
on the control module use NP resources that could otherwise be used by user

Stinger® IP Control Module Configuration Guide 1-7

Introduction

Introduction to the Stinger IP2100 control module

connections. To maximize user connections system-wide, you can restrict the F5
OAM trunk connections the system creates. See “IP2100 memory modes” on
page 1-7 for related information.

Overview of OAM-CONFIG profile settings

To restrict the number of F5 OAM trunk connections supported by the system, set the
following parameter, shown with its default setting:

[in OAM-CONFIG]
number-of-oam-connections = 0

Parameter Setting

number-of-oam­connections

Specifies the number of F5 OAM trunk connections the
system creates system-wide. Valid values are from 0
through 12000. However, the system limit for OAM
connections is currently 5000.

With the default zero setting, the system enables OAM
for all trunk-terminated connections up to a maximum
of 5000 OAM connections. This results in fewer
supported user connections system-wide. To allow
more user connections, set this parameter to a nonzero
number lower than 5000.

A system reset is required to reduce the number of
OAM trunk connections. However, no reset is required
if you subsequently increase the number of supported
OAM connections.

Required IP2100 memory mode to maximize user connections

To support the maximum number of user connections, you must set the np-fpp­class-mem-mode parameter to medium-capacity. For example:

admin> read system

admin> set np-fpp-class-mem-mode = medium-capacity

admin> write -f

For details about this setting, see “IP2100 memory modes” on page 1-7.

Additional connections created for trunk-terminated connections

For each trunk-terminated call, the system creates an additional connection for SAR
exception data path. The SAR exception data path must be created for all trunk­terminated calls and cannot be limited. You should take these additional internal
connections into account when provisioning trunk-terminating calls.

Notice of OAM limitation with more than 5000 user PVCs

Currently, when the number of provisioned LIM-to-trunk PVCs exceeds 5000, the
maximum number of OAM connections still cannot be increased.

1-8 Stinger® IP Control Module Configuration Guide

Configurable IP2100 port managers

The IP2100 control module supports two Gigabit Ethernet ports and a network
processor (NP) capacity of approximately 3.9Gbps. An HB LIM can use up to
559Mbps (whereas other LIMs use approximately 152Mbps), which means that the
total installed LIM bandwidth of the system could possibly exceed the IP2100 NP
capacity. To address this possibility, the system supports user configuration of the NP
port managers for each LIM slot, Gigabit Ethernet port, and trunk port. You must
configure the port managers to distribute NP capacity properly as you install various
modules in the system.

Note For proper operation, you must configure the NP port manager for each HB

LIM in the system. For details, see “Sample HB LIM NP-PORT configuration” on
page 1-13.

System-generated profiles

To enable you to configure NP port managers and to check their status, the system
creates the following profiles at startup or when a port first becomes active (such as
when a module is first installed):

Table 1-5. NP port manager profiles

Introduction

Introduction to the Stinger IP2100 control module

Profile Description

NP-PORT Configuration profile used to request a fixed

bandwidth rate. The system generates one profile for
each installed LIM, one for each port on installed
trunk modules (up to a maximum of two profiles per
installed trunk module), and one for each Gigabit
Ethernet port.

For a trunk aggregation module (TRAM) the system
generates two NP-PORT profiles for the total
bandwidth of the TRAM. Each of the TRAM NP-PORT
profiles handles a bandwidth rate equal to one OC3.

NP-PORT-STAT

Read-only status profile that indicates the actual
bandwidth allocated by the NP port manager. For
details about NP-PORT-STAT profiles and commands
for viewing bandwidth allocation, see the Stinger
Adminstration Guide.

Fixed-rate and nonfixed-rate bandwidth

Each NP port manager has a configurable fixed rate as well as a system-derived
nonfixed rate, which are used together to satisfy the bandwidth requirements of
traffic going out from the NP port manager on the IP2100 control module to the
associated slot or port, and ultimately out to the DSL CPE (for LIMs), ATM core
network (for trunk ports), or Gigabit Ethernet network (for control module GigE
ports).

The aggregate bandwidth is the sum of fixed-rate and nonfixed-rate bandwidth. The
fixed rate is the guaranteed bandwidth portion of aggregate bandwidth.

Stinger® IP Control Module Configuration Guide 1-9

Introduction

Introduction to the Stinger IP2100 control module

The NP imposes the following constraints on the selection of the fixed-rate and
nonfixed-rate values for each port. Both constraints must be simultaneously met for
the rate values to be valid.

■ Fixed-rate + nonfixed-rate bandwidth = aggregate bandwidth

Note that the aggregate bandwidth cannot exceed the bandwidth of the interface.

■ The ratio (fixed-rate/nonfixed-rate) OR (nonfixed-rate/fixed-rate) must be an

integer multiple between 1 and 16.

For each port, the configured fixed rate defines the bandwidth pool that is used to
satisfy the bandwidth requirements of the associated CBR, real-time VBR, and non­real-time VBR connections (in ATM) and of priority-1, priority-2, and priority-3 IP
connections.

For each port, the nonfixed-rate bandwidth pool is used for UBR connections (in
ATM) and of priority-0 IP connections. The system derives the amount of nonfixed­rate bandwidth from the requested fixed rate and the line capacity. The nonfixed rate
is always the highest possible multiple of the requested fixed rate within the
maximum line capacity.

Effect of fixed-rate configuration on oversubscription

Fixed rates are constrained by line capacities and the overall capacity of the NP. The
fixed rate of a single port cannot exceed the capacity of the corresponding interface.
In addition, the sum of the fixed rates allocated over all ports cannot exceed the
capacity of the NP. In other words, fixed rates cannot be oversubscribed systemwide.
However, oversubscription within the fixed rate bandwidth pool for a specific port is
allowed—the sum of the guaranteed rates of the allocated connections can exceed
the configured fixed rate by a set factor (such as 10).

Nonfixed rates are constrained only by line capacity. The nonfixed rate of a single
port cannot exceed the capacity of the corresponding interface, but the sum of the
nonfixed rates can exceed the overall capacity of the NP. The nonfixed rate can
therefore be oversubscribed over all NP ports.

For details about connection admission control and oversubscription, see the Stinger

ATM Configuration Guide.

Effect of fixed-rate configuration on QoS

Quality of Service (QoS) is impacted by the fixed-rate configuration in that the
fixed-rate bandwidth places a limit on what is available for guaranteed bandwidth
connections. For example, if you configure 100Mbps fixed-rate bandwidth on a LIM,
the total guaranteed downstream QoS for all users on that LIM cannot exceed
100Mbps. You must be aware of this when configuring downstream QoS for DSL
users.

Configurable NP-PORT profile settings

The NP-PORT profile contains the following parameters, shown with default values
for a LIM in slot 1:

[in NP-PORT/{ shelf-1 slot-1 0 }]
port-address* = { shelf-1 slot-1 0 }
requested-fixed-bandwidth = 149750
fixed-bandwidth-preference = discrete-fixed-rate

1-10 Stinger® IP Control Module Configuration Guide

Parameter Setting

port-address

Address of the LIM slot, or of the individual Gigabit Ethernet
or trunk port, associated with an NP port manager.

for LIM slots The address uses the following format:

for trunk ports

for GigE ports The address uses the following format:

requested-fixed­bandwidth

Requested fixed rate bandwidth in Kbps for the NP port. If
allocated successfully, data will be shaped at the specified rate
through the LIM, trunk, or GigE interface.

Introduction

Introduction to the Stinger IP2100 control module

{ shelf-M slot-N 0 }

The zero port number represents all ports on
the LIM.

The address uses the following format:

{ shelf-1 trunk-module-M N }

Each trunk port has its own configurable
fixed rate.

{ shelf-1 slot-any N }

The two Gigabit Ethernet ports of the IP2100
(ports 2 and 3) each have their own
configurable fixed rate. The slot-any
designation is used for redundancy. In the
event of primary failure, the new primary
control module can use the same NP-PORT
profiles.

fixed-bandwidth­preference

Because the system must maintain a ratio between the fixed
and on-fixed bandwidth on an interface, the system may not
allocate all of the requested bandwidth. In addition, the
setting of the fixed-bandwidth-preference parameter may
limit the total interface throughput.

The minimum value is 1500. The actual configurable
maximum bandwidth depends on the type of the interface
and the maximum NP capacity of 3.9Gbps. The maximum
aggregate bandwidth (fixed and nonfixed) for each type of
interface is as follows:

HB LIM 588888Kbps

Legacy LIM 149750Kbps

OC3 TM port 149750Kbps

DS3 TM port 40641Kbps

E3 TM port 33888Kbps

OC12 TM port 599000Kbps

GigE port 1000000Kbps

The preferred method for allocating the fixed bandwidth rate
specified by the requested-fixed-bandwidth setting.

Stinger® IP Control Module Configuration Guide 1-11

Introduction

Introduction to the Stinger IP2100 control module

Parameter Setting

discrete­fixed-rate

flexible­fixed-rate

At startup or when an interface first becomes active, the system attempts to allocate
the requested bandwidth if it is available, and creates or updates the NP-PORT-STAT
profile with the amount of bandwidth it was able to allocate.

This is the default setting. With this setting,
the system calculates a fixed/nonfixed ratio
that maximizes the aggregate throughput on
the interface.

With this setting, the system attempts to use
the fixed bandwidth rate specified by the
requested-fixed-bandwidth setting as closely
as possible. This is the recommended setting.

The system calculates a fixed/non-fixed ratio
that maximizes the fixed-rate throughput on
the interface.

Depending on the value of requested-fixed-
bandwidth, the aggregate rate with this setting
may be limited to less than interface rate (line
capacity).

Caution about modifying NP-PORT bandwidth allocations

When you configure NP-PORT profiles to request a higher fixed bandwidth for HB
LIMs, you must remember the maximum network processor capacity of 3.9Gbps.

If you configure multiple bandwidth allocations which in aggregate exceed the
maximum NP capacity, a bandwidth starvation condition occurs. The info np pm
bwdist debug-level command displays fixed rate allocation, and will show bandwidth
starvation conditions should they occur.

Note See Appendix A, “IP Control Module Diagnostics” for important caveats about

using debug-level commands and for an overview of the info np command.

For example, the following command output shows bandwidth starvation on slot 12:

super> info np pm bwdist
NP Port Manager Rates
NP PM Bandwidth Distribution
System Aggregate Allocated BW : 3904697
Aggregate User Requested BW : 3977196
Available system BW : 0

Port Requested Allocated Status
{1 1 0} 540000 544415 BW SERVICED
{1 2 0} 9359 9393 BW SERVICED
{1 3 0} 540000 544415 BW SERVICED
{1 4 0} 9359 9393 BW SERVICED
{1 5 0} 540000 544415 BW SERVICED
{1 6 0} 9359 9393 BW SERVICED
{1 7 0} 9359 9393 BW SERVICED
{1 10 0} 9359 9393 BW SERVICED
{1 11 0} 9359 9393 BW SERVICED

1-12 Stinger® IP Control Module Configuration Guide

Introduction to the Stinger IP2100 control module

{1 12 0} 540000 444733 BW STARVED
{1 13 0} 9359 9393 BW SERVICED
{1 14 0} 9359 9393 BW SERVICED
{1 15 0} 36805 36805 BW SERVICED
{1 16 0} 9359 9393 BW SERVICED
{1 17 1} 2540 2555 BW SERVICED
{1 17 2} 2540 2555 BW SERVICED
{1 18 1} 2540 2555 BW SERVICED
{1 18 2} 2540 2555 BW SERVICED
{1 0 2} 828000 833333 BW SERVICED
{1 0 3} 828000 833333 BW SERVICED

How to recover from a bandwidth starvation condition

To enable the system to recover from a bandwidth starvation condition, you must
complete the following steps:

1 Open the NP-PORT profile for the slot or port that initiated the bandwidth

starvation condition and set the requested-fixed-bandwidth parameter to a
smaller setting.

Introduction

2 Free up some unused bandwidth by opening the NP-PORT profile associated with

an unused slot or port, and setting the requested-fixed-bandwidth parameter to
its minimum value of 1500 (1.5Mbps).

3 Re-open the NP-PORT profile that initiated the bandwidth starvation condition

and set the requested-fixed-bandwidth parameter to the setting you require.

Protection against exceeding line capacity in NP-PORT configurations

When you modify the settings of the NP-PORT profile, the system uses the new
profile values to reprogram the port managers only after validating that the
requested-fixed-bandwidth value does not exceed the maximum capacity of the
line. For example, if you attempt to specify a fixed bandwidth of 200,000Kbps for a
legacy LIM, the system refuses to write the NP-PORT profile and displays an error
message such as the following:

admin> read np-port {1 1 0}

admin> set requested-fixed-bandwidth = 200000

admin> write -f
error: Port{1 1 0} fixed rate 200000 exceeds supported rate of 152576

If bandwidth is unavailable for allocation, the system generates log messages and the
configures the port with a minimum bandwidth of 1.5Mbps for fixed rate and
16Mbps for nonfixed rate.

Sample HB LIM NP-PORT configuration

For proper operation in a capacity environment, you must explicitly configure the
port bandwidth for each HB LIM. The requested-fixed-bandwidth value you set
depends on how much traffic will be sent to the LIM. The total fixed bandwidth
allocation systemwide cannot exceed the maximum NP capacity of 3.9Gbps. See
“Configurable IP2100 port managers” on page 1-9 for details.

Stinger® IP Control Module Configuration Guide 1-13

Introduction

Introduction to the Stinger IP2100 control module

For example, suppose the system supports the following modules:

admin> show
Controller { first-control-module } ( PRIMARY ):
Reqd Oper Slot Type
{ shelf-1 slot-1 0 } UP UP ep-72-hs-gs-adsl2plus
{ shelf-1 slot-2 0 } UP UP stngr-48a-adsl-card
{ shelf-1 slot-3 0 } UP UP ep-72-hs-gs-adsl2plus
{ shelf-1 slot-4 0 } UP UP sdsl-atm-v2-card
{ shelf-1 slot-5 0 } UP UP ep-72-hs-gs-adsl2plus
{ shelf-1 slot-6 0 } UP UP sdsl-atm-v2-card
{ shelf-1 slot-7 0 } UP UP sdsl-atm-v2-card
{ shelf-1 slot-10 0 } UP UP stngr-72-shdsl-card
{ shelf-1 slot-11 0 } UP UP stngr-72-shdsl-card
{ shelf-1 slot-12 0 } UP UP ep-48-hs-gs-adsl2plus
{ shelf-1 slot-13 0 } UP UP ima-24t1-card
{ shelf-1 slot-14 0 } UP UP ishdsl-48-card
{ shelf-1 slot-15 0 } UP UP ep-72-hs-gs-adsl2plus
{ shelf-1 slot-16 0 } UP UP ima-24t1-card
{ shelf-1 trunk-module-1 0 } UP UP ds3-atm-trunk-daughter-card
{ shelf-1 trunk-module-2 0 } UP UP ds3-atm-trunk-daughter-card

With this system configuration and default settings in the NP-PORT profiles, the
system allocates fixed-rate bandwidth as shown in the following command output:

super> info np pm bwdist
NP Port Manager Rates
NP PM Bandwidth Distribution
System Aggregate Allocated BW : 432581
Aggregate User Requested BW : 433416
Available system BW : 3486580

Port Requested Allocated Status
{1 1 0} 36805 36805 BW SERVICED
{1 2 0} 9359 9393 BW SERVICED
{1 3 0} 36805 36805 BW SERVICED
{1 4 0} 9359 9393 BW SERVICED
{1 5 0} 36805 36805 BW SERVICED
{1 6 0} 9359 9393 BW SERVICED
{1 7 0} 9359 9393 BW SERVICED
{1 10 0} 9359 9393 BW SERVICED
{1 11 0} 9359 9393 BW SERVICED
{1 12 0} 36805 36805 BW SERVICED
{1 13 0} 9359 9393 BW SERVICED
{1 14 0} 9359 9393 BW SERVICED
{1 15 0} 36805 36805 BW SERVICED
{1 16 0} 9359 9393 BW SERVICED
{1 17 1} 2540 2555 BW SERVICED
{1 17 2} 2540 2555 BW SERVICED
{1 18 1} 2540 2555 BW SERVICED
{1 18 2} 2540 2555 BW SERVICED
{1 0 2} 62500 62654 BW SERVICED
{1 0 3} 62500 62654 BW SERVICED

1-14 Stinger® IP Control Module Configuration Guide

The following commands modify the default bandwidth setting for the HB LIMs
installed in slot 1 and slot 3 to allow approximately 521Mbps of guaranteed data plus
approximately 38Mbps of non-guaranteed data:

admin> read np-port { 1 1 }

admin> set fixed-bandwidth-preference = flexible-fixed-rate

admin> set requested-fixed-bandwidth = 521000

admin> write -f

admin> read np-port { 1 3 }

admin> set fixed-bandwidth-preference = flexible-fixed-rate

admin> set requested-fixed-bandwidth = 521000

admin> write -f

With the sample settings immediately above, guaranteed traffic is limited to 521Mbps
on the LIM. In the absence of guaranteed traffic, the guaranteed bandwidth is used
for non-guaranteed traffic, so this setting enables you to send up to 521+ 38 =
559Mbps of non-guaranteed traffic on the HB LIM.

Features not currently supported by the IP2100

Introduction

Network architecture overview

The IP2100 control module does not currently support the following features:

■ Control module redundancy in hosted environments

■ Virtual path shaping

Network architecture overview

A Stinger IP DSLAM supports all standard Stinger ATM features, such as data and
voice services over DSL. In addition, it supports IP services such as multicast video,
unicast video-on-demand, and other video and IPTV applications. The services
supported by the IP DSLAM are provided downstream to DSL subscribers. In the
upstream direction, DSL subscribers accessing the Stinger IP DSLAM can be routed
via the IP infrastructure to Internet services, or bridged/routed to a virtual LAN.

A Stinger IP DSLAM supports IP routing and QoS, ATM QoS, traffic shaping, VLAN,
and multicasting capabilities to provide fast, efficient access to ATM and IP services.

Multicast video

A Stinger IP DSLAM uses the Internet Group Management Protocol (IGMP) to
manage group memberships of downstream video to a PC application or set-top box,
as shown in Figure 1-2. Administrators can configure levels of service that control
subscribers’ access to specific multicast groups. Connection to the originating router
or multicast router can be across the Gigabit Ethernet interface or through a high­speed IP over ATM connection.

Stinger® IP Control Module Configuration Guide 1-15

Introduction

Network architecture overview

Figure 1-2. Sample setup showing multicast and unicast video services

Network side User side

Multicast
video server

Multicast
router

Unicast video
server

IP router

Internet and voice access

When a subscriber has DSL Integrated Access Device (IAD) equipment (such as a
CellPipe®), the Stinger can deliver integrated voice and data services over the local
copper loop, providing a efficient, low-cost solution for enterprise, small business,
home office, and residential subscribers.

IP multicast

IP unicast

Stinger

IP DSLAM

IP/ATM

IP/ATM

CPE
router

CPE
router

Set-top box (STB)

PC

NET-1

STB

NET-2

Figure 1-3. Sample setup showing Internet access and voice over ATM

Network side User side

Internet

ISP Voice

ATM

Voice

gateway

IP/ATM

Stinger

IP DSLAM

IP/ATM

ATM

CPE
router

CellPipe
IAD

Services:
Internet access

Services:
Voice, Internet
access

1-16 Stinger® IP Control Module Configuration Guide

Multiplexing multiple IP flows on a single ATM VCC

A Stinger IP DSLAM supports an implementation of Class of Service (CoS) that co­exists with the Stinger ATM QoS implementation. This feature allows transferring
multiple IP streams (multicast and unicast) over single user-side ATM virtual circuit
with different levels of priority.

Figure 1-4. Sample setup showing multiple IP flows to a CPE router

Network side User side

Internet Voice

Stinger

ISP

ATM

Multicast
router

Voice
gateway

IP multicast
over ATM

IP DSLAM

IP/ATM

Per-VC
priority
queueing

IAD

Introduction

Network architecture overview

Set-top box (STB)

PC

NET-1

Services:
Multicast
video, VoATM,
Internet access

The CoS implementation enables the delivery of differentiated services over an IP
infrastructure. All traffic handled by the IP control module, whether encapsulated IP
or native ATM, passes through the network processor function.

Non-IP terminated ATM traffic, including operations, administration, and
maintenance (OAM) F5 traffic, is treated as highest priority and handled in an AT M
pass-through mode. This traffic passes through the network processor with no further
processing.

RFC 2684 IP traffic that terminates on the IP control module is reassembled from
ATM cells into IP packets. It is then classified and assigned to priority output queues.
A default per-VC strict-priority queuing is supported with three priority levels as
described in Table 1-6.

Table 1-6. Default classification and prioritization

Priority queue Priority level Packet classification assigned to queue

1 High IP Control Protocol Classification

■ ARP/RARP protocol messages

■ ICMP protocol messages

■ RIP protocol messages

■ IGMP protocol messages

2 Medium Multicast Classification

■ IP multicast data

3Low

Unicast Classification

■ IP unicast data

Stinger® IP Control Module Configuration Guide 1-17

Introduction

Network architecture overview

Table 1-6 shows a default classification that occurs when no PACKET-FLOWS profile
has been applied to the traffic. For information about priority queuing based on flow
identification, see Chapter 5, “Ethernet and IP QoS.”

Per-VC queuing operates in conjunction with the associated ATM shaping rate. The
aggregate rate of the combination of three priority queues (Class of Service Queuing
with Strict Priority) associated with a particular ATM virtual circuit is controlled by
the SCR (sustained cell rate) configured for the VC. In this case, SCR is configured
equal to PCR (peak cell rate). Rate information is configurable in the ATM-QOS
profile for each virtual circuit. For details about configuring ATM QoS, see the Stinger
ATM Configuration Guide.

1-18 Stinger® IP Control Module Configuration Guide

Gigabit Ethernet Configuration

Configuring Gigabit Ethernet interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1

Configuring Gigabit Ethernet port redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5

Configuring LACP on Gigabit Ethernet ports (IP2100 only) . . . . . . . . . . . . . . . . 2-9

Configuring STP on Gigabit Ethernet ports (IP2100 only). . . . . . . . . . . . . . . . . 2-17

Administrative tools for Gigabit Ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-25

This chapter describes how to configure the Gigabit Ethernet Media Access Control
(GMAC) physical interfaces on the Stinger IP2000 and Stinger IP2100 control
modules. For information about configuring the 10/100 BASE-T Ethernet
management interfaces, see the Getting Started Guide for your Stinger platform.

For details about configuring IP interfaces on the Ethernet ports, see “Configuring IP­INTERFACE profiles for Ethernet ports” on page 4-6.

2

Configuring Gigabit Ethernet interfaces

The system generates an ETHERNET profile for each Ethernet port on the IP control
modules.

For the IP2000 control module, the Gigabit Ethernet port has the following indexes:

ETHERNET/{ shelf-1 first-control-module 2 }
ETHERNET/{ shelf-1 second-control-module 2 }

For the IP2100 control module, the Gigabit Ethernet ports have the following
indexes:

ETHERNET/{ shelf-1 first-control-module 2 }
ETHERNET/{ shelf-1 first-control-module 3 }

ETHERNET/{ shelf-1 second-control-module 2 }
ETHERNET/{ shelf-1 second-control-module 3 }

With the default settings, Gigabit Ethernet interfaces are fully operational.

Overview of ETHERNET profile settings

Following are the ETHERNET parameters, shown with default settings for a Gigabit
Ethernet port:

[in ETHERNET/{ shelf-1 first-control-module 2 }]
interface-address* = { shelf-1 first-control-module 2 }

Stinger® IP Control Module Configuration Guide 2-1

Gigabit Ethernet Configuration

Configuring Gigabit Ethernet interfaces

link-state-enabled = no
enabled = yes
ether-group = 0
ether-if-type = utp
bridging-enabled = no
filter-name = ""
duplex-mode = full-duplex
pppoe-options = { no no "" }
bridging-options = { 0 no no transparent-bridging 0 0 "" 0 }
lacp-options = { 65535 active }
media-speed-mbit = 100mb
auto-negotiate = no
vlan-stack-tag-type = 91:00

For details about each of the parameters shown above, see the Stinger Reference.
Following are some Gigabit Ethernet-specific notes about the profile contents:

Parameter Notes about Gigabit Ethernet settings

interface-address*

link-state-enabled

enabled

ether-group

bridging-enabled

filter-name

duplex-mode

pppoe-options

bridging-options

lacp-options

media-speed-mbit

The interface-address value for a physical Gigabit
Ethernet port.

With the default value, the system discards packets and
does not choose an alternate route if the interface is
down. If you set this to yes, the system deletes routes to
the interface when the interface is unavailable, and
then restores the routes when the interface becomes
available again.

If you set this to no and write the profile, the interface is
unavailable.

The index of an ETHER-GROUP profile. See
“ETHERNET profile settings for physical ports in a LAG”
on page 2-12

See “Enabling layer 2 bridging for VLAN operations” on
page 2-3.

Name of a filter to apply to all non-VLAN traffic on the
Gigabit Ethernet interface. Non-VLAN traffic consists of
untagged frames and frames with VLAN IDs that do not
match configured VLAN-ETHERNET profiles. See
Chapter 11, “Filter Configuration.”

The GMAC physical interface operates only in full­duplex mode.

Not currently used by IP control modules.

Not currently used by IP control modules.

A subprofile where port-level link aggregation
parameters are configured. See “Configuring LACP on
Gigabit Ethernet ports (IP2100 only)” on page 2-9.

This setting is read-only and specifies 1Gbps.

2-2 Stinger® IP Control Module Configuration Guide

Parameter Notes about Gigabit Ethernet settings

auto-negotiate

vlan-stack-tag-type If the layer-2 core network is using a specific EtherType

Enables or disables autonegotiation.

Note For the IP2100 control module, you must set this

value to the same value as the equipment to which it is
connected.

value for stacked VLAN frames, you must set the vlan-
stack-tag-type parameter to that value. For details, see
“Configuring stacked VLANs” on page 3-24.

Enabling layer 2 bridging for VLAN operations

Following is the relevant parameter, shown with its default setting, for enabling
bridging on the Gigabit Ethernet port:

[in ETHERNET/{ shelf-1 first-control-module 2 }]
bridging-enabled = no

Parameter Setting

Gigabit Ethernet Configuration

Configuring Gigabit Ethernet interfaces

bridging-enabled

The following commands enable bridging on Gigabit Ethernet:

admin> read ethernet { 1 8 2 }

admin> set bridging-enabled = yes

admin> write -f

Configures the physical port to accept Ethernet frames
for bridging purposes. With the default no value, the
system does not accept unicast packets received on this
port unless the destination MAC address is equal to the
MAC address of the port. Set this parameter to yes if
the system will support VLAN operations.

Verifying the Gigabit Ethernet interface setup

To verify that the Gigabit Ethernet interface is able to handle IP traffic, first you must
assign an IP address to the interface. See “Configuring IP-INTERFACE profiles for
Ethernet ports” on page 4-6 for instructions.

After you assign an IP address, you can verify that the Gigabit Ethernet interface is
able to handle the traffic by checking some command output. For details about the
netstat and gmac commands, see the Stinger Reference.

You can also use the debug-level ifmgr -d command to verify that the Gigabit
Ethernet interface is active. This is described in Appendix A, “IP Control Module
Diagnostics.”

Stinger® IP Control Module Configuration Guide 2-3

Gigabit Ethernet Configuration

Configuring Gigabit Ethernet interfaces

Checking the routing table

The following command output verifies that the routing table has an entry for the
Gigabit Ethernet interface (IP address 100.1.1.3/32):

admin> netstat -rn
Destination Gateway IF Flg Pref Met Use Age

0.0.0.0/0 1.1.2.1 ie0 SGP 60 1 3817 828

20.1.2.0/24 - ie1-1 C 0 0 0 828

20.1.2.3/32 - local CP 0 0 0 828

100.0.0.0/8 - ie1 C 0 0 4683 828

100.1.1.3/32 - local CP 0 0 1580 828

127.0.0.0/8 - bh0 CP 0 0 0 828

127.0.0.1/32 - local CP 0 0 0 828

127.0.0.2/32 - rj0 CP 0 0 0 828

1.1.2.0/24 - ie0 C 0 0 1428 828

1.1.2.65/32 - local CP 0 0 2937 828

224.0.0.0/4 - mcast CP 0 0 0 828

224.0.0.1/32 - local CP 0 0 0 828

224.0.0.2/32 - local CP 0 0 0 828

224.0.0.9/32 - local CP 0 0 0 828

255.255.255.255/32 - ie0 CP 0 0 0 828

Verifying the network processor setup for the interface

The network processor on the IP control module creates a connection entry for the
Gigabit Ethernet interface when the interface becomes operational. You can force the
network processor to create a connection entry for the Gigabit Ethernet interface by
using the following command:

admin> gmac -n
NP setup for gmac done.

Verifying the SAR setup for the interface

The onboard Segmentation and Reassembly (SAR) creates an ATM connection entry
for the Gigabit Ethernet interface. You can force the SAR setup by using the following
command:

admin> gmac -s
GMAC: SAR conn. open with vpi = 0, vci = 200

Verifying IP packet transfer on the interface

The following command clears statistics gathered on the Gigabit Ethernet interface:

admin> gmac -d -c

The next command pings a host on the same subnet as the Gigabit Ethernet interface:

admin> ping 100.1.1.10
PING 100.1.1.10 (100.1.1.10): 56 data bytes
64 bytes from 100.1.1.10: icmp_seq=0 ttl=255 time=0 ms
64 bytes from 100.1.1.10: icmp_seq=1 ttl=255 time=0 ms
64 bytes from 100.1.1.10: icmp_seq=2 ttl=255 time=0 ms
64 bytes from 100.1.1.10: icmp_seq=3 ttl=255 time=0 ms
64 bytes from 100.1.1.10: icmp_seq=4 ttl=255 time=0 ms
64 bytes from 100.1.1.10: icmp_seq=5 ttl=255 time=0 ms

2-4 Stinger® IP Control Module Configuration Guide

Gigabit Ethernet Configuration

Configuring Gigabit Ethernet port redundancy

64 bytes from 100.1.1.10: icmp_seq=6 ttl=255 time=0 ms
64 bytes from 100.1.1.10: icmp_seq=7 ttl=255 time=0 ms

--- 100.1.1.10 ping statistics --­8 packets transmitted, 8 packets received, 0% packet loss
round-trip min/avg/max = 0/0/0 ms

The following command displays GMAC statistics that show packet transfer. The
txGoodPackets and rxGoodPackets fields in the command output show 8 packets
transmitted and received in the ICMP sequence shown immediately above. For more
details on the command output fields, see “Total transmit statistics” on page A-30 and
“Total receive statistics” on page A-32.

admin> gmac -d
Gigabit Ethernet port statistics:

txOctetsLow = 162450 rxOctetsLow = 13192
txOctetsHigh = 0 rxOctetsHigh = 0
txGoodPackets = 1874 rxGoodPackets = 53
txPkt64 = 11 rxPkt64 = 3
txPkt65127 = 1813 rxPkt65127 = 0
txPkt128255 = 0 rx128255 = 0
txPkt256511 = 50 rx256511 = 50
txPkt5121023 = 0 rx5121023 = 0
txPkt1024Max = 0 rx1024Max = 0
txPktDefer = 0 rxMacType = 0
txPktUndSz = 0 rxCrcErrors = 0
txUnderFlow = 0 rxUnderSize = 0
txPfcf = 0 rxOverSize = 0
txPfcc = 0 rxAlmostFull = 0
txRfcf = 0 rxOverRun = 0
txRfcc = 0 rxMulticastPkts = 0
txOverFlow = 0 rxBroadcastPkts = 50
txAlmostFull = 0 rxJabber = 0
rxPfc = 0
rxRfc = 0

Configuring Gigabit Ethernet port redundancy

Systems with redundant IP control modules can be configured to enable Gigabit
Ethernet port redundancy. With proper configuration, RFC 2684 (MPoA)
connections, VLAN connections, and LAN MBONE interface functions can be
maintained across the Gigabit Ethernet interface in the event of primary control
module failure.

Note A soft IP interface configuration is required for Gigabit Ethernet redundancy of

RFC 2684 connections and a LAN MBONE interface.

Stinger® IP Control Module Configuration Guide 2-5

Gigabit Ethernet Configuration

Configuring Gigabit Ethernet port redundancy

Configuring a soft IP interface for Gigabit Ethernet redundancy

The soft IP interface is an internal interface that is not associated with a specific
physical port, but that can be accessed through the Ethernet interface of whichever
controller is primary. For background information, see “Defining a soft interface for
increased accessibility” on page 4-8.

You can use the default (system-created) soft IP interface for Gigabit Ethernet
redundancy, which uses the following index:

IP-INTERFACE/{ {0 0 0 } 0 }

However, if you have already used the default profile for the soft IP address of the
10/100M base Ethernet management ports, you can create another soft IP interface
using a profile index of { { 0 0 0 } x }, as long as the IP address in that profile is on
the same subnet as the Gigabit Ethernet ports.

Note The system associates its Ethernet interfaces with a particular soft address

based on the subnet assignment. The IP interface address of the Gigabit Ethernet
ports on the primary and secondary controllers and the soft IP interface address must
be on the same subnet.

Configuring Gigabit Ethernet redundancy for RFC 2684 (IPoA) connections

Figure 2-1 shows a Stinger with redundant IP control modules. The Gigabit Ethernet
port in slot 8 ({ { 1 8 2 } 0 }), the Gigabit Ethernet port in slot 9 ({ { 1 9 2 } 0 }),
and the soft IP interface ({ { 0 0 0 } 1 }), all have IP address assignments on the
same subnet. In addition, the external router has a routing table entry that specifies
the soft IP interface address as the gateway to the CPE router destination.

Figure 2-1. Gigabit Ethernet redundancy for RFC 2684 connectivity

{ { 0 0 0 } 1 }

10.99.99.100/24

External
router

add route:
destination=10.14.16.1/24
gateway=10.99.99.100/24

IP

{ { 1 8 2 } 0 }

10.99.99.101/24

{ { 1 9 2 } 0 }

10.99.99.201/24

The following commands configure the Gigabit Ethernet port in slot 8:

admin> read ip-interface { { 1 8 2 } 0 }

admin> set ip-address = 10.99.99.101/24

admin> write -f

Stinger

IP DSLAM

IPoA

CPE
router

10.14.16.1/24

The next commands configure the Gigabit Ethernet port on slot 9:

admin> read ip-interface { { 1 9 2 } 0 }

admin> set ip-address = 10.99.99.201/24

admin> write -f

2-6 Stinger® IP Control Module Configuration Guide

Gigabit Ethernet Configuration

Configuring Gigabit Ethernet port redundancy

The following commands configure a soft IP interface on the same subnet:

admin> new ip-interface { { 0 0 0 } 1 }

admin> set ip-address = 10.99.99.100/24

admin> write -f

When you write the profile of the soft interface, the system displays a message:

LOG notice, Shelf 1, Controller-1, Time: 11:42:57-­Soft ip will be effective if the ip-addr of primary controller is
configured.

To ensure that the external router can reach the CPE router in Figure 2-1, the
external router must specify the soft IP address as the gateway to the CPE router
destination address. For example,

destination-address = 10.14.16.1/24
gateway-address = 10.99.99.100/24

Configuring Gigabit Ethernet redundancy for VLAN bridging

To enable the system to maintain VLAN bridging connections in the event of the
primary control module failing, you must configure the VLAN on the soft interface,
using the expression any-slot or 0 as the slot number. For example, the following
commands define a new Gigabit Ethernet-redundant VLAN with bridge group 95 and
VLAN ID 95:

admin> new bridge-group 95

admin> set enable = yes

admin> set bridging-group = 95

admin> set mac-entry-age-time = 300

admin> set igmp-snooping-enabled = yes

admin> set port-block-enabled = yes

admin> set lan-router-interface-address physical-address shelf = shelf-1

admin> set lan-router-interface-address physical-address slot = any-slot

admin> set lan-router-interface-address physical-address item-number = 2

admin> set lan-router-interface-address logical-item = 95

admin> write -f

admin> new vlan-ethernet { { 1 a 2 } 95 }

admin> set enabled = yes

admin> set bridging-options bridging-group = 95

admin> set bridging-options bridge = yes

admin> set bridging-options bridge-type = transparent-bridging

admin> write -f

The following commands define a CONNECTION profile that uses the redundant
interface, so it will be maintained across a switchover:

admin> new connection raj-agg-1

admin> set active = yes

admin> set encapsulation-protocol = atm

Stinger® IP Control Module Configuration Guide 2-7

Gigabit Ethernet Configuration

Configuring Gigabit Ethernet port redundancy

admin> set ip-options ip-routing-enabled = no

admin> set bridging-options bridging-group = 95

admin> set bridging-options bridge = yes

admin> set bridging-options bridge-type = transparent-bridging

admin> set atm-options vci = 95

admin> set atm-options nailed-group = 151

admin> write -f

To modify an existing VLAN for Gigabit Ethernet redundancy, you must create a new
configuration and then delete the old one. For example, the following command
shows an existing VLAN with ID 50:

admin> dir vlan
37 07/21/2005 17:38:24 { { shelf-1 first-control-module 2 } 50 }

The next commands modify the VLAN to enable Gigabit Ethernet redundancy for the
connection:

admin> read vlan { { 1 8 2 } 50 }

admin> set interface-address = { { 1 0 2 } 50 }
(New index value; will save as new profile VLAN-ETHERNET/{ { shelf-1 any-

slot 2} 50 }.)

admin> write -f

The following commands list and then delete the older VLAN-ETHERNET profile:

admin> dir vlan
37 08/15/2005 09:00:30 { { shelf-1 any-slot 2 } 50 }
37 07/21/2005 17:38:24 { { shelf-1 first-control-module 2 } 50 }

admin> delete vlan { {1 8 2 } } 50}

Configuring a redundant LAN MBONE

To support redundancy for a LAN MBONE interface, you must configure a soft IP
interface for the Gigabit Ethernet ports, enable multicast on both ports, and use the
any-slot expression in the mbone-lan-interface parameter setting.

Figure 2-2 shows a Stinger with redundant IP control modules. The Gigabit Ethernet
port in slot 8 ({ { 1 8 2 } 0 }), the Gigabit Ethernet port in slot 9 ({ { 1 9 2 } 0 }),
and the soft IP interface ({ { 0 0 0 } 1 }), all have IP address assignments on the
same subnet and both physical ports enable multicast.

Figure 2-2. Gigabit Ethernet redundancy for a LAN MBONE

Multicast
video servers

MBONE
routers

IP

{ { 0 0 0 } 1 }

10.99.99.100/24

{ { 1 8 2 } 0 }

10.99.99.101/24

Stinger

IP DSLAM

Multicast client interfaces
(LIM ports)

{ { 1 9 2 } 0 }

10.99.99.201/24

2-8 Stinger® IP Control Module Configuration Guide

Gigabit Ethernet Configuration

Configuring LACP on Gigabit Ethernet ports (IP2100 only)

The following commands configure the Gigabit Ethernet port in slot 8:

admin> read ip-interface { { 1 8 2 } 0 }

admin> set ip-address = 10.99.99.101/24

admin> set multicast-allowed = yes

admin> write -f

The next commands configure the Gigabit Ethernet port on slot 9:

admin> read ip-interface { { 1 9 2 } 0 }

admin> set ip-address = 10.99.99.201/24

admin> set multicast-allowed = yes

admin> write -f

The following commands configure a soft IP interface on the same subnet:

admin> new ip-interface { { 0 0 0 } 1 }

admin> set ip-address = 10.99.99.100/24

admin> write -f

The following commands enable the multicast forwarding function and specify a
redundant LAN MBONE configuration:

admin> read ip-global

admin> set multicast-forwarding = yes

admin> set multiple-mbone mbone-lan-interface 1 = { { 1 0 2 } 0 }

admin> write -f

admin> list multiple-mbone mbone-lan-interface
[in IP-GLOBAL:multiple-mbone:mbone-lan-interface]
mbone-lan-interface[1] = { { shelf-1 any-slot 2 } 0 }
mbone-lan-interface[2] = { { any-shelf any-slot 0 } 0 }
mbone-lan-interface[3] = { { any-shelf any-slot 0 } 0 }
mbone-lan-interface[4] = { { any-shelf any-slot 0 } 0 }

Note With this configuration, the LAN MBONE is supported on the Gigabit Ethernet

port of the controller in slot 8 or slot 9, whichever is primary. Following a switchover,
each IGMP client must rejoin its group to receive multicast traffic.

Configuring LACP on Gigabit Ethernet ports (IP2100 only)

You can bundle the bandwidth of the IP2100 dual Gigabit Ethernet ports into one
logical link by configuring IEEE 802.3ad Link Aggregation Control Protocol (LACP).
Link aggregation provides the following benefits:

■ Increased bandwidth

The capacity of two GigE links is combined into one logical link. Both links must
operate at the same data rate in full-duplex mode.

■ Increased availability

The failure or replacement of a single link within a Link Aggregation Group
(LAG) does not affect service from a client perspective.

■ Load sharing

Traffic is distributed across both links.

Stinger® IP Control Module Configuration Guide 2-9

Gigabit Ethernet Configuration

Configuring LACP on Gigabit Ethernet ports (IP2100 only)

LACP configuration overview

To configure the IP2100 Gigabit Ethernet ports to use link aggregation, you must
complete the following steps:

1 Create an ETHER-GROUP profile for the LAG. The profile is indexed by a unique

number. For example:

ETHER-GROUP/1

2 Configure a virtual ETHERNET profile for the LAG. The profile index is a virtual

physical address that includes the special slot designation slot-ether-group and
the index number of the ETHER-GROUP profile. For example, the index of a
virtual ETHERNET profile for ETHER-GROUP 1 is as follows:

ETHERNET/{ shelf-1 slot-ether-group 1 }

3 Specify the ETHER-GROUP index, and if necessary configure LACP options, in

the ETHERNET port profiles.

ETHERNET/{ shelf-1 first-control-module 2 }
ETHERNET/{ shelf-1 first-control-module 3 }

4 If required, provide system-level LACP information in the following profile:

LACP

ETHER-GROUP settings

Following are the ETHER-GROUP profile contents for link-aggregated ports, shown
with default settings:

[in ETHER-GROUP/1]
index-item-number* = 1
enabled = yes
type = lacp

Parameter Setting

index-item-number The number of the group. You must assign a nonzero

value to this field.

enabled

type

Enables or disables the profile. The profile is enabled by
default. You can disable a profile to disable link
aggregation of the individual links in a LAG.

The type of group. The default lacp type is required for
configuring 802.3ad LACP.

Virtual ETHERNET profile settings for a LAG

The virtual ETHERNET profile representing a LAG is an operator-created ETHERNET
profile indexed by a special virtual physical address.

When the Gigabit Ethernet ports are operating as a LAG, all port-specific settings are
taken from the virtual ETHERNET profile rather than the ETHERNET profiles for the
physical ports. This ensures that the two ports will have identical configurations, and
that any changes to the configuration can be made in one place only.

2-10 Stinger® IP Control Module Configuration Guide

Gigabit Ethernet Configuration

Configuring LACP on Gigabit Ethernet ports (IP2100 only)

When you create a virtual ETHERNET profile, some default values are not applicable
for Gigabit Ethernet ports. Following are the default settings in a new ETHERNET
profile:

[in ETHERNET/{ any-shelf any-slot 0 } (new)]
interface-address* = { any-shelf any-slot 0 }
link-state-enabled = no
enabled = yes
ether-group = 0
ether-if-type = utp
bridging-enabled = no
filter-name = ""
duplex-mode = full-duplex
pppoe-options = { no no "" }
bridging-options = { 0 no no transparent-bridging 0 0 "" 0 }
lacp-options = { 65535 active }
media-speed-mbit = 100mb
auto-negotiate = no
vlan-stack-tag-type = 91:00

Parameter Setting

interface-address For an ETHERNET profile representing a LAG, you must

specify a virtual physical address ({ shelf slot item })
with the following settings:

shelf

The shelf number.

slot slot-ether-group

item

The index of an ETHER-GROUP
profile.

For example, the address of a LAG ETHERNET profile
associated with ETHER-GROUP 1 is:

{ shelf-1 slot-ether-group 1 }

link-state-enabled

A setting (not required) for deleting routes to a link
when the link state is down.

enabled

ether-group

Enables or disables the profile.

Not used in a virtual ETHERNET profile representing a
LAG.

ether-if-type

Not used in a virtual ETHERNET profile representing a
LAG.

bridging-enabled

Enables or disables layer 2 bridging for VLAN operations
on the LAG. See “Overview of ETHERNET profile
settings” on page 2-1.

filter-name

Name of a filter to apply to all non-VLAN traffic on the
Gigabit Ethernet interface. See “Overview of
ETHERNET profile settings” on page 2-1.

duplex-mode

For a virtual ETHERNET profile representing a LAG, this
value must be set to full-duplex.

pppoe-options

Not currently used by IP control modules.

Stinger® IP Control Module Configuration Guide 2-11

Gigabit Ethernet Configuration

Configuring LACP on Gigabit Ethernet ports (IP2100 only)

Parameter Setting

bridging-options

lacp-options

Not currently used by IP control modules.

Not used in a virtual ETHERNET profile representing a
LAG.

media-speed-mbit

For a virtual ETHERNET profile representing a LAG, this
value must be set to 1000mb.

auto-negotiate

For the IP2100 control module, you must set this value
to the same value as the equipment to which it is
connected.

vlan-stack-tag-type

If the layer-2 core network is using a specific EtherType
value for stacked VLAN frames, you must set the vlan-
stack-tag-type parameter to that value. See “Overview
of ETHERNET profile settings” on page 2-1.

ETHERNET profile settings for physical ports in a LAG

To attach two Gigabit Ethernet ports to a LAG, the following settings are required in
each port’s ETHERNET profile. When link aggregation is in use, these parameters
(shown with default settings) are the only settings taken from these profiles:

[in ETHERNET/{ shelf-1 first-control-module 2 }]
interface-address* = { shelf-1 first-control-module 2 }
enabled = yes
ether-group = 0
lacp-options = { 65535 active }

[in ETHERNET/{ shelf-1 first-control-module 2 }:lacp-options]
priority = 65535
participation = active

Every other parameter from the port ETHERNET profile is ignored and the values
found in the LAG ETHERNET profile are used instead.

Parameter Setting

enabled Enables or disables the port. You can set this parameter

to no to bring the port down without detaching it from
the LAG.

2-12 Stinger® IP Control Module Configuration Guide

Gigabit Ethernet Configuration

Configuring LACP on Gigabit Ethernet ports (IP2100 only)

Parameter Setting

ether-group The index of an ETHER-GROUP profile. When set to 0

(default), the port operates individually. If set to a
nonzero value, the system searches for an ETHER­GROUP profile indexed by this value. If it finds one, the
port will be attached to that group provided that the
following conditions are true:

■ The ETHER-GROUP profile is enabled.

■ The ETHER-GROUP profile specifies a type of lacp

(the only type currently supported).

■ A valid ETHERNET profile has been created for the

LAG.

If the port cannot be attached it will continue to operate
as an individual port. You can use this setting in the port
profile to detach a port from a LAG or attach it to a new
one.

lacp-options A subprofile where port-level link aggregation

parameters are configured. There are currently two
LACP parameters:

priority 802.3ad port priority. The higher

the number, the lower the
priority. A configured port
priority may be useful to the
remote LACP peer for arbitration
between aggregation candidates if
the peer has a restriction on the
number of ports in a LAG.

participation 802.3ad participation (active or

passive). With the default active
value, the port will initiate LACP
negotiation. If set to passive, the
port only responds to LACP
negotiation.

LACP profile settings

The system LACP profile has only one parameter, shown with its default value;

[in LACP]
system-priority = 65535

s

Parameter Setting

system-priority 802.3ad system priority. The higher the number, the

lower the priority. A configured system priority may be
useful to the remote LACP peer for arbitration between
aggregation candidates if the peer has a restriction on
the number of ports in a LAG.

Stinger® IP Control Module Configuration Guide 2-13

Gigabit Ethernet Configuration

Configuring LACP on Gigabit Ethernet ports (IP2100 only)

Sample link aggregation configuration

The following sample configuration bundles the capacity of the two IP2100 Gigabit
Ethernet ports into a 2Gb LAG.

1 Create an ETHER-GROUP profile for the LAG. For example:

admin> new ether-group

admin> set index-item-number = 1

admin> set enabled = yes

admin> set type = lacp

admin> write -f

2 Create a new virtual ETHERNET profile for the LAG. For example:

admin> new ethernet { 1 slot-ether-group 1 }

admin> set ether-group = 1

admin> set media-speed-mbit = 1000mb

admin> set auto-negotiate = yes

admin> write -f

3 Modify the system-generated ETHERNET profiles for the two ports. For example:

admin> read ethernet { 1 first-control-module 2 }

admin> set enabled = yes

admin> set ether-group = 1

admin> write -f

admin> read ethernet { 1 first-control-module 3 }

admin> set enabled = yes

admin> set ether-group = 1

admin> write -f

Configuring a routed VLAN on the aggregated bandwidth

The following sample configuration creates a routed VLAN that uses the 2Gb LAG.

1 Create a VLAN-ETHERNET profile. Specify the index of the virtual ETHERNET

profile as the physical address. For example:

admin> new vlan-ethernet

admin> set interface-address physical-address shelf = shelf-1

admin> set interface-address physical-address slot = slot-ether-group

admin> set interface-address physical-address item-number = 1

admin> set interface-address logical-item = 555

admin> set enabled = yes

admin> set bridging-options bridge-type = no-bridging

admin> write -f

2 Create a virtual IP interface for the routed VLAN. Specify the index of the virtual

ETHERNET profile as the physical address. For example:

admin> new ip-interface

2-14 Stinger® IP Control Module Configuration Guide

Gigabit Ethernet Configuration

Configuring LACP on Gigabit Ethernet ports (IP2100 only)

admin> set interface-address physical-address shelf = shelf-1

admin> set interface-address physical-address slot = slot-ether-group

admin> set interface-address physical-address item-number = 1

admin> set interface-address logical-item = 555

admin> set ip-address = 185.1.1.10/24

admin> set multicast-allowed = yes

admin> set vlan-enabled = yes

admin> set vlan-id = 555

admin> write -f

Configuring an N:1 bridged VLAN that uses the aggregated bandwidth

The following sample configuration creates a routed VLAN that uses the 2Gb LAG.

1 Create a VLAN-ETHERNET profile. Specify the index of the virtual ETHERNET

profile as the physical address. For example:

admin> new vlan-ethernet

admin> set interface-address physical-address shelf = shelf-1

admin> set interface-address physical-address slot = slot-ether-group

admin> set interface-address physical-address item-number = 1

admin> set interface-address logical-item = 1000

admin> set enabled = yes

admin> set bridging-options bridging-group = 1000

admin> set bridging-options bridge = yes

admin> set bridging-options bridge-type = transparent-bridging

admin> write -f

2 Create a bridge group for the VLAN. Specify the index of the virtual ETHERNET

profile as the physical address portion of the “router” interface address. For
example:

admin> new bridge-group

admin> set enable = yes

admin> set bridging-group = 1000

admin> set igmp-snooping-enabled = yes

admin> set lan-router-interface physical-address shelf = shelf-1

admin> set lan-router-interface physical-address slot = slot-ether-group

admin> set lan-router-interface physical-address item-number = 1

admin> set lan-router-interface logical-item = 1000

Configuring an MBONE interface on the aggregated ports

The following commands configure an MBONE interface that uses the aggregated
GigE bandwidth and the routed VLAN interface created in “Configuring a routed
VLAN on the aggregated bandwidth” on page 2-14:

admin> read ip-global

Stinger® IP Control Module Configuration Guide 2-15

Gigabit Ethernet Configuration

Configuring LACP on Gigabit Ethernet ports (IP2100 only)

admin> set multicast-forwarding = yes

admin> set multiple-mbone mbone-lan 1 physical shelf = shelf-1

admin> set multiple-mbone mbone-lan 1 physical slot = slot-ether-group

admin> set multiple-mbone mbone-lan 1 physical item-number = 1

admin> set multiple-mbone mbone-lan 1 logical-item = 555

admin> write -f

For details about MBONE configuration, see “Configuring MBONE interfaces” on
page 9-3.

LACP implementation details

The information in this section relates to the IEEE 802.3ad specification, and provides
details that may be useful in communicating with a remote LACP peer.

■ Distribution and collection of frames

The Stinger LACP implementation has coupled control, which means that the
system does not separate distributing and collecting functions.

■ Configuration capabilities and restrictions

Only the two Gigabit Ethernet ports on an IP2100 control module support LACP
and can be part of a LAG. Beyond this physical limitation, there is no limitation
on the number of ports in a LAG. For example, some implementations might
support LACP on ten ports but restrict the number of ports in a LAG to eight.
Because the system does not enforce any such limitation, the arbitration
mechanisms from 802.3 section 43.6 do not apply.

■ Admin and Operational keys

The Stinger LACP implementation is static in the sense that Gigabit Ethernet
ports are not automatically and dynamically aggregated. LACP only runs on ports
that have been configured to be part of a LAG.

Ports that are part of a LAG have the same Admin Key by construction, but they
may not have the same Operational Key. For example, one of the ports might
have a cable disconnect or a cabling error. In this case, only the first port to be
aggregated will be part of the configured LAG, and the other port will be
unusable until the operational error is corrected.

■ Addressing

Because the Stinger LACP implementation is static, the LAG MAC address does
not fluctuate as ports go up and down in the LAG. The LAG takes the MAC
address of its lowest numbered port. You can view the MAC address assigned to
the LAG in the LAG ETHER-INFO profile.

■ Distribution algorithm

The Stinger LACP implementation uses the IP header checksum algorithm
described in RFC 1071, Computing the Internet Checksum. Of course, the checksum
is only relevant provided that both ports are distributing. If one of the two links is
down, all traffic uses the other link.

– For bridged traffic, the checksum is calculated based on the MAC source

address plus the MAC destination address.

– For routed traffic, the checksum is calculated based on the IP source address

plus the IP destination address.

2-16 Stinger® IP Control Module Configuration Guide

■ Limitations

– Currently, the Link Aggregation Marker Protocol (LAMP) is not supported.

– Single-port LAG is not supported. (You cannot create a LAG that contains a

single port.)

– LACP cannot be used in conjunction with L2TP.

LACP-related diagnostics

The following commands provide information about link aggregation on a GE-OLIM:

■ The lacp command displays information about control traffic and traffic that

terminates on or originates from the Stinger host. It includes a wizard option that
diagnoses LACP misconfigurations. For details, see the Stinger Reference.

■ The stats command supports a new lacp option for displaying basic LACP

distribution statistics for upstream traffic, and for clearing LACP statistics
counters. For details, see the Stinger Reference.

■ The debug-level info np command now displays some LACP-related

information. For details, see “Network processor-related diagnostics” on
page A-20.

Gigabit Ethernet Configuration

Configuring STP on Gigabit Ethernet ports (IP2100 only)

Configuring STP on Gigabit Ethernet ports (IP2100 only)

IP2100 systems support the Rapid Spanning Tree Protocol (RSTP), which is a Layer 2
link management protocol that prevents loops in a switched network with redundant
data paths.

The protocol creates a spanning tree using a subset of the links, but ensuring that all
switches are reachable within the tree. Spanning tree ensures that there is only one
path between any pair of switches. This avoids the receipt of duplicate messages by
the switches, which could otherwise occur if a loop exists in the network. Frames are
forwarded only on links that make up the spanning tree, thereby ensuring that
frames are not forwarded in endless loops. If there is a change in the topology (for
example, when switches or links become available or unavailable), the protocol
reconfigures the tree.

RSTP (IEEE 802.1w) is an evolution of the Spanning Tree Protocol (STP) defined in
the IEEE 802.1d standard. With this software version, only one RSTP instance is
supported. That is, only one spanning tree is built. Future versions will allow multiple
instances of STP with the Multiple Spanning Tree Protocol (MSTP). For consistency
with future versions, the descriptions in this document refer to RSTP simply as STP.

Primary application with this software version

With this software version, the primary application of STP on IP2100 systems is to
enable redundant uplinks to the IP network for VLAN configurations. In Figure 2-3,
the two STP-enabled Gigabit Ethernet (GigE) ports of the IP2100 control module are
linked to two Ethernet switches to provide redundant uplinks.

Stinger® IP Control Module Configuration Guide 2-17

Gigabit Ethernet Configuration

Configuring STP on Gigabit Ethernet ports (IP2100 only)

Figure 2-3. Redundant uplinks for a VLAN

Upstream Downstream

Next-hop
router

VLAN 50

Limitations with this software version

1:1 VLAN circuit connections and stacked VLAN connections are not currently
supported on STP-enabled ports. Only the following connection types currently work
on STP-enabled ports:

■ Routed connections

■ Transparent bridged connections

STP recognizes ports but does not recognize VLANs. For this reason, the following
restrictions apply:

■ To provide fully redundant uplinks to VLANs, both IP2100 GigE ports must

support the same VLAN configurations.

When you create a VLAN-ETHERNET profile with the special slot-ether-group
designation in the index, the system automatically creates the specified VLAN
interface for both (grouped) GigE ports. The STP subsystem decides which port to
use for forwarding upstream traffic.

■ Load-balancing is not supported at the VLAN level.

Currently, you cannot have one of the GigE ports in a forwarding state for one set
of VLANs and in a discarding state for another set of VLANs.

■ Subtending by switching between the GigE ports is supported only for

transparent bridged connections.

IP DSLAM

Ethernet
switches

Redundant uplinks
on CM’s GigE ports

Stinger

CPE-1

Configuration overview

STP configuration requires both bridge-level settings for the grouped IP2100 GigE
ports, and port-level settings for each of the grouped ports. To configure STP, you
must complete the following steps:

1 Group the set of IP2100 GigE ports that will participate in STP.

You group the ports by creating an ETHER-GROUP profile and specifying the
index of that profile in each port’s ETHERNET profile.

Note that with this software version, only one ETHER-GROUP profile is
supported for STP, because only one spanning tree instance is built.

2 Configure bridge-level STP options for this group.

The bridge-level parameters are specified in the ETHER-GROUP profile.

3 Configure port-level STP options for each individual port.

The port-level parameters are specified in each port’s ETHERNET profile.

4 Configure VLANs on the grouped ports.

2-18 Stinger® IP Control Module Configuration Guide

Configuring STP on Gigabit Ethernet ports (IP2100 only)

When you create a VLAN-ETHERNET profile with an index in the following
format:

VLAN-ETHERNET { { shelf-1 slot-ether-group ether-group-ID } VLAN-ID }

The system creates a VLAN interface with the specified VLAN-ID on both STP­enabled ports. Instead of creating up to 4096 VLAN interfaces, the system can
now create twice that number, because for each VLAN interface only one of the
ports will be active. VLAN IDs must be unique among the STP-enabled ports.

When the configuration is complete, the STP subsystem determines whether one or
both of the IP2100 GigE ports will forward data traffic, and begins interacting with
other STP bridges by transmitting and receiving STP control frames (BPDUs).

Bridge-level STP settings in the ETHER-GROUP profile

Following are the ETHER-GROUP profile contents, shown with default settings, for
configuring bridge-level STP settings:

[in ETHER-GROUP/1]
index-item-number* = 1
enabled = yes
type = lacp
STP-options = { stp 32768 20 2 15 }

[in ETHER-GROUP/1:STP-options]
protocol = stp
bridge-priority = 32768
max-age = 20
hello-time = 2
forward-delay = 15

Gigabit Ethernet Configuration

Parameter Setting

index-item-number The number of the group. You must assign a nonzero

value to this field. With this software version, only one
ETHER-GROUP profile is supported for STP.

enabled

Enables or disables the profile. The profile is enabled by
default. You can disable a profile to disable STP.

type

protocol

The type of group. Set this parameter to stp.

The type of Spanning Tree Protocol. Currently, stp is the
only supported setting.

Stinger® IP Control Module Configuration Guide 2-19

Gigabit Ethernet Configuration

Configuring STP on Gigabit Ethernet ports (IP2100 only)

Parameter Setting

bridge-priority The 802.1D Bridge Priority value. Bridge priority forms

part of the bridge identifier advertised to other bridges.
It is used to determine the root bridge. The lower the
number, the higher the priority.

The default setting is 32768. The valid range is from 0 to
61,440. For STP, the priority value must be a multiple of

4096. This allows the setting of 16 relative priority
values.

You can use this setting to control the designation of the
system as root bridge. Although it is not recommended
to use the Stinger system as root bridge because doing so
might affect the QoS of existing connections, the system
does have the capability to act as root bridge.

max-age The 802.1D Bridge Max Age value. This is the

maximum age (in seconds) of received protocol
information before it is discarded. The default is 20
seconds. The valid range is from 6 to 40.

hello-time The 802.1D Bridge Hello Time value. This is the interval

(in seconds) between transmission of periodic
Configuration BPDUs by designated ports. Valid settings
are 1 and 2. The default is two seconds.

forward-delay The 802.1D Bridge Forward Delay value. This is the time

(in seconds) spent by a port in Listening State and
Learning State before moving to Learning or
Forwarding State respectively. The default value is 15
seconds. The valid range is from 4 to 30.

Port-level STP settings in each port’s ETHERNET profile

Following are the parameters, shown with default settings for port 2, for configuring
port-level STP settings on the IP2100 GigE ports:

[in ETHERNET/{ shelf-1 first-control-module 2 }]
enabled = yes
ether-group = 0
stp-options = { 128 0 no point-to-point }

[in ETHERNET/{ shelf-1 first-control-module 2 }:stp-options]
port-priority= 128
path-cost = 0
edge-port = no
link-type = point-to-point

Parameter Setting

enabled Enables or disables the port for use.

2-20 Stinger® IP Control Module Configuration Guide

Gigabit Ethernet Configuration

Configuring STP on Gigabit Ethernet ports (IP2100 only)

Parameter Setting

ether-group The index of an ETHER-GROUP profile. When set to 0

(default), the port operates individually. If set to a
nonzero value, the system searches for an ETHER­GROUP profile indexed by this value. If it finds one, the
port will be attached to that group provided that the
following conditions are true:

■ The ETHER-GROUP profile is enabled.

■ The ETHER-GROUP profile specifies a type of stp.

■ The ETHERNET profile is STP-enabled.

If the port cannot be attached it will continue to operate
as an individual port.

port-priority A priority value, from 1 to 255 in multiples of 16, used

to give preference to one port over another. The lower
the value, the higher the priority.

The default setting is 128. The valid range is 1-255, but
for STP the value must be a multiple of 16.

When two interfaces on a switch are part of a loop, the
spanning-tree port priority and path cost settings
determine which interface is put in the forwarding state
and which is put in the blocking state.

path-cost The path cost of the port, which is used in computing

the root path cost (the cost from the port to the root
switch). The path cost is related to link speed. With the
default zero value, the system itself chooses the default
value based on the link speed. Defaults for different link
speeds are listed in Table 17.3 of the IEEE standard

802.1D-2004.

When two interfaces on a switch are part of a loop, the
spanning-tree port priority and path cost settings
determine which interface is put in the forwarding state
and which is put in the blocking state.

edge-port Whether the port is at the edge of the switched network

(true or false). This parameter should be set to true
only if the port is connected to host machines, and not
to other switches. If the port is connected to one or
more other switches, use the default false setting.

link-type Type of link between the port and the next switch or

host machine. Valid values are point-to-point and
shared.

Sample configuration with transparent bridging

To enable a bridge group to operate across the STP-enabled ports, the “router”
interface for the bridge group must be supported on both ports. To allow this, use the
slot-ether-group designation as the LAN router slot.

Stinger® IP Control Module Configuration Guide 2-21

Gigabit Ethernet Configuration

Configuring STP on Gigabit Ethernet ports (IP2100 only)

This sample configuration enables the IP2100 GigE ports to participate in STP. It also
shows the use of the STP command, which provides detailed information about the
STP subsystem. For information about this command, see the Stinger Reference.

1 Create an ETHER-GROUP profile and enable STP. For example:

admin> new ether-group

admin> set index-item-number = 2

admin> set type = stp

admin> write -f

2 Display the bridge-level settings to verify that STP is enabled. For example:

admin> stp -b
Bridge Level STP information:

---------------------------­STP Enabled: Yes
Protocol: Stp
Ether-Group: 2
Bridge Priority: 32768
Max Age: 20
Hello Time: 2
Forward Delay: 15

This command shows that STP is enabled and a non-zero ETHER-GROUP
number has been assigned. The other fields are bridge-level STP configuration
parameters, which use the default values in this example. See the Stinger Reference
for more detail.

3 Display the STP state machine. For example:

admin> stp -z
% TAOS: Spanning Tree Enabled - Learning Enabled
% TAOS: Ageing Time 300 - Root Path Cost 0 - Priority 32768
% TAOS: Forward Delay 15 - Hello Time 2 - Max Age 20 - Root Port 0
% TAOS: Root Id 8000000000000000
% TAOS: Bridge Id 8000000000000000
% TAOS: 0 topology changes - last topology change 0%

Note that the state machines has information regarding only one bridge, which is
named TAOS. See the Stinger Reference for more detail.

4 Open the ETHERNET profile for the first GigE port and specify the index of the

ETHER-GROUP profile. This enables the port to participate in STP. For example:

admin> read ethernet { 1 8 2 }

admin> set ether-group = 2

admin> write -f

5 Repeat step 4 for the second GigE port. For example:

admin> read ethernet { 1 8 3 }

admin> set ether-group = 2

admin> write -f

6 Display the port-level settings. For example:

admin> stp -p
PhyAddr Prio State Cost edge LinkType initState

2-22 Stinger® IP Control Module Configuration Guide

Gigabit Ethernet Configuration

Configuring STP on Gigabit Ethernet ports (IP2100 only)

{1 8 2} 128 Forwarding 20000 No Point-to-Point Running
{1 8 3} 128 Forwarding 20000 No Point-to-Point Running

7 Configure a VLAN-ETHERNET profile using the group index.

This command shows that the two GigE ports are running STP, because the
initState column displays Running. If this column displays Configured, it
indicates that the port is configured for STP but that STP is not running, perhaps
because the link state of the port is down, or because the system did not find an
interface for the port. See the Stinger Reference for more detail.

8 At this point, display the STP state machine again. Now the command shows that

state machine information for both the ports ie1 and ie2 participating in STP. See
the Stinger Reference for more detail. For example:

admin> stp -z
% TAOS: Spanning Tree Enabled - Learning Enabled
% TAOS: Ageing Time 300 - Root Path Cost 0 - Priority 32768
% TAOS: Forward Delay 15 - Hello Time 2 - Max Age 20 - Root Port 0
% TAOS: Root Id 800000d052025f56
% TAOS: Bridge Id 800000d052025f56
% TAOS: 2 topology changes - last topology change 6899%
% ie2: Port 2 - Id 8002 - Role Designated - State Forwarding
% ie2: Configured path cost 20000 - Designated path cost 0
% ie2: Designated port id 8002 - Priority 128
% ie2: Designated Root 800000d052025f56
% ie2: Designated Bridge 800000d052025f56
% ie2: Message Age 0 - Max Age 20
% ie2: Hello Time 2 - Forward Delay 15
% ie2: Forward Timer 0 - Msg Age Timer 0 - Hello Timer 2
% ie2: Version Rapid Spanning Tree Protocol - Received None - Send STP
% ie2: No portfast configured - Current portfast off
% ie2: Configured Link Type point-to-point - Current point-to-point
% ie2: forward-transitions 0
%
% ie1: Port 1 - Id 8001 - Role Designated - State Forwarding
% ie1: Configured path cost 20000 - Designated path cost 0
% ie1: Designated port id 8001 - Priority 128
% ie1: Designated Root 800000d052025f56
% ie1: Designated Bridge 800000d052025f56
% ie1: Message Age 0 - Max Age 20
% ie1: Hello Time 2 - Forward Delay 15
% ie1: Forward Timer 0 - Msg Age Timer 0 - Hello Timer 1
% ie1: Version Rapid Spanning Tree Protocol - Received None - Send STP
% ie1: No portfast configured - Current portfast off
% ie1: Configured Link Type point-to-point - Current point-to-point
% ie1: forward-transitions 0

9 Create a VLAN on the STP-enabled ports.

For example, the following commands create VLAN 10, which belongs to
BRIDGE-GROUP 10. Note that bridge-type is set to transparent-bridging.

admin> new bridge-group

admin> set enable = yes

admin> set bridging-group = 10

Stinger® IP Control Module Configuration Guide 2-23

Gigabit Ethernet Configuration

Configuring STP on Gigabit Ethernet ports (IP2100 only)

admin> set igmp-snooping-enabled = yes

admin> set lan-router-interface physical-address shelf = shelf-1

admin> set lan-router-interface physical-address slot = slot-ether-group

admin> set lan-router-interface physical-address item-number = 1

admin> set lan-router-interface logical-item = 10

admin> write -f

admin> new vlan-ethernet

admin> set interface-address physical-address shelf = shelf-1

admin> set interface-address physical-address slot = slot-ether-group

admin> set interface-address physical-address item-number = 1

admin> set interface-address logical-item = 10

admin> set enabled = yes

admin> set bridging-options bridging-group = 10

admin> set bridging-options bridge = yes

admin> set bridging-options bridge-type = transparent-bridging

admin> write -f

10 Display the VLANs configured on STP-enabled ports. For example:

admin> stp -v
VlanId Bridge-Group

------ -----------­ 10 10

This command displays VLAN 10 and the bridge group to which it belongs.

Note that the LAN “router” interface defined in the BRIDGE-GROUP profile will be
supported on both STP-enabled ports.

Routing implications for STP-enabled ports

STP is a layer 2 control protocol for bridged traffic. However, the Gigabit Ethernet
ports of the IP2100 control module handle both bridged and routed traffic, and STP
state changes on the ports affect routed traffic as well as bridged traffic. If not
properly handled, STP state changes on the ports would trigger a flood of route
update messages and the network might take time to converge, which could block
routed traffic for a long time.

The Stinger RSTP implementation ensures that state changes of the STP-enabled
ports will not trigger route update messages and hence the network or routing
protocols do not attempt to converge. In fact, there will be no change to the routing
table and routed traffic will not be blocked for a long time.

To prevent route update messages when a Gigabit Ethernet port transitions from a
Blocking to a Forwarding state, both ports must keep track of a next hop router’s
reachability. To enable this, the system monitors downstream traffic and constructs a
table that maps the combination of VLAN ID and MAC address to specific ports. In
addition, the system sends ARP requests whenever the STP state of one of the ports
changes.

2-24 Stinger® IP Control Module Configuration Guide

Administrative tools for Gigabit Ethernet

With these two actions, nothing changes from the routing perspective on STP­enabled ports, and no route update messages are generated when one port switches
to a Blocking state. The following command displays the contents of the VLAN-MAC
to port mapping table:

admin> macStpportMap
MAC Address VlanID IfNum

------------------------------­00:00:e2:19:bd:16 2111 33

The first column of the output displays the MAC address of the gateway. The second
column displays the VLAN ID associated with the MAC address in the first column.
The third column displays the interface number of the Gigabit Ethernet port on
which the MAC frame was received.

Administrative tools for Gigabit Ethernet

The system supports the gmac command for administrative information about Gigabit
Ethernet ports. If you are managing the system remotely, some of this information is
also available through the ip2kstats MIB. For details, see “Gigabit Ethernet
diagnostics” on page A-2 and “SNMP MIB for GMAC and VLAN statistics” on
page A-29. For other commands that can be used to monitor activity on any Ethernet
port, such as etherdisplay, see the Stinger Reference.

Gigabit Ethernet Configuration

Stinger® IP Control Module Configuration Guide 2-25

VLAN Configuration

IP filters for Ethernet-encapsulated bridged IP datagrams . . . . . . . . . . . . . . . . . . 3-2

Configuring 1:1 VLAN bridging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2

Configuring N:1 VLAN bridging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6

Configuring stacked VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-24

Configuring routed VLANs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-32

VLAN bridging of IPoA traffic to an upstream BRAS . . . . . . . . . . . . . . . . . . . . . 3-36

PPPoA bridging in 1:1 and N:1 VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-46

Administrative tools for VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-53

This chapter describes configuration of virtual LAN (VLAN) operations and traffic
characteristics. For detailed background information about VLAN, see IEEE standard

802.1Q (1998) for Local and Metropolitan Area Networks: Virtual Bridged Local Area
Networks. In this chapter, the following VLAN terminology is used:

3

Table 3-1. Definition of VLAN terms

VLAN term Definition

VLAN bridging (1:1) A bridging configuration between a single PVC and a VLAN,

with a 1:1 mapping. The setup uses vlan-circuit bridging.

VLAN bridging (N:1) A bridging configuration between multiple PVCs and a

VLAN, using transparent bridging and a bridge group.

Stacked VLAN

Routed VLAN

Stinger® IP Control Module Configuration Guide 3-1

A bridging configuration that encapsulates a VLAN within
another VLAN to greatly increase the VLAN space. A stacked
VLAN uses double tagging, where one 802.1Q tag represents
a service provider (NSP) and a second 802.1Q tag represents
an ID that is unique within the NSP VLAN.
A routing configuration in which the upstream IP interface is
VLAN enabled. A routed VLAN interface is always mapped to
a virtual IP interface on a control module GigE port. Packets
received on a routed VLAN interface are routed based on the
IP address, and packets are sent through the routed VLAN
interface based on an IP routing decision.

VLAN Configuration

IP filters for Ethernet-encapsulated bridged IP datagrams

IP filters for Ethernet-encapsulated bridged IP datagrams

Systems with an IP2100 control module support IP filtering applied to Ethernet­encapsulated bridged IP datagrams on the DSL side of the following types of Layer 2
connections:

■ 1:1 bridged VLAN circuits

■ N:1 bridged VLAN circuits (with transparent bridging)

■ Stacked VLAN circuits

In terms of defining and verifying the IP filters, all configurations and commands
remain the same as for IP filters applied to routed connections. See Chapter 11,
“Filter Configuration.”

The IP filters apply only to CONNECTION profiles. Layer 3 filters are not supported
on bridged Ethernet interfaces. Although there is no runtime validation to prevent
you from applying a Layer 3 filter in a VLAN-ETHERNET profile, it is a
misconfiguration and would not have the desired effect.

The following restrictions apply:

■ IP filters apply only to Ethernet-encapsulated bridged IP datagrams. The filters do

not apply to IP packets with other types of encapsulations, such as PPPoE.

■ This feature is supported only on systems with an IP2100 control module.

Configuring 1:1 VLAN bridging

This section describes how to configure vlan-circuit bridging, which maps one user
PVC to one unique VLAN ID, as shown in Figure 3-1. Source MAC address learning
does not apply (and is not needed) in this configuration.

Figure 3-1. Bridging VLAN: One PVC to one VLAN (1:1)

Ethernet side User side

VLAN 1

With the VLAN circuit (1:1) bridging configuration, the user CPE encapsulates data
using RFC 2684 encapsulation for bridged protocols. The system bridges the frames
received on the user PVC only to the paired VLAN, and vice versa.

To configure vlan-circuit bridging, complete the following steps:

1 Create a VLAN-ETHERNET profile on Gigabit Ethernet and assign a bridge group

number.

2 Create a CONNECTION profile and specify the same bridge group.

Stinger

IP DSLAM

User-1 (VLAN 1)

3-2 Stinger® IP Control Module Configuration Guide

Configuring 1:1 VLAN bridging

Overview of VLAN-ETHERNET and CONNECTION settings

The index of a VLAN-ETHERNET profile specifies the physical address of the Gigabit
Ethernet port and a unique VLAN ID. Following are the profile contents, shown for
VLAN ID 50:

[in VLAN-ETHERNET/{ { shelf-1 first-control-module 2 } 50 }]
interface-address* = { { shelf-1 first-control-module 2 } 50 }
vlan-id = 0
enabled = no
filter-name = ""
pppoe-options = { no no }
bridging-options = { 0 no no vlan-circuit 0 }

[in VLAN-ETHERNET/{ { shelf-1 first-control-module 2} 50}:bridging-options]
bridging-group = 0
bridge = no
bridge-type = vlan-circuit
mac-address-learning-limit = 16

The following connection settings, shown with default settings, enable subscribers to
bridge to the configured VLAN:

[in CONNECTION/"":bridging-options]
bridging-group = 0
bridge = no
bridge-type = vlan-circuit
mac-address-learning-limit = 16

VLAN Configuration

Parameter Setting

interface-address

vlan-id

enabled

filter-name

Address of the Gigabit Ethernet port followed by the
VLAN ID, using the following format:

{ { shelf-n slot-n port-n } vlan-id }

The slot-n is first-control-module or
second-control-module, depending on the slot in which

the active control module is installed, and port-n is 2
for the Gigabit Ethernet port. The vlan-id value is the
IEEE 802.1Q VLAN tag value added to the IP packets
transmitted on the Ethernet interface. The valid range is
from 0 to 4095, but for full compatibility with IEEE

802.1Q, Lucent recommends that you do not use the
vlan-id values of 0, 1 or 4095. However, the system
does not prevent you from assigning these values.

VLAN ID. This setting is read-only. You must set it in the
index of the VLAN-ETHERNET profile.

Enable/disable the VLAN-ETHERNET profile.

Name of a filter to apply to traffic received on the VLAN
interface. For all types of bridged VLANs, the configured
filter must be an Ethernet input filter. For routed
VLANs, the filter must be an IP filter. For details about
creating and applying filters, see Chapter 11, “Filter
Configuration.”

Stinger® IP Control Module Configuration Guide 3-3

VLAN Configuration

Configuring 1:1 VLAN bridging

Parameter Setting

pppoe-options

bridging-group

bridge

bridge-type

mac-address-learning­limit

Not currently supported.

Number from 0 to 65535, used to group bridged
interfaces.

For 1:1 VLAN bridging, this setting must match in the
VLAN-ETHERNET and CONNECTION profiles.

For N:1 VLAN bridging, this setting must match in the
BRIDGE-GROUP, VLAN-ETHERNET and CONNECTION
profiles.

If enabled, associates the port with the specified
bridging-group.

Type of bridging to use on the VLAN or WAN interface:

vlan-circuit Required setting for 1:1 VLAN

bridging (the default).

transparent­bridging

Required setting for N:1 VLAN
bridging.

stacked-vlan Required setting for stacked

VLAN bridging.

no-bridging Required setting for routed

VLANs.

Maximum number of MAC addresses the system will
learn across the interface. With a zero (0) setting, no
limit is set in software. This is the default setting on a
VLAN interface.

packet-type

With a nonzero value, the system adds only the speci­fied number of addresses to the bridge table. The maxi­mum number of MAC addresses the system will learn
on a DSL or VLAN interface is 1024.

In a CONNECTION profile, a new mac-address-
learning-limit setting takes effect when you write the
profile. The connection is bounced to instate the new
limit. However, for a new value to take effect on the
VLAN Ethernet side, you must manually disable the
profile and then reenable it.

The bridge-type parameter must be set to transparent-
bridging for this setting to take effect. For more details,
see “How address limiting works” on page 3-11.

Type of packet to be bridged. With the default none
setting, all packet types are bridged. Set packet-type to
ipoa to bridge IPoA packets on this connection and
responds to ARP requests received on the VLAN
Ethernet interface.

The bridge-type parameter must be set to vlan-circuit
(the default) for this setting to take effect.

3-4 Stinger® IP Control Module Configuration Guide

Sample 1:1 VLAN bridging configuration

Figure 3-2 shows a Stinger system bridging a PVC to a VLAN:

Figure 3-2. Sample 1:1 VLAN circuit

VLAN Configuration

Configuring 1:1 VLAN bridging

Ethernet side User side

VLAN 50

[in VLAN-ETHERNET:bridging-options]
bridging-group = 34590

Stinger

IP DSLAM

User-1 (VLAN 50)

[in CONNECTION:bridging-options]
bridging-group = 34590

To configure the VLAN circuit, first verify that bridging is enabled on the physical
interface. For example:

admin> get ethernet { 1 8 2 } bridging-enabled
[in ETHERNET/{ shelf-1 first-control-module 2}:bridging-enabled]
bridging-enabled = yes

If bridging is not enabled, enable it as described in “Enabling layer 2 bridging for
VLAN operations” on page 2-3. Then, follow these steps:

1 Create a VLAN-ETHERNET profile.

admin> new vlan-ethernet { { 1 8 2 } 50 }

admin> set enabled = yes

admin> set bridging-options bridging-group = 34590

admin> write -f

2 Create a CONNECTION profile for the PVC side of the VLAN circuit.

admin> new connection dslcpe

admin> set active = yes

admin> set encapsulation-protocol = atm

admin> set ip-options ip-routing-enabled = no

admin> set bridging-options bridging-group = 34590

admin> set bridging-options bridge = yes

admin> set atm-options vpi = 8

admin> set atm-options vci = 100

admin> set atm-options nailed-group = 51

admin> write -f

For background information about configuring PVCs, see the Stinger ATM
Configuration Guide.

Stinger® IP Control Module Configuration Guide 3-5

VLAN Configuration

Configuring N:1 VLAN bridging

Configuring N:1 VLAN bridging

This section describes how to bridge multiple user PVCs onto a VLAN, as shown in
Figure 3-3.

Figure 3-3. Bridging multiple PVCs to a VLAN

Ethernet side User side

VLAN 1

VLAN 2

Stinger

IP DSLAM

User-1 (VLAN 1)

User-2 (VLAN 1)

User-3 (VLAN 2)

User-4 (VLAN 2)

The user CPE encapsulates data using RFC 2684 encapsulation for bridged protocols,
and the system bridges the frames to the associated VLAN (and vice versa),
performing transparent bridging to build a table of known MAC addresses and the
port associated with each address. If the system receives packets for an unknown
MAC address, or if it receives broadcast packets, the traffic is forwarded on all ports
that are part of the bridge group.

A BRIDGE-GROUP profile defines the traffic characteristics of the VLAN and assigns a
BRIDGE-GROUP number that is shared by the VLAN configuration and all user PVCs
that are part of it.

To configure VLAN bridging, complete the following steps:

1 Create a BRIDGE-GROUP profile that defines traffic characteristics for the VLAN

and assigns its bridging-group number.

2 Create a VLAN-ETHERNET profile on the Gigabit Ethernet port and bind it to the

BRIDGE-GROUP profile.

3 Create CONNECTION profiles for user PVCs, and bind them to the same bridge

group.

Creating and configuring bridge groups

To define a limited broadcast domain for a bridged VLAN with multiple subscriber
interfaces, the system requires bridge groups. Each VLAN must have a unique bridge
group number, which is shared by all interfaces within the same VLAN.

Note The maximum number of bridge groups in the system is 256. However, the

practical limit will be less than that if multicast groups are also configured. For details,
see “IP2100 and IP2000 maximum limits on multicast and bridge groups” on
page 9-3.

The system creates a bridging table that contains only interfaces in the same bridge
group, and when it receives packets from one interface in the group, it consults only
that bridging table for destination ports. It will not forward the traffic to interfaces
that are not in the same bridge group.

3-6 Stinger® IP Control Module Configuration Guide

To optimize its forwarding operations over time, the system uses an IEEE 802.1
transparent bridging algorithm to build a table of known MAC addresses and the port
associated with each address. If it receives packets for an unknown MAC address, or
if it receives broadcast packets, the traffic is forwarded on all ports that are part of the
bridge group except the port on which the packets were received.

Overview of BRIDGE-GROUP settings

The BRIDGE-GROUP profile defines traffic characteristics for VLAN bridging. The
index of a BRIDGE-GROUP profile specifies a bridging-group number. Following are
the BRIDGE-GROUP parameters, shown with default settings:

[in BRIDGE-GROUP/0]
enable = no
bridging-group = 0
mac-entry-age-time = 300
igmp-snooping = no
port-block-enabled = yes
lan-router-interface-address = { { any-shelf any-slot 0 } 0 }
wan-router-interface-profile = ""
dhcp-snooping = { no { no 0.0.0.0 "" 1 no } { no 0.0.0.0 1 "" no } }
pppoe-snooping = { no { no 0.0.0.0 "" 1 no } { no 0.0.0.0 "" 1 no } }

VLAN Configuration

Configuring N:1 VLAN bridging

Parameter Setting

enable

Enables or disables the BRIDGE-GROUP profile. Set this
parameter to yes.

bridging-group Number from 0 to 65535, used to group bridged

interfaces. The same number specified here must also
be specified as the bridging-group number in the
VLAN-ETHERNET and CONNECTION profiles.

mac-entry-age-time Timeout interval (in seconds) at which the system ages

out inactive MAC addresses from the bridge group’s
bridging table. Valid values are from 0 (which disables
the address aging function) to 65535. The default is 300
seconds.

When this timer expires, the system traverses all source
MAC addresses in the group’s bridge table and deletes
those addresses from which no traffic has been received
since the last traversal. A maximum of 32K addresses
can be aged out systemwide.

If you modify this value for a bridge group that is in use,
the new value is used for the next timeout.

Stinger® IP Control Module Configuration Guide 3-7

VLAN Configuration

Configuring N:1 VLAN bridging

Parameter Setting

igmp-snooping Enables or disables IGMP snooping. When IGMP is

port-block-enabled

lan-router-interface­address

wan-router-interface­profile

disabled (the default), multicast data streams are
forwarded to all ports in the VLAN, even those who
have not registered for the multicast. When IGMP
snooping is enabled and a Join is received from a
subscriber interface, the system snoops the packet and
makes an entry in its bridge table, along with the IP
multicast address. This Join is forwarded only on the
“router” interface and not on the other interfaces in the
bridge group.

To use IGMP snooping, set this parameter to yes, and
configure the lan-router-interface-address or wan-
router-interface-address parameter.

Enables or disables port blocking to prevent traffic flows
between subscriber interfaces in the same VLAN. Port
blocking is enabled by default, but to use it you must
configure the lan-router-interface-address or wan-
router-interface-address parameter.

Index of the VLAN-ETHERNET profile to be used as the
“router” interface in terms of traffic handling for this
bridge group. The specified interface is the default path
for uplinks from users, and is used in port blocking to
prevent other, unintended uses of the subscriber PVC
interfaces.

If IGMP snooping is enabled, the index must specify the
Ethernet or VLAN interface on which downstream
multicast streams are received.

This setting and the wan-router-interface-address
setting are mutually exclusive.

Name of the CONNECTION profile to be used as the
“router” port in terms of traffic handling for this bridge
group. The specified connection must be on a trunk
interface. It is the default path for uplinks from users,
and is used in port blocking to prevent other,
unintended uses of the subscriber PVC interfaces.

If IGMP snooping is enabled, the CONNECTION profile
name must specify the trunk interface on which
downstream multicast streams are received.

This setting and the lan-router-interface-address
setting are mutually exclusive.

3-8 Stinger® IP Control Module Configuration Guide

Configuring N:1 VLAN bridging

Parameter Setting

dhcp-snooping

pppoe-snooping

Subprofiles for enabling DHCP snooping or PPPoE
snooping (or both). When DHCP and PPPoE snooping
are enabled, the system snoops clients’ DHCP requests
and PPPoE Discovery packets and add identifying
information to the packets before bridging the packets
upstream. The unique identifiers can be used in
authentication and accounting, and for troubleshooting
purposes. For details, see “Configuring DHCP and
PPPoE snooping for DSL line identification” on
page 3-14.

Sample BRIDGE-GROUP configuration with MAC address aging

The following commands modify bridge-group 451 to extend the duration of the
timer for discovering and dropping inactive source MAC addresses from its bridge
tables from the default five minutes (300 seconds) to 10 minutes.

admin> read bridge-group 451

admin> set mac-entry-age-time = 600

admin> write -f

VLAN Configuration

Sample BRIDGE-GROUP configuration with port blocking

Port blocking prevents users who are bridged to the same LAN or VLAN from
exchanging traffic flows user-to-user or from building virtual networks. To use it, you
must identify one “router” interface for the bridge group, which can be a VLAN
interface or a CONNECTION profile on a trunk interface. All other ports in the same
bridge group are then considered subscriber interfaces for traffic handling purposes.
Traffic received on the “router” and subscriber interfaces in a bridge group is
restricted as shown in Table 3-2.

Table 3-2. Traffic restrictions when port blocking is enabled

Received on “router” port

No restrictions are placed on traffic
received on the “router” interface.

Received on subscriber ports

Packets received on a DSL port and destined
for another DSL port in the same bridge
group are discarded. This prevents users
from building virtual networks using the
VLAN, or for making user-to-user
connections through the VLAN.

Broadcast packets are forwarded only to the
“router” interface.

Packets destined for a MAC address the
system does not recognize are forwarded
only to the “router” interface.

Stinger® IP Control Module Configuration Guide 3-9

VLAN Configuration

Configuring N:1 VLAN bridging

The next commands modify bridge-group 275 (VLAN 500) to use DSL port blocking,
by specifying a “router” interface:

admin> read bridge-group 275

admin> set lan-router-interface physical shelf = shelf-1

admin> set lan-router-interface physical slot = first-control-module

admin> set lan-router-interface physical item = 2

admin> set lan-router-interface logical-item = 500

admin> write -f

Sample BRIDGE-GROUP configuration with IGMP snooping

Layer 2 multicasting maps an IP multicast traffic to a MAC multicast address, which is
treated at layer 2 as broadcast traffic. Because broadcast traffic would typically be
forwarded to all interfaces in the VLAN, IGMP snooping is implemented on a bridge
group basis to enable efficient support for layer 2 multicasting to VLANs.

IGMP snooping “peeks” into the layer 3 content of multicast packets, and allows the
IP control module to forward multicast traffic for a particular group only to those user
PVCs that have registered in the group.

When IGMP snooping is enabled within a bridge group, all IGMP packets received on
an interface in that bridge group are snooped, and multicast forwarding is done on
the basis of the multicast group address and not on the basis of a multicast MAC
address.

Multicast data traffic is forwarded only to the users subscribed to the particular
multicast group. Table 3-3 shows how IGMP control packets are handled.

Table 3-3. IGMP control packet handling with IGMP snooping enabled

Control packet type System action

IGMP-QUERY Generic queries received from the “router” interface are

forwarded to all DSL users.

Group-specific queries received from the “router”
interface are forwarded to users who have joined that
group.

IGMP-REPORT(v1/v2) Reports received from users are forwarded only to the

“router” interface.

Note The Stinger system does not generate any IGMP queries or reports. It is up to

the upstream router to generate queries and handle the reports, and it is up to the
end users to send reports.

The following commands modify bridge-group 22 (VLAN 478) to enable IGMP
snooping. A designated “router” interface is required for this feature to work:

admin> read bridge-group 22

admin> set igmp-snooping = yes

admin> set lan-router-interface physical shelf = shelf-1

admin> set lan-router-interface physical slot = first-control-module

3-10 Stinger® IP Control Module Configuration Guide

admin> set lan-router-interface physical item = 2

admin> set lan-router-interface logical-item = 478

admin> write -f

When IGMP snooping is enabled and a Join is received from a subscriber interface,
the system snoops the packet and makes an entry in its bridge table, along with the IP
multicast address. This Join is forwarded only on the “router” interface and not on
the other interfaces in the bridge group.

Similarly, when a multicast data packet arrives from the LAN router interface, it is
snooped, checked for the IP multicast address and forwarded only on subscriber
interfaces from which a Join was received.

If both IGMP snooping and port blocking are enabled and the system receives traffic
for 224.0.0.* from the “router” interface, it is forwarded on all the ports in the bridge
group. However, if traffic for 224.0.0.* is received from a subscriber interface, it is
forwarded only to the “router” interface.

VLAN and connection settings

For details about the VLAN and bridging parameters used in the vlan-ethernet and
CONNECTION profiles for an N:1 VLAN bridging configuration, see “Overview of
VLAN-ETHERNET and CONNECTION settings” on page 3-3. For background
information about configuring subscriber PVCs, see the Stinger ATM Configuration
Guide.

VLAN Configuration

Configuring N:1 VLAN bridging

How address limiting works

The transparent bridging algorithm enables the system to learn the MAC addresses of
devices sending traffic across an interface and enter the addresses in an internal
bridge table. This algorithm is subject to the limits shown in Table 3-4, which are
based on the amount of memory reserved for this purpose.

Table 3-4. Maximum number of learned MAC addresses per module

Module Types of interfaces Total number of learned addresses

Control module Trunk or GigE 32,768

LIM DSL 1,170

Within the limits shown in Table 3-4, you can restrict the number of addresses the
system will learn across a connection by setting the mac-address-learning-limit
parameter in the connection bridging-options subprofile. If the system receives
traffic from an unknown source address after learning the maximum number of
MAC addresses, it discards the traffic and does not add the source address to the
bridge table.

For example, with the default 16 MAC address learning limit per connection, if 72
bridging connections are brought up on a LIM, the number of learned addresses (16 *

72) is 1,152, which is within the 1,170 limit on that LIM. If you require more than 72
bridging calls per LIM, you must correspondingly reduce the MAC address learning
limit per connection to remain within the LIM-wide limit of 1170.

Stinger® IP Control Module Configuration Guide 3-11

VLAN Configuration

g

Configuring N:1 VLAN bridging

Limiting the number of source MAC addresses learned on a transparent bridging
interface restricts the number of users that can access the network through a single
CPE, and prevents a type of denial-of-service attack in which a user overloads the
bridge table by sending heavy traffic from many different source MAC addresses.
When the address limit has been reached on a connection, the system logs a message
to that effect, to enable the administrator to check for denial-of-service attacks or, if
the connection attempts are valid, to reconfigure the limit on a connection.

If MAC address aging is also enabled, when one of the devices on an interface
becomes inactive for a specified interval, the system ages the address out of its bridge
table. As soon as the bridge table contains less than the maximum number of
addresses for the interface, the system can again accept traffic from an unknown
source MAC address on that interface and add the address to its bridge table. For
details about address aging, see “Sample BRIDGE-GROUP configuration with MAC
address aging” on page 3-9.

Sample N:1 VLAN bridging configuration with address limiting

Figure 3-4 shows a Stinger system bridging multiple user PVCs onto a VLAN. MAC
address limiting will be enforced for CPE-1.

Figure 3-4. Sample N:1 VLAN bridging

Ethernet side User side

VLAN 50

[in VLAN-ETHERNET:bridging-options]
bridge-type = transparent-bridging
bridging-group = 451

[in BRIDGE-GROUP/451]
bridging-group = 451

Stinger

IP DSLAM

CPE-1

CPE-2

[in CONNECTION:bridging-options]
bridge-type = transparent-bridgin
bridging-group = 451

Remote LAN

With the sample configuration shown below, the system learns up to three MAC
addresses on the CPE-1 connection. For the first three PCs that send traffic, the
system forwards the traffic and learns the source MAC addresses. If the fourth PC
attempts to send traffic, the user’s connection is rejected. Later, if one of the bridged
PCs does not send traffic for a duration equal to the mac-entry-age-time setting, the
system ages out that MAC address from its bridge table. If the fourth PC sends traffic
at that time, the system learns its address and forwards the traffic.

To configure this N:1 VLAN bridging setup, first verify that bridging is enabled on the
physical interface. For example:

admin> get ethernet { 1 8 2 } bridging-enabled
[in ETHERNET/{ shelf-1 first-control-module 2}:bridging-enabled]
bridging-enabled = yes

3-12 Stinger® IP Control Module Configuration Guide

VLAN Configuration

Configuring N:1 VLAN bridging

If bridging is not enabled, enable it as described in “Enabling layer 2 bridging for
VLAN operations” on page 2-3. Then, follow these steps:

1 Create a bridge group. The following group sets the address age-out interval to

three minutes and uses DSL port blocking. (For more detail, see “Creating and
configuring bridge groups” on page 3-6.)

admin> new bridge-group

admin> set enable = yes

admin> set bridging-group = 451

admin> set lan-router-interface physical shelf = shelf-1

admin> set lan-router-interface physical slot = first-control-module

admin> set lan-router-interface physical item = 2

admin> set lan-router-interface logical-item = 50

admin> set mac-entry-age-time = 180

admin> write -f

2 Create a VLAN-ETHERNET profile.

admin> new vlan-ethernet

admin> set interface-address physical shelf = shelf-1

admin> set interface-address physical slot = first-control-module

admin> set interface-address physical item-number = 2

admin> set interface-address logical-item = 50

admin> set enabled = yes

admin> set bridging-options bridging-group = 451

admin> set bridging-options bridge = yes

admin> set bridging-options bridge-type = transparent-bridging

admin> write -f

For an example of applying a filter to a bridged VLAN interface, see “Applying a filter
to a VLAN Ethernet interface” on page 11-22.

3 Create CONNECTION profiles for bridged PVCs to the CPE devices. The profiles

must specify the right bridge group number. The profile for CPE-1 also limits the
number of MAC addresses to three.

admin> new connection cpe-1

admin> set active = yes

admin> set encapsulation-protocol = atm

admin> set ip-options ip-routing = no

admin> set bridging-options bridge = yes

admin> set bridging-options bridging-group = 451

admin> set bridging-options bridge-type = transparent-bridging

admin> set bridging-options mac-address-learning-limit = 3

admin> set atm-options vpi = 0

Stinger® IP Control Module Configuration Guide 3-13

VLAN Configuration

Configuring N:1 VLAN bridging

admin> set atm-options vci = 25

admin> set atm-options nailed-group = 51

admin> write -f

admin> new connection cpe-2

admin> set active = yes

admin> set encapsulation-protocol = atm

admin> set ip-options ip-routing = no

admin> set bridging-options bridge = yes

admin> set bridging-options bridging-group = 451

admin> set bridging-options bridge-type = transparent-bridging

admin> set atm-options vpi = 0

admin> set atm-options vci = 38

admin> set atm-options nailed-group = 57

admin> write -f

Configuring DHCP and PPPoE snooping for DSL line identification

You can configure DHCP snooping or PPPoE snooping, or both, to bridge unique DSL
line identification to upstream network elements. The unique identifier can be used
in authentication and accounting, and for troubleshooting purposes.

When DHCP and PPPoE snooping are enabled, the system snoops clients’ DHCP
requests and PPPoE Discovery packets on transparent bridging connections and adds
identifying information to the packets before forwarding the packets upstream.
Similarly, the system snoops downstream replies from a server and removes the
identifiers before bridging the packets to the DSL client.

This functionality is configurable by bridge group. The interface on which the packets
are forwarded upstream is the “router” interface defined in the BRIDGE-GROUP
profile, which means that the modified packets can be forwarded upstream on a
trunk interface (wan-router-interface) or Ethernet (lan-router-interface), but not
both.

Structure of identifiers added to DHCP and PPPoE Discovery packets

This section describes the identifying information added to DHCP Request and PPPoE
Discovery packet headers before they are forwarded upstream when DHCP or PPPoE
snooping is enabled.

Including a Stinger interface IP address

Upstream network elements can use the version and if-ip fields (shown in
Figure 3-5) to identify the Stinger system. These values are explicitly configured in
the BRIDGE-GROUP profile.

3-14 Stinger® IP Control Module Configuration Guide

Figure 3-5. Format when an interface IP address (if-ip) is used

VLAN Configuration

Configuring N:1 VLAN bridging

Relay agent version ID
(2 octets)

version

if-ip hostname

Interface IP address
(4 octets)

Name of the user VC connection profile
(32 octets)

The hostname field, which is automatically encoded from the hostname of the
CONNECTION profile, identifies the DSL end connection.

Including an identifying text string (PPPoE snooping only)

Because snooping functionality occurs at layer 2 (so the IP address of the Stinger
system is not directly relevant), the if-ip field can optionally be replaced by a text
string used to identify the Stinger system. In that case, upstream network elements
use the version and vendor-option-string fields (shown in Figure 3-6) to identify
the Stinger system. These values are explicitly configured in the BRIDGE-GROUP
profile.

Figure 3-6. Format when a text string (vendor-option-string) is used

Relay agent version ID
(2 octets)

Name of the user VC connection profile
(32 octets)

version

vendor-option-string hostname

Text string
(32 octets)

The hostname field, which is automatically encoded from the hostname of the
CONNECTION profile, identifies the DSL end connection.

Note Currently, this option is supported only for PPPoE snooping. The vendor-

option-string and if-ip fields are mutually exclusive.

Including only the hostname identifier

Typically the system adds the entire suboption field, including the hostname and the
version, if-ip, and other fields, using default values if the fields are unconfigured.

You can specify that only the hostname should be sent in the suboption field, as
shown in Figure 3-7. Only the actual hostname and its length is sent, not the
maximum allowed 32-byte field. Other values within the subprofile (such as version
or if-ip) are not sent, even if they are configured.

Figure 3-7. Format when sending only the hostname (send-only-hostname)

Length of
the ID

Name of the user VC connection profile
(N octets)

N

hostname

Stinger® IP Control Module Configuration Guide 3-15

VLAN Configuration

Configuring N:1 VLAN bridging

Configuring DHCP snooping

With DHCP snooping, the Stinger system snoops client-to-server DHCP request
packets and add identifiers before bridging the packets upstream. Source MAC
address learning is performed for packets that are forwarded via transparent bridging.

The system also snoops server-to-client DHCP reply packets to remove identifiers
before bridging the packets downstream to the destination MAC address of the frame.
If it receives DHCP reply packets from the server that do not contain the option 82
identifiers and DHCP snooping is enabled, the system drops the packets.

DHCP option 82 has two suboptions:

■ Suboption 1, for conveying a unique identifier for the user circuit

■ Suboption 2, for conveying a unique identifier for the remote host

You can configure the system to convey both suboptions or only one of them. For
DHCP snooping, the two suboptions behave similarly in that both suboptions encode
the hostname of the CONNECTION profile to identify the DSL end connection For
details about the format of the identifiers added by DHCP snooping, see “Structure of
identifiers added to DHCP and PPPoE Discovery packets” on page 3-14.

Overview of DHCP-snooping settings in BRIDGE-GROUP profiles

Following are the subprofiles and parameters, shown with default settings, for
configuring DHCP snooping for a bridge group. Configure suboption 1 in the
circuit-id subprofile or suboption 2 in the remote-id subprofile, or both. For DHCP
snooping, both suboptions encode the hostname of the user VC CONNECTION
profile.

[in BRIDGE-GROUP/0:dhcp-snooping]
enable = no
circuit-id = { no no 0.0.0.0 "" 1 no }
remote-id = { no no 0.0.0.0 "" 1 no }

[in BRIDGE-GROUP/0:dhcp-snooping:circuit-id ]
enable = no
send-hostname-only = no
if-ip = 0.0.0.0
vendor-option-string = ""
version = 1
dhcp-allow-any-src-port = no

[in BRIDGE-GROUP/0:dhcp-snooping:remote-id]
enable = no
send-hostname-only = no
if-ip = 0.0.0.0
vendor-option-string = ""
version = 1
dhcp-allow-any-src-port = no

3-16 Stinger® IP Control Module Configuration Guide

Parameter Description

enable

circuit-id | remote-id:
enable

Enable or disable DHCP snooping for this bridge group.

Enables or disables suboption 1 (in the circuit-id
subprofile) or suboption 2 (in the remote-id subprofile).
If enabled, the system encodes the hostname of the PVC
on which the DHCP Request packet was received.

circuit-id | remote-id:
send-hostname-only

Setting this parameter to yes causes the system to send
only the hostname and its length in the DHCP Option
82 suboption field. See “Including only the hostname
identifier” on page 3-15.

circuit-id | remote-id:
if-ip

IP address used to identify the Stinger system to the
DHCP server. If both circuit and remote ID options are
enabled, only one address is used. If both this field and
vendor-option-string are empty, the Stinger uses the
system address if that value has been defined. To
interoperate with DHCP servers that zero-delimit
suboption fields, the specified IP address cannot contain
a zero octet.

This setting and the vendor-option-string setting are
mutually exclusive in the same subprofile.

circuit-id | remote-id:
vendor-option-string

Currently, this option is supported only for PPPoE
snooping. For details, see “Including an identifying text
string (PPPoE snooping only)” on page 3-15.

circuit-id | remote-id:
version

Configurable version ID, set to 1 by default. To
interoperate with DHCP servers that zero-delimit
suboption fields, change this setting to a value of 257 or
higher.

circuit-id | remote-id:
dhcp-allow-any-src-port

Currently, this option is supported only for IPoA and
BIR connections. For details, see “Interoperation with
DHCP servers that zero-delimit suboption fields” on
page 4-76.

VLAN Configuration

Configuring N:1 VLAN bridging

Sample DHCP snooping configuration

Figure 3-8 shows a Stinger system bridging user PVCs onto an Ethernet VLAN using
transparent bridging. The CPE is operating in bridging mode, and the DHCP clients
obtain their configuration from an upstream DHCP server.

Figure 3-8. DHCP snooping example

Ethernet side User side

DHCP server

VLAN 18

Stinger® IP Control Module Configuration Guide 3-17

Stinger

IP DSLAM

8.8.8.8

CPE-1

DHCP clients

VLAN Configuration

Configuring N:1 VLAN bridging

To configure this VLAN for DHCP snooping, first verify that bridging is enabled on the
physical interface. For example:

admin> get ethernet { 1 8 2 } bridging-enabled
[in ETHERNET/{ shelf-1 first-control-module 2}:bridging-enabled]
bridging-enabled = yes

Then, follow these steps on the Stinger system:

1 Create a bridge group and enable DHCP snooping. You must also configure the

lan-router interface and configure the remote-id or circuit-id subprofile, or
both. In this example, the circuit-id subprofile is configured, and the Stinger
system’s IP address is used to identify it as the intermediate agent.

admin> new bridge-group

admin> set enable = yes

admin> set bridging-group = 333

admin> set lan-router-interface physical shelf = shelf-1

admin> set lan-router-interface physical slot = first-control-module

admin> set lan-router-interface physical item = 2

admin> set lan-router-interface logical-item = 18

admin> set dhcp-snooping enable = yes

admin> set dhcp-snooping circuit-id enable = yes

admin> set dhcp-snooping circuit-id if-ip = 8.8.8.8

admin> write -f

2 Create a VLAN-ETHERNET profile.

admin> new vlan-ethernet

admin> set interface-address physical shelf = shelf-1

admin> set interface-address physical slot = first-control-module

admin> set interface-address physical item = 2

admin> set interface-address logical-item = 18

admin> set enabled = yes

admin> set bridging-options bridging-group = 333

admin> set bridging-options bridge = yes

admin> set bridging-options bridge-type = transparent-bridging

admin> write -f

3 Create CONNECTION profiles for bridged PVCs to the CPE device. The profiles

must specify the right bridge group number.

admin> new connection

admin> set station = dhcp-client-1

admin> set active = yes

admin> set encapsulation-protocol = atm

admin> set ip-options ip-routing-enabled = no

admin> set bridging-options bridging-group = 333

admin> set bridging-options bridge = yes

3-18 Stinger® IP Control Module Configuration Guide

VLAN Configuration

Configuring N:1 VLAN bridging

admin> set bridging-options bridge-type = transparent-bridging

admin> set atm-options vpi = 0

admin> set atm-options vci = 57

admin> set atm-options nailed-group = 304

admin> write -f

With this configuration, when the client generates a DHCP request, the system adds
the following fields to the request packet:

Figure 3-9. Contents of fields with sample DHCP snooping configuration

Relay agent version ID

0x001

8.8.8.8 dhcp-client-1

Interface IP address

Name of the user VC connection profile

When the DHCP server replies with options, the Stinger system removes those
options before forwarding the reply to the client based on the destination MAC
address in the frame. If it receives DHCP replies from the server without option 82,
the system drops the packets.

Sample bridge-group configuration for sending only a hostname

The next commands configure a bridge group for a VLAN interface on which only the
hostname will be added to upstream packets:

admin> new bridge-group

admin> set enable = yes

admin> set bridging-group = 500

admin> set port-block-enabled = no

admin> set lan-router-interface physical-address shelf = shelf-1

admin> set lan-router-interface physical-address slot = first-control-module

admin> set lan-router-interface physical-address item-number = 2

admin> set lan-router-interface logical-item = 500

admin> set dhcp-snooping enable = yes

admin> set dhcp-snooping circuit-id enable = yes

admin> set dhcp-snooping circuit-id send-hostname-only = yes

admin> write -f

With this configuration, when the client in this bridge group generates a DHCP
request, the system adds only the number of octets in the hostname and the
hostname of the PVC on which the DHCP Request was received.

Stinger® IP Control Module Configuration Guide 3-19

VLAN Configuration

Configuring N:1 VLAN bridging

Configuring PPPoE snooping for line identification of PPPoE clients

When PPPoE snooping has been configured for the bridge group, the Stinger system
snoops incoming PPPoE Discover packets (Ether Type 0x8863) on connections and
adds vendor-specific information before bridging packets to an upstream interface
such as Ethernet.

For downstream PPPoE packets (server-to-client), the system snoops the packets to
remove the vendor-specific options, and then bridges the packet based on the
destination MAC address of the frame. Source MAC address learning is performed for
all packets that are forwarded via transparent bridging.

PPPoE Discovery packet handling with PPPoE snooping

When PPPoE snooping is enabled, the system snoops the following types of PPPoE
Discovery packets:

■ PPPoE Active Discovery Initiation (PADI)

■ PPPoE Active Discovery Offer (PADO)

■ PPPoE Active Discovery Request (PADR)

■ PPPoE Active Discovery Session-confirmation (PADS)

■ PPPoE Active Discovery Terminate (PADT)

Table 3-5 shows how these packets are handled in the upstream and downstream
directions.

Table 3-5. Packet handling with PPPoE snooping

Traffic direction PPPoE Discovery packet handling

Upstream For PPPoE Discovery packets received on a client interface

within the bridge group (any interface other than the “router”
interface), the following actions are performed:

■ PADO and PADS packets are discarded.

■ PADT packets are forwarded without modification via

transparent bridging.

■ PADI and PADR packets are modified by adding vendor-

specific options and are then forwarded via transparent
bridging.

Because PADI is a broadcast packet, it is forwarded to all ports
in the bridge group if DSL port blocking is not enabled.

If a packet’s length exceeds 1500 after adding the vendor­specific options, the Stinger system discards the packet.

If PADI or PADR packets coming from the clients already
contain the vendor-specific options, the Stinger system
discards the packet.

3-20 Stinger® IP Control Module Configuration Guide

VLAN Configuration

Configuring N:1 VLAN bridging

Table 3-5. Packet handling with PPPoE snooping (Continued)

Traffic direction PPPoE Discovery packet handling

Downstream

For PPPoE Discovery packets received on the “router”
interface of the bridge group (as defined by the lan-router-
interface or wan-router-interface setting), the following
actions are performed:

■ PADI and PADR packets are discarded.

■ PADT packets are forwarded without modification via

transparent bridging.

■ PADO and PADS packets are modified by removing

vendor-specific options if any are present, and are then
forwarded via transparent bridging.

Vendor-specific options in PPPoE packets

The vendor-specific tag added to or removed from PPPoE Discovery packets contains
the fields shown in Figure 3-10.

Figure 3-10. PPPoE vendor-specific tag format

+--------------+--------------+--------------+--------------+
| 0x0105 (Vendor-Specific) | TAG_LENGTH |
+--------------+--------------+--------------+--------------+
| 0x00000DE9(ADSL Forum IANA entry) |
+--------------+--------------+--------------+--------------+
| 0x01 | length | Agent Circuit ID value... |
+--------------+--------------+--------------+--------------+
| Agent Circuit ID value (cont) |
+--------------+--------------+--------------+--------------+
| 0x02 | length | Agent Remote ID value... |
+--------------+--------------+--------------+--------------+
| Agent Remote ID value (cont) |
+--------------+--------------+--------------+--------------+

The 0x0105 field is
the vendor-specific
tag described in RFC

2516.

The 0x01 and 0x02
fields contain DHCP
option 82 suboption
values (circuit-id and
remote-id)

The 0x01 and 0x02 fields contain values from the pppoe-snooping configuration in
the BRIDGE-GROUP profile, as described in “Structure of identifiers added to DHCP
and PPPoE Discovery packets” on page 3-14.

Overview of PPPoE snooping settings in BRIDGE-GROUP profiles

Following are the subprofiles and parameters, shown with default settings, for
configuring PPPoE snooping:

[in BRIDGE-GROUP/0:pppoe-snooping]
enable = no
circuit-id = { no no 0.0.0.0 "" 1 no }
remote-id = { no no 0.0.0.0 "" 1 no }

[in BRIDGE-GROUP/0:pppoe-snooping:circuit-id]
enable = no
send-hostname-only = no
if-ip = 0.0.0.0

Stinger® IP Control Module Configuration Guide 3-21

VLAN Configuration

Configuring N:1 VLAN bridging

vendor-option-string = ""
version = 1
dhcp-allow-any-src-port = no

[in BRIDGE-GROUP/0:pppoe-snooping:remote-id]
enable = no
send-hostname-only = no
if-ip = 0.0.0.0
vendor-option-string = ""
version = 1
dhcp-allow-any-src-port = no

Parameter Description

enable

circuit-id | remote-id:
enable

circuit-id | remote-id:
send-hostname-only

circuit-id | remote-id:
if-ip

circuit-id | remote-id:
vendor-option-string

circuit-id | remote-id:
version

circuit-id | remote-id:
dhcp-allow-any-src-port

Enable or disable PPPOE snooping for this bridge group.

Enables or disables suboption 1 (in the circuit-id
subprofile) or suboption 2 (in the remote-id subprofile).
If enabled, the system encodes the station value (the
hostname) of the CONNECTION profile that defines the
PVC on which the PPPoE Discovery packet was
received.

Setting this parameter to yes causes the system to send
only the hostname and its length in the DHCP Option
82 suboption field. See “Including only the hostname
identifier” on page 3-15.

This parameter works in the same way for DHCP
snooping and PPPoE snooping. For an example
BRIDGE-GROUP configuration that enables the
parameter, see “Sample bridge-group configuration for
sending only a hostname” on page 3-19.

IP address used to identify the Stinger system to the
BRAS, AAA, or PPPoE server. If both circuit and remote
ID subprofiles are enabled, only one address is used. If
both this field and vendor-option-string are empty,
the Stinger uses the system address if that value has
been defined.

This setting and the vendor-option-string setting are
mutually exclusive in the same subprofile.

Text string, up to 31 characters, used to identify the
Stinger system to the BRAS, AAA, or PPPoE server.

This setting and the if-ip setting are mutually
exclusive.

Configurable version ID, set to 1 by default.

Currently, this option is supported only for IPoA and
BIR connections. For details, see “Interoperation with
DHCP servers that zero-delimit suboption fields” on
page 4-76.

3-22 Stinger® IP Control Module Configuration Guide

VLAN Configuration

Configuring N:1 VLAN bridging

Sample PPPOE snooping configuration

Figure 3-4 shows a Stinger system bridging user PVCs onto a VLAN using transparent
bridging. The CPE is operating in bridging mode. In this case, PPPoE snooping is
enabled in the bridge group, so DSL line identification will be added to upstream
PPPoE Discovery packets.

Figure 3-11. PPPoE snooping example

AAA server

Ethernet side User side

VLAN 50

Stinger

IP DSLAM

8.8.8.8

CPE-1

PPPoE clients

To configure this VLAN for PPPoE snooping, first verify that bridging is enabled on
the physical interface. For example:

admin> get ethernet { 1 8 2 } bridging-enabled
[in ETHERNET/{ shelf-1 first-control-module 2}:bridging-enabled]
bridging-enabled = yes

Then, follow these steps:

1 Create a bridge group, and enable PPPoE snooping. You must also configure the

lan-router interface and configure either the remote-id or the circuit-id
subprofile, or both. In this example, the circuit-id subprofile is configured, and
a text string is used to identify the Stinger system as intermediate agent.

admin> new bridge-group

admin> set enable = yes

admin> set bridging-group = 451

admin> set lan-router-interface physical shelf = shelf-1

admin> set lan-router-interface physical slot = first-control-module

admin> set lan-router-interface physical item = 2

admin> set lan-router-interface logical-item = 50

admin> set pppoe-snooping enable = yes

admin> set pppoe-snooping circuit-id enable = yes

admin> set pppoe-snooping circuit-id vendor-option-string = stinger-001

admin> write -f

2 Create a VLAN-ETHERNET profile.

admin> new vlan-ethernet

admin> set interface-address physical shelf = shelf-1

admin> set interface-address physical slot = first-control-module

admin> set interface-address physical item = 2

admin> set interface-address logical-item = 50

admin> set enabled = yes

Stinger® IP Control Module Configuration Guide 3-23

VLAN Configuration

fil

Configuring stacked VLANs

admin> set bridging-options bridging-group = 451

admin> set bridging-options bridge = yes

admin> set bridging-options bridge-type = transparent-bridging

admin> write -f

3 Create CONNECTION profiles for bridged PVCs to the CPE devices. The profiles

must specify the right bridge group number.

admin> new connection

admin> set station = pppoe-client-1

admin> set active = yes

admin> set encapsulation-protocol = atm

admin> set ip-options ip-routing-enabled = no

admin> set bridging-options bridging-group = 451

admin> set bridging-options bridge = yes

admin> set bridging-options bridge-type = transparent-bridging

admin> set atm-options vpi = 0

admin> set atm-options vci = 36

admin> set atm-options nailed-group = 51

admin> write -f

With this configuration, when the client generates a PPPoE session request, the
system adds the following options to the request packet:

Figure 3-12. Contents of fields with sample PPPoE snooping configuration

Relay agent version ID

0x001

stinger-001 pppoe-client-1

Text string

When the BRAS replies with options, the Stinger system removes those options
before forwarding the reply to the PPPoE client.

Configuring stacked VLANs

VLAN stacking is a method of encapsulating one VLAN within another VLAN. It
allows a carrier to partition the network among several network service providers
(NSPs), while allowing each NSP to utilize VLANs to their full extent.

Each NSP can be assigned one or more VLANs (“backbone VLANs” or “NSP VLANs”),
and within each NSP VLAN, up to 4095 unique instances of 802.1Q VLAN IDs are
available, with each ID representing an ATM PVC from a DSL subscriber.

Stinger IP DSLAM systems support VLAN stacking for both untagged Ethernet frames
and VLAN tagged traffic received on subscriber interfaces. The two methods differ in
terms of subscriber CONNECTION profiles.

Name of the user VC connection pro

e

3-24 Stinger® IP Control Module Configuration Guide

Note For stacked VLAN connections, the Stinger IP DSLAM does not bridge frames

DSL sid

NSP 1

received from one DSL connection to another, even when the connections are
configured with the same bridging-group value. This applies even to broadcast and
multicast frames. Broadcast frames received from WAN interfaces are tagged with
both the NSP VLAN and user VLAN ID and bridged to the appropriate NSP VLAN.
Broadcast frames received from Gigabit Ethernet interface with a single VLAN tag are
not bridged to the WAN interfaces.

Bridging untagged frames to stacked VLANs

In the sample stacked VLAN setup shown in Figure 3-13, a layer-2 core is partitioned
among three NSPs.

Figure 3-13. Stacked VLAN: Bridging untagged frames from DSL interfaces

VLAN Configuration

Configuring stacked VLANs

VLAN 1

VLAN 2

VLAN 1

VLAN 50

NSP 3
VLAN 311

Ethernet side

VLAN aware
Layer 2 core

VLAN 2

NSP VLAN 50

NSP VLAN 478

NSP VLAN 311

NSP 2
VLAN 478

VLAN 2VLAN 1

Stinger

IP DSLAM

e

User-1

User-2

User-3

User-4

When the system receives untagged frames from an ATM PVC on a DSL interface, it
tags the frames with the user's VLAN ID. This VLAN tag represents the user's
connection within the context of an NSP. The system then embeds the tag in another,
second-tier VLAN ID, which represents the user’s NSP. The Ethernet frame from the
ATM PVC is then bridged over the Gigabit Ethernet interface.

When system receives VLAN stacked frames on the Gigabit Ethernet interface, the
NSP and subscriber VLAN tags are used to determine the DSL interface on which to
bridge the frames. The two VLAN tags are removed before bridging the packet onto
the WAN interface.

Overview of VLAN stacking settings for untagged frames

Each NSP requires one or more VLAN configurations on the Gigabit Ethernet
interface, and each DSL subscriber requires a CONNECTION profile with a VLAN ID
that is unique within the context of the user’s destination NSP VLAN. Following are
the parameters, shown with default settings, for VLAN stacking of untagged frames:

Stinger® IP Control Module Configuration Guide 3-25

[in VLAN-ETHERNET/{ { shelf-1 first-control-module 2} 50}:bridging-options]
bridge-type = vlan-circuit

[in CONNECTION/"":bridging-options]
bridge-type = vlan-circuit
vlan-stack-user-vlan-id = 0

[in ETHERNET/{ shelf-1 second-control-module 2 }]
vlan-stack-tag-type = 91:00

VLAN Configuration

Configuring stacked VLANs

Parameter Setting

bridge-type Type of bridging. Valid values are transparent-

vlan-stack-user-vlan-id Subscriber's 802.1Q VLAN ID (from 0 to 4095) to be

vlan-stack-tag-type Two-byte hexadecimal value to be inserted in the

bridging, no-bridging, vlan-circuit, and stacked­vlan. For VLAN stacking, the stacked-vlan setting is

required.

used in stacked-VLAN frames for incoming traffic that
contains untagged Ethernet frames. The value must be
unique within the NSP VLAN.

With the default zero value, VLAN stacking is disabled
for the connection. When set to a nonzero value, VLAN
stacking is enabled and the specified value is added to
the frames as a VLAN tag that represents the user's
connection within the context of an NSP.

This parameter is applicable only in CONNECTION
profiles. Although it also appears in both ETHERNET
and VLAN-ETHERNET profiles, the field is not
applicable to those contexts.

EtherType field for stacked-VLAN frames. All stacked
VLAN frames being transmitted/received on the
Ethernet port will use this value in their EtherType
field. The default value is 0x9100.

Because VLAN stacking is not yet a standardized
technology, an EtherType value has not been
standardized to represent stacked-VLAN frames, unlike
the value 0x8100 used for IEEE 802.1Q VLAN frames,
for example. So for the sake of interoperability, this
value is configurable. If the layer-2 core network is
using a specific EtherType value for stacked VLAN
frames, you must set the vlan-stack-tag-type
parameter to that value.

Sample configuration bridging untagged frames

The following example configures an NSP VLAN for “NSP 1” in Figure 3-13
(page 3-25), and two bridged PVCs to be directed to the NSP VLAN. In this example,
the NSP VLAN is assigned VLAN number 50, and the user VLAN IDs are 471 and 473
within the NSP VLAN.

The following sets of sample commands configure a VLAN with multiple user PVCs.

1 Enable bridging on the Gigabit Ethernet port, as described in “Enabling layer 2

bridging for VLAN operations” on page 2-3. (If the layer-2 core network is using a
specific EtherType value for stacked VLAN frames, you must also set the vlan-
stack-tag-type parameter to that value.)

2 Create a VLAN-ETHERNET profile for the NSP VLAN. In this example, the VLAN

is assigned VLAN ID 50 and bridging-group 9.

3-26 Stinger® IP Control Module Configuration Guide

VLAN Configuration

Configuring stacked VLANs

admin> new vlan-ethernet { { 1 8 2 } 50 }

admin> set enabled = yes

admin> set bridging-options bridging-group = 9

admin> set bridging-options bridge = yes

admin> set bridging-options bridge-type = stacked-vlan

admin> write -f

3 Create CONNECTION profiles for users of the NSP VLAN. These profiles must use

the same bridging-group number as the NSP VLAN, and must specify a nonzero
vlan-stack-user-vlan-id value that is unique within the NSP VLAN. In this
example, the user VLAN IDs are 471 and 473.

admin> new connection vlan-user-1

admin> set encapsulation-protocol = atm

admin> set ip-options ip-routing-enabled = no

admin> set bridging-options bridging-group = 9

admin> set bridging-options bridge = yes

admin> set bridging-options bridge-type = stacked-vlan

admin> set bridging-options vlan-stack-user-vlan-id = 471

admin> set atm-options vci = 60

admin> set atm-options nailed-group = 125

admin> write -f

admin> new connection

admin> set station = vlan-user-2

admin> set encapsulation-protocol = atm

admin> set ip-options ip-routing-enabled = no

admin> set bridging-options bridging-group = 9

admin> set bridging-options bridge = yes

admin> set bridging-options bridge-type = stacked-vlan

admin> set bridging-options vlan-stack-user-vlan-id = 473

admin> set atm-options vci = 60

admin> set atm-options nailed-group = 127

admin> write -f

Bridging enterprise VLAN tagged frames to stacked VLANs

Stinger systems also support bridging of VLAN-tagged traffic received from the DSL
side to stacked VLANs. The sample VLAN setup in Figure 3-14 (page 3-28)shows a
Stinger IP DSLAM with three stacked VLAN configurations on the Gigabit Ethernet
interface.

Stinger® IP Control Module Configuration Guide 3-27

VLAN Configuration

Configuring stacked VLANs

Figure 3-14. Stacked VLAN: Bridging enterprise VLAN-tagged frames

NSP 1
VLAN 50

NSP 3
VLAN 311

Ethernet side DSL side

Enterprise

Stacked-VLAN
frames

VLAN aware
Layer 2 core

GigE

NSP 2
VLAN 478

Stinger

IP DSLAM

VLANs 1, 2, 3

CellPipe® 1

DSL

CellPipe® 2

VLAN aware
Ethernet switch

IP subnet 1

VLAN aware
Ethernet switch

IP subnet 2

IP subnet 3

Enterprise
VLANs 1, 2

The CellPipe® units are operating in LLC bridged mode, and interacting with an
enterprise VLAN-aware Ethernet switch in which enterprise VLANs are defined. Each
enterprise IP subnet maps to a unique VLAN ID within the context of an individual
DSL connection, and the Stinger IP DSLAM bridges the data between DSL interfaces
and the Gigabit Ethernet backbone.

In the Stinger IP DSLAM, the basic VLAN stacking configuration on the Ethernet side
does not change, but another layer of complexity is required to accommodate tagged
frames from the DSL side.

Instead of adding a vlan-stack-user-vlan-id tag (as it does for untagged frames),
when VLAN tagged frames are received from a DSL interface, the system must
change the incoming VLAN tag to a VLAN user ID (and optionally, a new priority
value) that represents the user's connection within the context of an NSP. The system
then embeds the new (modified) VLAN information in another, second-tier VLAN
tag, which represents the user’s NSP. The Ethernet frame is then bridged over the
Gigabit Ethernet interface.

The vlan-stack-tag-type parameter applies exactly as described for untagged frames
in “Overview of VLAN stacking settings for untagged frames” on page 3-25.

Overview of VLAN stacking settings for tagged frames

IP subnet 4

IP subnet 5

Each NSP requires one or more VLAN configurations on the Gigabit Ethernet
interface. To enable the system to modify VLAN tags in inbound tagged frames, the
DSL CONNECTION profile must specify a FLOW-SERVICES profile that defines the
mapping between enterprise priorities and VLAN IDs in inbound traffic and NSP
priorities and VLAN user IDs for outbound traffic on the Gigabit Ethernet port. The
profile can also be configured to influence switching or forwarding decisions on the
basis of traffic flows. Each flow of traffic through an interface can be treated
differently based on a set of flow classification rules.

3-28 Stinger® IP Control Module Configuration Guide