QTECH Software Configuration Manual
I
QSW-3900 Ethernet Switch
User’s Manual
QTECH Software Configuration Manual
1-1
Content
Chapter 1 Accessing Switch..................................................................................................................1-13
1.1 Command Line Interface..........................................................................................................1-13
1.1.1 Command Line Configuration Mode......................................................................1-13
1.1.2 Command Syntax Comprehension........................................................................1-15
1.1.3 Syntax Help............................................................................................................1-15
1.1.4 History command...................................................................................................1-16
1.1.5 Symbols in command.............................................................................................1-16
1.2 Command Symbols Description................................................................................................1-16
1.2.1 Command Parameter Categories..........................................................................1-17
1.3 User management....................................................................................................................1-17
1.3.1 System default user name.....................................................................................1-18
1.3.2 Add user.................................................................................................................1-18
1.3.3 Modify password....................................................................................................1-18
1.3.4 Modify privilege......................................................................................................1-18
1.3.5 Remove user name................................................................................................1-19
1.3.6 View system user information................................................................................1-19
1.4 Remote authentication of administrator.....................................................................................1-19
1.4.1 Start RADIUS/TACACS+ remote authentication....................................................1-20
1.4.2 Display authentication configuration......................................................................1-20
1.5 Ways of managing switch.........................................................................................................1-20
1.5.1 Manage switch by hyper terminal..........................................................................1-20
1.5.2 Manage switch by telnet.........................................................................................1-21
1.6 Brief introduction of SSH..........................................................................................................1-21
1.7 SSH Configuration list..............................................................................................................1-21
1.7.1 Enable/disable SSH function of the device............................................................1-22
1.7.2 SSH key configuration............................................................................................1-22
1.7.3 Others.....................................................................................................................1-23
Chapter 2 Switch Manage and Maintenance........................................................................................2-24
2.1 System IP configuration............................................................................................................2-24
2.2 Configure manage IP interface.................................................................................................2-24
2.3 Configuration ip address by manual operation..........................................................................2-24
2.4 Configuration Files Management..............................................................................................2-24
2.4.1 Edit configuration files............................................................................................2-24
2.4.2 Modify and save current configuration...................................................................2-24
2.4.3 Erase saved configuration.....................................................................................2-25
2.4.4 Execute saved configuration..................................................................................2-25
2.4.5 Display saved configuration...................................................................................2-25
2.4.6 Display current configuration.................................................................................2-25
2.4.7 Configure file executing mode shift........................................................................2-25
2.5 Online Loading Upgrade Program............................................................................................2-26
2.5.1 Upload and download files by TFTP......................................................................2-26
2.5.2 Upload and download files by FTP........................................................................2-26
2.5.3 Download files by Xmodem...................................................................................2-27
2.6 Reboot.....................................................................................................................................2-28
2.7 System Maintenance................................................................................................................2-28
2.7.1 Basic Configuration and Management...................................................................2-28
2.7.2 Network connecting test command........................................................................2-29
2.7.3 Loopback test command........................................................................................2-30
2.7.4 Remote access restriction......................................................................................2-30
2.7.5 The number of Telnet user restriction....................................................................2-30
2.7.6 Routing tracert command.......................................................................................2-31
2.7.7 Packets rate limit to CPU.......................................................................................2-31
QTECH Software Configuration Manual
1-2
2.8 Monitor system by SNMP.........................................................................................................2-32
2.8.1 Brief introduction of SNMP.....................................................................................2-32
2.9 SNMP Mechanism....................................................................................................................2-32
2.10 SNMP Protocol Version............................................................................................................2-33
2.11 MIB Overview...........................................................................................................................2-33
2.12 SNMP Configuration.................................................................................................................2-33
2.12.1 Configure community name and accessing right...................................................2-34
2.12.2 Configure sysContact.............................................................................................2-34
2.12.3 Configure Trap destination host adress.................................................................2-35
2.12.4 Configure sysLocation............................................................................................2-35
2.12.5 Configure sysName................................................................................................2-35
2.12.6 Configure notify......................................................................................................2-36
2.12.7 Configure engine id................................................................................................2-36
2.12.8 Configure view........................................................................................................2-37
2.12.9 Configure group.....................................................................................................2-37
2.12.10 Configure user........................................................................................................2-38
2.13 Enable/disable dlf forword packet.............................................................................................2-39
2.14 CPU Alarm Configuration..........................................................................................................2-39
2.14.1 Brief introduction of CPU alarm.............................................................................2-39
2.14.2 CPU alarm configuration list..................................................................................2-39
2.14.3 Enable/disable CPU alarm.....................................................................................2-39
2.14.4 Configure CPU busy or unbusy threshold.............................................................2-40
2.14.5 Display CPU alarm information..............................................................................2-40
2.15 Anti-DOS Attack.......................................................................................................................2-40
2.15.1 IP segment anti-attack...........................................................................................2-40
Chapter 3 MAC address table management.........................................................................................3-41
3.1 Introduction to Bridging.............................................................................................................3-41
3.2 Major Functionalities of Bridges................................................................................................3-41
3.2.1 Maintaining the bridge table...................................................................................3-41
3.2.2 Forwarding and filtering..........................................................................................3-43
3.3 Brief introduction of MAC address table management...............................................................3-45
3.4 MAC address table management list........................................................................................3-45
3.5 Configure system MAC address aging time..............................................................................3-45
3.6 Configure MAC address item....................................................................................................3-46
3.6.1 Add MAC address..................................................................................................3-46
3.6.2 Add blackhole MAC address..................................................................................3-46
3.6.3 Delete MAC address item......................................................................................3-47
3.6.4 Display MAC address table....................................................................................3-47
3.6.5 Enable/disable MAC address learning...................................................................3-47
3.6.6 Display MAC address learning...............................................................................3-47
3.6.7 Modify MAC address learning mode......................................................................3-48
Chapter 4 Port Configuration.................................................................................................................4-49
4.1 Port configuration introduction..................................................................................................4-49
4.2 Port Configuration....................................................................................................................4-49
4.2.1 Port related configuration.......................................................................................4-49
4.2.2 Enter interface configuration mode........................................................................4-49
4.2.3 Enable/disable specified interface.........................................................................4-49
4.2.4 Configure interface duplex mode and speed rate..................................................4-50
4.2.5 Interface Priority Configuration..............................................................................4-50
4.2.6 Interface description configuration.........................................................................4-50
4.2.7 Ingress/egress bandwidth-control configuration....................................................4-51
4.2.8 Enable/disable VLAN filtration of receiving packet of interface.............................4-51
4.2.9 Interface ingress acceptable-frame configuration..................................................4-51
QTECH Software Configuration Manual
1-3
4.2.10 Enable/disable interface flow-control.....................................................................4-51
4.2.11 Port mode configuration.........................................................................................4-52
4.2.12 Trunk allowed VLAN configuration.........................................................................4-52
4.2.13 The default vlan-id of trunk port configuration.......................................................4-52
4.2.14 Add access port to specified VLAN.......................................................................4-52
4.2.15 Display interface information..................................................................................4-53
4.2.16 Display/ clear interface statistics information.........................................................4-53
4.3 Interface mirror.........................................................................................................................4-53
4.3.1 Brief introduction of interface mirror.......................................................................4-53
4.3.2 Interface mirror configuration.................................................................................4-53
4.4 Brief introduction of Port LACP.................................................................................................4-54
4.4.1 LACP......................................................................................................................4-54
4.4.2 Manual Link Aggregation.......................................................................................4-55
4.4.3 Static LACP link aggregation..................................................................................4-56
4.5 Load-Balance in a Link Aggregation Group...............................................................................4-57
4.6 Aggregation Port Group............................................................................................................4-57
4.7 Link aggregation configuration..................................................................................................4-57
4.8 Interface BPDU-rate configuration............................................................................................4-59
4.8.1 Brief introduction of interface CAR.........................................................................4-59
4.8.2 Port CAR configuration command list....................................................................4-59
4.8.3 Enable/disable interface globally...........................................................................4-59
4.8.4 Enable/disable interface CAR on interface............................................................4-59
4.8.5 Configure the reopen time of the port shutdown by port-car.................................4-59
4.8.6 Configure the port-car-rate.....................................................................................4-60
4.8.7 Display port-car information...................................................................................4-60
4.9 Port Alarm Configuration..........................................................................................................4-60
4.9.1 Brief introduction of port alarm configuration.........................................................4-60
4.9.2 Port alarm configuration list...................................................................................4-60
4.9.3 Enable/disable port alarm globally.........................................................................4-60
4.9.4 Enable/disable port alarm on the port....................................................................4-61
4.9.5 Configure the exceed threshold and normal threshold of port alarm....................4-61
4.9.6 Display port alarm..................................................................................................4-61
4.10 Shutdown-control feature..........................................................................................................4-62
4.11 Interface shutdown-control configuration list.............................................................................4-62
4.11.1 Configuration mode and time.................................................................................4-62
4.11.2 Configuration interface shutdown-control..............................................................4-62
4.11.3 Display shutdown-control.......................................................................................4-62
4.12 Port isolation configuration.......................................................................................................4-62
4.13 Strom control configuration.......................................................................................................4-63
Chapter 5 VLAN Configuration..............................................................................................................5-64
5.1 Introduction to VLAN................................................................................................................5-64
5.1.1 VLAN Overview......................................................................................................5-64
5.1.2 VLAN Fundamental................................................................................................5-65
5.1.3 VLAN Classification................................................................................................5-65
5.1.4 VLAN Interface.......................................................................................................5-65
5.1.5 Port-Based and 802.1Q VLAN...............................................................................5-66
5.1.6 Port link type...........................................................................................................5-66
5.1.7 Default VLAN..........................................................................................................5-66
5.1.8 Super VLAN...........................................................................................................5-66
5.1.9 VLAN interface type...............................................................................................5-66
5.1.10 Default VLAN..........................................................................................................5-67
5.2 VLAN configuration list.............................................................................................................5-67
5.2.1 Create/delete VLAN...............................................................................................5-67
QTECH Software Configuration Manual
1-4
5.2.2 Add/delete VLAN interface.....................................................................................5-68
5.2.3 Specify/restore VLAN description..........................................................................5-68
5.2.4 Configure interface type.........................................................................................5-68
5.2.5 Configure interface default vlan ID.........................................................................5-68
5.2.6 Configure tag vlan..................................................................................................5-69
5.2.7 Display VLAN information......................................................................................5-69
5.3 Brief introduction of GVRP........................................................................................................5-69
5.3.1 GARP protocol.......................................................................................................5-69
5.3.2 Brief introduction of GVRP.....................................................................................5-70
5.3.3 GARP messages and timers..................................................................................5-70
5.4 GVRP Configuration list............................................................................................................5-72
5.4.1 Enable/disable global GVRP..................................................................................5-72
5.4.2 Enable/disable GVRP on a port.............................................................................5-73
5.4.3 Display GVRP........................................................................................................5-73
5.4.4 Add/delete vlan that can be dynamic learnt by GVRP...........................................5-73
5.4.5 Display vlan that can be learnt by GVRP...............................................................5-73
5.4.6 Examples for GVRP configuration.........................................................................5-74
5.5 Brief introduction of QinQ.........................................................................................................5-74
5.5.1 Introduction to QinQ...............................................................................................5-74
5.5.2 Implementations of QinQ.......................................................................................5-75
5.5.3 Adjustable TPID Value of QinQ Frames................................................................5-75
5.6 QinQ configuration list..............................................................................................................5-76
5.6.1 Configure global QinQ............................................................................................5-76
5.6.2 Configure QinQ mode of interface.........................................................................5-76
5.6.3 Configure interface dynamic QinQ.........................................................................5-77
5.6.4 Enable/disable vlan-swap......................................................................................5-77
5.6.5 Configure global vlan-swap....................................................................................5-78
5.6.6 Configure rewrite-outer-vlan..................................................................................5-78
5.6.7 Display dynamic QinQ............................................................................................5-78
5.6.8 Display vlan-swap..................................................................................................5-79
5.6.9 Display rewrite-outer-vlan......................................................................................5-79
Chapter 6 Layer 3 Configuration...........................................................................................................6-80
6.1 Brief Introduction of Layer 3 switching......................................................................................6-80
6.2 Layer 3 Cnfiguration list............................................................................................................6-80
6.2.1 VLAN division and the creation of layer 3 interface...............................................6-80
6.2.2 Transmission mode configuration..........................................................................6-80
6.2.3 Create VLAN interface for normal VLAN...............................................................6-81
6.2.4 Create superVLAN interface and add VLAN to superVLAN..................................6-81
6.2.5 Configure IP address for VLAN interface or superVLAN interface........................6-81
6.2.6 Configure accessing IP address range of VLAN or superVLAN
interface 6-81
6.2.7 ARP proxy configuration........................................................................................6-82
6.2.8 Display interface configuration...............................................................................6-82
6.3 Brief introduction of static routing..............................................................................................6-82
6.3.1 Default Route.........................................................................................................6-82
6.3.2 Application Environment of Static Routing.............................................................6-83
6.4 Static routing configuration list..................................................................................................6-83
6.4.1 Add/delete static route...........................................................................................6-83
6.4.2 Display route table information..............................................................................6-83
Chapter 7 RIP Configuration..................................................................................................................7-84
7.1 Brief introduction of RIP............................................................................................................7-84
7.2 RIP Overview...........................................................................................................................7-84
7.2.1 RIP Working Mechanism........................................................................................7-85
QTECH Software Configuration Manual
1-5
7.2.2 RIP Version............................................................................................................7-86
7.2.3 RIP Message Format.............................................................................................7-86
7.2.4 TRIP.......................................................................................................................7-87
7.2.5 Protocols and Standards........................................................................................7-88
7.3 RIP configuration list.................................................................................................................7-88
7.3.1 Enable RIP.............................................................................................................7-89
7.3.2 Specify IP network to run RIP protocol..................................................................7-89
7.3.3 RIP working status of specified interface...............................................................7-89
7.3.4 RIP version of specified interface..........................................................................7-89
7.3.5 Enable host routing................................................................................................7-90
7.3.6 Enable route convergence.....................................................................................7-90
7.3.7 Configure authentication to RIP packet.................................................................7-90
7.3.8 Configure split........................................................................................................7-90
7.3.9 Configure metricin..................................................................................................7-91
7.3.10 Define prefix list......................................................................................................7-91
7.3.11 Configure redistribution..........................................................................................7-91
7.3.12 Configure distribute-list..........................................................................................7-91
7.3.13 Display RIP configuration.......................................................................................7-92
Chapter 8 OSPF Configuration..............................................................................................................8-93
8.1 Brief introduction of OSPF........................................................................................................8-93
8.1.1 Basic Concepts......................................................................................................8-94
8.1.2 OSPF Area Partition and Route Summarization....................................................8-95
8.1.3 Classification of OSPF Networks.........................................................................8-100
8.1.4 DR and BDR.........................................................................................................8-101
8.1.5 OSPF Packet Formats.........................................................................................8-102
8.1.6 Supported OSPF Features..................................................................................8-109
8.1.7 Protocols and Standards......................................................................................8-111
8.2 OSPF Configuration list...........................................................................................................8-111
8.2.1 Enable/disable OSPF...........................................................................................8-112
8.2.2 Configure router ID...............................................................................................8-112
8.2.3 Specify interface and area id................................................................................8-112
8.2.4 Configure area authentication type......................................................................8-112
8.2.5 Configure interface type.......................................................................................8-113
8.2.6 Configure interface cost.......................................................................................8-113
8.2.7 Configure priority when selecting DR..................................................................8-114
8.2.8 Configure Hello time interval................................................................................8-114
8.2.9 Configure interface invalid time of neighbour routers..........................................8-115
8.2.10 Configure retransmission LSA time interval of neighbor router...........................8-115
8.2.11 Configure time needed when interface sending link state update
packet ..............................................................................................................................8-115
8.2.12 Configure packet authentication key....................................................................8-116
8.2.13 Configure STUB area of OSPF............................................................................8-116
8.2.14 Configure route convergence in OSPF................................................................8-117
8.2.15 Configure OSPF virtual connection......................................................................8-117
8.2.16 Configure route introduced by OSPF other route protocol..................................8-118
8.2.17 Configure OSPF introduced default route............................................................8-118
8.2.18 Configure external route parameter received by OSPF......................................8-119
8.2.19 OSPF monitor and maintain.................................................................................8-119
Chapter 9 BGP Configuration..............................................................................................................9-120
9.1 Brief Introduction of BGP........................................................................................................9-120
9.2 BGP Configuration.................................................................................................................9-120
9.2.1 Enable/disable BGP.............................................................................................9-121
9.2.2 Configure BGP peer.............................................................................................9-121
QTECH Software Configuration Manual
1-6
9.2.3 Configure BGP timer............................................................................................9-122
9.2.4 Configure local preference...................................................................................9-123
9.2.5 Configure AS MED...............................................................................................9-123
9.2.6 Compare MED from different AS neighbors........................................................9-123
9.2.7 Configure BGP route aggregation........................................................................9-124
9.2.8 Configure route information of IGP protocol introduced by BGP.........................9-124
9.2.9 Configure BGP distribution list.............................................................................9-124
9.2.10 Define AS path list................................................................................................9-124
9.2.11 BGP monitor and maintenance............................................................................9-125
Chapter 10 Multicast Protocol Configuration.......................................................................................10-127
10.1 Multicast overview................................................................................................................10-127
10.1.1 Multicast Address...............................................................................................10-127
10.2 GMRP Overview...................................................................................................................10-129
10.3 GMRP Configuration............................................................................................................10-129
10.3.1 GMRP Configuration list.....................................................................................10-129
10.3.2 Enable/disable global GMRP.............................................................................10-129
10.3.3 Enable/disable GMRP on a port........................................................................10-130
10.3.4 Display GMRP....................................................................................................10-130
10.3.5 Add/delete multicast that can be dynamic learnt by GMRP..............................10-130
10.3.6 Display multicast that can be learnt by GMRP..................................................10-131
10.4 IGMP Snooping Overview....................................................................................................10-131
10.4.1 IGMP Snooping..................................................................................................10-131
10.4.2 Basic Concepts in IGMP Snooping....................................................................10-132
10.4.3 How IGMP Snooping Works..............................................................................10-133
10.4.4 Processing of Multicast Protocol Messages......................................................10-134
10.4.5 Protocols and Standards....................................................................................10-137
10.5 IGMP Snooping configuration...............................................................................................10-137
10.5.1 IGMP Snooping multicast interface aging time configuration............................10-137
10.5.2 IGMP Snooping max-response-time configuration............................................10-138
10.5.3 IGMP Snooping interface fast-leave configuration............................................10-138
10.5.4 Configure the number of the multicast group allowed learning.........................10-138
10.5.5 IGMP Snooping permit/deny group configuration..............................................10-138
10.5.6 IGMP Snooping route-port forward configuration..............................................10-138
10.5.7 Enable/disable IGMP Snooping querier.............................................................10-139
10.5.8 Configure IGMP Snooping query-interval..........................................................10-139
10.5.9 Configure IGMP Snooping querier vlan.............................................................10-139
10.5.10 Configure IGMP Snooping query max response...............................................10-139
10.5.11 Configure IGMP Snooping query source IP.......................................................10-140
10.5.12 Configure IGMP Snooping route port aging.......................................................10-140
10.5.13 Add IGMP Snooping route port..........................................................................10-140
10.6 Static Multicast Configuration................................................................................................10-140
10.6.1 Brief introduction of Static Multicast...................................................................10-140
10.6.2 Static Multicast Configuration.............................................................................10-141
10.6.3 Create multicast group.......................................................................................10-141
10.6.4 Add interfaces to multicast group.......................................................................10-141
10.6.5 Display multicast group information...................................................................10-141
10.6.6 Delete interface members from multicast group................................................10-142
10.6.7 Delete multicast group.......................................................................................10-142
10.7 Cross-VLAN multicast Configuration.....................................................................................10-142
10.7.1 Brief Introduction of Cross-Vlan multicast..........................................................10-142
10.7.2 Cross-VLAN Multicast Configuration.................................................................10-142
10.7.3 Enable/disable cross-vlan multicast...................................................................10-143
10.7.4 Configure tag/untag attribution of multicast packet transmission and
QTECH Software Configuration Manual
1-7
vlan-id of the tagged attribution..........................................................................................10-143
10.7.5 Display cross-vlan multicast...............................................................................10-143
Chapter 11 DHCP Configuration.........................................................................................................11-144
11.1 Brief introduction of DHCP.....................................................................................................11-144
11.2 Technical details....................................................................................................................11-145
11.2.1 DHCP discovery.................................................................................................11-145
11.2.2 DHCP offers.......................................................................................................11-145
11.2.3 DHCP requests..................................................................................................11-145
11.2.4 DHCP acknowledgement...................................................................................11-146
11.2.5 DHCP information..............................................................................................11-146
11.2.6 DHCP releasing..................................................................................................11-146
11.2.7 Client configuration parameters.........................................................................11-146
11.2.8 Options...............................................................................................................11-146
11.2.9 DHCP IP Address Assignment...........................................................................11-146
11.3 DHCP server configuration list...............................................................................................11-149
11.3.1 Enable DHCP relay............................................................................................11-150
11.3.2 Configure DHCP server.....................................................................................11-150
11.3.3 Specify DHCP server for layer 3 interface.........................................................11-150
11.3.4 Display DHCP server configuration...................................................................11-150
11.3.5 Hide DHCP server..............................................................................................11-151
11.4 Local IP Address Pool Configuration......................................................................................11-151
11.4.1 Enter IP address pool configuration mode.........................................................11-151
11.4.2 Configure gateway and netmask of local IP address pool................................11-152
11.4.3 Configure local IP address pool network interface............................................11-152
11.4.4 Disable/enable specified IP address in IP address pool....................................11-152
11.4.5 Configure lease time..........................................................................................11-153
11.4.6 Configure DNS...................................................................................................11-153
11.4.7 Configure WINS.................................................................................................11-153
11.4.8 Display IP address pool configuration................................................................11-153
11.4.9 Configure ip-bind................................................................................................11-154
11.4.10 Display ip-bind....................................................................................................11-154
11.4.11 Add dhcp client...................................................................................................11-154
11.4.12 Show dhcp client................................................................................................11-154
11.5 Introduction to DHCP Relay Agent.........................................................................................11-154
11.5.1 Usage of DHCP Relay Agent.............................................................................11-154
11.5.2 DHCP Relay Agent Fundamentals.....................................................................11-155
11.5.3 Option 82 Supporting.........................................................................................11-156
11.6 DHCP relay configuration list.................................................................................................11-158
11.6.1 Enable DHCP relay............................................................................................11-158
11.6.2 Configure vlan interface.....................................................................................11-159
11.6.3 Support relay option82.......................................................................................11-159
11.7 Introduction DHCP snooping.................................................................................................11-159
11.8 DHCP snooping configuration list..........................................................................................11-161
11.8.1 Enable DHCP snooping.....................................................................................11-161
11.8.2 Configure trust ports...........................................................................................11-161
11.8.3 Configure max host number...............................................................................11-161
11.8.4 Configure IP source guard.................................................................................11-161
11.8.5 Show DHCP snooping of ports..........................................................................11-161
11.8.6 Show DHCP snooping configuration of VLANs.................................................11-161
11.8.7 Show information of clients................................................................................11-161
Chapter 12 ARP Configuration............................................................................................................12-162
12.1 Brief Introduction of ARP......................................................................................................12-162
12.1.1 ARP announcements.........................................................................................12-163
QTECH Software Configuration Manual
1-8
12.1.2 ARP probe..........................................................................................................12-163
12.1.3 ARP mediation...................................................................................................12-163
12.1.4 Variants of the protocol......................................................................................12-163
12.1.5 Inverse ARP and Reverse ARP.........................................................................12-163
12.2 ARP spoofing.......................................................................................................................12-164
12.2.1 How ARP spooing works?..................................................................................12-164
12.2.2 ARP Spoofing/poising Animation.......................................................................12-164
12.3 ARP-Proxy...........................................................................................................................12-164
12.4 Anti-flood ARP......................................................................................................................12-165
12.5 ARP configuration list...........................................................................................................12-165
12.5.1 Add and delete ARP table item..........................................................................12-165
12.5.2 Display ARP table item.......................................................................................12-165
12.5.3 Configure ARP aging time..................................................................................12-166
12.5.4 Display ARP aging time......................................................................................12-166
12.5.5 Display ARP table item.......................................................................................12-166
12.5.6 Enable/disable ARP anti-flood attack.................................................................12-166
12.5.7 Configure deny action and threshold of ARP anti-flood.....................................12-167
12.5.8 Configure ARP anti-flood recover-time............................................................12-167
12.5.9 ARP anti-flood MAC recover..............................................................................12-167
12.5.10 Display ARP anti-flood attack information.......................................................12-168
12.5.11 Bind blackhole mac generated by arp anti-flood to be general.........................12-168
12.5.12 Enable/disable ARP anti-spoofing......................................................................12-168
12.5.13 Configure unknown ARP packet handling strategy...........................................12-168
12.5.14 Enable/disable ARP anti-spoofing valid-check..................................................12-169
12.5.15 Enable/disable ARP anti-spoofing deny-disguiser.............................................12-169
12.5.16 Display ARP anti-spoofing...............................................................................12-169
12.5.17 Configure trust port of ARP anti-attack..............................................................12-170
Chapter 13 ACL Configuration.............................................................................................................13-171
13.1 ACL Overview......................................................................................................................13-171
13.1.1 ACL Match Order...............................................................................................13-171
13.1.2 Ways to Apply ACL on a Switch.........................................................................13-172
13.1.3 ACLs Based on Time Ranges............................................................................13-172
13.2 Configuring ACL...................................................................................................................13-173
13.2.1 Matching order configuration.............................................................................13-173
13.2.2 ACL support.......................................................................................................13-173
13.3 ACL configuration.................................................................................................................13-174
13.3.1 Configuration list................................................................................................13-174
13.3.2 Configure time range..........................................................................................13-174
13.3.3 Standard ACL.....................................................................................................13-175
13.3.4 Define extended ACL.........................................................................................13-175
13.3.5 Define layer 2 ACL.............................................................................................13-176
13.3.6 Activate ACL.......................................................................................................13-177
13.3.7 Monitor and maintanence of ACL.......................................................................13-177
Chapter 14 QOS Configuration...........................................................................................................14-179
14.1 Brief introduction of QOS......................................................................................................14-179
14.1.1 Flow....................................................................................................................14-179
14.1.2 Traffic classification............................................................................................14-179
14.1.3 Access control list..............................................................................................14-179
14.1.4 Packet filtration...................................................................................................14-179
14.1.5 Flow monitor.......................................................................................................14-180
14.1.6 Interface speed limitation...................................................................................14-180
14.1.7 Redirection.........................................................................................................14-180
14.1.8 Priority mark.......................................................................................................14-180
QTECH Software Configuration Manual
1-9
14.1.9 Choose interface outputting queue for packet...................................................14-180
14.1.10 Queue scheduler................................................................................................14-180
14.1.11 cos-map..............................................................................................................14-181
14.1.12 Flow mirror.........................................................................................................14-181
14.1.13 Statistics based on flow......................................................................................14-181
14.1.14 Copy packet to CPU...........................................................................................14-181
14.2 QOS Configuration...............................................................................................................14-181
14.2.1 QoS Configuration list........................................................................................14-181
14.2.2 Packet redirection configuration.........................................................................14-181
14.2.3 Priority configuration..........................................................................................14-182
14.2.4 Queue-scheduler configuration..........................................................................14-182
14.2.5 The cos-map relationship of hardware priority queue and priority of
IEEE802.1p protocol...........................................................................................................14-182
14.2.6 Flow mirror configuration....................................................................................14-183
14.2.7 Flow statistic configuration.................................................................................14-183
14.3 Monitor and maintenance of QoS.........................................................................................14-183
Chapter 15 STP Configuration............................................................................................................15-185
15.1 Brief introduction of STP Configuration.................................................................................15-185
15.1.1 Introduction to STP............................................................................................15-185
15.1.2 Introduction to MSTP.........................................................................................15-192
15.1.3 Protocols and Standards....................................................................................15-196
15.2 STP Configuration................................................................................................................15-196
15.2.1 STP Configuration list........................................................................................15-196
15.2.2 Enable/disable STP............................................................................................15-197
15.2.3 Enable/disable interface STP.............................................................................15-197
15.2.4 Configure STP priority........................................................................................15-197
15.2.5 Configure switch Forward Delay........................................................................15-198
15.2.6 Configure Hello Time..........................................................................................15-198
15.2.7 Configure Max Age.............................................................................................15-198
15.2.8 Configure path cost of specified interfaces........................................................15-199
15.2.9 Configure STP priority od specified port............................................................15-199
15.2.10 Configure spanning-tree root-guard...................................................................15-199
15.2.11 Configure interface to force to send rstp packet................................................15-200
15.2.12 Configure link type of specified interface...........................................................15-200
15.2.13 Configure the current port as an edge port........................................................15-200
15.2.14 Configure the speed limit of sending BPDU of specified interface....................15-200
15.2.15 STP monitor and maintainenance......................................................................15-201
15.2.16 Enable/disable STP remote-loop-detect............................................................15-202
15.3 Brief Introduction of MSTP....................................................................................................15-202
15.4 MSTP Configuration.............................................................................................................15-202
15.4.1 MSTP configuration list......................................................................................15-202
15.4.2 Configure MSTP timer parameter......................................................................15-203
15.4.3 Configure MSTP configuration mark..................................................................15-203
15.4.4 Configure MSTP netbridge priority.....................................................................15-203
15.4.5 Configure MSTP interface edge interface status...............................................15-204
15.4.6 Configure MSTP interface link type...................................................................15-204
15.4.7 Configure MSTP interface path cost..................................................................15-204
15.4.8 Configure MSTP interface priority......................................................................15-204
15.4.9 Configure spanning-tree mst root-guard............................................................15-205
15.4.10 Display MSTP configuration information............................................................15-205
15.4.11 Enable/disable digest snooping.........................................................................15-205
15.4.12 Configure Ignore of VLAN..................................................................................15-205
Chapter 16 802.1X Configuration Command......................................................................................16-207
QTECH Software Configuration Manual
1-10
16.1 Brief introduction of 802.1X configuration..............................................................................16-207
16.2 802.1X Configuration............................................................................................................16-207
16.2.1 AAA configuration mode.....................................................................................16-207
16.3 RADIUS and TACACS+ Server Configuration.......................................................................16-207
16.3.1 System default user...........................................................................................16-208
16.3.2 User’s authentication..........................................................................................16-208
16.4 Local authentication configuration.........................................................................................16-208
16.4.1 Add users...........................................................................................................16-208
16.4.2 Change password..............................................................................................16-209
16.4.3 Modify User's Privilege Level.............................................................................16-209
16.4.4 Delete User........................................................................................................16-210
16.4.5 Show users.........................................................................................................16-210
16.5 Remote authentication configuration......................................................................................16-211
16.5.1 Configure RADIUS to be remote authentication server.....................................16-211
16.5.2 Configure TACACS+ remote authentication......................................................16-211
16.5.3 802.1X Configuration.........................................................................................16-212
Chapter 17 SNTP Client Configuration................................................................................................17-214
17.1 Brief introduction of SNTP protocol.......................................................................................17-214
17.2 SNTP client configuration.....................................................................................................17-214
17.2.1 Enable/disable SNTP client................................................................................17-214
17.2.2 SNTP client working mode configuration...........................................................17-214
17.2.3 SNTP client unicast server configuration...........................................................17-215
17.2.4 SNTP client broadcast delay configuration........................................................17-215
17.2.5 SNTP client multicast TTL configuration............................................................17-215
17.2.6 SNTP client poll interval configuration...............................................................17-215
17.2.7 SNTP client retransmit configuration.................................................................17-216
17.2.8 SNTP client valid server configuration...............................................................17-216
17.2.9 SNTP client MD5 authentication configuration..................................................17-216
Chapter 18 Syslog Configiration..........................................................................................................18-217
18.1 Brief introduction of Syslog...................................................................................................18-217
18.2 Syslog Configiration.............................................................................................................18-217
18.2.1 Enable/disable Syslog........................................................................................18-218
18.2.2 Syslog sequence number configuration.............................................................18-218
18.2.3 Syslog time stamps configuration......................................................................18-218
18.2.4 Syslog terminal outputting configuration............................................................18-218
18.2.5 Syslog logging buffered outputting configuration...............................................18-219
18.2.6 Syslog Flash storage outputting configuration...................................................18-219
18.2.7 Syslog logging host outputting configuration.....................................................18-220
18.2.8 Syslog SNMP Agent outputting configuration....................................................18-220
18.2.9 Module debug configuration...............................................................................18-221
Chapter 19 LLDP configuration...........................................................................................................19-222
19.1 Brief introduction of LLDP protocol.......................................................................................19-222
19.1.1 LLDP Overview..................................................................................................19-222
19.2 LLDP configuration...............................................................................................................19-223
19.2.1 LLDP configuration list.......................................................................................19-223
19.2.2 Enable/disable global LLDP...............................................................................19-223
19.2.3 Configure LLDP hello-time.................................................................................19-223
19.2.4 Configure LLDP hold-time..................................................................................19-223
19.2.5 Interface LLDP packet receiving/sending mode configuration..........................19-224
19.2.6 Display LLDP information...................................................................................19-224
Chapter 20 ERRP Command Configuration........................................................................................20-226
20.1 Brief introduction of ERRP....................................................................................................20-226
20.2 ERRP Overview...................................................................................................................20-226
QTECH Software Configuration Manual
1-11
20.3 Basic Concepts in ERRP......................................................................................................20-226
20.3.1 ERRP domain.....................................................................................................20-226
20.3.2 ERRP ring..........................................................................................................20-227
20.3.3 Control VLAN and data VLAN............................................................................20-227
20.3.4 Node...................................................................................................................20-227
20.3.5 Primary port and secondary port........................................................................20-227
20.3.6 Common port and edge port..............................................................................20-228
20.3.7 Multi-domain intersection common port.............................................................20-228
20.3.8 Timers.................................................................................................................20-228
20.3.9 ERRP Packets....................................................................................................20-228
20.4 Typical ERRP Networking.....................................................................................................20-229
20.4.1 Single ring..........................................................................................................20-229
20.4.2 Multi-domain tangent rings.................................................................................20-230
20.4.3 Single-domain intersecting rings........................................................................20-231
20.4.4 Dual homed rings...............................................................................................20-231
20.4.5 Multi-domain intersecting rings..........................................................................20-232
20.5 How ERRP Works................................................................................................................20-232
20.5.1 Polling mechanism.............................................................................................20-232
20.5.2 Link down alarm mechanism.............................................................................20-232
20.5.3 Ring recovery.....................................................................................................20-233
20.5.4 Broadcast storm suppression mechanism in a multi-homed subring
in case of primary ring link failure.......................................................................................20-233
20.5.5 Protocols and Standards....................................................................................20-233
20.6 ERRP Configuration.............................................................................................................20-233
20.6.1 ERRP Configuration list.....................................................................................20-233
20.6.2 ERRP configuration............................................................................................20-233
20.6.3 Configure ERRP timer........................................................................................20-234
20.6.4 Enter ERRP configuration mode........................................................................20-234
20.6.5 Configure control-vlan of ERRP domain............................................................20-234
20.6.6 Create ERRP ring...............................................................................................20-235
20.6.7 Enable/disable ERRP ring..................................................................................20-235
20.6.8 Display ERRP domain and ring information......................................................20-235
Chapter 21 PPPoE Plus Configuration................................................................................................21-236
21.1 Brief Introduction of PPPoE Plus..........................................................................................21-236
21.2 PPPoE Plus Configuration....................................................................................................21-236
21.2.1 PPPoE Plus Configuration list............................................................................21-236
21.2.2 Enable/disable PPPoE Plus...............................................................................21-236
21.2.3 Configure PPPoE Plus type...............................................................................21-237
Chapter 22 CFM Configuration............................................................................................................22-238
22.1 Brief introduction of CFM......................................................................................................22-238
22.2 Connectivity fault management overview..............................................................................22-238
22.3 Basic Concepts in Connectivity Fault Detection....................................................................22-238
22.3.1 Maintenance domain..........................................................................................22-238
22.3.2 Maintenance association....................................................................................22-238
22.3.3 Maintenance point..............................................................................................22-238
22.3.4 Basic Functions of Connectivity Fault Management..........................................22-239
22.3.5 Protocols and Standards....................................................................................22-240
22.4 CFM Configuration...............................................................................................................22-240
22.4.1 CFM Configuration list........................................................................................22-240
22.4.2 Configure cfm domain........................................................................................22-240
22.4.3 Configure cfm mep level....................................................................................22-241
22.4.4 Configure cfm mip level......................................................................................22-241
22.4.5 Configure remote cfm rmep level.......................................................................22-241
QTECH Software Configuration Manual
1-12
22.4.6 Configure cfm cc interval....................................................................................22-242
22.4.7 Enable/disable VLAN sending cfm cc enable level...........................................22-242
22.4.8 cfm ping..............................................................................................................22-242
22.4.9 cfm traceroute....................................................................................................22-243
22.4.10 Display cfm domain............................................................................................22-243
22.4.11 Display cfm maintenance-points local................................................................22-243
22.4.12 Display cfm maintenance-points remote............................................................22-244
22.4.13 Display cfm cc database....................................................................................22-244
22.4.14 Display cfm errors..............................................................................................22-244
QTECH Software Configuration Manual
1-13
Chapter 1 Accessing Switch
This chapter is the basic knowledge for system management, including :
1) Command line interface
2) Command syntax comprehension
3) Syntax help
4) History command
5) Symbols in command
6) Parameter in command
7) User management
8) Ways for switch management
1.1 Command Line Interface
System provides a series of configuration command and command line interface. User can configure and
manage switch by command line. Command line interface has the features as following :
1) Local configuration by Console interface
2) Local or remote configuration by TelNet
3) Configure command classification protection to guarantee unauthorized user illegal accessing.
4) Input “?”at any moment to obtain help information
5) Provide such network test command as ping to diagnose network fault
6) Provide FTP, TFTP, Xmodem to download and upload files
7) Keywords partial matching searching is adopted by command line convertor for user to input non-conflicting
key words, such as : interface command can only input “interf”
1.1.1 Command Line Configuration Mode
System command line adopts classification protection to prevent illegal accessing of unauthorized user. Each
command mode is for different configuration with the connection and distinction. For example, after successful
accessing, user of all level can enter common user mode which can only see the system operation information;
administrator can input “enable” to enter privileged mode; input “configure terminal” to enter global configuration
mode from privileged mode which can enter related configuration mode according to inputting different configuration
command. For example :
Command line provides command mode as following :
1) User mode
2) Privileged mode
3) Global configuration mode
4) Interface configuration mode
5) VLAN configuration mode
6) AAA configuration mode
7) RADIUS configuration mode
QTECH Software Configuration Manual
1-14
8) Domain configuration mode
The function and details of each command mode are as following :
Command Line Configuration Mode
Command line mode Function Prompt character Command for entering Command for exiting
User mode See switch
operation
information
QTECH> Connect with switch after inputting
user name and password
exit disconnect with
switch
Privileged mode See switch
operation
information
and
manage
system
QTECH# Input enable in user mode exit return to user
mode
quit disconnect with
switch
Global configuration
mode
Configure
global
parameter
QTECH(config)# Input configure terminal in
privileged mode
exit, end return to
privileged mode
quit disconnect with
switch
Interface
configuration mode
Configure
interface
parameter
QTECH(config-if-ethern
et-0/1)#
Input “interface Ethernet 0/1” in
global configuration mode,
interface configuration can enter
other interface mode and VLAN
configuration mode without
inputting “exit”.
VLAN configuration
mode
Configure
VLAN
parameter
QTECH(config-if-vlan)# Input “vlan 2” in global
configuration mode, VLAN
configuration mode can enter
other VLAN mode and interface
configuration mode without
inputting “exit”.
AAA configuration
mode
Create
domain
QTECH(config-aaa)#
Input “aaa” in global configuration
mode
end return to
privileged mode
exit return to global
configuration mode
quit disconnect with
switch
RADIUS configuration
mode
Configure
RADIUS
server
parameter
QTECH(config-radius-d
efault)#
Input “radius host default” in global
configuration mode
Domain configuration
mode
Configure
domain
parameter
QTECH(config-aaa-test
.com)#
Input “domain test.com” in AAA
configuration mode
end return to
privileged mode
exit return to AAA
configuration mode
quit disconnect with
switch
VLAN Interface mode
Configure
VLAN L3
interface
QTECH(config-if-vlanIn
terface-22)#
Input “interface vlan-interface
22”in global configuration mode
end return to
privileged mode
exit return to global
configuration mode
quit disconnect with
switch
SuperVLAN Interface
mode
Configure
SuperVLA
N L3
interface
QTECH(config-if-super
VLANInterface-1)#
Input “interface
supervlan-interface 1” in global
configuration mode
end return to
privileged mode
exit return to global
configuration mode
quit disconnect with
switch
RIP configuration
mode
Configure
RIP
parameter
QTECH(config-router-ri
p)#
Input “route rip” in global
configuration mode
end return to
privileged mode
exit return to global
configuration mode
quit disconnect with
switch
OSPF configuration
mode
Configure
OSPF
parameter
QTECH(config-router-o
spf#
Input “route ospf” in global
configuration mode
end return to
privileged mode
exit return to global
configuration mode
quit disconnect with
switch
PIM configuration
mode
Configure
PIM
parameter
QTECH(config-router-pi
m#
Input “pim” in global configuration
mode
end return to
privileged mode
exit return to global
configuration mode
quit disconnect with
switch
QTECH Software Configuration Manual
1-15
1.1.2 Command Syntax Comprehension
This chapter describes the steps needed for command configuration. Please read this section and related
detail information of command line interface in the following sections carefully.
The logging in identity verification of the system console of this switch is used to verify the identity of the
operating user. It permits and refuses the logging in by matching recognizing user name and password.
Step 1. Following are showed when entering command line interface,
Username(1-32 chars) :
Please input user name, press Enter button, and then the prompt is as following :
Password (1-16 chars) :
Input password. If it is correct, enter the user mode with the following prompt :
QTECH>
& Note : Defaulted login and password is admin/123456.
In switch system, there are 2 different privileges. One is administrator, and the other is common user.
Common user only can see the configuration information of switch without right to modify it but administrator can
manage and configure the switch by specified command.
Logging in as administrator can enter privileged mode from user mode.
QTECH>enable
Step 2 : Input command
Skip to step 3, if the command needs input the parameter. Continue this step if the command need input the
parameter.
If the command needs a parameter, please input it. When inputting a parameter, keyword is needed.
The parameter of the command is specified which is the number or character string or IP address in a certain
range. Input “?” when you are uncomprehending, and input the correct keyword according to the prompt. Keyword is
what is to be operated in command.
If more than one parameter are needed, please input keywords and each parameter in turn according to the
prompt until “<enter>”is showed in prompt to press enter button.
Step 3 : Press enter button after inputting complete command.
For example :
! User need not input parameter
QTECH#quit
“quit” is a command without parameter. The name of the command is quit. Press enter button after
inputting it to execute this command.
! User need input parameter
QTECH(config)#vlan 3
“vlan 3”is a command with parameter and keyword, vlan of which is command keyword and 3 of which is
parameter.
1.1.3 Syntax Help
There is built-in syntax help in command line interface. If you are not sure about the syntax of some
command, obtain all command and its simple description of the current mode by inputting “?” or help command;
list all keywords beginning with the current character string by inputting “?” closely after the command character
string; input “?” after space, if “?” is in the same location of the keyword, all keywords and its simple description
will be listed, if “?”is in the same location of parameter, all the parameter description will be listed, and you can
continue to input command according to the prompt until the prompt command is “〈enter〉” to press enter button to
execute command.
For example :
Directly input “?”in privileged mode
QTECH#?
QTECH Software Configuration Manual
1-16
System mode commands :
cls clear screen
help description of the interactive help
ping ping command
quit disconnect from switch and quit
……
Input “?” closely after keyword
QTECH(config)#interf?
interface
Input “?”after command character string and space
QTECH(config)#spanning-tree ?
forward-time config switch delaytime
hello-time config switch hellotime
max-age config switch max agingtime
priority config switch priority
<enter> The command end.
· Parameter range and form
QTECH(config)#spanning-tree forward-time ?
INTEGER<4-30> switch delaytime : <4-30>(second)
· Command line end prompt
QTECH(config)#spanning-tree ?
<enter> The command end.
1.1.4 History command
Command line interface will save history command inputted by user automatically so that user can invoke
history command saved by command line interface and re-execute it. At most 100 history commands can be saved by
command line interface for each user. Input “Ctrl+P” to access last command, and “Ctrl+N” for next command.
1.1.5 Symbols in command
There are all kinds of symbols in command syntax which is not a part of command but used to describe how
to input this command. Table 1-2 makes a brief description of these symbols.
1.2 Command Symbols Description
Command Symbols Description
Symbol Description
Vertical bars | Vertical bars (|) means coordinate, together using with braces ({ }) and
square brackets ([ ]).
QTECH Software Configuration Manual
1-17
Square brackets [ ] Square brackets ([ ]) mean optional elements.
For example :
show vlan [ vlan-id ]
Braces { }
Braces ({ }) group required choices, and vertical bars ( | ) separate the
alternative elements. Braces and vertical bars within square brackets ([{ | }])
mean a required choice within an optional element.
1.2.1 Command Parameter Categories
There are 5 categories command parameter as following :
· Scale
Two numerical value linked by hyphen in angle brackets (< >) means this parameter is some number in the
range of those two numbers.
For example :
INTEGER<1-10> means user can input any integer between 1 and 10 (include 1 and 10), such as 8 is a
valid number.
· IP address
The prompt which is in the form of A.B.C.D. means the parameter is an IP address. A valid IP address is
needed to input.
For example :
192.168.0.100 is a valid IP address.
· MAC address
The prompt which is in the form of H : H : H : H : H : H means the parameter is a MAC address. A valid
MAC address is needed to input. If a multicast MAC address is needed, there will be related prompt.
For example :
01 : 02 : 03 : 04 : 05 : 06 is a valid MAC address.
· Interface list
The prompt of interface list is STRING<3-4>. Interface parameter interface-num is in the form of
interface-type + interface-number. Interface-type is Ethernet and interface-number is slot-num/port-num, in which
slot-num is in the range of 0 to 2, and port-num is in the range of 1 to 24. Seriate interfaces with the same type can be
linked by to keyword, but the port number to the right of the to keyword must be larger than the one to the left of the
keyword, and this argument only can be repeated for up to 3 times. The special declaration of interface parameter
interface list will be displayed in the command.
For example :
show spanning-tree interface ethernet 0/0/1 ethernet 0/0/3 to ethernet 0/0/5
means displaying spanning-tree information of interface ethernet 0/0/1 ethernet 0/0/3 to ethernet 0/0/5
· Character string
The prompt which is in the form of STRING<3-4> means the parameter is a character string which is in the
form of 1 to 19 characters. “?”can be inputted to display the concrete command description.
1.3 User management
There are 2 privileges for user :
1) administrator
2) normal user
Normal user can only enter user mode not privileged mode after logging in, so that he can only see system
information but not to configure it. Administrator has the right to enter all modes, and query and configure all
parameters.
QTECH Software Configuration Manual
1-18
1.3.1 System default user name
There is a system default built-in user name called admin, and the initial password is 123456. It is
suggested modifying password when logging in switch for the first time to avoid leaking it. This user name cannot be
deleted and the privilege cannot be modified either. It also possesses the right to manage other users. Please
remember your modified password.
1.3.2 Add user
Log in with the identity of system administrator admin to enter privileged mode, then global configuration
mode by using username command. Input user name, user’s privilege, password to add new user according to system
prompt or by using the following command.
username username [ privilege level ] { password encryption-type password }
username : User name of new users and existed users ranges from 1 to 32 printable characters excluding
such wildcards as '/', ' : ', '*', '?', '\\', '<', '>', '|', '"' etc.
privilege : Privilege of new user ranges from 0 to 15. 0 to 1 means user while 2 to 15 means administrator.
encryption-type : the value of it is 0 or 7. 0 means non-encryption and 7 means encryption (It is not
supported now).
password : Log in password for new user and modified password of the existed user ranges from 1 to 16
characters or numbers.
If the privilege doesn’t configure, the default privilege is ordinary user. At most 8 users are supported.
Caution : User name supports case insensitivity while password doesn’t support case sensitivity.
! Add a new administrator “red”, configure privilege to be 3, and password to be 1234
QTECH(config)#username qtech privilege 3 password 0 1234
1.3.3 Modify password
In global configuration mode, system administrator admin can use the following command to modify
password of his or other user. Other user can only modify his own password.
username change-password
For example :
! Modify the password of user “red” to be 123456
QTECH(config)#username change-password
please input you login password : ******
please input username : red
Please input user new password : ******
Please input user comfirm password : ******
change user qtech password success.
& Caution : For restoration default password of “admin” user, please refer to
support@qtech.ru.
1.3.4 Modify privilege
In global configuration mode, only administrator admin can use following command to modify the privilege
of other user.
username username [ privilege level ] { password encryption-type password }
QTECH Software Configuration Manual
1-19
username : User name of new users and existed users ranges from 1 to 32 printable characters excluding
such wildcards as '/', ' : ', '*', '?', '\\', '<', '>', '|', '"' etc.
privilege : Privilege of new user or the modified privilege of existed user ranges from 0 to 15. 0 to 1 means
user while 2 to 15 means administrator. Caution : the privilege of administrator cannot be modified.
encryption-type : the value of it is 0 or 7. 0 means non-encryption and 7 means encryption (It is not
supported now).
password : Log in password for new user and modified password of the existed user ranges from 1 to 16
characters or numbers.
If inputting nothing to modify the privilege of existed user, the privilege doesn’t modify.
& Caution : User name supports case insensitivity while password doesn’t support case
sensitivity.
For example :
! Modify the privilege of administrator “qtech” to be 1, and password to be 1234
QTECH(config)#username qtech privilege 1 password 0 1234
1.3.5 Remove user name
System administrator admin can use following command to remove user name in global configuration mode
no username username
Username is the user name to be deleted.
For example :
! Remove user qtech
QTECH(config)#no username qtech
1.3.6 View system user information
View user list, and input
show username
command or
show username [ username ]
command in any configuration mode to display information of all users.
For example :
! Display information of user qtech
QTECH(config)#show username qtech
display user information
user name role
____________________________________________________________
qtech ADMIN
1.4 Remote authentication of administrator
After authentication, user’s default privilege is normal user. Only when there is Service-Type field in
authentication accepting packet the value of which is Administrative, user’s privilege is administrator.
Caution : Admin user only supports local database authentication.
QTECH Software Configuration Manual
1-20
1.4.1 Start RADIUS/TACACS+ remote authentication
Use following command in globa configuration mode :
muser { local | { radius radiusname/tacacs+ tacacsname { pap | chap } [ local ] } }
It can be configured to authenticate only by RADIUS/TACACS+ remote authentication or by local database
authentication after no response of RADIUS/TACACS+ server caused by failing connection.
1.4.2 Display authentication configuration
Use following command to display authentication configuration.
show muser
1.5 Ways of managing switch
System provides following ways of management :
· By hyper terminal accessing command-line interface(CLI)
· By telnet/ssh managing system
· By SNMP managing software management system
· By Web browser such as Internet Explorer managing system
1.5.1 Manage switch by hyper terminal
Use hyper terminal (or simulation terminal software) connect to Console to access system command line
interface (CLI) by hyper terminal.
Configuration : Open “file” -> “attribute” menu, popping up a window. Enter configuration to restore it to
default value, and click “setting” and then choose “auto-detect” in the pulldown list of “terminal simulation” and
click [ok]. After the successful connection and seeing logging in interface of operation system in terminal, configure
switch by command line interface. The steps are as following :
Step 1 : Connect switch Console with computer serial port;
Step 2 : After the switch power on and system successful booting, logging in prompt can be seen :
Username(1-32 chars) :
Step 3 : Input correct user name, press enter button, then input corresponding password. If it is the first
time to logging in switch, use default user name admin and its password 123456 to log in and operate as system
administrator. If your own user name and password exist, log in with your own user name and password;
Step 4 : After successfully logging in, following information is displayed :
QTECH>
Step 5 : As administrator, after entering privileged mode, use copy running-config startup-config
command to save configuration.
QTECH#copy running-config startup-config
When following information is displayed :
Startup config in flash will be updated, are you sure(y/n)? [n]y
Building, please wait...
It means system is saving configuration. Please wait, then the prompt is :
QTECH Software Configuration Manual
1-21
Build successfully.
It means current configuration is saved successfully.
Following information is displayed when system booting :
Ready to load startup-config, press ENTER to run or CTRL+C to cancel :
Press enter button to make saved configuration be effective, and press CTRL+C to restore system default
configuration.
Step 6 : Administrator can use stop connection when overtime, while normal user can use this function in
user mode. Input timeout command to configure the overtime of user’s logging in to be 20 minutes. And use no
timeout command to configure overtime to be non-over timing.
Step 7 : Input following command after finishing operation to switch :
QTECH#quit
It is used to exit user interface.
1.5.2 Manage switch by telnet
Step 1 : Establish configuration environment by connecting computer by network to switch interface;
Step 2 : Run Telnet program in computer;
Step 3 : After switch is power on, input switch IP address to connect to switch, and input configured
logging in password according to the prompt, then the command line prompt is displayed (such as QTECH>). It will
be disconnected after 1 minute when there is not any input before successfully logging in or wrong inputting of user
name and password for 5 times. If there is such prompt as “Sorry, session limit reached.”, please connect later (At
most 5 telnet users are allowed to log in at the same time.);
Step 4 : Use related command to configure switch system parameter or view switch operation. If you
want to enter privileged mode, user must possess the privilege of administrator. If you need any help, please input
“?”at any moment. For concrete command, please refer to following chapters.
Step 5 : If you want to exit telnet, use quit or exit command to exit in user mode, and quit command to
exit in other mode. Administrator can use stop username command in privileged mode to exit logging in.
1.6 Brief introduction of SSH
SSH is short for Secure Shell. Users can access to the device via standard SSH client, and sent up safe
connection with device. The Data that transmitted via SSH connection are encrypt, which assure the transmitted
sensitive data, management data and configuration data, such as password, between the users and devices will not be
wiretapped or acquired illegally by the third party.
SSH can replace Telnet, providing users with means of safely management and device configuration.
1.7 SSH Configuration list
The configuration task list of SSH is as follows :
1) Enable/disable SSH function of the device
2) SSH secret key configuration
3) Others
QTECH Software Configuration Manual
1-22
1.7.1 Enable/disable SSH function of the device
Enable/disable SSH function of the device in global mode, users can not access to the devices via SSH
client when SSH function is closed. To access to the device via SSH client, users need to configure correct secret key
and upload the secret key in the device besides opening up the SSH function.
Configuration command is as following :
ssh
no ssh
Example :
! Enable SSH
QTECH(config)#ssh
1.7.2 SSH key configuration
Use SSH secret key in privileged mode. User cannot use SSH client to log in if there is no secret key or the
key is incorrect or the key is not load. In order to log in by SSH client, configure correct key and load it with SSH
enabling.
The configured secret key should be RSA. There are two kinds of keys : public and private. It can use the
default key and also can download keyfile to device by tftp and ftp. Configured key can be used after loading.
Configured key is stored in Flash storage which will be load when system booting. It also can load the key stored in
Flash storage by command line when system booting.
If configured key is not ESA key or public and private key are not matched, user cannot log in by SSH.
Keyfile contains explanation and key explain line and the key. Explain line must contain “ : ” or space. Key
contains the key coded by Base64, excluding “ : ”and space. Private keyfile cannot contain public key. Private keyfile
cannot use password to encrypt.
1.7.2.1 Configure default key.
The command is as following :
crypto key generate rsa
Example :
! Configure SSH key to be default key
QTECH#crypto key generate rsa
1.7.2.2 Download or upload key by tftp or ftp.
The command is as following :
load keyfile { public | private } tftp server-ip filename
load keyfile { public | private } ftp server-ip filename username passwd
upload keyfile { public | private } tftp server-ip filename
upload keyfile { public | private } ftp server-ip filename username passwd
Example :
! Download keyfile pub.txt from tftp server 1.1.1.1 to be SSH public key
QTECH#load keyfile public tftp 1.1.1.1 pub.txt
1.7.2.3 Clear configured key.
This command will clear all keyfiles storaged in Flash storage. The configuration command is as following :
crypto key zeroize rsa
Example :
! Clear configured SSH key
QTECH#crypto key zeroize rsa
QTECH Software Configuration Manual
1-23
1.7.2.4 Load new key.
After configuring new SSH key, it restored in Flash storage without loading. This command can read
configured key from Flash storage and update the current key. When system booting, it will detect Flash storage, if
SSH key is configured, it will load automatically. The configuration command is as following :
crypto key refresh
Example :
! Load new SSH key :
QTECH#crypto key refresh
1.7.3 Others
Use following command to display SSH configuration
show ssh
This command is used to display SSH version number, enabling/disabling SSH and SSH keyfile. The SSH
keyfile is “available” when the key is configured and loaded.
Use following command to display configured keyfile
show keyfile { public | private }
Use following command to display logged in SSH client
show users
This command is used to display all logged in Telnet and SSH client.
Use following command to force logged in SSH client to stop
stop username
This command can force logged in SSH client to stop. Username is the logged in user name.
It allows at most 5 SSH clients to logged in. If Telnet client has logged in, the total number of SSH and
Telnet clients is no more than 5. For example, if there are 2 Telnet clients in device, at most 3 SSH clients can log in.
QTECH Software Configuration Manual
2-24
Chapter 2 Switch Manage and Maintenance
2.1 System IP configuration
IP address means a unique address of 32 bits which is distributed to host in Internet. IP address consists of
network number and host number. The structure of IP address can make us easy to address in Internet.
2.2 Configure manage IP interface
It must be existed VLAN or SuperVLAN IP interface. For more details please refer to Create VLAN
interface for normal VLAN
2.3 Configuration ip address by manual operation
Use ipaddress command in vlan interface configuration mode to configuration ip address and netmask by
manual operation :
ip address ip-address mask
ip-address means system ip address. Mask means netmask.
For example :
! Configure IP address of VLAN 100 to be 192.168.0.100, netmask to be 255.255.0.0.
QTECH(config-if-vlan)#ipaddress 192.168.0.100 255.255.0.0.
2.4 Configuration Files Management
2.4.1 Edit configuration files
Configuration files adopts text formatting which can be upload to PC from devices by FTP and TFTP
protocol. Use text edit tool (such as windows nootbook) to edit uploaded configuration files.
System is defaulted to execute configuration files in global configuration mode, so there are two initial
commands : “enable”, and “configure terminal”. There is entering symbol after each command.
2.4.2 Modify and save current configuration
User can modify and save system current configuration by command line interface to make current
configuration be initial configuration of system next booting.
copy running-config startup-config
This command is needed to save current configuration. When executing configuration files, if there is un-executed
command, it will be displayed as “[Line : xxxx]invalid : commandString”. If there is command with executing
failure, it will be displayed as “[Line : xxxx]failed : commandString”. If there is a command beyond 512 characters,
it will be displayed as “[Line : xxxx]failed : too long command : commandString”, and only first 16 characters of
this command will be displayed, and end up with …, in which “xxxx”means the line number of the command, and
commandString means command character string. Un-executive command includes command with grammar fault
and un-matching pattern. Use following command in privileged mode.
QTECH Software Configuration Manual
2-25
QTECH#copy running-config startup-config
2.4.3 Erase saved configuration
Use clear startup-config command to clear saved configuration. After using this command to clear saved
configuration and reboot switch. The switch will restore to original configuration. Use this command in privileged
mode.
QTECH#clear startup-config
2.4.4 Execute saved configuration
User can restore saved configuration by commang line interface by using that command in privileged mode to
execute saved configuration :
copy startup-config running-config
2.4.5 Display saved configuration
User can display syatem saved configuration information in the form of text by command line interface. Use
following command to display system saved configuration :
show startup-config [ module-list ]
module-list : Optional module. If the module name is unoptioned, all information of configuration files
will be displayed. If choose one or same of the modules, the specified information will be displayed. This command
can be used in any configuration mode.
For example :
! Display all saved configuration
QTECH#show running-config
! Display saved configuration of GARP and OAM module
QTECH#show running-config garp oam
2.4.6 Display current configuration
User can display syatem current configuration information in the form of text by command line interface.
Use following command to display system current configuration :
show running-config [ module-list ]
module-list : Optional module. If the module name is unoptioned, all information of configuration files
will be displayed. If choose one or same of the modules, the specified information will be displayed.
For example :
! Display all configurations
QTECH#show running-config
! Display configuration of GARP and OAM module
QTECH#show running-config garp oam
2.4.7 Configure file executing mode shift
User can change executing mode of configuration file by command line interface. System saved configuration
filescan be executed in stop and continue mode. When coming across errors, the executing will not stop; it will
QTECH Software Configuration Manual
2-26
display errors and continue executing. It is defaulted to be non-stop mode. Use buildrun mode stop to configure
executing mode to be stopped. Use buildrun mode continue command to configure buildrun mode to be
continune. Use these commands in privileged mode.
For example :
! Configure buildrun mode to be stop.
QTECH#buildrun mode stop
! Configure buildrun mode to be continune
QTECH#buildrun mode continue
2.5 Online Loading Upgrade Program
System can upgrade application program and load configuration files on line by TFTP, FTP, Xmodem, and
can upload configuration files, logging files, alarm information by TFTP and FTP.
2.5.1 Upload and download files by TFTP
Use following command to upload files by TFTP :
upload { alarm | configuration | logging } tftp tftpserver-ip filename
Use following command to download files by TFTP :
load {application | configuration | whole-bootrom } tftp tftpserver-ip filename
tftpserver-ip is the IP address of TFTP server. Filename is the file name to be loaded which cannot be system
key words (such as con cannot be file name in windows operation system). Open TFTP server and set file upload path
before use this command.
Suppose IP address of TFTP server is 192.168.0.100, file name is abc. Open TFTP server to configure
upload and download path in privileged mode.
For example :
! Upload configuration to 192.168.0.100 by FTP and saved as abc
QTECH#upload configuration ftp 192.168.0.100 abc username password
Configuration information saved when uploading is successful.
! Download configuration program abc to 192.168.0.100 by TFTP
QTECH#load configuration ftp 192.168.0.100 abc
Reboot the switch after successful download and run new configuration program.
! Upload alarm to 192.168.0.100 by TFTP and saved as abc
QTECH#upload alarm tftp 192.168.0.100 abc
! Upload logging to 192.168.0.100 by TFTP and saved as abc
QTECH#upload logging tftp 192.168.0.100 abc
! Download application program app.arj to 192.168.0.100 by TFTP
QTECH#load application tftp 192.168.0.100 app.arj
Reboot the switch after successful download and run new application program.
! Download whole-bootrom abc to 192.168.0.100 by TFTP
QTECH#load whole-bootrom tftp 192.168.0.100 rom3x26.bin
2.5.2 Upload and download files by FTP
Use following command to upload files by FTP :
upload { alarm | configuration | logging } ftp ftpserver-ip filename username userpassword
Use following command to download files by FTP :
QTECH Software Configuration Manual
2-27
load { application | configuration | whole-bootrom} ftp ftpserver-ip filename username userpassword
ftpserver-ip is the IP address of FTP server. Filename is the file name to be loaded which cannot be system
key words (such as con cannot be file name in windows operation system). Open FTP server and set username,
password and file upload path before use this command.
Suppose IP address of TFTP server is 192.168.0.100, file name is abc. Open TFTP server to configure
username to be user, password to be 1234 and file download path in privileged mode.
For example :
! Upload configuration to 192.168.0.100 by FTP and saved as abc
QTECH#upload configuration ftp 192.168.0.100 abc user 1234
Configuration information saved when uploading is successful.
! Download configuration program abc to 192.168.0.100 by FTP
QTECH#load configuration ftp 192.168.0.100 abc user 1234
Reboot the switch after successful download and run new configuration program.
! Download application program abc to 192.168.0.100 by FTP
QTECH#load application ftp 192.168.0.100 abc user 1234
Reboot the switch after successful download and run new application program.
! Upload alarm to 192.168.0.100 by FTP and saved as abc
QTECH#upload alarm ftp 192.168.0.100 abc user 1234
! Upload logging to 192.168.0.100 by FTP and saved as abc
QTECH#upload logging ftp 192.168.0.100 abc user 1234
! Download whole-bootrom abc to 192.168.0.100 by FTP
QTECH#load whole-bootrom ftp 192.168.0.100 abc user 1234
2.5.3 Download files by Xmodem
Use load application xmodem command to load application program by Xmodem protocol.
load application xmodem
Input following command in privileged mode :
QTECH#load application xmodem
Choose “send” -> “send file” in super terminal, and input full path and filename of the file in filename
dialog box, and choose Xmodem protocol in “protocol” , then click 【send】.
Reboot the switch after successful download and run new application program.
Use load configuration xmodem command to load configuration program by Xmodem protocol.
load configuration xmodem
Input following command in privileged mode :
QTECH#load configuration xmodem
Choose “send” -> “send file” in super terminal, and input full path and filename of the file in filename
dialog box, and choose Xmodem protocol in “protocol”, then click 【send】.
Reboot the switch after successful download and run new application program.
Use load whole-bootrom xmodem command to load whole bootrom by xmodem protocol.
load whole-bootrom xmodem
Input following command in privileged mode :
QTECH#load whole-bootrom xmodem
Choose “send” -> “send file” in super terminal, and input full path and filename of the file in filename
dialog box, and choose Xmodem protocol in “protocol”, then click 【send】.
Reboot the switch after successful download and run new BootRom program.
QTECH Software Configuration Manual
2-28
2.6 Reboot
Use the command in privileged mode to reboot switch :
reboot
2.7 System Maintenance
Use show command to check system information. Show command can be divided into following categories :
4) Command of displaying system configuration
5) Command of displaying system opeation
6) Command of displaying system statistics
Show command related to all protocols and interfaces refers to related chapters. Followings are system show
commands.
Use following commands in any configuration mode :
show version Display system version
show username Display administrator can be logged in
show users Display administrators logged in
show system Display system information
show memory Display memory
show clock Display system clock
show cpu Display cpu information
For example :
! Display system version
QTECH(config)#sh ver
software platform : Broadband NetWork Platform Software
software version : QTECH QSW-3900 V100R001B01D003P001SP9
copyright : Copyright (c) 2001-2009
compiled time : Jul 16 2009 10 : 10 : 00
processor : PPC 8245, 400MHz
SDRAM (bytes) : 128M
flash memory (bytes) : 8192k
MAC address : 00 : 1f : ce : 11 : 87 : 6f
product serial number : 010500050806020000043O
hardware version : V2.0
bootrom version : V1.32
EPLD version : V1.3
2.7.1 Basic Configuration and Management
System basic configuration and management includes :
QTECH Software Configuration Manual
2-29
2.7.1.1 Configure host name
Use hostname command in global configuration mode to configure system command line interface prompt.
Use no hostname command to restore default host name.
Configure system command line interface prompt.
hostname hostname
hostname : character strings range from 1 to 32, these strings can be printable, excluding such wildcards as '/',
' : ', '*', '?', '\\', '<', '>', '|', '"'etc.
Use no hostname command in global configuration mode to restore default host name to be QTECH.
For example :
! Configure hostname to be QSW-3900
QTECH(config)#hostname QSW-3900
QSW-3900(config)#
2.7.1.2 Configure system clock
Use clock set command in privileged mode to configure system clock.
clock set HH : MM : SS YYYY/MM/DD
For example :
! Configure system clock to be 2001/01/01 0 : 0 : 0
QTECH#clock set 0 : 0 : 0 2001/01/01
2.7.2 Network connecting test command
Use ping command in privileged mode or user mode to check the network connection.
ping [-c count] [-s packetsize] [-t timeout] host
Parameter :
-c count : The number of packet sending.
-s packetsize : The length of packet sending, with the unit of second
-t timeout : the time of waiting for replying after packet is sent, with the unit of second
For example :
! Ping 192.168.0.100
QTECH#ping 192.168.0.100
PING 192.168.0.100 : with 32 bytes of data :
reply from 192.168.0.100 : bytes=32 time<10ms TTL=127
reply from 192.168.0.100 : bytes=32 time<10ms TTL=127
reply from 192.168.0.100 : bytes=32 time<10ms TTL=127
reply from 192.168.0.100 : bytes=32 time<10ms TTL=127
reply from 192.168.0.100 : bytes=32 time<10ms TTL=127
----192.168.0.100 PING Statistics----
5 packets transmitted, 5 packets received, 0% packet loss
round-trip (ms) min/avg/max = 0/0/0
QTECH Software Configuration Manual
2-30
2.7.3 Loopback test command
In global configuration mode, loopback command is used to test exterior of all interfaces; in interface
configuration mode, loopback command is used to test whether the interface is normal, and it can be divided into
interior and exterior. When exterior testing, exterior wire must be inserted (receiving and sending lines of RJ 45
connected directly). Use 4 diferent wires when the speed is less than 100M.
Using loopback command to do the loopback test, interface cannot transmit data packet correctly, and it will
be automatically ended after a certain time. If shutdown command is executed, loopback test fails; when loopback
test is executing, speed, duplex, mdi, vct and shutdown operations are forbidden. After exterior test, pull out the
exterior wire to avoid abnormal communication.
Loopback on all interfaces :
loopback { internal | external }
Loopback on specified interface :
loopback { external | internal }
External means external loopback and internal means internal loopback
For example :
! Loopback on interface Ethernet 0/0/1
QTECH(config-if-ethernet-0/0/1)#loopback external
! Loopback on all interfaces
QTECH(config)#loopback internal
2.7.4 Remote access restriction
You can restrict host IP address or some network interface of switch by restricting web, telnet and snmp
agent, but other IP address without configuration cannot manage switch. By default, three server possess an address
interface of 0.0.0.0, so users of any IP address can manage switch. Different IP address and mask mean different
information. The mask in reverse which is 0.0.0.0 means host address, or it means network interface.
255.255.255.255 means all hosts. When enabling a configuration, an item of 0.0.0.0 must be deleted. When receiving
a packet, judge the IP address whether it is in the range of managed IP address. If it does not belong to it, drop the
packet and shutdown telnet connection.
login-access-list { web | snmp | telnet| telnet-limit } ip-address wildcard
Web means accessing IP address restriction of web server; snmp means accessing IP address restriction of
snmp agent; telnet means accessing IP address restriction of telnet; ipaddress means IP address; wildcard means
mask wildcard which is in the form of mask in reverse. 0 means mask this bit, and 1 meams does not mask this bit.
When mask in reserve is 0.0.0.0, it means host address, and 255.255.255.255 means all hosts. Use the no command to
delete corresponding item.
For example :
! Configure ip address allowed by telnet management system to be 192.168.0.0/0/255.255.0.0
QTECH(config)#login-access-list telnet 192.168.0.0 0.0.255.255
QTECH(config)#no login-access-list telnet 0.0.0.0 255.255.255.255
Use show login-access-list command to display all ip address allowed by web, snmp, telnet management
system.
show login-access-list
2.7.5 The number of Telnet user restriction
Configure the max number of Telnet users. This function can restrict the number of Telnet user (0-5) to enter
privileged mode at the same time. The user logged in without entering privileged mode will not be restricted but
restricts by the max number. Administrator and super user will not be restricted and can be logged in through series
QTECH Software Configuration Manual
2-31
interface. Display the configuration by show users command.
Configure it in global configuration mode :
login-access-list telnet-limit limit-no
no login-access-list telnet-limit
Example :
! Configure only 2 Telnet users can enter privileged mode
QTECH(config)#login-access-list telnet-limit 2
2.7.6 Routing tracert command
Tracert is used for routing detecting and network examination. Configure it in privileged mode :
tracert [ -u | -c ] [ -p udpport | -f first_ttl | -h maximum_hops | -w time_out ] target_name
Parameter :
-u means sending udp packet,
-c means sending echo packet of icmp. It is defaulted to be -c;
-p udpport : destination interface address for sending udp packet which is in the range of 1 to 65535 and
defaulted to be 62929;
-f first_ttl : initial ttl of sending packet which is in the range of 1 to 255 and defaulted to be 1;
-h maximum_hops : the max ttl of sending packet which is in the range of 1 to 255 and defaulted to be 30;
-w time_out : the overtime of waiting for the response which is in the range of 10 to 60 with the unit of second and
default to be 10 seconds;
target_name : destination host or router address
Example :
! Tracert 192.168.1.2
QTECH#tracert 192.168.1.2
Tracing route to 192.168.1.2 [192.168.1.2]
over a maximum of 30 hops :
1 20 ms <10 ms <10 ms 192.168.0.1
1 20 ms <10 ms 30 ms 192.168.1.2
tracert complete.
2.7.7 Packets rate limit to CPU
Command cpu-car is used to configure cpu rate for receiving packet. This packets can be like IGMP, BPDU,
DHCP etc. Configure it in global configuration mode :
cpu-car target-rate
no cpu-car is used to restore to default cpu rate for receiving packet.
Parameter :
target-rate : cpu rate for receiving packet , which is in the range of 1 to 1000pps and the default rate is 50pps..
Example :
! Configure cpu rate for receiving packet to be 100pps
QTECH(config)#cpu-car 100
QTECH Software Configuration Manual
2-32
2.8 Monitor system by SNMP
2.8.1 Brief introduction of SNMP
SNMP(Simple Network Management Protocol)is an important network management protocol in TCP/IP
network. It realizes network management by exchanging information packets. SNMP protocol provides possibility of
concentrated management to large sized network. Its aim is guaranteeing packet transmission between any two points
to be convenient for network administrator to search information, modify and search fault, finish fault diagnosising,
capacity planning and creation reporting at any network node. It consists of NMS and Agent. NMS (Network
Management Station), is the working station of client program running, and Agent is server software running in
network devices. NMS can send GetRequest, GetNextRequest and SetRequest packet to Agent. After receiving
requirement packet of NMS, Agent will Read or Write management variable according to packet type and create
Response packet, and return it to NMS. On the other hand, the Trap packet of abnormity of cold boot or hot boot of
devices will send to NMS.
QTECH company is present it own QTECH NMS and Agent server. Please refer to the http :
//www.QTECH.ru/support/software.htm
System supports SNMP version of v1, v2c and v3. v1 provides simple authentication mechanism which does
not support the communication between administrator to administrator and v1 Trap does not possess authentication
mechanism. V2c strengthens management model (security), manages information structure, protocol operation, the
communications between managers, and it can create and delete table, and strengthen communication capacity of
managers, and reduce the storage operation of agency. V3 realizes user distinguishing mechanism and packet
encryption mechanism, and greatly improves security of SNMP protocol.
Simple Network Management Protocol (SNMP) offers a framework to monitor network devices through
TCP/IP protocol suite. It provides a set of basic operations in monitoring and maintaining the Internet and has the
following characteristics :
· Automatic network management : SNMP enables network administrators to search information, modify
information, find and diagnose network problems, plan for network growth, and generate reports on network
nodes.
· SNMP shields the physical differences between various devices and thus realizes automatic management of
products from different manufacturers. Offering only the basic set of functions, SNMP makes the
management tasks independent of both the physical features of the managed devices and the underlying
networking technology. Thus, SNMP achieves effective management of devices from different manufactures,
especially so in small, fast and low cost network environments.
2.9 SNMP Mechanism
An SNMP enabled network is comprised of network management station (NMS) and Agent.
NMS is a station that runs the SNMP client software. It offers a user friendly human computer interface,
making it easier for network administrators to perform most network management tasks. Currently, the most
commonly used NMSs include Quidview, Sun NetManager, and IBM NetView.
Agent is a program on the device. It receives and handles requests sent from the NMS. Only under certain
circumstances, such as interface state change, will the Agent inform the NMS.
NMS manages an SNMP enabled network, whereas Agent is the managed network device. They exchange
management information through the SNMP protocol.
SNMP provides the following four basic operations :
Get operation : NMS gets the value of a certain variable of Agent through this operation.
Set operation : NMS can reconfigure certain values in the Agent MIB (Management Information Base) to
make the Agent perform certain tasks by means of this operation.
Trap operation : Agent sends Trap information to the NMS through this operation.
QTECH Software Configuration Manual
2-33
Inform operation : NMS sends Trap information to other NMSs through this operation.
2.10 SNMP Protocol Version
Currently, SNMP agents support SNMPv3 and are compatible with SNMPv1 and SNMPv2c.
SNMPv1 and SNMPv2c authenticate by means of community name, which defines the relationship between
an SNMP NMS and an SNMP Agent. SNMP packets with community names that did not pass the authentication on
the device will simply be discarded. A community name performs a similar role as a key word and can be used to
regulate access from NMS to Agent.
SNMPv3 offers an authentication that is implemented with a User-Based Security Model (USM for short),
which could be authentication with privacy, authentication without privacy, or no authentication no privacy. USM
regulates the access from NMS to Agent in a more efficient way.
2.11 MIB Overview
Management Information Base (MIB) is a collection of all the objects managed by NMS. It defines the set of
characteristics associated with the managed objects, such as the object identifier (OID), access right and data type of
the objects.
MIB stores data using a tree structure. The node of the tree is the managed object and can be uniquely
identified by a path starting from the root node. As illustrated in the following figure, the managed object B can be
uniquely identified by a string of numbers {1.2.1.1}. This string of numbers is the OID of the managed object B.
Figure 1 MIB tree
2.12 SNMP Configuration
SNMP configuration command list includes :
1) Configure community
2) Configure sysContact
3) Configure Trap destination host adress
4) Configure sysLocation
5) Configure sysName
6) Configure notify
7) Configure engine id
8) Configure view
9) Configure group
10) Configure user
11) Configure community
SNMP adopts community authentication. The SNMP packets which are not matching the authenticated
QTECH Software Configuration Manual
2-34
community name will be dropped. SNMP community name is a character string. Different community can possess
the accessing right of read-only or read-write. Community with the riht of read-only can only query system
information, but the one with the right of read-write can configure system. System can configure at most 8
community names. It is defaulted to configure without community name. Configure it in global configuratiob mode.
2.12.1 Configure community name and accessing right.
This command can also used to modify community attribution with character string community-name being
the same.
snmp-server community community-name { ro | rw } { deny | permit } [ view view-name ]
community-name is a printable character string of 1 to 20 characters; ro|rw means read only or can be read
and write; permit, deny means community can or cannot be activated;
View-name is view configured for community. The default configuration view is iso.
Delete community name and accessing right
no snmp-server community community-name
community-name is existed community name.
For example :
! Add community qtech, and configure privilege to be rw, and permit
QTECH(config)#snmp-server community qtech rw permit
! Remove community qtech
QTECH(config)#no snmp-server community qtech
Display community name in any mode
show snmp community
For example :
! Display SNMP community information
QTECH(config)#show snmp community
2.12.2 Configure sysContact
sysContact is a managing variable in system group in MIB , the content of which is the contact way of the
administrator. Configure it in global configuration mode :
snmp-server contact syscontact
no snmp-server contact
syscontact : Contact way to administrator ranges from 1 to 255 printable characters. Use the no command to
restore default way of contacting to administrator.
For example :
! Configure administrator contact way to be support@QTECH.ru
QTECH(config)#snmp-server contact support@QTECH.ru
Caution : Use quotation mark to quote space in charater string.
Use show snmp contact command in any configuration mode to display how to contact to administrator :
show snmp contact
For example :
! Display how to contact with administrator
QTECH(config)#show snmp contact
manager contact information : support@QTECH.ru
QTECH Software Configuration Manual
2-35
2.12.3 Configure Trap destination host adress
Use this configuration to configure or delete IP address of destination host. Configure it in global
configuration mode.
Configure notify destination host address
snmp-server host host-addr [version {1 | 2c | 3 [auth | noauth | priv]}] community-string [udp-port
port] [ notify-type [ notifytype-list ] ]
Delete notify destination host address
no snmp-server host ip-address community-string { 1 | 2c | 3 }
ip-address and snmp-server means IP address in SNMP server notify sending list.
community-string means the security name IP corresponded in snmp-server notify table item.
Security name is the community name for snmpvi and snmp v2c, and username for snmpv3. 1, 2c, 3 mean
SNMP versions. Port means the port number sent to. Notifytype-list means optional notify list. If it is unoptioned,
default to choose all type. Only optionaed type will be sent to destination host.
For example :
! Configure SNMP server, the IP address is configured to be 192.168.0.100, and SNMP version to be 2c, and
community name to be user
QTECH(config)#snmp-server host 192.168.0.100 version 2c user
! Delete the item with the notify destination host being 192.168.0.100 and community name being user
QTECH(config)#no snmp-server host 192.168.0.100 user
Display snmp-server notify item in any configuration mode : :
show snmp host
! Display Trap information of snmp
QTECH(config)#show snmp host
2.12.4 Configure sysLocation
sysLocation is a managing variable in system group of MIB which is used to denote location of devices be
managed. Configure it in global configuration mode :
snmp-server location syslocation
Syslocation is the charater string of system location ranges from 1 to 255 printable characters.
For example :
! Configure system location to be sample sysLocation factory.
QTECH(config)#snmp-server location “sample sysLocation factory”
Use quotation mark to quote space in charater string.
Use show snmp location command in any configuration mode to display system location :
show snmp location
2.12.5 Configure sysName
sysName is a managing variable in system group of MIB which is switch name. Configure it in global
configuiration mode :
snmp-server name sysname
no snmp-server name
Sysname means the charater string of system name ranges from 1 to 255 printable characters.
For example :
! Configure system name to be QSW-3900
QTECH Software Configuration Manual
2-36
QTECH(config)#snmp-server name "QSW-3900"
Caution : Use quotation mark to quote space in charater string.
2.12.6 Configure notify
Enable/disable sending all kinds of notify types by configuring notify sending. The defaulted notify sending
is trap. After disabling notify sending, trap will not be sent. Notify sending is defaulted to disable. Configure it in
global configuration mode :
snmp-server enable traps [ notificationtype-list ]
no snmp-server enable traps [ notificationtype-list ]
notificationtype-list : Notificationtype list defined by system. To enable or disable specified notification
type by choose one or serval type. If the keyword is vacant, all types of notification are enabled or disabled.
Notify types are as following :
1) bridge : Enable/disable STP
2) interfaces : interface LinkUp/LinkDown
3) snmp : accessing control; cold boot/heat boot of system
4) gbnsavecfg : save configuration
5) rmon : RMON trap
6) gbn : self-define Trap, such as interface Blocking, CAR, loopback detect
For example :
! Enable notificationtype gbn
QTECH(config)# snmp-server enable traps gbn
2.12.7 Configure engine id
This configuration is used to configure local engine-id or recognizable remote engine-id.
Default local engine id is 275140000000000000000000 which cannot be deleted but modified. It is
defaulted to have no recognizable remote engine-id which can be added and deleted. Once delete a recognizable
remote engine the corresponded user can also be deleted. At most 32 engines can be configured. Use no snmp-server
engineID command to restore default local engine-id or remove remote engine-id. Configure it in global
configuration mode :
snmp-server engineID { local engineid-string | remote ip-address [udp-port port-number]
engineid-string }
no snmp-server engineID { local | remote ip-address [udp-port port-number] }
Display current engine configuration in any configuration mode :
show snmp engineID [local | remote]
engineid-string is an engine id that can only be recognized in a network. This system only supports
printable characters of engine id which excludes space.
Ip-address is remote engine ip address. Local ip address is not allowed to input.
Port-number is remote engine port number. Default port number is 162
For example :
! Configure local engine id to be 12345
QTECH(config)# snmp-server engineid local 12345
! Configure remote engine that can be recognized locally. Configure remote engine ip to be 1.1.1.1, and port
number to be 888, and id to be 1234
QTECH(config)# snmp-server engineid remote 1.1.1.1 udp-port 888 1234
QTECH Software Configuration Manual
2-37
! Display local engine configuration
QTECH(config)# show snmp engineid local
2.12.8 Configure view
Use snmp-server view command to configure view and its subtree. Iso, internet and sysview are the default
views. At most 64 views can be configured. View Internet must not delete and modify. Configure it in global
configuration mode :
snmp-server view view-name oid-tree { included | excluded }
no snmp-server view view-name [ oid-tree ]
View-name means the name of the view to be added. It ranges from 1 to 32, excluding space.
Oid-tree means the subtree of the view which corresponds to such a mib node as “1.3.6.1”; The substring of
OID must be the integer between 0 and 2147483647.
In the view name string of character contains the character integer adds on which OID to contain the node integer
adds on 2 again and do not surpass 64.
The sum of the number of characters in view name string and the number of oid nodes should not be more
than 62.
When configuring view subtree to be exclude, the node in this subtree cannot be accesed which does not
mean the node excluded this subtree can be accessed. When configuring notify destination host, if the security name
is the community, sending notify is not effected on view; if the user with the security name being SNMPv3, sending
notify is controlled by notify view of this user. What this notify view controlled is the accessing of the node that
variable belongs to and it is not influence accessing attribution of trap OID that notify belonged to. If notify does not
contain binded variable, sending notify is not effected on view.
For example :
! Add view “view1”, and configure it to have a subtree “1.3.6.1”
QTECH(config)# snmp-server view view1 1.3.6.1 include
! Add a subtree “1.3.6.2” for existed view “view1”
QTECH(config)# snmp-server view view1 1.3.6.2 include
! Remove existed view “view1”
QTECH(config)# no snmp-server view view1
! Display configured view
QTECH(config)# show snmp view
2.12.9 Configure group
Use this configuration to configure a accessing conreol group. Folowing groups are default to exist : (1)
security model is v3, the security level is differentiated group initial ; (2) security model is v3, the security level is
differentiated encrypt group initial. At most 64 groups can be configured. Configure it in global configuiration mode :
snmp-server group groupname { 1 | 2c | 3 [auth | noauth | priv] [context context-name]} [read
readview] [ write writeview] [notify notifyview]
no snmp-server group groupname {1 | 2c | 3 [auth | noauth | priv] [context context-name]}
Display configured group in any configuration mode :
show snmp group
groupname means group name, which ranges from 1 to 32 characters, excluding space.
Readview is a view name, which means the right to read in the view. If the keyword is vacant, it is default
not to include readable view.
Writeview is a view name, which means the right to read and write in the view. If the keyword is vacant, it is
default not to include readable and writable view.
Notifyview is a view name, which means the right to send notification in the view. If the keyword is vacant,
it is default not to include notify sending view.
QTECH Software Configuration Manual
2-38
Context-name is facility context. If the keyword is vacant, it is default to be local facility.
For example :
! Add group “group1” to local facility, using security model 1, and configure read, write, and notify view to
be internet
QTECH(config)# snmp-server group group1 1 read internet write internet notify Internet
! Remove group “group1” from local facility
QTECH(config)# no snmp-server group group1 1
! Display current group configuration.
QTECH(config)# show snmp group
2.12.10 Configure user
Use this configuration to configure user for local engine and recognizable remote engine. Following users
are default to exist : (1)initialmd5(required md5 authentication), (2) initialsha(required sha authentication), (3)
initialnone(non- authentication). The above three users are reserved for system not for user. The engine the user
belonged to must be recognizable. When deleting recognizable engine, contained users are all deleted. At most 64
users can be configured. Configure it in global configuration mode :
snmp-server user username groupname [ remote host [ udp-port port ] ] [ auth { md5 | sha }
{ authpassword { encrypt-authpassword authpassword | authpassword } | authkey { encrypt-authkey
authkey | authkey } } [ priv des { privpassword { encrypt-privpassword privpassword | privpassword }
| privkey { encrypt-privkey privkey | privkey } } ]
no snmp-server user username [ remote host [ udp-port port ] ]
Display configured user in any configuration mode :
show snmp user
Username is the username to be configured. It ranges from 1 to 32 characters, excluding space.
Groupname is the groupname that user going to be added. It ranges from 1 to 32 characters, excluding space.
Host is remote engine ip address. If it is vacant, it is default to be local engine.
Port is the port number of remote engine. If it is vacant, it is default to be 162.
Authpassword is authentication password. Unencrypted password ranges from 1 to 32 characters. To avoid
disclosing, this password should be encrypted. To configured encrypted password needs client-side which supports
encryption to encrypt password, and use encrypted cryptograph to do the configuration. Cryptograph is different by
different encryption. Input cryptograph in the form of hexadecimal system, such as
“a20102b32123c45508f91232a4d47a5c”
Privpassword is encryption password. Unencrypted password ranges from 1 to 32 characters. To avoid
disclosing, this password should be encrypted. To configured encrypted password needs client-side which supports
encryption to encrypt password, and use encrypted cryptograph to do the configuration. Cryptograph is different by
different encryption. Input cryptograph in the form of hexadecimal system, such as
“a20102b32123c45508f91232a4d47a5c”
Authkey is authentication key. Unauthenticated key is in the range of 16 byte (using md5 key folding) or 20
byte (using SHA-1 key folding). Authenticated key is in the range of 16 byte (using md5 key folding) or 24 byte
(using SHA-1 key folding).
Privkey is encrpted key. Unencypted key ranes from 16 byte, and encrypted key ranes from 16 byte.
Keyword encrypt-authpassword, encrypt-authkey, encrypt-privpassword, encrypt-privkey are only used in
command line created by compile to prevent leaking plain text password and key. When deconfiguring SNMP, user
cannot use above keywords.
For example :
! Add user “user1” for local engine to group “grp1”, and configure this user not to use authentication and
encryption.
QTECH(config)# snmp-server user user1 grp1
! Add user “user2” for local engine to group “grp2”, and configure this user to use md5 authentication and
non-encryption with the auth-password to be 1234
QTECH(config)# snmp-server user user2 grp2 auth md5 auth-password 1234
! Add user “user3” for local engine to group “grp3”, and configure this user to use md5 authentication and
QTECH Software Configuration Manual
2-39
des encryption with the auth-password to be 1234 and privpassword to be 4321
QTECH(config)# snmp-server user user3 grp3 auth md5 auth-password 1234 priv des
priv-password 4321
2.13 Enable/disable dlf forword packet
Use dlf-forward command to enable dlf forword.
dlf-forward { multicast | unicast }
no dlf-forward { multicast | unicast }
Use dlf-forward command in global configuration mode or interface configuration mode to enable dlf
forword. Use no dlf-forward command to disable dlf forward :
dlf-forward { multicast | unicast }
no dlf-forward { multicast | unicast }
For example :
! Disable dlf forward for unicast
QTECH(config)#no dlf-forward unicast
! Disable dlf forward for multicast
QTECH(config)#no dlf-forward multicast
2.14 CPU Alarm Configuration
2.14.1 Brief introduction of CPU alarm
System can monitor CPU usage. If CPU usage rate is beyond cpu busy threshold, cpu busy alarm is sent
because the cpu is busy. In this status, if cpu is below cpu unbusy threshold, cpu unbusy alarm is sent. This function
can report current CPU usage to user.
2.14.2 CPU alarm configuration list
CPU alarm configuration command includes :
Ø Enable/disable CPU alarm
Ø Configure CPU busy or unbusy threshold
Ø Display CPU alarm information
2.14.3 Enable/disable CPU alarm
Configure it in global configuration mode :
Enable CPU alarm
alarm cpu
Disable CPU alarm
no alarm cpu
QTECH Software Configuration Manual
2-40
by default, CPU alarm enables.
For example :
! Enable CPU alarm
QTECH(config)#alarm cpu
2.14.4 Configure CPU busy or unbusy threshold
Use alarm cpu threshold command in global configuration mode to configure CPU busy or unbusy
threshold :
Configure CPU busy or unbusy threshold
alarm cpu threshold [ busy busy ] [ unbusy unbusy ]
busy > unbusy. Default CPU busy threshold is 90%, and CPU unbusy threshold is 60%.
For example :
! Configure CPU busy threshold to be 30%, and CPU unbusy threshold to be 10%
QTECH(config)#alarm cpu threshold busy 30 unbusy 10
2.14.5 Display CPU alarm information
Use show alarm cpu command in any mode to display cpu alarm information :
show alarm cpu
For example :
! Display CPU alarm information
QTECH(config)#show alarm cpu
CPU status alarm : enable
CPU busy threshold(%) : 90
CPU unbusy threshold(%) : 60
CPU status : unbusy
2.15 Anti-DOS Attack
2.15.1 IP segment anti-attack
The IP segment packet number which can be received by system do not occupy resources of all receiving
packets, which can normally handle other non-segment packets when receiving IP segment attack and the range of IP
segment receiving number can be configured. 0 means system will not handle IP segment packet so that system can
avoid the influence on segment attack.
Configure it in global configuration mode
anti-dos ip fragment maxnum
Display related information
show anti-dos
QTECH Software Configuration Manual
3-41
Chapter 3 MAC address table management
3.1 Introduction to Bridging
A bridge is a store-and-forward device that connects and transfers traffic between local area network (LAN)
segments at the data-link layer. In some small-sized networks, especially those with dispersed distribution of users,
the use of bridges can reduce the network maintenance costs, without requiring the end users to perform special
configurations on the devices.
In applications, there are four major kinds of bridging technologies : transparent bridging, source-route
bridging (SRB), translational bridging, and source-route translational bridging (SR/TLB).
Transparent bridging is used to bridge LAN segments of the same physical media type, primarily in Ethernet
environments. Typically, a transparent bridging device keeps a bridge table, which contains mappings between
destination MAC addresses and outbound interfaces.
Presently the devices support the following transparent bridging features :
· Bridging over Ethernet
· Bridging over point-to-point (PPP) and high-level data link control (HDLC) links
· Bridging over X.25 links
· Bridging over frame relay (FR) links
· Inter-VLAN transparent bridging
· Routing and bridging are simultaneously supported
3.2 Major Functionalities of Bridges
3.2.1 Maintaining the bridge table
A bridge relies on its bridge table to forward data. A bridge table consists two parts : MAC address list and
interface list. Once connected to a physical LAN segment, a bridge listens to all Ethernet frames on the segments.
When it receives an Ethernet frame, it extracts the source MAC address of the frame and creates a mapping entry
between this MAC address and the interface on which the Ethernet frame was received.
As shown in I. Figure 1, Hosts A, B, C and D are attached to two LAN segments, of which LAN segment 1
is attached to bridge interface 1 while LAN segment 2 is connected with bridge interface 2. When Host A sends an
Ethernet frame to Host B, both bridge interface 1 and Host B receive this frame.
QTECH Software Configuration Manual
3-42
Figure 1. Host A sends an Ethernet frame to Host B on LAN segment 1
As the bridge receives the Ethernet frame on bridge interface 1, it determines that Host A is attached to
bridge interface 1 and creates a mapping between the MAC address of Host A and bridge interface 1 in its bridge
table, as shown in Figure 2.
Figure 2 The bridge determines that Host A is attached to interface 1
When Host B responds to Host B, the bridge also hears the Ethernet frame from Host B. As the frame is
received on bridge interface 1, the bridge determines that Host B is also attached to bridge interface 1, and creates a
mapping between the MAC address of Host B and bridge interface 1 in its bridge table, as shown in Figure 3.
QTECH Software Configuration Manual
3-43
Figure 3 The bridge determines that Host B is also attached to interface 1
Finally, the bridge obtains all the MAC-interface mappings (assume that all hosts are in use), as shown in
Figure 4.
Figure 4 The final bridge table
3.2.2 Forwarding and filtering
The bridge makes data forwarding or filtering decisions based on the following scenarios :
When Host A sends an Ethernet frame to Host C, the bridge searches its bridge table and finds out that Host
C is attached to bridge interface 2, and forwards the Ethernet frame out of bridge interface 2, as shown in II. Figure 5.
QTECH Software Configuration Manual
3-44
Figure 5 Forwarding
When Host A sends an Ethernet frame to Host B, as Host B is on the same LAN segment with Host A, the
bridge filters the Ethernet frame instead of forwarding it, as shown in II. Figure 6.
Figure 6 Filtering
When Host A sends an Ethernet frame to Host C, if the bridge does not find a MAC-to-interface mapping about Host
C in its bridge table, the bridge forwards the Ethernet frame to all interfaces except the interface on which the frame
was received, as shown in Figure 7.
QTECH Software Configuration Manual
3-45
Figure 7 The proper MAC-to-interface mapping is not found in the bridge table
& Note :
When a bridge receives a broadcast or multicast frame, it forwards the frame to all interfaces other
than the receiving interface.
3.3 Brief introduction of MAC address table management
System maintains a MAC address table which is used to transfer packet. The item of this table contains
MAC address, VLAN ID and interface number of packet entering. When a packet entering switch, switch will look
up the MAC address tablke according to destination MAC and VLAN ID of the packet. If it is found out, send packet
according to the specified interface in the item of MAC address table, or the packet will be broadcasted in this VLAN.
In SVL learning mode, look up the table only according to MAC in packet and neglect VLAN ID.
System possesses MAC address learning. If the source MAC address of the received packet does not existed
in MAC address table, system will add source MAC address, VLAN ID and port number of receiving this packet as a
new item to MAC address table.
MAC address table can be manual configured. Administrator can configure MAC address table according to
the real situation of the network. Added or modified item can be static, permanent, blackhole and dynamic.
System can provide MAC address aging. If a device does not receive any packet in a certain time, system
will delete related MAC address table item. MAC address aging is effective on (dynamic) MAC address item which
can be aging by learning or user configuration.
3.4 MAC address table management list
MAC address table management
· Configure system MAC address aging time
· Configure MAC address item
· Enable/disable MAC address learning
· Modify MAC address learning mode
3.5 Configure system MAC address aging time
Use mac-address-table age-time command in global configuration mode to configure MAC address aging
QTECH Software Configuration Manual
3-46
time. Use no mac-address age-time command to restore it to default time.
mac-address-table age-time { agetime | disable }
no mac-address-table age-time
Agetime means MAC address aging time which ranges from 1 to 1048575 seconds. Default MAC address
aging time is 300 seconds. Disable means MAC address not aging. Use no command to restore the default MAC
address aging time.
For example :
! Configure MAC address aging time to be 3600 seconds
QTECH(config)#mac-address-table age-time 3600
! Restore MAC address aging time to be 300 seconds
QTECH(config)#no mac-address-table age-time
Display MAC address aging time
show mac-address-table age-time
Use show mac-address-table age-time command to display MAC address aging time.
show mac-address-table age-time
For example :
! Display MAC address aging time.
QTECH(config)#show mac-address-table aging-time
3.6 Configure MAC address item
3.6.1 Add MAC address
MAC address table can be added manually besides dynamically learning.
mac-address-table { dynamic | permanent | static } mac interface interface-num vlan vlan-id
Parameter mac, vlan-id and interface-num corresponded to the three attributions of the new MAC address
table item.
MAC address attribution can be configured to be dynamic, permanent and static. Dynamic MAC address can
be aging; permanent MAC address will not be aging and this MAC address will exist after rebooting; static MAC
address will not be aging, but it will be lost after rebooting.
For example :
! Add mac address 00 : 01 : 02 : 03 : 04 : 05 to be static address table.
QTECH(config)#mac-address-table static 00 : 01 : 02 : 03 : 04 : 05 interface ethernet 0/0/1
vlan 1
3.6.2 Add blackhole MAC address
System can configure MAC address table item to be blackhole item. When the source address or destination
address is blackhole MAC address, it will be dropped.
mac-address-table blackhole mac vlan vlan-id
For example :
! When tagged head of the packet is VLAN 1, forbid packet with its source address or destination address
being 00 : 01 : 02 : 03 : 04 : 05 to go through system
QTECH(config)#mac-address-table blackhole 00 : 01 : 02 : 03 : 04 : 05 vlan 1
QTECH Software Configuration Manual
3-47
3.6.3 Delete MAC address item
Use no mac-address-table command to remove mac address table.
no mac-address-table [ blackhole | dynamic | permanent | static ] mac vlan vlan-id
no mac-address-table [ dynamic | permanent | static ] mac interface interface-num vlan vlan-id
no mac-address-table [dynamic | permanent | static ] interface interface-num
no mac-address-table [ blackhole | dynamic | permanent | static ] vlan vlan-id
no mac-address-table
Vlan means delete MAC address table item according to vlan-id; mac means deleting a specified MAC
address table item; interface-num means delete MAC address table item according to interface number; command
no mac-address-table means delete all MAC address.
For example :
! Delete all MAC address table item
QTECH(config)#no mac-address-table
3.6.4 Display MAC address table
Use show mac-address command to display MAC address table.
show mac-address-table
show mac-address-table { interface-num [ vlan vlan-id ] | cpu }
show mac-address-table mac [ vlan vlan-id ]
show mac-address-table { blackhole | dynamic | permanent | static } [ vlan vlan-id ]
show mac-address-table { blackhole | dynamic | permanent | static } interface interface-num [ vlan
vlan-id ]
show mac-address-table vlan vlan-id
The parameter meaning is the same as that of add/delete MAC address table item.
3.6.5 Enable/disable MAC address learning
This command is a batch command in global configuration mode to configure all interfaces to be the same;
in interface configuration mode, it can configure interface MAC address learning. When MAC address learning is
forbidden in an interface, packet with unknown destination address received from other interface will not be
transmitted to this interface; and packet from this interface whose source address is not in this interface will not be
transmitted. By default, all interface MAC address learning enable.
mac-address-table learning
no mac-address-table learning
For example :
! Enable MAC address learning on interface Ethernet 0/0/7.
QTECH(config-if-ethernet-0/0/7)#no mac-address-table learning
3.6.6 Display MAC address learning
show mac-address learning [ interface [ interface-num ] ]
Use show mac-address-table learning command to display MAC address learning.
QTECH Software Configuration Manual
3-48
3.6.7 Modify MAC address learning mode
System suppoets SVL and IVL learning modes. The default one is SVL. User can configure MAC learning
mode in global configuration mode. It will be effective after rebooting.
mac-address-table learning mode { svl | ivl }
show mac-address-table learning mode
For example :
! Modify MAC address to be IVL
QTECH(config)#mac-address-table learning mode ivl
! Display MAC address learning mode.
QTECH(config)#show mac-address-table learning mode
QTECH Software Configuration Manual
4-49
Chapter 4 Port Configuration
4.1 Port configuration introduction
System can provide 24 10/100Base-T Ethernet interfaces, 2 1000Base-TX(LX/SX) Ethernet interfaces and a
Console interface. Ethernet interface can work in half duplex and full duplex mode, and can negotiate other working
mode and speed rate with other network devices to option the best working mode and speed rate automatically to
predigest system configuration and management.
4.2 Port Configuration
4.2.1 Port related configuration
Configure related feature parameter of ports should enter interface configuration mode first, and then
configure.
Interface configuration list is as following :
· Enter interface configuration mode
· Enable /disable specified interface
· Configure duplex mode and speed rate
· Configure interface privilege
· Configure interface limited speed
· Configure type of receiving frame
· Configure interface type
· Configure default VLAN ID of trunk port
· Add access port to specified VLAN
· Display interface information
4.2.2 Enter interface configuration mode
Enter interface configuration mode before configuration.
Configure as following in global configuration mode :
Enter interface configuration mode
interface ethernet interface-number
Interface-num is Ethernet interface number which is in the form of device-num/slot-num/port-num, in which
device-num is in the range of 0 to 7, slot-num is in the range of 0 to 2, and port-num is in the range of 1 to 48
4.2.3 Enable/disable specified interface
After system booting, all the interfaces are defaulted to be enable, and each interface can be configured
according to real situation.
Use following commands to enable/disable an Ethernet port.
shutdown
no shutdown
Shutdown means disable a port, while no shutdown means enable a port.
QTECH Software Configuration Manual
4-50
For example :
! Enable Ethernet interface 1
QTECH(config-if-ethernet-0/0/1)#no shutdown
! Disable Ethernet interface 25
QTECH(config-if-ethernet-0/1/1)#shutdown
When interface is shutdown, the physical link is working for diagnosis.
4.2.4 Configure interface duplex mode and speed rate
100 BASE TX supports the speed of 10Mbps and 100Mbps, while 100 BASE FX supports the speed of
100Mbps. 1000 BASE TX supports the speed of 10Mbps, 100Mbps and 1000Mbps, while 1000 BASE FX supports
the speed of 1000Mbps. 100 BASE TX and 1000 BASE TX support the duplex mode of half, full duplex and
auto-negotiation mode. 100 BASE FX and 1000 Base FX only support the duplex mode of full duplex. By default,
100 Base FX is in the mode of 100M and full duplex, and other interfaces are auto-negotiation. User can configure
the working mode by himself. Use speed command to configure the speed and duplex command to configure duplex.
Command form in interface mode
speed { 10 | 10auto | 100 | 100 auto | 1000 | 1000 auto | auto }
no speed
duplex { auto | full | half }
no duplex
For example :
! Configure the speed of Ethernet 0/0/1 to 100Mbps and duplex mode to be full duplex
QTECH(config-if-ethernet-0/0/1)#speed 100
QTECH(config-if-ethernet-0/0/1)#duplex full
In system, which ofthe speed or duplex setup to auto , and the another will be setup to auto too.
4.2.5 Interface Priority Configuration
There are 8 priorities from 0 to 7, and the default interface priority is 0. The larger the priority value is, the
higher the priority is. And the packet with the higher priority will be quickly handled. If there are too much packet to
be handled in some interface or the packet is urgent to be handled, priority of this interface can be configured to be
high-priority.
Use following command in interface configuration mode :
Configure priority of Ethernet 0/0/5 to be 1
QTECH(config-if-ethernet-0/0/5)#priority 1
Restore the default priority of Ethernet 0/0/5
QTECH(config-if-ethernet-0/0/5)#no priority
4.2.6 Interface description configuration
Use following command to describe interface to distinguish each interface from others. Configure it in
interface configuration mode.
description description-list
For example :
! Configure description string “red” for the Ethernet 0/0/3
QTECH(config-if-ethernet-0/0/3)#description qtech
! Display description of Ethernet 0/0/3
QTECH Software Configuration Manual
4-51
QTECH(config)#show description interface ethernet 0/0/3
4.2.7 Ingress/egress bandwidth-control configuration
Egress/ingress bandwidth-control is to restrict the total speed rate of all sending and receiving packets.
Use following command to configure engress/ingress bandwidth-control.
Configure it in interface configuration mode :
Interface engress/ingress bandwidth-control
bandwidth { ingress | egress } target-rate
Cancel engress/ingress bandwidth
no bandwidth { ingress | egress }
Detailed description of this command please refer to the corresponding command reference.
4.2.8 Enable/disable VLAN filtration of receiving packet of
interface
When enabling VLAN ingress filtration, received 802.1Q packet which doesn’t belong to the VLAN where
the interface locates will be dropped. The packet will not be dropped if it is disabled.
Use this command in interface configuration mode.
ingress filtering
no ingress filtering
Example :
! Enable VLAN ingress filtration of e0/0/5
QTECH(config-if-ethernet-0/0/5)#ingress filtering
! Disable VLAN ingress filtration of e0/0/5
QTECH(config-if-ethernet-0/0/5)#no ingress filtering
4.2.9 Interface ingress acceptable-frame configuration
Configure ingress acceptable frame mode to be all types or only tagged.
Use following command in interface configuration mode to configure or cancel the restriction to ingress
acceptable-frame :
ingress acceptable-frame { all | tagged }
no ingress acceptable-frame
For example :
! Configure Ethernet 0/0/5 only to receive tagged frame
QTECH(config-if-ethernet-0/0/5)#ingress acceptable-frame tagged
4.2.10 Enable/disable interface flow-control
If the port is crowded, it needs controlling to avoid congestion and data loss. Use flow-control command to
control the flow. Use following command to enable/disable flow-control on current Ethernet port.
flow-control
no flow-control
For example :
! Enable flow control on Ethernet 0/0/5
QTECH Software Configuration Manual
4-52
QTECH(config-if-ethernet-0/0/5)#flow-control
! Disable flow control on Ethernet 0/0/5
QTECH(config-if-ethernet-0/0/5)#no flow-control
Use following command in any configuration mode to display interface flow-control :
show flow-control [ interface-num ]
For example :
! Display flow-control of Ethernet 0/0/5
QTECH(config-if-ethernet-0/0/5)#show flow-control ethernet 0/0/5
4.2.11 Port mode configuration
Use this command to configure port mode. If a port configures to be a trunk port, the vlan mode changes
untagged into tagged, and if a port configures to be an access one, the vlan mode changes tagged into untagged.
Configure it in interface configuration mode :
Configure port mode
switchport mode { trunk | access }
Restore default port mode : access port
no switchport mode
For example :
! Configure Ethernet 0/0/1 to be trunk port
QTECH(config-if-ethernet-0/0/1)#switchport mode trunk
4.2.12 Trunk allowed VLAN configuration
Use switchport trunk allowed vlan command to add trunk port to specified VLAN. Use no switchport trunk
allowed vlan command to remove trunk port from specified vlan.
Add trunk port to specified vlan
switchport trunk allowed vlan { vlan-list | all }
Remove trunk port from specified vlan
no switchport trunk allowed vlan { vlan-list | all }
For example :
! Add trunk ports Ethernet0/0/1 to VLAN 3, 4, 70 to 150
QTECH(config-if-ethernet-0/0/1)# switchport trunk allowed vlan 3, 4, 70- 150
4.2.13 The default vlan-id of trunk port configuration
Use switchport trunk native vlan command to configure the default vlan-id (pvid) of trunk port. When
receiving untagged packet, it will be transferred to VLAN defaulted VLAN ID. Packet receiving and sending follow
IEEE 802.1Q. Configure it in interface configuration :
Configure default VLAN ID of trunk port
switchport trunk native vlan vlan-id
Restore default VLAN ID of trunk port
no switchport trunk native
Caution : above configuration is effective to trunk port. By default, default VLAN ID is 1. If this port is
not in VLAN 1, configuration fails.
4.2.14 Add access port to specified VLAN
Use switchport access command to add access port to specified VLAN, and the default VLAN-ID is
configured to be the specified VLAN. Configure it in interface configuration mode :
QTECH Software Configuration Manual
4-53
Add current port to specified VLAN, and the default VLAN-ID is configured to be the specified VLAN
switchport access vlan vlan-id
Remove current port from specified VLAN, if the default vlan-id of the current port is the specified VLAN
and this port also belongs to VLAN 1, the default vlan-id of the current port restores to be 1, or the default VLAN ID
will not be changed.
no switchport access vlan vlan-id
The precondition to use this command is the current port is access port and the VLAN to be added is not
default VLAN 1.
4.2.15 Display interface information
Use show interface [ interface-num ] to display information of specified interface or all interfaces :
1) Interface state (enable/disable)
2) Connection
3) Working mode (full duplex, half duplex or auto-negotiation)
4) Default VLAN ID
5) Interface priority
6) Port mode (trunk/access port)
If no parameter is input in show interface [interface-num ] command, information of all interfaces will be
displayed.
4.2.16 Display/ clear interface statistics information
Use show statistics interface [interface-num ] command in any configuration mode to display information of
specified interface or all interfaces :
· Byte receiving
· Unicast packet receiving
· Non-unicast packet receiving
· Unicast packet sending
· Non-unicast packet sending
Use clear interface [interface-num | slot-num ] command in global configuration mode to clear information of
specified interface or all interfaces in specified slot or all interfaces. Use clear interface command in interface
configuration mode to clear information of current interface.
4.3 Interface mirror
4.3.1 Brief introduction of interface mirror
System provides mirror based on interface, that is, copy packet in a or more specified interface to monitor
interface to analyze and monitor packet. For example, copy packet of Ethernet 0/0/2 to specified monitor interface
Ethernet 0/0/3 so that test and keep record by protocols linked by monitor interface Ethernet 0/0/3.
System also provides packet mirror for specified source/destination MAC address. For example, mirror
packet from Ethernet 0/0/3 with the destination MAC address of 00 : 1f : ce : 10 : 14 : f1.
System also provides mirror divider, that is, sample packet that can be mirrored and send it to mirror
destination interface to reduce the number of packet to mirror destination interface.
4.3.2 Interface mirror configuration
Interface Mirror configuration command includes :
QTECH Software Configuration Manual
4-54
· Configure mirror destination interface
· Configure mirror source interface
· Display interface mirror
4.3.2.1 Configure mirror interface
Configure mirror destination interface in global configuration mode :
mirror destination-interface interface-num
This command will cancel original mirror destination interface.
Remove mirror interface :
no mirror destination-interface interface-num
For example :
! Configure Ethernet 0/0/1 to be mirror interface
QTECH(config)# mirror destination-interface ethernet 0/0/1
4.3.2.2 Configure mirror source interface
Configure mirror source-interface of switch in global configuration mode :
Configure mirror source-interface
mirror source-interface { interface-list | cpu } { both | egress | ingress }
interface-list is in the form of interface-num [ to interface-num ], which can be repeated for 3 times. Cpu
interface is in the form og character string “cpu”, both means mirroregress and ingress interfaces, egress means
mirror interface egress and ingress means mirror interface ingress.
Remove mirror source interface
no mirror source-interface { interface-list | cpu }
For example :
! Configure Ethernet 0/0/1 to Ethernet 0/0/12 to be mirror source interfaces
QTECH(config)# mirror source-interface ethernet 0/0/1 to ethernet 0/0/12 both
! Remove Ethernet 0/0/10 to Ethernet 0/0/12 from mirror source interfaces
QTECH(config)#no mirror source-interface ethernet 0/0/10 to ethernet 0/0/12
4.3.2.3 Display interface mirror
Use show mirror command to display system configuration of current mirror interface, including monitor
port and mirrored port list. Use this command in any configuration mode :
show mirror
For example :
! Display monitor port and mirrored port list
QTECH#show mirror
4.4 Brief introduction of Port LACP
Port convergence is a channel group formed by many ports convergence to realize flow load sharing for
each member. When a link cannot be used, flow of this link will be transferred to another link to guarantee the
smoothness of the flow.
4.4.1 LACP
The link aggregation control protocol (LACP) is defined in IEEE 802.3ad. Link aggregation control protocol
data unit (LACPDU) is used for exchanging information among LACP-enabled devices.
After LACP is enabled on a port, the port sends LACPDUs to notify the remote system of its system LACP
priority, system MAC address, port LACP priority, port number, and operational key. Upon receipt of an LACPDU,
QTECH Software Configuration Manual
4-55
the remote system compares the received information with the information received on other ports to determine the
ports that can operate as selected ports. This allows the two systems to reach agreement on the states of the related
ports
When aggregating ports, link aggregation control automatically assigns each port an operational key based
on its rate, duplex mode, and other basic configurations. In an LACP aggregation group, all ports share the same
operational key; in a manual or static LACP aggregation, the selected ports share the same operational key.
Basic configurations are :
1. 13 static or dynamic channel groups can be configured and at most 12 interface members can be
configured in each group, and at most 8 interfaces can be convergent at the same time in each group which is
determined by up/down status, interface number, LACP priority. Each group is defined to be a channel group, and the
command line is configured around it.
2. Load balance strategy of each group can be divided into source MAC, destination MAC, source and
destination MAC, source IP, destination IP, and source and destination IP. The default strategy is source MAC.
3. System and interface LACP priority can be configured. The default system priority is 32768, and interface
priority is 128. To remove system and interface priority is to restore them to default ones.
4. LACP protocol of each interface can be configured. In static mode, interface is static convergent, and
LACP protocol does not run; in active mode, interface will initiate LACP negotiation actively; in passive mode,
interface only can response LACP negotiation. When interconnecting with other device, static mode only can
interconnect with static mode; active can interconnect with active and passive mode, but passive mode only can
interconnect with active mode. The default mode of interface is ACTIVE mode.
Each convergent interface need same layer 2 features, so there are following restrictions to interfaces in a
channel group :
Static convergent interfaces and dynamic convergent interfaces can not be in a same channel group, but there
can be static convergent channel as well as dynamic convergent channel.
Each interface in a same channel group must possess the same features as following : interface speed rate,
working mode of full duplex, STP/GVRP/GMRP function, STP cost, STP interface priority, VLAN features (interface
mode, PVID, VLAN belonged to, tag vlan list of access interface, allowed vlan list of trunk interface) and layer 2
multicast group belonged to.
If modifying the feature of one interface in the channel group, other interfaces will be modified
automatically in the same place. The feature refers to point 2.
After convergence, static hardware item (ARL, MARL, PTABLE, VTABLE) will be modified, but there will
be delay.
After convergence, only host interface can send CPU packet. If STP changes status of some interface, the
status of the whole channel group will be changed.
After convergence, when transferring layer 2 protocol packet, STP/GARP/GNLINK will not transfer packet
to the current channel grou. If transferring to other channel group, only one packet will be transferred.
If there are members in the channel group, this channel group cannot be deleted. Delete interface members
first.
Influence on choosing link redundancy caused by LACP system and interface priority. LACP provides link
redundancy mechanism which needs to guarantee the redundancy consistency of two interconnected switches and
user can configure redundancy link which is realized by system and interface priority. The redundancy choosing
follows the following steps :
First, determine which switch is the choosing standard. For LACP packets interaction, each of the two
switches knows each other’s LACP system priority and system MAC and compares the LACP system priority to
choose the smaller one; if the system priority is the same, compare MAC and choose the smaller one.
Then, choose redundancy link according to the interface parameter of the chosen switch. Compare interface
LACP priority, and choose the inferior one to be redundant. If the priorities are the same, choose the interface whose
interface number is larger to be redundant.
Link aggregation aggregates multiple physical Ethernet ports into one logical link, also called a logical
group, to increase reliability and bandwidth.
4.4.2 Manual Link Aggregation
4.4.2.1 Overview
Manual aggregations are created manually. Member ports in a manual aggregation are LACP-disabled.
4.4.2.2 Port states in a manual aggregation
In a manual aggregation group, ports are either selected or unselected. Selected ports can receive and
transmit data frames whereas unselected ones cannot. Among all selected ports, the one with the lowest port number
is the master port and others are member ports.
When setting the state of ports in a manual aggregation group, the system considers the following :
QTECH Software Configuration Manual
4-56
· Select a port from the ports in up state, if any, in the order of full duplex/high speed, full duplex/low
speed, half duplex/high speed, and half duplex/low speed, with the full duplex/high speed being the
most preferred. If two ports with the same duplex mode/speed pair are present, the one with the lower
port number wins out. Then, place those ports in up state with the same speed/duplex pair, link state and
basic configuration in selected state and all others in unselected state.
· When all ports in the group are down, select the port with the lowest port number as the master port
and set all ports (including the master) in unselected state.
· Place the ports that cannot aggregate with the master in unselected state, for example, as the result of
the cross-board aggregation restriction.
Manual aggregation limits the number of selected ports in an aggregation group. When the limit is exceeded,
the system changes the state of selected ports with greater port numbers to unselected until the number of selected
ports drops under the limit.
In addition, unless the master port should be selected, a port that joins the group after the limit is reached
will not be placed in selected state even if it should be in normal cases. This is to prevent the ongoing service on
selected ports from being interrupted. You need to avoid the situation however as the selected/unselected state of a
port may become different after a reboot.
4.4.2.3 Port Configuration Considerations in manual aggregation
As mentioned above, in a manual aggregation group, only ports with configurations consistent with those of
the master port can become selected. These configurations include port rate, duplex mode, link state and other basic
configurations.
You need to maintain the basic configurations of these ports manually to ensure consistency. As one
configuration change may involve multiple ports, this can become troublesome if you need to do that port by port. As
a solution, you may add the ports into an aggregation port group where you can make configuration for all member
ports.
When the configuration of some port in a manual aggregation group changes, the system does not remove
the aggregation; instead, it re-sets the selected/unselected state of the member ports and re-selects a master port.
4.4.3 Static LACP link aggregation
4.4.3.1 Overview
Static aggregations are created manually. After you add a port to a static aggregation, LACP is enabled on it
automatically.
4.4.3.2 Port states in static aggregation
In a static aggregation group, ports can be selected or unselected, where both can receive and transmit
LACPDUs but only selected ports can receive and transmit data frames. The selected port with the lowest port
number is the master port and all others are member ports.
All member ports that cannot aggregate with the master are placed in unselected state. These ports include
those using the basic configurations different from the master port or those located on a board different from the
master port because of the cross-board aggregation restriction.
Member ports in up state can be selected if they have the configuration same as that of the master port. The
number of selected ports however, is limited in a static aggregation group. When the limit is exceeded, the local and
remote systems negotiate the state of their ports as follows :
1) Compare the actor and partner system IDs that each comprises a system LACP priority plus a system MAC
address as follow :
· First compare the system LACP priorities. The system with lower system LACP priority wins out.
· If they are the same, compare the system MAC addresses. The system with the smaller ID has higher
priority. (the lower the LACP priority, the smaller the MAC address, and the smaller the device ID)
2) Compare the port IDs that each comprises a port LACP priority and a port number on the system with higher ID as
follows :
· Compare the port LACP priorities. The port with lower port LACP priority wins out.
· If two ports with the same port LACP priority are present, compare their port numbers. The state of the
ports with lower IDs then change to selected and the state of the ports with higher IDs to unselected, so
does the state of their corresponding remote ports. (the lower the LACP priority, the smaller the port
number, and the smaller the port ID)
QTECH Software Configuration Manual
4-57
4.4.3.3 Port configuration considerations in static aggregation
Like in a manual aggregation group, in a static LACP aggregation group, only ports with configurations
consistent with those of the master port can become selected. You need to maintain the basic configurations of these
ports manually to ensure consistency. As one configuration change may involve multiple ports, this can become
troublesome if you need to do that port by port. As a solution, you may add the ports into an aggregation port group
where you can make configuration for all member ports.
When the configuration of some port in a static aggregation group changes, the system does not remove the
aggregation; instead, it re-sets the selected/unselected state of the member ports and re-selects a master port.
4.5 Load-Balance in a Link Aggregation Group
Link aggregation groups fall into load sharing aggregation groups and non-load sharing aggregation groups
depending on their support to load sharing.
A load sharing aggregation group can contain at least one selected port but a non-load sharing aggregation
group can contain only one.
Link aggregation groups perform load sharing depending on availability of hardware resources. When
hardware resources are available, link aggregation groups created containing at least two selected ports perform load
sharing, while link aggregation groups created with only one selected port perform load sharing depending on the
model of your device. After hardware resources become depleted, link aggregation groups work in non-load sharing
mode.
4.6 Aggregation Port Group
As mentioned earlier, in a manual or static aggregation group, a port can be selected only when its
configuration is the same as that of the master port in terms of duplex/speed pair, link state, and other basic
configurations. Their configuration consistency requires administrative maintenance, which is troublesome after you
change some configuration.
To simplify configuration, port-groups are provided allowing you to configure for all ports in individual
groups at one time. One example of port-groups is aggregation port group.
Upon creation or removal of a link aggregation group, an aggregation port-group which cannot be
administratively created or removed is automatically created or removed. In addition, you can only assign/remove a
member port to/from an aggregation port-group by assigning/removing it from the corresponding link aggregation
group.
4.7 Link aggregation configuration
Port LACP configuration command includes channel group configuration
Please configure it in global configuration mode :
channel-group channel-group-number
Parameter “channel-group-number” is range from 0 to 16.
For example :
! Create a channel group with the group number being 0
QTECH(config)#channel-group 0
Delete channel group
no channel-group channel-group-number
Add add port members to the group
channel-group channel-group-number mode {active | passive | on}
In interface configuration mode, add current interface to channel group and specify the mode of interface. If
the channel group doesn’t exist, create it.
For example :
! Add Ethernet 0/0/3 to channel-group 3 and specify the port to be active mode
QTECH(config-if-ethernet-0/0/3)#channel-group 3 mode active
Delete interface member in channel group
QTECH Software Configuration Manual
4-58
no channel-group channel-group-number
In interface configuration mode, delete current interface from channel group.
For example :
! Delete interface Ethernet 0/0/3 from channel group 3
QTECH(config-if-ethernet-0/0/3)#no channel-group 3
Configure load balance of switch
channel-group load-balance {dst-ip|dst-mac|src-dst-ip|src-dst-mac|src-ip|src-mac}
For example :
! Specify load-balance of channel-group 0 is destination mac
QTECH(config)#channel-group load-balance dst-mac
Configure system LACP priority
lacp system-priority priority
For example :
! Configure LACP system priority is 40000
QTECH(config)#lacp system-priority 40000
Delete system LACP priority
no lacp system-priority
Use this command to restore system default LACP priority to be 32768.
Configure interface LACP priority
lacp port-priority priority
Use this command in interface configuration mode to configure LACP priority of the current interface
For example :
! Configure lacp port-priority of Ethernet 0/0/2 to be 12345
QTECH(config-if-ethernet-0/0/2)#lacp port-priority 12345
Delete interface LACP priority
no lacp port-priority
Use this command to restore interface default LACP priority to be 128.
Display system LACP ID
show lacp sys-id
System id is in the form of 16 characters of system priority and 32 characters of system MAC address.
For example :
! Display lacp system id
QTECH(config)#show lacp sys-id
Display local information of channel group
show lacp internal [channel-group-number]
Use show lacp interval command to display the information of group members, if the there is no keywords,
all groups are displayed.
For example : Display the member information of channel group 2.
QTECH#show lacp internal 2
Display information of neighbour interface of channel group
show lacp neighbor [channel-group-number]
Use show lacp neighbor command to display the information of the neighbour port in the group. If there is
no keyword, the neighbor ports of all the groups are displayed.
For example : Display the information of the neighbour port of the group 2
QTECH#show lacp neighbor 2
QTECH Software Configuration Manual
4-59
4.8 Interface BPDU-rate configuration
4.8.1 Brief introduction of interface CAR
Interface CAR is used to restrict the speed rate of BPDU packets with MAC 01 : 80 : C2 : xx : xx : xx
impacted CPU of single interface. CPU can make speed rate statistics of each interface. If the speed rate is larger than
the configured threshold (it is defaulted to be 300 packet/second), disable this interface and send trap of interface
being abnormal. After a certain time (it is defaulted to be 480 seconds), re-enable the interface. If this interface will
not be re-disabled by interface CAR in 2 seconds, the storm of impacting CPU by interface is over, and the interface
recovers, and sends the trap of interface being normal. Caution : If the re-enabled interface is disable again by
impacting CPU packet in 2 seconds, no trap of interface being abnormal is sent.
4.8.2 Port CAR configuration command list
Port CAR configuration command includes :
· Enable/disable interface CAR globally
· Enable/disable interface CAR on a port
· Configure interface CAR re-enable time
· Configure interface CAR
· Display interface CAR status
4.8.3 Enable/disable interface globally
Configure it in global configuration mode
Enable global interface
port-car
Disable global interface
no port-car
By default, port-car globally enables
For example :
! Enable port-car globally
QTECH(config)#port-car
4.8.4 Enable/disable interface CAR on interface
Please configure it in interface configuration mode :
Enable interface CAR
port-car
Disable interface CAR
no port-car
For example :
! Enable port-car of Ethernet 0/0/8
QTECH(config-if-ethernet-0/0/8)#port-car
4.8.5 Configure the reopen time of the port shutdown by
port-car
Please configure it in global configuration mode :
Configure the reopen time of the port shutdown by port-car
QTECH Software Configuration Manual
4-60
port-car-open-time time
By default, port-car-open-time is 480 seconds
For example :
! Configure port-car-open-time to be 10 seconds
QTECH(config)#port-car-open-time 10
4.8.6 Configure the port-car-rate
Please configure it in global configuration mode :
Configure the port-car-rate
port-car-rate rate
Default port-car-rate is 300 packet/second
For example :
! Configure port-car-rate to be 200 packet/second
QTECH(config)#port-car-rate 200
4.8.7 Display port-car information
Input following command in any configuration mode to display port-car information :
show port-car
For example :
! Display port-car information
QTECH(config)#show port-car
4.9 Port Alarm Configuration
4.9.1 Brief introduction of port alarm configuration
System can monitor port packet receiving rate. If the rate of receiving packet is beyond the interface flow
exceed threshold, send alarm of large interface flow and the interface is in the status of large interface flow. In this
status, if the rate of receiving packet is lower than the interface flow normal threshold, send alarm of normal interface
flow. This function can actively report the rate of receiving packet to user.
4.9.2 Port alarm configuration list
Port alarm configuration command includes :
· Enable/disable port alarm globally
· Enable/disable port alarm on the port
· Configure the exceed threshold and normal threshold of port alarm
· Display port alarm
4.9.3 Enable/disable port alarm globally
Please configure it in global configuration mode :
Enable port alarm globally
alarm all-packets
Disable port alarm globally
QTECH Software Configuration Manual
4-61
no alarm all-packets
By default, alarm all-packets enable.
For example :
! Enable global alarm all-packets
QTECH(config)#alarm all-packets
4.9.4 Enable/disable port alarm on the port
Please configure it in interface configuration mode :
Enable port alarm on the port
alarm all-packets
Disable port alarm on the port
no alarm all-packets
For example :
! Enable alarm all-packets of Ethernet 0/0/8
QTECH(config-if-ethernet-0/0/8)# alarm all-packets
4.9.5 Configure the exceed threshold and normal threshold
of port alarm
Configure the exceed threshold and normal threshold of port alarm
alarm all-packets threshold [ exeed rate] [ normal rate]
Caution : Exceed > normal. By default, 100 BASE exceed threshold is 85, normal
threshold is 60
For example :
! Configure alarm all-packets exceed threshold to be 500, and normal threshold to be 300
QTECH(config)#alarm all-packets threshold exceed 500 normal 300
4.9.6 Display port alarm
Input following command in any configuration mode to display global interface alarm :
show alarm all-packets
For example :
! Display global alarm all-packets information
QTECH(config)#show alarm all-packets interface ethernet 0/0/1
Input following command in any configuration mode to display interface alarm on the port :
show alarm all-packets interface [ interface-list ]
Keyword “interface-list” is alternative. If there is no keyword, the alarm all-packets of all the interfaces are
displayed, or the information of specified port is displayed.
For example :
! Display the alarm all-packets interface information of Ethernet 0/0/1
QTECH(config)#show alarm all-packets interface ethernet 0/0/1
e0/0/1 port alarm information
Port alarm status : enable
Port alarm exceed threshold(Mbps) : 85
Port alarm normal threshold(Mbps) : 60
QTECH Software Configuration Manual
4-62
Total entries : 1.0
4.10 Shutdown-control feature
Interface shutdown-control is used to restrict the speed rate of unicast\ multicast\broadcast of single interface.
If the rate is beyond the configured restricted value (that can be configured) the interface will be shut down and
failure trap will be sent. After a while (it is defaulted to be 480 seconds, which can be configured) it may reopen, or
may be reopened by manual. If the interface will not reshutdown-control in 2 seconds, it turns normal and normal trap
will be sent. If the interface reshutdown-control in 2 seconds, the failure trap will not be sent.
4.11 Interface shutdown-control configuration list
Interface shutdown-control configuration list is as following :
· Configuration mode and time
· Configuration shutdown-control
· Configure shutdown-control open-time
· Display shutdown-control
4.11.1 Configuration mode and time
Configure it in global configuration mode.
shutdown-control-recover {automatic-open-time seconds, mode [automatic, manual]}
seconds mean time for unshutdown interface
Use automatic or manual mode for control port shutdown.
4.11.2 Configuration interface shutdown-control
Configure it in interface configuration mode :
Enable shutdown-control
shutdown-control [ broadcast | multicast | unicast ] target-rate
Disable shutdown-control
no shutdown-control [ broadcast | multicast | unicast ]
By default, shutdown-control is disabled.
Example :
! Enable shutdown-control of e0/0/8 for broadcast and speed rate is 100pps.
QTECH(config-if-ethernet-0/0/8)#shutdown-control broadcast 100
4.11.3 Display shutdown-control
Configure it in any configuration mode :
show shutdown-control
Example :
! Display interface shutdown-control information
QTECH(config)#show shutdown-control
4.12 Port isolation configuration
Forbid intercommunication of users in different interfaces by port isolation configuration.
QTECH Software Configuration Manual
4-63
There are two kinds of interfaces in port isolation function. One is uplink port, and the other is downlink
port. Uplink port can transmit any packet, but downlink port can only transmit the packet whose destination is uplink
port. Connect user’s computer to downlink port, and advanced devices connect to uplink port to shield
intercommunication bwtween users and not influence user accessing exterior network through advanced switching
devices.
Use port-isolation command in global configuration mode to add a or a group of descendent isolation port.
Use no port-isolation command to remove a or a group of descendent isolation port :
Add port isolation downlink port
port-isolation { interface-list }
Delete port isolation downlink port
no port-isolation { interface-list | all }
interface-list is the optioned interface list which means one or more Ethernet interfaces. When adding port
isolation downlink ports, not all ports can be added to be port isolation downlink ports. Choose all only when delete
port isolation downlink ports. Choose “all” to remove all downlink isolation ports. By default, all ports are port
isolation uplink ports.
For example :
! Add Ethernet 0/0/1, Ethernet 0/0/3, Ethernet 0/0/4, Ethernet 0/0/5, Ethernet 0/0/8 to be downlink isolation
port.
QTECH(config)#port-isolation ethernet 0/0/1 ethernet 0/0/3 to ethernet 0/0/5 ethernet 0/0/8
! Remove ethernet 0/0/3, Ethernet 0/0/4, Ethernet 0/0/5, ethernet 0/0/8 from downlink isolation port.
QTECH(config)#no port-isolation ethernet 0/0/3 to ethernet 0/0/5 ethernet 0/0/8
4.13 Strom control configuration
Restrict the speed rate of port receiving broadcast, known multicast/ unknown unicast packets by storm
control configuration.
Use storm-control command in interface configuration mode to configure storm-control. Use show interface
command to display storm-control information.
Configure the speed rate of storm control
storm-control rate target-rate
Enable storm control
storm-control { broadcast | multicast | dlf }
Disable storm control
no storm-control { broadcast | multicast | dlf }
For example :
! Configure storm control of e0/0/1 with the speed rate being 2Mbps
QTECH(config-if-ethernet-0/0/1)#storm-control rate 2048
! Enable known multicast storm control of e0/0/1
QTECH(config-if-ethernet-0/0/1)#storm-control multicast
! Configure known multicast storm control of e0/0/3 with the speed rate being 5Mbps
QTECH(config-if-ethernet-0/0/3)#storm-control multicast 5120
QTECH Software Configuration Manual
5-64
Chapter 5 VLAN Configuration
5.1 Introduction to VLAN
5.1.1 VLAN Overview
Ethernet is a network technology based on the Carrier Sense Multiple Access/Collision Detect (CSMA/CD)
mechanism. As the medium is shared in an Ethernet, network performance may degrade as the number of hosts on the
network is increasing. If the number of the hosts in the network reaches a certain level, problems caused by collisions,
broadcasts, and so on emerge, which may cause the network operating improperly. In addition to the function that
suppresses collisions (which can also be achieved by interconnecting LANs), virtual LAN (virtual LAN) can also
isolate broadcast packets. VLAN divides a LAN into multiple logical LANs with each being a broadcast domain.
Hosts in the same VLAN can communicate with each other like in a LAN. However, hosts from different VLANs
cannot communicate directly. In this way, broadcast packets are confined to a single VLAN, as illustrated in the
following figure.
VLAN diagram
A VLAN is not restricted by physical factors, that is to say, hosts that reside in different network segments
may belong to the same VLAN, users in a VLAN can be connected to the same switch, or span across multiple
switches or routers.
VLAN technology has the following advantages :
1) Broadcast traffic is confined to each VLAN, reducing bandwidth utilization and improving network performance.
2) LAN security is improved. Packets in different VLANs cannot communicate with each other directly. That is, users
in a VLAN cannot interact directly with users in other VLANs, unless routers or Layer 3 switches are used.
3) A more flexible way to establish virtual working groups. With VLAN technology, clients can be allocated to
different working groups, and users from the same group do not have to be within the same physical area, making
network construction and maintenance much easier and more flexible.
QTECH Software Configuration Manual
5-65
5.1.2 VLAN Fundamental
To enable packets being distinguished by the VLANs they belong to, a field used to identifying VLANs is
added to packets. As common switches operate on Layer 2, they only process Layer 2 encapsulation information and
the field thus needs to be inserted to the Layer 2 encapsulation information of packets.
The format of the packets carrying the fields identifying VLANs is defined in IEEE 802.1Q, which is issued
in 1999.
In the header of a traditional Ethernet packet, the field following the destination MAC address and the
source MAC address is protocol type, which indicates the upper layer protocol type. Figure 2 illustrates the format of
a traditional Ethernet packet, where DA stands for destination MAC address, SA stands for source MAC address, and
Type stands for upper layer protocol type.
Figure 2 The format of a traditional Ethernet packet
IEEE802.1Q defines a four-byte VLAN Tag field between the DA&SA field and the Type field to carry
VLAN-related information, as shown in Figure 3.
Figure 3 The position and the format of the VLAN Tag field
The VLAN Tag field comprises four sub-fields : the TPID field, the Priority field, the CFI field, and the
VLAN ID field.
· The TPID field, 16 bits in length and with a value of 0x8100, indicates that a packet carries a VLAN tag with
it.
· The Priority field, three bits in length, indicates the priority of a packet. For information about packet priority,
refer to QoS Configuration in QoS Volume.
· The CFI field, one bit in length, specifies whether or not the MAC addresses are encapsulated in standard
format when packets are transmitted across different medium. This field is not described here.
· The VLAN ID field, 12 bits in length and with its value ranging from 0 to 4095, identifies the ID of the
VLAN a packet belongs to. As VLAN IDs of 0 and 4095 are reserved by the protocol, the actual value of this
field ranges from 1 to 4094.
A network device determines the VLAN to which a packet belongs to by the VLAN ID field the packet
carries. The VLAN Tag determines the way a packet is processed.
5.1.3 VLAN Classification
Based on different criteria, VLANs can be classified into different categories. The following types are the
most commonly used :
· Port-based
· 802.1Q
· Policy-based
· Other types
This chapter will focus on the port-based VLANs and 802.1Q VLANs.
5.1.4 VLAN Interface
VLAN interfaces are virtual interfaces used for communications between different VLANs. Each VLAN can
have one VLAN interface. Packets of a VLAN can be forwarded on network layer through the corresponding VLAN
interface. As each VLAN forms a broadcast domain, a VLAN can be an IP network segment and the VLAN interface
can be the gateway to enable IP address-based Layer 3 forwarding.
QTECH Software Configuration Manual
5-66
5.1.5 Port-Based and 802.1Q VLAN
This is the simplest yet the most effective way of classifying VLANs. It groups VLAN members by port.
After added to a VLAN, a port can forward the packets of the VLAN.
5.1.6 Port link type
Based on the tag handling mode, a port’s link type can be one of the following three :
· Trunk port : the port can belong to multiple VLANs, can receive/send packets for multiple VLANs,
normally used to connect network devices;
The differences between Access and Trunk port :
· A Access port allows packets of multiple VLANs to be sent with or without the Tag label;
· A Trunk port only allows packets with Tag label.
5.1.7 Default VLAN
You can configure the default VLAN for a port. By default, VLAN 1 is the default VLAN for all ports.
However, this can be changed as needed.
· Ports PVID only belongs to one tag of VLAN. Therefore, its default VLAN is the VLAN it resides in and
cannot be configured.
· You can configure the default VLAN for the Trunk port or the Access port as they can both belong to
multiple VLANs.
5.1.8 Super VLAN
With the development of networks, network address resource has become more and more scarce. The
concept of Super VLAN was introduced to save the IP address space. Super VLAN is also named as VLAN
aggregation. A super VLAN involves multiple sub-VLANs. It has a VLAN interface with an IP address, but no
physical ports can be added to the super VLAN. A sub-VLAN can has physical ports added but has no IP address and
VLAN interface. All ports of sub-VLANs use the VLAN interface’s IP address of the super VLAN. Packets cannot be
forwarded between sub-VLANs at Layer 2.
If Layer 3 communication is needed from a sub-VLAN, it will use the IP address of the super VLAN as the
gateway IP address. Thus, multiple sub-VLANs share the same gateway address and thereby save IP address
resource.
The local Address Resolution Protocol (ARP) proxy function is used to realize Layer 3 communications
between sub-VLANs and between sub-VLANs and other networks. It works as follows : after creating the super
VLAN and the VLAN interface, enable the local ARP proxy function to forward ARP response and request packets.
5.1.9 VLAN interface type
System supports IEEE 802.1Q which possesses two types of VLAN interfaces. One is tagged, and the other
is untagged.
Tagged interface can ad VLAN ID, priority and other VLAN information to the head of the packet which is
out of the interface. If the packet has included IEEE 802.1Q information when entering the switch, the mark
information will not be changed; if the packet has not includes IEEE 802.1Q mark information, system will
determine the VLAN it belongs to according to the default VLAN ID of the receiving interface. Network devices
supported IEEE 802.1Q will determine whether or not to transmit this packet by the VLAN information in the mark.
Untagged interface can drop the mark information from all the packets which are out of the interface. When
a frame is out of a untagged interface, it will not contain IEEE 802.1Q mark information. The function of dropping
the mark makes the packet can be transferred from the network device supported mark to the one which doesn’t
QTECH Software Configuration Manual
5-67
support it.
Now, only the switch supported IEEE 802.1Q can be recognize IEEE 802.1Q frame so only a port linking
to a switch supported IEEE 802.1Q can be configured to be Tagged port.
5.1.10 Default VLAN
There is a default VLAN of production, which possesses following features :
· The name of this VLAN is Default which can be modified.
· It includes all ports which can be added and deleted.
· All the port mode of default VLAN is untagged which can be modified to be tagged.
· VLAN ID of default VLAN is 1 which cannot be deleted.
5.2 VLAN configuration list
Configure VLAN should create VLAN according to the need first, then configure VLAN interface and its
parameter.
VLAN configuration list is as following :
· Create/delete VLAN
· Add/delete VLAN interface
· Specify/delete VLAN description
· Configure interface type
· Configure interface default vlan ID
· Configure tag vlan
· Display VLAN information
5.2.1 Create/delete VLAN
Configure it in global configuration mode :
Enter VLAN configuration mode or create VLAN and enter it
vlan vlan-list
Delete created VLAN or specified VLAN except VLAN 1
no vlan { vlan-list | all }
VLAN-ID allowed to configure by system is in the range of 1 to 4094. vlan-list can be in the form of
discrete number, a sequence number, or the combination of discrete and sequence number, discrete number of which
is separate by comma, and sequence number of which is separate by subtraction sign, such as : 2, 5, 8, 10-20. Use
the vlan command to enter VLAN configuration mode. If the vlan identified by the vlan-id keyword exists, enter
VLAN configuration mode. If not, this command creates the VLAN and then enters VLAN configuration mode. For
example, if VLAN 2 is not existed, system will create VLAN 2 first, then enter VLAN configuration mode; if
VLAN 2 has existed, enter VLAN configuration mode.
When deleting VLAN, if the vlan-list is specified, delete corresponding VLAN. If choosing all, delete all
existed VLAN except default VLAN. If deleting interface in VLAN, and default VLAN id is the same as the VLAN
to be deleted, restore interface default VLAN ID to be default VLAN ID.isted VLAN except default VLAN.
orresponding VLAN. has existed, enter VLAN configuration mode.. errperrp
If the VLAN to be removed exists in the multicast group, remove the related multicast group first.
QTECH Software Configuration Manual
5-68
5.2.2 Add/delete VLAN interface
Use the switchport command to add a port or multiple ports to current VLAN. Use the no switchport
command to remove a port or multiple ports from current VLAN. Use following commands in VLAN configuration
mode :
Add interface to specified VLAN
switchport { interface-list | all }
Delete some interface from specified VLAN
no switchport { interface-list | all }
Interface-list is the optioned interface list which means a or more interfaces. If choose all, add all ports to
current VLAN; if choosing all when deleting interface, all ports in current VLAN will be deleted. When deleting
interface from VLAN 1, if the PVID of interface is 1, modify the PVID to be other VLAN ID before deleting this
interface. When deleting interface in other VLAN ID, port PVID should be the same as the VLAN ID, and the port is
also in VLAN 1, delete it. If this port is not in VLAN 1, modify port PVID to be other VLAN ID, delete the port.
There are two status of the interface in VLAN, one is tagged and the other is untagged. If the port is access port, add
it to VLAN with the status of being untagged. If it is trunk port, change it to be tagged in VLAN.
For example :
! Add Ethernet 1, 3, 4, 5, 8 to current VLAN
QTECH(config-if-vlan)#switchport ethernet 0/0/1 ethernet 0/0/3 to ethernet 0/0/5 ethernet
0/0/8
! Remove Ethernet 3, 4, 5, 8 from current VLAN
QTECH(config-if-vlan)#no switchport ethernet 0/0/3 to ethernet 0/0/5 ethernet 0/0/8
Command switchport access vlan and its no command can also add and delete port to or from VLAN. Please
refer to interface configuration of chapter 2.
5.2.3 Specify/restore VLAN description
The description string is used to distinguish each VLAN. Please configure it in VLAN configuration mode :
Specify a description string to specified VLAN
description string
Delete description string of specified VLAN
no description
string : It is in the range of 1 to 32 characters to describe the current VLAN. The characters can be printable,
excluding such wildcards as '/', ' : ', '*', '?', '\\', '<', '>', '|', '"'etc.
For example :
! Specify the description string of the current VLAN as “market”
QTECH (config-if-vlan)#description market
! Delete the description string of VLAN
QTECH(config-if-vlan)#no description
5.2.4 Configure interface type
Use switchport mode command to configure port type. Please refer to interface configuration.
5.2.5 Configure interface default vlan ID
System supports IEEE 802.1Q. When receiving a untagged packet, system would add a tag to the packet, in
which the VLAN ID is determined by the default VLAN ID of the receiving port. The command to configure default
QTECH Software Configuration Manual
5-69
VLAN of trunk port is :
switchport trunk native vlan vlan-id
For acess port, use command to configure default VLAN of specified interface :
switchport access vlan vlan-id
The detailed introduction of the corresponding command.
For example :
! Configure default vlan-id of Ethernet interface 1 to be 2
QTECH(config-if-ethernet-0/0/1)#switchport mode access
QTECH(config-if-ethernet-0/0/1)#switchport access vlan 2
Caution : To use switchport trunk native vlan vlan-id must guarantee the specified interface to be
trunk, and belongs to specified VLAN, and the VLAN ID is not 1. Use switchport access vlan vlan-id to
configure interface default VLAN and add it to the VLAN. The specified interface is access, and the VLAN is existed
and is not the default VLAN.
5.2.6 Configure tag vlan
When the port is access without tag vlan configuration, it can only send untagged packet. If it wants to send
tagged packet, use command :
tag vlan vlan-list
Use command to disable this function
no tag vlan vlan-list
The interface must be access, and configure it in interface configuration mode.
For example :
! Configure Ethernet interface 1 to send IEEE 802.1Q packet with tag VLAN 5, VLAN 7-10
QTECH(config-if-ethernet-0/0/1)#tag vlan 5, 7-10
5.2.7 Display VLAN information
VLAN information is VLAN description string, vlan-id, VLAN status and interface members in it, tagged
interfaces, untagged interfaces and dynamic tagged interfaces. Interface members consist of tagged and untagged
members.
show vlan [ vlan-id ]
If the VLAN with specified keyword exists, this command displays the information of the specified VLAN.
If no keyword is specified, this command displays the list of all the existing VLANs
For example :
! Display the information of existed VLAN 2.
QTECH(config)#show vlan 2
5.3 Brief introduction of GVRP
5.3.1 GARP protocol
The Generic Attribute Registration Protocol (GARP) was defined by the IEEE to provide a generic
framework so bridges (or other devices like switches) could register and de-register attribute values, such as VLAN
identifiers and multicast group membership. GARP defines the architecture, rules of operation, state machines and
variables for the registration and de-registration of attribute values. GARP is the protocol was used by two
applications : GARP VLAN Registration Protocol (GVRP) for registering VLAN trunking between multilayer
switches, and by the GARP Multicast Registration Protocol (GMRP). The latter two were both mostly enhancements
QTECH Software Configuration Manual
5-70
for VLAN aware switches, which requires IEEE 802.1Q.
Generic Attribute Registration Protocol (GARP) provides a mechanism that allows participants in a GARP
application to distribute, propagate, and register with other participants in a bridged LAN the attributes specific to the
GARP application, such as the VLAN or multicast address attribute.
GARP itself does not exist on a device as an entity. GARP-compliant application entities are called GARP
applications. One example is GVRP. When a GARP application entity is present on a port on your device, this port is
regarded a GARP application entity.
5.3.2 Brief introduction of GVRP
Multiple VLAN Registration Protocol (MVRP) formerly known as GARP VLAN Registration
Protocol (GVRP) is a standards-based Layer 2 network protocol, for automatic configuration of VLAN information
on switches. It was defined in the 802.1ak amendment to 802.1Q-2005.
Within a layer 2 network, MVRP provides a method to dynamically share VLAN information and
configure the needed VLANs. For example, in order to add a switch port to a VLAN, only the end port, or the
VLAN-supporting network device connected to the switchport, need be reconfigured, and all necessary VLAN trunks
are dynamically created on the other MVRP-enabled switches. Without MVRP, (or the similar Cisco-proprietary
protocol VTP) manual configuration of VLAN trunks is necessary.
It is through MVRP that Dynamic VLAN entries will be updated in the Filtering Database. In short, MVRP
helps to maintain VLAN configuration dynamically based on current network configurations.
802.1Q allows for :
1. Dynamic configuration and distribution of VLAN membership information by means of the MVRP
2. Static configuration of VLAN membership information via Management mechanisms, which allow
configuration of Static VLAN Registration Entries.
3. Combined static and dynamic configuration, in which some VLANs are configured via Management
mechanisms and for other VLANs, MVRP is relied on to establish the configuration.
5.3.3 GARP messages and timers
1) GARP messages
GARP participants exchange attributes primarily by sending the following three types of messages :
· Join to announce the willingness to register some attribute with other participants.
· Leave to announce the willingness to deregister with other participants. Together with Join
messages, Leave messages help GARP participants complete attribute reregistration and
deregistration.
· LeaveAll to deregister all attributes. A LeaveAll message is sent upon expiration of a LeaveAll
timer, which starts upon the startup of a GARP application entity.
· Through message exchange, all attribute information that needs registration propagates to all GARP
participants throughout a bridged LAN.
2) GARP timers
GARP sets interval for sending GARP messages by using these four timers :
· Hold timer –– When a GARP application entity receives the first registration request, it starts a
hold timer and collects succeeding requests. When the timer expires, the entity sends all these requests in one
Join message. This can thus help you save bandwidth.
· Join timer –– Each GARP application entity sends a Join message twice for reliability sake and
uses a join timer to set the sending interval.
· Leave timer –– Starts upon receipt of a Leave message sent for deregistering some attribute
information. If no Join message is received before this timer expires, the GARP application entity removes
the attribute information as requested.
· LeaveAll timer –– Starts when a GARP application entity starts. When this timer expires, the
entity sends a LeaveAll message so that other entities can re-register its attribute information. Then, a
LeaveAll timer starts again.
QTECH Software Configuration Manual
5-71
& Note :
· The settings of GARP timers apply to all GARP applications, such as GVRP, on a LAN.
· Unlike other three timers, which are set on a port basis, the LeaveAll timer is set in system
view and takes effect globally.
· A GARP application entity may send LeaveAll messages at the interval set by its LeaveAll
timer or the LeaveAll timer on another device on the network, whichever is smaller. This is
because each time a device on the network receives a LeaveAll message it resets its
LeaveAll timer.
5.3.3.1 Operating mechanism of GARP
The GARP mechanism allows the configuration of a GARP participant to propagate throughout a LAN
quickly. In GARP, a GARP participant registers or deregisters its attributes with other participants by making or
withdrawing declarations of attributes and at the same time, based on received declarations or withdrawals handles
attributes of other participants.
GARP application entities send protocol data units (PDU) with a particular multicast MAC address as
destination. Based on this address, a device can identify to which GVRP application, GVRP for example, should a
GARP PDU be delivered.
5.3.3.2 GARP message format
The following figure illustrates the GARP message format.
Figure 1 GARP message format
The following table describes the GARP message fields.
Table 1 Description on the GARP message fields
Field Description Value
Protocol ID Protocol identifier for GARP 1
Message One or multiple messages, each
containing an attribute type and an
attribute list
––
Attribute Type Defined by the concerned GARP
application
0x01 for GVRP, indicating
the VLAN ID attribute
Attribute List Contains one or multiple attributes ––
QTECH Software Configuration Manual
5-72
Field Description Value
Attribute Consists of an Attribute Length, an
Attribute Event, and an Attribute
Value
––
Attribute Length Number of octets occupied by an
attribute, inclusive of the attribute
length field
2 to 255 (in bytes)
Attribute Event Event described by the attribute 0 : LeaveAll
1 : JoinEmpty
2 : JoinIn
3 : LeaveEmpty
4 : LeaveIn
5 : Empty
Attribute Value Attribute value VLAN ID for GVRP
If the Attribute Event is
LeaveAll, Attribute Value is
omitted.
End Mark Indicates the end of PDU ––
5.4 GVRP Configuration list
In all configurations, enable global GVRP first before enable GVRP on a port. GVRP must be enabled in the
two ends of trunk link which follows IEEE 802.1Q standard.
GVRP Configuration list is as following :
· Enable/disable global GVRP
· Enable/disable GVRP on a port
· Display GVRP
· Add/delete vlan that can be dynamic learnt by GVRP
· Display vlan that can be learnt by GVRP
5.4.1 Enable/disable global GVRP
Please configure it in global configuration mode :
Enable global GVRP
gvrp
Disable global GVRP
no gvrp
By default, GVRP globally disabled.
For example :
! Enable GVRP globally
QTECH(config)#gvrp
QTECH Software Configuration Manual
5-73
5.4.2 Enable/disable GVRP on a port
Please configure it in interface configuration mode :
Enable GVRP on a port
gvrp
Disable GVRP on a port
no gvrp
For example :
! Enable GVRP on Ethernet port 8
QTECH(config-if-ethernet-0/0/8)#gvrp
Caution : Enable global GVRP before enable GVRP on a port. By default, global GVRP deisables and GVRP
on a port can be enabled in trunk mode interface.
5.4.3 Display GVRP
Use following command in any configuration mode to display global GVRP :
show gvrp
Use following command in any configuration mode to display GVRP on a port :
show gvrp interface [ interface-list ]
Interface-list keyword is optional. If this keyword unspecified, the command displays GVRP information for
all the Ethernet ports. If specified, the command displays GVRP information on specified Ethernet port.
For example :
! Display GVRP information on interface Ethernet 0/0/1
QTECH(config)#show gvrp interface ethernet 0/0/1
5.4.4 Add/delete vlan that can be dynamic learnt by GVRP
Use garp permit vlan command to add configured static vlan to GVRP module for other switches to learn. Configure
it in global configuration mode :
garp permit vlan vlan-list
no garp permit vlan [ vlan-list ]
For example : ! Add vlan 2, 3, 4 to GVRP
QTECH(config)#garp permit vlan 2-4
5.4.5 Display vlan that can be learnt by GVRP
Use show garp permit vlan command to display current static vlan permitted learning by GVRP
show garp permit vlan
For example :
Display current static vlan permitted learning by GVRP
QTECH(config)#show garp permit vlan
QTECH Software Configuration Manual
5-74
5.4.6 Examples for GVRP configuration
! Enable GVRP on Ethernet port 2
QTECH(config-if-ethernet-0/0/2)#gvrp
! Disable GVRP on Ethernet port 2
QTECH(config-if-ethernet-0/0/2)#no gvrp
5.5 Brief introduction of QinQ
QinQ is used for the commnunication between discrete client vlan whose service model is the
interconnection of one or more switches supported QinQ by service provider interfaces which are in service provider
vlan. The interface linking client vlan is called customer interface. Packet with client vlan tag will add a tag head with
the vlan id being service provider vlan when passing through the customer interface. The tag head will be stripped
when passing through service provider vlan.
5.5.1 Introduction to QinQ
In the VLAN tag field defined in IEEE 802.1Q, only 12 bits are used for VLAN IDs, so a device can support
a maximum of 4, 094 VLANs. In actual applications, however, a large number of VLAN are required to isolate users,
especially in metropolitan area networks (MANs), and 4, 094 VLANs are far from satisfying such requirements.
The port QinQ feature provided by the device enables the encapsulation of double VLAN tags within an
Ethernet frame, with the inner VLAN tag being the customer network VLAN tag while the outer one being the
VLAN tag assigned by the service provider to the customer. In the backbone network of the service provider (the
public network), frames are forwarded based on the outer VLAN tag only, while the customer network VLAN tag is
shielded during data transmission.
Figure 1 shows the structure of 802.1Q-tagged and double-tagged Ethernet frames. The QinQ feature
enables a device to support up to 4, 094 x 4, 094 VLANs to satisfy the requirement for the amount of VLANs in the
MAN.
Figure 1 802.1Q-tagged frame structure vs. double-tagged Ethernet frame structure
Advantages of QinQ :
· Addresses the shortage of public VLAN ID resource
· Enables customers to plan their own VLAN IDs, with running into conflicts with public network VLAN IDs.
QTECH Software Configuration Manual
5-75
· Provides a simple Layer 2 VPN solution for small-sized MANs or intranets.
Note : The QinQ feature requires configurations only on the service provider network,
and not on the customer network.
5.5.2 Implementations of QinQ
There are two types of QinQ implementations : basic QinQ and selective QinQ.
1) Basic QinQ
Basic QinQ is a port-based feature, which is implemented through VLAN VPN.
With the VLAN VPN feature enabled on a port, when a frame arrives at the port, the port will tag it with the
port’s default VLAN tag, regardless of whether the frame is tagged or untagged. If the received frame is already
tagged, this frame becomes a double-tagged frame; if it is an untagged frame, it is tagged with the port’s default
VLAN tag.
2) Selective QinQ
Selective QinQ is a more flexible, VLAN-based implementation of QinQ
5.5.3 Adjustable TPID Value of QinQ Frames
A VLAN tag uses the tag protocol identifier (TPID) field to identify the protocol type of the tag. The value
of this field, as defined in IEEE 802.1Q, is 0x8100.
Figure 2 shows the 802.1Q-defined tag structure of an Ethernet frame.
Figure 2 VLAN Tag structure of an Ethernet frame
On devices of different vendors, the TPID of the outer VLAN tag of QinQ frames may have different default values.
You can set and/or modify this TPID value, so that the QinQ frames, when arriving at the public network, carries the
TPID value of a specific vendor to allow interoperation with devices of that vendor.
The TPID in an Ethernet frame has the same position with the protocol type field in a frame without a VLAN tag. To
avoid chaotic packet forwarding and receiving, you cannot set the TPID value to any of the values in the table below.
Table 1 Reserved protocol type values
Protocol type Value
ARP 0x0806
PUP 0x0200
RARP 0x8035
IP 0x0800
IPv6 0x86DD
PPPoE 0x8863/0x8864
MPLS 0x8847/0x8848
IPX/SPX 0x8137
IS-IS 0x8000
LACP 0x8809
802.1x 0x888E
QTECH Software Configuration Manual
5-76
Cluster 0x88A7
Reserved 0xFFFD/0xFFFE/0xFFFF
5.6 QinQ configuration list
· Configure global QinQ
· Configure interface QinQ mode
· Configure interface dynamic QinQ
· Enable/disable vlan-swap
· Configure interface switching vlan
· Display dynamic QinQ
· Display switching vlan
5.6.1 Configure global QinQ
QSW-3900 supports two QinQ :
1) Static QinQ. Vlan protocol number in this mode can be configured but cannot be configured to ignore tag
head of ingress packet. If vlan protocol number is not the same as the port configuration value or the port is
configured to ignore tag head, there will be a new tag head between the 12th and 13th bit;
2) Flexible QinQ. Configure port vlan protocol number and the ignorance attribution of the tag head of ingress
port. Only when vlan protocol number of ingress packet is not the same as the port configuration value and
not the default value 8100, a new tag head will be added. If egress is TAG, TPID of TAG head is configured
TPID.
! Use dtag command to enable/disable QinQ globally in global configuration mode.
dtag { [ flexible-qinq ] | outer-tpid tpid }
no dtag
For example :
! Configure QinQ global TPID to be non dot1q-in-dot1q
QTECH(config)dtag outer-tpid 9100
5.6.2 Configure QinQ mode of interface
There are two kinds of interface modes : one is service provider port, the other is customer port. The former do not
permit ignoring tag head of ingress packet and the latter permits.
! It is in the interface configuration mode.
dtag mode { customer | service-provider }
Example :
Configure interface to be customer
QTECH(config-if-ethernet-0/0/1)#dtag mode customer
QTECH Software Configuration Manual
5-77
5.6.3 Configure interface dynamic QinQ
1. Configure a series vlan to be dynamic QinQ with the start vlan and destination vlan. In the precondition of all vlan
tag packets between start vlan are not transparent transmitted, they will transmit in the form of double tag head with
destination vlan.
! The command mode is global configuration mode
dtag insert startvlanid endvlanid targetvlanid
Example :
Configure all vlan tag packets to add a tag head with destination vlan3 from the start vlan1 to end vlan2
QTECH(config-if-ethernet-0/0/1)#dtag insert 1 2 3
2. Delete a consecultive vlan in configured dynamic QinQ on the form of start vlan and destination vlan, in which the
parameter imputed start vlan and the destination vlan must be the same as configuring a vlan series.
! The command mode is global configuration mode
no dtag insert startvlanid endvlanid
Example :
Delete all configured vlan tag packets to add a tag head with destination vlan3 from the start vlan1 to end vlan2.
QTECH(config)#no dtag insert 1 2 3
3. Configure a series vlan to be transparent transmitted in dynamic QinQ in the form of start vlan. All vlan tag packets
can be transmitted from start vlan without adding new tag head because the priority of transparent transmission id
superior than adding tag head, transparent transmission will not be influenced by svlan inset command.
! Command mode is global configuration mode
dtag pass-through startvlanid endvlanid
Example :
Configure all vlan tag packet to be transparent transmission from start vlan1 to end vlan2
QTECH(config-if-ethernet-0/0/1)#dtag pass-through 1 2
4. Delete all configured all vlan tag packet to be transparent transmission in the form of start vlan, in which the
parameter imputed start vlan must be the same as configuring a vlan series.
! Command mode is global configuration mode
no dtag pass-through startvlanid endvlanid
Example :
Delete all configured all vlan tag packet to be transparent transmission from start vlan1 to end vlan2
QTECH(config-if-ethernet-0/0/1)#no dtag pass-through 1 2
5.6.4 Enable/disable vlan-swap
Configure it in global configuration mode :
Enable vlan-swap
vlan-swap
Disable vlan-swap
no vlan-swap
By default, vlan-swap is disabled.
Example :
QTECH Software Configuration Manual
5-78
! Enable vlan-swap
QTECH(config)#vlan-swap
5.6.5 Configure global vlan-swap
1. Configure vlan in the tag to be repaced by configured vlan
! Command mode is global configuration mode
vlan-swap [original vlanID ] [ swap vlan ID ]
Example :
Configure vlan1 in tag head to be replaced by vlan2
QTECH(config)#vlan-swap vlan1 vlan2
2.Delete configured vlan swap parameter
! Command mode is global configuration mode
no vlan-swap [original vlanID ] [ swap vlan ID ]
Example :
Delete configured vlan1 in tag to be repaced by vlan2
QTECH(config)#no vlan-swap vlan1 vlan2
5.6.6 Configure rewrite-outer-vlan
Configure rewrite-outer-vlan. After configuration, all packets from this port without inner vlan ID being specified
range and with outer vlan ID being specified one(this condition can be optioned), the outer vlan ID will be modified
to be new.
! Command mode is interface configuration mode
rewrite-outer-vlan start-inner-vid end-inner-vid [ outer-vlan outer-vid ] new-outer-vlan new-outer-vid
no rewrite-outer-vlan start-inner-vid end-inner-vid [ outer-vlan outer-vid ]
Example :
Configure rewrite-outer-vlan of e0/0/1 with inner vlan ID being the range of 1~50, outer vlan ID being 3 and new
outer vlan ID being 100
QTECH(config-if-ethernet-0/0/1)# rewrite-outer-vlan 1 50 outer-vlan 3 new-outer-vlan
100
5.6.7 Display dynamic QinQ
1. Display dynamic vlan
! Command mode is global configuration mode
show dtag
Example :
Display QinQ
QTECH(config)#show dtag
2. Display transparent transmission vlan
! Command mode is global configuration mode
QTECH Software Configuration Manual
5-79
show dtag pass-through
Example :
Display transparent transmission vlan
QTECH(config)#show dtag pass-through
5.6.8 Display vlan-swap
Display vlan swap status
! Command mode is global configuration mode
show vlan-swap
Example :
Display vlan swap status
QTECH(config)#show vlan-swap
5.6.9 Display rewrite-outer-vlan
1. Display rewrite-outer-vlan
! Command mode is global configuration mode
show rewrite-outer-vlan
Example :
Display rewrite-outer-vlan
QTECH(config)#show rewrite-outer-vlan
QTECH Software Configuration Manual
6-80
Chapter 6 Layer 3 Configuration
6.1 Brief Introduction of Layer 3 switching
The major difference between the packet switching operation of a router and that of a Layer 3 switch is the
physical implementation. In general-purpose routers, packet switching takes place using a microprocessor, whereas a
Layer 3 switch performs this using application-specific integrated circuit (ASIC) hardware.
L3 switching can move traffic at wire speed and also provide layer 3 routing, which can remove the
bottleneck from the network routers. This technology is based on the idea of "route once, switch many". L3 switching
can make routing/switching decisions based on the following
· MAC source/destination address in a Data Link frame
· IP source/destination address in the Network layer header
· Port source/destination numbers in the Transport layer header
There is no performance difference between a layer 2 and a layer 3 switch because the routing/switching is
all hardware based.
QTECH QSW-3900 is a GE Intelligent Routing Switch based on ASIC technology which can support
transmission in both layer 2 and layer 3. The interaccessing of hosts in the same VLAN is the transmission in layer 2
and the interaccessing of hosts in the different VLAN is the transmission in layer 3.
6.2 Layer 3 Cnfiguration list
Configuration list is as following :
· VLAN division and the creation of layer 3 interface
· Transmission mode configuration
· Create VLAN interface for normal VLAN
· Create superVLAN interface and add VLAN to superVLAN
· Configure IP address for VLAN interface or superVLAN interface
· ARP proxy configuration
· Display interface configuration
6.2.1 VLAN division and the creation of layer 3 interface
VLAN division please refers to VLAN configuration chapter.
Layer 3 interface includes normal VLAN interface and superVLAN interface. Normal VLAN interface is the
interface in some concrete VLAN; superVLAN interface is created in superVLAN (superVLAN is the VLAN which
is not existed and contains no interface) which can contain many subVLANs (subVLAN is the existed concrete
VLAN). At most 258 layer 3 interfaces can be created, among which superVLAN can be 128 at most.
The total maximum number of VLAN contained by all layer 3 interfaces is 258. Each VLAN only exists in
one layer 3 interface. In superVLAN, interface must be untagged member in only one subVLAN, and tagged in other
subVLANs.
6.2.2 Transmission mode configuration
QTECH QSW-3900 supports two types of packet transmission mode : 1)flow transmission ;2)network
topology transmission. Searching failed route or host route with the unreached destination in flow transmission mode;
these packet will be dropped in network topology trsnamission. It is defaulted to be flow transmission mode.
Please configure it in global configuration mode :
QTECH Software Configuration Manual
6-81
[ no ] ip def cpu
6.2.3 Create VLAN interface for normal VLAN
Configure VLAN interface for each VLAN which supports layer 3 transmission or add this VLAN to superVLAN.
Create VLAN interface for VLAN 2 and enter VLAN interface configuration mode :
QTECH(config)#interface vlan-interface 2
6.2.4 Create superVLAN interface and add VLAN to
superVLAN
SuperVLAN interface realizes the intercommunication of hosts which belong to different VLAN but the same
network interface. superVLAN interface is realized through ARP proxy.
Create superVLAN 1 and add VLAN 3, VLAN 4 to be subVLAN of superVLAN 1.
QTECH(config)#interface supervlan-interface 1
QTECH(config-if-superVLANInterface-1)#subvlan 3
QTECH(config-if-superVLANInterface-1)#subvlan 4
Delete VLAN 3 and VLAN 4 from superVLAN 1.
QTECH(config-if-superVLANInterface-1)#no subvlan 3
QTECH(config-if-superVLANInterface-1)#no subvlan 4
6.2.5 Configure IP address for VLAN interface or
superVLAN interface
At most 32 IP address can be configured for each VLAN interface or superVLAN interface the IP address of
which cannot be in the same network interface. The IP address firstly configured will be the primary IP address. After
deleting primary IP address, there will be another to be the primary IP address automatically and it can also configure
an IP address to be the primary one manually. For example, if IP address of VLAN interface 1 is 10.11.0.0/1/16, other
interfaces cannot configure the IP address in the same network interface (10.11.0.0/16), such as 10.11.1.1/24.
Configure IP address of VLAN interface 2 to be 10.11.0.0/1/16 :
QTECH(config-if-vlanInterface-2)#ip address 10.11.0.1 255.255.0.0
Delete IP address of VLAN interface 2 :
QTECH(config-if-vlanInterface-2)#no ip address
Specify an IP address of specified interface to be the primary IP address :
QTECH(config-if-vlanInterface-2)#ip address primary 10.11.0.1
6.2.6 Configure accessing IP address range of VLAN or
superVLAN interface
At most 8 accessing range can be configured for each VLAN or superVLAN interface. After configuring accessing
range, ARP must learn in this range to restrict user’s accessing. When deleting VLAN or superVLAN interface,
related configuration will be deleted.
Use following command in VLAN or superVLAN interface mode :
ip address range startip endip
QTECH Software Configuration Manual
6-82
6.2.7 ARP proxy configuration
ARP requiry packet is broadcasting packet which cannot go through VLAN. If ARP proxy enables,
subVLANs of the same superVLAN can ARP exchanges. When ARP proxy disables, subVLANs of the same
superVLAN cannot communicate.
Use following command in global configuration command :
arp-proxy
no arp-proxy
It is defaulted to disable ARP proxy.
For example :
!Enable ARP proxy
QTECH(config)#arp-proxy
!Disable ARP proxy
QTECH(config)#no arp-proxy
6.2.8 Display interface configuration
Each created VLAN or superVLAN interface has its own configuration information, including : VLAN
number, IP address and netmask. Following command is used to display configuration information of all layer 3
interface, specified normal VLAN or superVLAN interface.
Display all layer 3 interface configuration information :
QTECH(config)#show ip interface
Display VLAN interface 2 configuration information :
QTECH(config)#show ip interface vlan-interface 2
Display superVLAN interface 3 configuration information :
QTECH(config)#show ip interface supervlan-interfac 3
6.3 Brief introduction of static routing
A static route is a special route that is manually configured by the network administrator. If a network’s
topology is simple, you only need configure static routes for the network to work normally. The proper configuration
and usage of static routes can improve a network’s performance and ensure bandwidth for important network
applications.
The disadvantage of using a static route is that, if a fault or a topological change occurs to the network, the
routes will be unavailable and the network breaks. In this case, the network administrator has to modify the static
routes manually.
6.3.1 Default Route
A router selects the default route only when it cannot find any matching entry in the routing table.
If the destination address of a packet fails to match any entry in the routing table, the router selects the
default route to forward the packet.
If there is no default route and the destination address of the packet fails to match any entry in the routing
table, the packet will be discarded and an ICMP packet will be sent to the source to report that the destination or the
network is unreachable.
You can create the default route with both destination and mask being 0.0.0.0, and some dynamic routing
protocols, such as OSPF, RIP and IS-IS, can also generate the default route.
QTECH Software Configuration Manual
6-83
6.3.2 Application Environment of Static Routing
Before configuring a static route, you need to know the following concepts :
1) Destination address and mask
In the ip route command, an IPv4 address is in dotted decimal format and a mask dotted decimal format.
2) Next hop address
While configuring a static route, you can specify next hop address. The next hop address can not be a local
interface IP address; otherwise, the route configuration will not take effect.
In fact, all the route entries must have a next hop address. When forwarding a packet, a router first searches
the routing table for the route to the destination address of the packet. The system can find the corresponding link
layer address and forward the packet only after the next hop address is specified.
QTECH QSW-3900 is a GE Intelligent Routing Switch based on ASIC technology which maintains a layer 3
transmission routing table to designatethe next hop address and related information which can be dynamically learnt
and manually configured. Static routing is the route manually designated to some address.
6.4 Static routing configuration list
· Add/delete static route
· Display route table information
6.4.1 Add/delete static route
Use this command to ad a route table item to designate the next hop transmission address when
communication with some address. Destination address, netmask and next hop address must be designated. If the
destination address and mask are all 0, the added route is defaulted route.
ip route ip-dest mask-dest nexthop
Example :
QTECH(config)#ip route 192.168.0.100 255.255.255.255 10.11.0.254
Add a host route to 192.168.0.100 with the hop address being 10.11.0.254
QTECH(config)#ip route 192.168.0.100 255.255.255.255 10.11.0.254
Delete host route to 192.168.0.100, the next hop address may or may not inputted, if it is input, it must be
the same as that in real route table :
QTECH(config)#no ip route 192.168.0.100 255.255.255.255
6.4.2 Display route table information
Use following commands to display existed route table information or specified route.
Display all static route :
show ip route static
Example :
QTECH(config)#show ip route static
Display system core route :
QTECH(config)#show ip route
Display system core route from 192.168.0.1 to 192.168.0.255
QTECH(config)#show ip route 192.168.0.100 255.255.255.0
QTECH Software Configuration Manual
7-84
Chapter 7 RIP Configuration
7.1 Brief introduction of RIP
RIP is short for Routing Information Protocol. It is a protocol based on D-V(Distance-Vector)algorithm
which is widely used in real application. It submits routie information through UDP(User Datagram Protocol)and
sends upgrade packet every 30 seconds. If local router hasn’t received the upgrade packet from opposite end router
after 180 seconds, local router will mark all routing information from the opposite end to be unreachable; if some
route information hasn’t received upgrade packet from the opposite end in 120 seconds after marking to be
unreachable, local router will delete it from the route table.
The distance to the destination measured by Hop Count is Routing Metric. In RIP, the hop between router
and the straightly connected network is 0, and the hop will be 1 if passing through a network which router can reach,
and the rest may be deduced by analogy. To restrict convergfence time, RIP prescribe Metric is the intergeral number
between 0 to 15. The hop larger or equal to 16 is defined to be infinite, that is, the destination host or network is
unreachable.
There are such 2 versions as RIP-1 and RIP-2(RIP-2 supports plain text authentication).
To improve capability and prevent routing ring, RIP supports Split Horizon and Poison Reverse.
Each router run RIP manages a routing database which contains all route item to all reachable desination.
These route information includes :
Destination address : IP address of host or network.
Next hop address : the next router address passed when going to the destination.
Output interface : the interface transferring packet.
Metric value : the cost to the destination which is an intergeral number from 0 to 16.
Timer : the time is from the last time the router is modified. Every time when the router is modified, the
timer is configured to be 0.
The process of RIP enabling and running is as following :
(1) Enabling RIP, router will send requery packet in the form of broadcast to neighbor routers. After
receiving it, neighbor routers (must enable RIP) will send response packet which contains local route table
information back.
(2) The router who has sent requery packet modifies local route table after receiving response packet.
(3) At the same time, RIP broadcasts or multicasts local route table every 30 seconds to neighbor routers to
maintain local route and choose a best route, and then, broadcast and multicast modify informationto neighbor
network to make global efficient of upgrading route. At the same time, RIP adopts overtime system to handle
overtime route to guarantee real time of route, As internal route protocol, RIP makes router know the route
information of the whole network through this system.
RIP has been one of the standard of delivering router and host route. The theory of switch with layer 3
switching IP packet is the same as that of router, so RIP is also adopted by layer 3 switch manufacturer. It can be used
in simple structured, strong continuitydistrict network, such as : residential community network. For complicated
large network, it is suggested not using RIP.
7.2 RIP Overview
RIP is a simple Interior Gateway Protocol (IGP), mainly used in small-sized networks, such as academic networks
and simple structured LANs. RIP is not applicable to complex networks.
RIP is still widely used in practical networking due to easier implementation, configuration and maintenance than
OSPF and IS-IS.
QTECH Software Configuration Manual
7-85
7.2.1 RIP Working Mechanism
7.2.1.1 Basic concept of RIP
RIP is a Distance-Vector-based routing protocol, using UDP packets for exchanging information through port 520.
RIP uses a hop count to measure the distance to a destination. The hop count is known as metric. The hop count from
a router to a directly connected network is 0. The hop count from one router to a directly connected router is 1. To
limit convergence time, the range of RIP metric value is from 0 to 15. A metric value of 16 (or bigger) is considered
infinite, which means the destination network is unreachable. That is why RIP is not suitable for large-scaled
networks.
RIP prevents routing loops by implementing the split horizon and poison reverse functions.
7.2.1.2 RIP routing table
Each RIP router has a routing table containing routing entries of all reachable destinations, and each routing entry
contains :
· Destination address : IP address of a host or a network.
· Next hop : IP address of the adjacent router’s interface to reach the destination.
· Egress interface : Packet outgoing interface.
· Metric : Cost from the local router to the destination.
· Route time : Time elapsed since the routing entry was last updated. The time is reset to 0 every time the
routing entry is updated.
· Route tag : Identifies a route, used in routing policy to flexibly control routes.
7.2.1.3 RIP initialization and running procedure
The following procedure describes how RIP works.
· After RIP is enabled, the router sends Request messages to neighboring routers. Neighboring routers return
Response messages including all information about their routing tables.
· The router updates its local routing table, and broadcasts the triggered update messages to its neighbors. All
routers on the network do the same to keep the latest routing information.
· RIP ages out timed out routes by adopting an aging mechanism to keep only valid routes.
7.2.1.4 RIP timers
RIP employs four timers, Update, Timeout, Suppress, and Garbage-Collect.
· The update timer defines the interval between routing updates.
· The timeout timer defines the route aging time. If no update for a route is received after the aging time
elapses, the metric of the route is set to 16 in the routing table.
· The suppress timer defines how long a RIP route stays in the suppressed state. When the metric of a route is
16, the route enters the suppressed state. In the suppressed state, only routes which come from the same
neighbor and whose metric is less than 16 will be received by the router to replace unreachable routes.
· The garbage-collect timer defines the interval from when the metric of a route becomes 16 to when it is
deleted from the routing table. During the Garbage-Collect timer length, RIP advertises the route with the
routing metric set to 16. If no update is announced for that route after the Garbage-Collect timer expires, the
route will be deleted from the routing table.
7.2.1.5 Routing loops prevention
RIP is a distance-vector (D-V) based routing protocol. Since a RIP router advertises its own routing table to neighbors,
routing loops may occur.
QTECH Software Configuration Manual
7-86
RIP uses the following mechanisms to prevent routing loops.
· Counting to infinity. The metric value of 16 is defined as unreachable. When a routing loop occurs, the
metric value of the route will increment to 16.
· Split horizon. A router does not send the routing information learned from a neighbor to the neighbor to
prevent routing loops and save the bandwidth.
· Poison reverse. A router sets the metric of routes received from a neighbor to 16 and sends back these routes
to the neighbor to help delete useless information from the neighbor’s routing table.
· Triggered updates. A router advertises updates once the metric of a route is changed rather than after the
update period expires to speed up the network convergence.
7.2.2 RIP Version
RIP has two versions, RIPv1 and RIPv2.
RIPv1, a Classful Routing Protocol, supports message advertisement via broadcast only. RIPv1 protocol messages do
not carry mask information, which means it can only recognize routing information of natural networks such as Class
A, B, and C. That is why RIPv1 does not support discontiguous subnet.
RIPv2 is a Classless Routing Protocol. Compared with RIPv1, RIPv2 has the following advantages.
· Supporting route tags. The route tag is used in routing policies to flexibly control routes.
· Supporting masks, route summarization and classless inter-domain routing (CIDR).
· Supporting designated next hop to select the best next hop on broadcast networks.
· Supporting multicast routing update to reduce resource consumption.
· Supporting Plain text authentication and MD5 authentication to enhance security.
& Note : RIPv2 has two types of message transmission : broadcast and multicast.
Multicast is the default type using 224.0.0.9 as the multicast address. The interface
working in the RIPv2 broadcast mode can also receive RIPv1 messages.
7.2.3 RIP Message Format
7.2.3.1 RIPv1 message format
A RIP message consists of the Header and up to 25 route entries.
RIPv1 Message Format
· Command : The type of message. 1 indicates Request, 2 indicates Response.
· Version : The version of RIP, 0x01 for RIPv1.
· AFI : Address Family Identifier, 2 for IP.
· IP Address : Destination IP address of the route; can be a natural network, subnet or a host address.
· Metric : Cost of the route.
QTECH Software Configuration Manual
7-87
7.2.3.2 RIPv2 message format
The format of RIPv2 message is similar with RIPv1.
RIPv2 Message Format
The differences from RIPv1 are stated as following.
· Version : Version of RIP. For RIPv2 the value is 0x02.
· Route Tag : Route Tag.
· IP Address : Destination IP address. It could be a natural network address, subnet address or host address.
· Subnet Mask : Mask of the destination address.
· Next Hop : If set to 0.0.0.0, it indicates that the originator of the route is the best next hop; Otherwise it
indicates a next hop better that the originator of the route.
7.2.3.3 RIPv2 authentication
RIPv2 sets the AFI field of the first route entry to 0xFFFF to identify authentication information.
RIPv2 Authentication Message
· Authentication Type : 2 represents plain text authentication, while 3 represents MD5.
· Authentication : Authentication data, including password information when plain text authentication is
adopted or including key ID, MD5 authentication data length and sequence number when MD5
authentication is adopted.
& Note :
l RFC 1723 only defines plain text authentication. For information about MD5
authentication, refer to RFC2082 “RIPv2 MD5 Authentication”.
l With RIPv1, you can configure the authentication mode in interface view. However, the
configuration will not take effect because RIPv1 does not support authentication.
7.2.4 TRIP
Triggered RIP (TRIP), a RIP extension on WAN, is mainly used in dial-up network.
QTECH Software Configuration Manual
7-88
7.2.4.1 Working mechanism
Routing information is sent in triggered updates rather than periodic broadcasts to reduce the routing management
cost the WAN.
l Only when data in the routing table changes or the next hop is unreachable, a routing
update message is sent.
l Since the periodic update delivery is canceled, an acknowledgement and
retransmission mechanism is required to guarantee successful updates transmission on
WAN.
7.2.4.2 Message types
RIP use three new types of message which are identified by the value of the Command filed.
l update request (type value 9) : Requests needed routes from the peer.
l update response (type value 10) : Contains the routes requested by the peer.
l Update Acknowledge (type value 11) : Acknowledges received update response messages.
7.2.4.3 TRIP retransmission mechanism
· If receiving no update responses after sending an update request, a router sends the request again after a
specified interval. If still receiving no update response after the upper limit for sending requests is reached,
the router considers the neighbor unreachable.
· If receiving no Update Acknowledge after sending an update response, a router sends the update response
again after a specified interval. If still receiving no Update Acknowledge after the upper limit for sending
update responses is reached, the router considers the neighbor unreachable.
7.2.5 Protocols and Standards
RFC 1058 : Routing Information Protocol
RFC 1723 : RIP Version 2 - Carrying Additional Information
RFC 1721 : RIP Version 2 Protocol Analysis
RFC 1722 : RIP Version 2 Protocol Applicability Statement
RFC 1724 : RIP Version 2 MIB Extension
RFC 2082 : RIPv2 MD5 Authentication
RFC 2091 : Triggered Extensions to RIP to Support Demand Circuits
7.3 RIP configuration list
In every configuration, enable RIP and RIP network before configuring other functions. Configuring
functions which relates to interface is not restricted by RIP enabling. Caution : after disabling RIP, original
parameter still exists, and it will be effective when enable RIP next time.
Configuration list is as following :
· Enable RIP
· Specify IP network to run RIP protocol
· RIP working status of specified interface
· RIP version of specified interface
· Enable host routing
· Enable route convergence
· Configure authentication to RIP packet
· Configure split
· Configure metricin
· Define prefix ACL
· Configure route redistribute
· Configure route filtration
· Display RIP configuration
QTECH Software Configuration Manual
7-89
7.3.1 Enable RIP
By default, RIP is disabled. Enable RIP mode in global configuration mode :
Enable RIP and enter RIP configuration mode
route rip
Disable RIP
no route rip
7.3.2 Specify IP network to run RIP protocol
By default, after RIP enabling, no interface runs RIP protocol, only when administrator specifies some IP
network to run RIP protocol, this interface will send and receive RIP packet. Configure it in RIP protocol
configuration mode :
Specify to run RIP protocol in IP network
network ip-address
Cancel to run RIP protocol in IP network
no network ip-address
7.3.3 RIP working status of specified interface
Specify RIP working status in interface configuration mode, such as : run RIP or not in interface, receive
and send RIP upgrade packet in interface or not; it can also specify sending (or receiving) RIP upgrade packet.
Configure it in interface configuration mode :
Enable interface to run RIP
ip rip work
Disable interface to run RIP
no ip rip work
After disabling interface running RIP, this interface will not send or receive RIP upgrade packet, but other
interface still can send and receive route of tjis interface.
Permit interface to receive RIP packet
ip rip input
Forbid interface to receive RIP packet
no ip rip input
Permit interface to send RIP packet
ip rip output
Forbid interface to send RIP packet
no ip rip output
7.3.4 RIP version of specified interface
RIP has RIP-1 and RIP-2 two versions which can specify RIP packet version handled by interface.
RIP-1 uses broadcast and RIP-2 supports broadcast and multicast and it is defaulted to use multicast.
Multicast address in RIP-2 is 224.0.0.9.
The advantage of using multicast is that in the same network interface, the host which is not running RIP can
avoid receiving RIP broadcast; using multicast can avoid host which runs RIP-1receiving and handling route with
subnet mask in RIP-2. When interface running rip-2, it can also receive RIP-1 packet.
Configure it in interface configuration mode :
Specify RIP working version of interface to be RIPV1
ip rip version 1
Specify RIP working version of interface to be RIPV2 multicast
ip rip version 2 mcast
QTECH Software Configuration Manual
7-90
Specify RIP working version of interface to be RIPV2 broadcast
ip rip version 2 bcast
Delete rip version number and configure it to default rip1
no ip rip version
7.3.5 Enable host routing
In some cases, RIP packet received by router contains host route table item which has little to do with
searching address but occupies a lot of resources. Configure it to be sure whether the switch receives it.
Configure it in RIP protocol configuration mode :
Permit host route
host-route
Forbid host route
no host-route
7.3.6 Enable route convergence
Route convergence means routes of different subnetwork in the same network convergent to be a route with
natural netmask when sending to other networks. Route convergence reduces route information volume and switching
information volume.
RIP-1 only sends route with natural netmask, that is, send route out by using route convergence. RIP-2
supports network mask. When sending all routes out in the form of broadcasting, disable route convergence of RIP-2.
Configure it in RIP protocol configuration mode :
Enable RIP-2 route convergence
auto-summary
Disable RIP-2 route convergence
no auto-summary
By default, RIP-2 uses route convergence.
7.3.7 Configure authentication to RIP packet
RIP-1 doesn’t support packet authentication. When running RIP-2, it can configure to use packet
authentication or not. Authentication is plain text or md5 key used.
Configure it in interface configuration mode :
Configure RIP-2 plain text authentication :
ip rip authentication {simple; md5} {password; key-id number key-string string}
Restore RIP packet authentication
no ip rip authentication
7.3.8 Configure split
Split means not sending route which is learnt by this interface. It can avoid route ring. But in some special
cases, split is forbidden to guarantee correct transmission instead of efficiency. By default, interface permits split.
Configure it in interface configuration mode :
Enable split
ip rip split
Disable split
no ip rip split
QTECH Software Configuration Manual
7-91
7.3.9 Configure metricin
Routing Metric is input or output metric added by RIP route. Routing Metric cannot change route metric in
route table, but add a specified metric when sending and receiving route.
Configure it in interface configuration mode :
Configure Routing Metric when receiving RIP packet
ip rip metricin value
Disable Routing Metric when receiving RIP packet
no ip rip metricin
Configure Routing Metric when sending RIP packet
ip rip metricout value
Disable Routing Metric when sending RIP packet
no ip rip metricout
By default, RIP Routing Metricis 0 when sending and receiving packet.
7.3.10 Define prefix list
A prefix-list is marked by prefix list name. Each prefix-list can contain many items and each item can
specifies a matching range through sequence-number which shows the matching order in prefix-list.
When matching, switch will check each item according to ascending order. It will filtrate the prefix-list when
there is one item matches.
Caution : By default, if at least one prefix list is defined, the matching mode of at least one item is permit.
Deny mode item can fast filtrate the route information which is not matched. If all item is in deny mode, any route
will not pass the filtration. It can define an item of permit 0.0.0.0/0 to permit all route information to pass after many
deny mode items.
Above situation can be changed by ip prefix-list default command. Details refer to command line
configuration manual.ssss
Configure it in global configuration mode :
Create prefix ACL or adding item
ip prefix-list
Delete prefix list or some item
no ip prefix-list
Configure matching mode when prefix does not exist or there is no matching item
ip prefix-list default
Restore to default matching mode when prefix does not exist or there is no matching item
no ip prefix-list default
7.3.11 Configure redistribution
RIP permits user to introduce other route protocol to RIP.
The route protocol that can be introduced are : connected, static and ospf.
Configure it in RIP protocol configuration :
Introduce other route protocol
redistribute
Cancel introduction of other route protocol
no redistribute
7.3.12 Configure distribute-list
Filtrate route through configuring strategy rules for receiving and sending route by specifying address prefix
list. In addition, receive specified switch RIP packet by specifying neighbor switch.
Configure it in RIP protocol configuration :
Configure RIP to filtrate received route
QTECH Software Configuration Manual
7-92
distribute-list prefix-list in
Configure RIP to filtrate sent route
distribute-list prefix-list out
Configure RIP to receive specified route
distribute-list gate-way in
Cancel filtration
no distribute-list
7.3.13 Display RIP configuration
There are 3 commands to display RIP information.
Display RIP statistics information
show ip rip
Display RIP interface configuration, such as version, authentication
show ip rip interface
Display RIP route table
show ip route rip
QTECH Software Configuration Manual
8-93
Chapter 8 OSPF Configuration
8.1 Brief introduction of OSPF
OSPF is short for Open Shortest Path First which is an internal route protocol based on link status and the
shortest path precedence. In IP network, it searches and transmits route dynamically through collecting and delivering
link status of autonomy system; OSPF protocol supports packet authentication based on interface to guarantee the
safety of route calculating; OSPF protocol sends and receives packets in the form of IP multicast.
Each router supported OSPF protocol maintains a database which describes the topology of the whole
autonomy. This database collects the link states advertise (LSA). Each router broadcasts information describing local
states to the whole autonomy. In each multiple accessing network, if there are two or more routers, designated router
(DR) and backup designated router (BDR) are selected. Designated router broadcasts network link states advertise
out. Introducing this concept can redeuce the number of neighborship between each router in multiple accessing
network. OSPF protocol permits autonomy system dividing into areas to be managed. Routing information
transmitted between areas will be furtherly abstracted to reduce bandwidth occupation.
OSPF uses 4 types of different routing, according to the precedence are :
· Inter Area Routing
· Area Border Routing
· The first type external routing
· The second type external routing
Inter Area Routing and Area Border Routing describe internal network structure of autonomy system;
external routing describes how to select route to the destination out of autonomy system. Generally, the first type
routing corresponds to information introduced by other internal routing protocol, the cost of which can be comparable
with that of the OSPF itself; the second type of routing corresponds the information introduced by external routing
protocol, the cost of which is far beyond that of OSPF itself. So when calculating, only external cost is considered.
According to libk state database, each router establishes a shortest path tree with the root of itself which can
give out the routing to each node in autonomy system. External routing information appears in leaf node and it can
broadcast its router to mark to keep record the extra information about autonomy system.
Areas of OSPF are connected by BackBone which with the mark of 0.0.0.0. All areas must be continuous
logically. BackBone specially introduces virtual connection to guarantee the logical connection when the area is
physically divided.
All the routers in the same area must be consensus the parameter configuration of this area. Therefore, when
configuring routers in the same area, most configuration data must be considered based on area and error
configuration may cause the non-communication of neighbour routers or routing information congestion and
self-ring.
OSPF has the following features :
· Wide scope : Supports networks of various sizes and up to several hundred routers in an OSPF routing
domain.
· Fast convergence : Transmits updates instantly after network topology changes for routing information
synchronization in the AS.
· Loop-free : Computes routes with the shortest path first (SPF) algorithm according to the collected link
states, so no route loops are generated.
· Area partition : Allows an AS to be split into different areas for ease of management and the routing
information transmitted between areas is summarized to reduce network bandwidth consumption.
· Equal-cost multi-route : Supports multiple equal-cost routes to a destination.
· Routing hierarchy : Supports a four-level routing hierarchy that prioritizes the routes into intra-area,
inter-area, external Type-1, and external Type-2 routes.
· Authentication : Supports interface-based packet authentication to guarantee the security of packet
exchange.
· Multicast : Supports packet multicasting on some types of links.
QTECH Software Configuration Manual
8-94
8.1.1 Basic Concepts
8.1.1.1 Autonomous System
A set of routers using the same routing protocol to exchange routing information constitute an Autonomous
System (AS).
8.1.1.2 OSPF route computation
OSPF route computation is described as follows :
· Based on the network topology around itself, each router generates Link State Advertisements (LSA) and
sends them to other routers in update packets.
· Each OSPF router collects LSAs from other routers to compose a LSDB (Link State Database). An LSA
describes the network topology around a router, so the LSDB describes the entire network topology of the
AS.
· Each router transforms the LSDB to a weighted directed graph, which actually reflects the topology
architecture of the entire network. All the routers have the same graph.
· Each router uses the SPF algorithm to compute a Shortest Path Tree that shows the routes to the nodes in the
autonomous system. The router itself is the root of the tree.
8.1.1.3 Router ID
To run OSPF, a router must have a Router ID, which is a 32-bit unsigned integer, the unique identifier of
the router in the AS.
You may assign a Router ID to an OSPF router manually. If no Router ID is specified, the system
automatically selects one for the router as follows :
· If the loopback interfaces are configured, select the highest IP address among them.
· If no loopback interface is configured, select the highest IP address among addresses of active interfaces on
the router.
8.1.1.4 OSPF packets
OSPF uses five types of packets :
· Hello packet : Periodically sent to find and maintain neighbors, containing the values of some timers,
information about the DR, BDR and known neighbors.
· DD packet (database description packet) : Describes the digest of each LSA in the LSDB, exchanged
between two routers for data synchronization.
· LSR (link state request) packet : Requests needed LSAs from the neighbor. After exchanging the DD
packets, the two routers know which LSAs of the neighbor are missing from the local LSDBs. In this case,
they send an LSR packet to each other, requesting the missing LSAs. The LSA packet contains the digest of
the missing LSAs.
· LSU (link state update) packet : Transmits the needed LSAs to the neighbor.
· LSAck (link state acknowledgment) packet : Acknowledges received LSU packets. It contains the headers
of received LSAs (a packet can acknowledge multiple LSAs).
8.1.1.5 LSA types
OSPF sends routing information in LSAs, which, as defined in RFC 2328, have the following types :
· Router LSA : Type-1 LSA, originated by all routers, flooded throughout a single area only. This LSA
describes the collected states of the router's interfaces to an area.
· Network LSA : Type-2 LSA, originated for broadcast and NBMA networks by the designated router,
flooded throughout a single area only. This LSA contains the list of routers connected to the network.
QTECH Software Configuration Manual
8-95
· Network Summary LSA : Type-3 LSA, originated by ABRs (Area Border Routers), and flooded throughout
the LSA's associated area. Each summary-LSA describes a route to a destination outside the area, yet still
inside the AS (an inter-area route).
· ASBR Summary LSA : Type-4 LSA, originated by ABRs and flooded throughout the LSA's associated
area. Type 4 summary-LSAs describe routes to ASBR (Autonomous System Boundary Router).
· AS External LSA : Type-5 LSA, originated by ASBRs, and flooded throughout the AS (except stub and
NSSA areas). Each AS-external-LSA describes a route to another AS.
· NSSA LSA : Type-7 LSA, as defined in RFC 1587, originated by ASBRs in NSSAs (Not-So-Stubby Areas)
and flooded throughout a single NSSA. NSSA LSAs describe routes to other ASs.
· Opaque LSA : A proposed type of LSA, the format of which consists of a standard LSA header and
application specific information. Opaque LSAs are used by the OSPF protocol or by some application to
distribute information into the OSPF routing domain. The opaque LSA includes three types, Type 9, Type 10
and Type 11, which are used to flood into different areas. The Type 9 opaque LSA is flooded into the local
subnet, the Type 10 is flooded into the local area, and the Type 11 is flooded throughout the whole AS.
8.1.1.6 Neighbor and Adjacency
In OSPF, the “Neighbor” and ”Adjacency” are two different concepts.
Neighbor : Two routers that have interfaces to a common network. Neighbor relationships are maintained
by, and usually dynamically discovered by, OSPF's hello packets. When a router starts, it sends a hello packet via the
OSPF interface, and the router that receives the hello packet checks parameters carried in the packet. If parameters of
the two routers match, they become neighbors.
Adjacency : A relationship formed between selected neighboring routers for the purpose of exchanging
routing information. Not every pair of neighboring routers become adjacent, which depends on network types. Only
by synchronizing the LSDB via exchanging DD packets and LSAs can two routers become adjacent.
8.1.2 OSPF Area Partition and Route Summarization
8.1.2.1 Area partition
When a large number of OSPF routers are present on a network, LSDBs may become so large that a great
amount of storage space is occupied and CPU resources are exhausted by performing SPF computation.
In addition, as the topology of a large network is prone to changes, enormous OSPF packets may be created,
reducing bandwidth utilization. Each topology change makes all routers perform route calculation.
To solve this problem, OSPF splits an AS into multiple areas, which are identified by area ID. The
boundaries between areas are routers rather than links. A network segment (or a link) can only reside in one area, in
other words, an OSPF interface must be specified to belong to its attached area, as shown in the figure below.
QTECH Software Configuration Manual
8-96
OSPF area partition
After area partition, area border routers perform route summarization to reduce the number of LSAs advertised to
other areas and minimize the effect of topology changes.
8.1.2.2 Classification of Routers
The OSPF routers fall into four types according to the position in the AS :
1) Internal Router
All interfaces on an internal router belong to one OSPF area.
2) Area Border Router (ABR)
An area border router belongs to more than two areas, one of which must be the backbone area. It connects
the backbone area to a non-backbone area. The connection between an area border router and the backbone area can
be physical or logical.
3) Backbone Router
At least one interface of a backbone router must be attached to the backbone area. Therefore, all ABRs and
internal routers in area 0 are backbone routers.
4) Autonomous System Border Router (ASBR)
The router exchanging routing information with another AS is an ASBR, which may not reside on the
boundary of the AS. It can be an internal router or area border router.
QTECH Software Configuration Manual
8-97
OSPF router types
8.1.2.3 Backbone area and virtual links
Each AS has a backbone area, which is responsible for distributing routing information between
none-backbone areas. Routing information between non-backbone areas must be forwarded by the backbone area.
Therefore, OSPF requires that :
· All non-backbone areas must maintain connectivity to the backbone area.
· The backbone area itself must maintain connectivity.
In practice, due to physical limitations, the requirements may not be satisfied. In this case, configuring
OSPF virtual links is a solution.
A virtual link is established between two area border routers via a non-backbone area and is configured on
both ABRs to take effect. The area that provides the non-backbone area internal route for the virtual link is a “transit
area”.
In the following figure, Area 2 has no direct physical link to the backbone area 0. Configuring a virtual link
between ABRs can connect Area 2 to the backbone area.
Virtual link application 1
QTECH Software Configuration Manual
8-98
Another application of virtual links is to provide redundant links. If the backbone area cannot maintain
internal connectivity due to a physical link failure, configuring a virtual link can guarantee logical connectivity in the
backbone area, as shown below.
Virtual link application 2
The virtual link between the two ABRs acts as a point-to-point connection. Therefore, you can configure
interface parameters such as hello packet interval on the virtual link as they are configured on physical interfaces.
The two ABRs on the virtual link exchange OSPF packets with each other directly, and the OSPF routers in
between simply convey these OSPF packets as normal IP packets.
8.1.2.4 (Totally) Stub area
The ABR in a stub area does not distribute Type-5 LSAs into the area, so the routing table size and amount
of routing information in this area are reduced significantly.
You can configure the stub area as a totally stub area, where the ABR advertises neither the destinations in
other areas nor the external routes.
Stub area configuration is optional, and not every area is eligible to be a stub area. In general, a stub area
resides on the border of the AS.
The ABR in a stub area generates a default route into the area.
Note the following when configuring a (totally) stub area :
· The backbone area cannot be a (totally) stub area.
· The stub command must be configured on routers in a (totally) stub area.
· A (totally) stub area cannot have an ASBR because AS external routes cannot be distributed into the stub
area.
· Virtual links cannot transit (totally) stub areas.
8.1.2.5 NSSA area
Similar to a stub area, an NSSA area imports no AS external LSA (Type-5 LSA) but can import Type-7
LSAs that are generated by the ASBR and distributed throughout the NSSA area. When traveling to the NSSA ABR,
Type-7 LSAs are translated into Type-5 LSAs by the ABR for advertisement to other areas.
In the following figure, the OSPF AS contains three areas : Area 1, Area 2 and Area 0. The other two ASs
employ the RIP protocol. Area 1 is an NSSA area, and the ASBR in it translates RIP routes into Type-7 LSAs and
advertises them throughout Area 1. When these LSAs travel to the NSSA ABR, the ABR translates Type-7 LSAs to
Type-5 LSAs for advertisement to Area 0 and Area 2.
On the left of the figure, RIP routes are translated into Type-5 LSAs by the ASBR of Area 2 and distributed
into the OSPF AS. However, Area 1 is an NSSA area, so these Type-5 LSAs cannot travel to Area 1.
QTECH Software Configuration Manual
8-99
Like stub areas, virtual links cannot transit NSSA areas.
\ NSSA area
8.1.2.6 Route summarization
Route summarization : An ABR or ASBR summarizes routes with the same prefix with a single route and
distribute it to other areas.
Via route summarization, routing information across areas and the size of routing tables on routers will be
reduced, improving calculation speed of routers.
For example, as shown in the following figure, in Area 1 are three internal routes 19.1.1.0/24, 19.1.2.0/24,
and 19.1.3.0/24. By configuring route summarization on Router A, the three routes are summarized with the route
19.1.0.0/16 that is advertised into Area 0.
Route summarization
OSPF has two types of route summarization :
1) ABR route summarization
To distribute routing information to other areas, an ABR generates Type-3 LSAs on a per network segment
basis for an attached non-backbone area. If contiguous network segments are available in the area, you can
summarize them with a single network segment. The ABR in the area distributes only the summary LSA to reduce the
scale of LSDBs on routers in other areas.
2) ASBR route summarization
If summarization for redistributed routes is configured on an ASBR, it will summarize redistributed Type-5
LSAs that fall into the specified address range. If in an NSSA area, it also summarizes Type-7 LSAs that fall into the
specified address range.
If this feature is configured on an ABR, the ABR will summarize Type-5 LSAs translated from Type-7
LSAs.
8.1.2.7 Route types
OSPF prioritize routes into four levels :
· Intra-area route
· Inter-area route
· Type-1 external route
· Type-2 external route
Loading...